Craig Mattson (Personal Website)
Home - Blog, News, About MePrograms - C#.Net, Java, VB6MusicWebsites

My Blog

HTML 5 v Silverlight (30/08/2010 08:06:13 PM)

There are many opinions in the industry as to who will be the major winner out of HTML 5 (dubbed the "Open Web"), Microsoft Silverlight (a client-side sandboxed web application utilising the Microsoft .NET Framework) and Adobe Flash (the current dominant player in Animation and Web Applications on the web). What I am trying to understand is why such an argument exists? Steve Jobs has actively suggested many times that Adobe Flash is irrelevant when you compare to the functionality to HTML 5 (particularly the Canvas technology) but perhaps the consistent outbursts are misunderstood in the industry.

A majority of the banner advertisements, multimedia containers and 2D Games that you see on the web are more than likely developed using Adobe Flash / Shockwave and yes, Steve Jobs is correct for the majority. At the moment, web-based applications such as Google's YouTube and Maps are experimenting with offering HTML 5 versions of the website to enable content to be embedded directly to the browser - so such "Open" functionality can and does work. Canvas technology does allow 2D games to be created as well as better Banner Advertisement systems that don't bring your PC to a screeching halt. The downside to your average consumer is how effective banner advertisement and popup blocking software is going to work? This is perhaps considered a feature of HTML 5 that Google, Microsoft and Apple (as well as various other third parties pioneering HTML 5) due to the massive revenue opportunities that exist for these companies. With a rant like that, you are perhaps expecting me to say HTML 5 is the loser? Absolutely not and for the very reasons HTML 5 is lacking in development complexity is the very reason Microsoft Silverlight and Adobe Shockwave Flash exist.

HTML 5 is a good standard for us to use as the "Assembly" of Web Programming. The raw nature of HTML 5 will ensure all devices designed to browse the web have at least a common core of multimedia functionality that can be presented to any Web Client be it a Mobile Device, Tablet, Kiosk or PC. It is absolutely necessary that we have the ability to drive multimedia content to multiple devices particularly due to the way social networking websites dominate total internet usage, and the potential future for news and the e-zine industry boom. But the trick is HTML 5 is simply a standard. It's not a programming language; it's not a particular technology. It is a baseline with a set of semantics to build websites that can render properly under a particular language definition irrespective of the target device. This is very important for the industry as a way forward past the primitiveness of HTML 4.

However - HTML 5 and its Canvassing technology, Integrated Video Streaming and Tagging amongst data integration is simplified to ensure it is possible to be implemented in its entirety amongst various devices. This is where technologies such as Microsoft Silverlight and Adobe Flash can bring proper complex web applications to the internet.

Video Streaming

YouTube is a fantastic website for streaming video footage and has assisted in the promotion of multimedia streaming for many corporations around the world. It has encouraged smaller businesses around the globe to also upload video footage to the internet. The main caveat with current HTML standards revolves around the lack of built-in language definition for multimedia applications. What Adobe Flash provides is a sandbox to allow the client, irrespective of what media player is installed, to stream the content. There is also some control over DRM (particularly where publishers want to restrict access), and a way to control the interface. Microsoft Silverlight takes a different approach to Video Streaming technology. When encoding a video, you can encode to multiple bitrates (quality levels to control file size) so that instead of buffering, Silverlight can use an algorithm to determine how much bandwidth you have available and will switch streams seamlessly to ensure you don’t have to buffer (except when your bandwidth drops below the minimum stream threshold).

Complex Software Applications via the Web

Over the last few years, emerging technologies such as json and jQuery have allowed web developers to create web applications to pull data via web services of sorts; however anyone who has attempted coding an interface with json and jQuery will understand there is a significant amount of work that goes with it, including browser interoperability. Strictly speaking, a technology such as Silverlight perhaps is nothing more than a sandbox primarily designed for Microsoft Windows PC’s through Microsoft Internet Explorer, however with Silverlight powered by the .NET Framework, you can expect that your various Business Logic Layers already implemented in existing projects can be reused within Silverlight applications by exposing WCF Services. Silverlight allows a web developer to design a rich user experience rapidly, reuse a common complex development framework interconnected with web services to capture and deliver content. Whilst we are seeing great progress with Google Documents, YouTube, Facebook and other Web Applications not using Flash or Silverlight, they are a long way off being viable alternatives for industry-grade applications.

Consider a Data Entry platform in a large multi-national corporation where your support services are located in another continent. Leveraging built-in features such as Web-Cam integration, support can be provided by visually communicating with the end-user and controlling what they see in a Remote-Desktop capacity. The possible argument is existing technologies exist for the sole purpose, but having it built as part of an application eliminates the need to deploy such services. Remembering that all you need to run a Silverlight 4 application is the Silverlight framework on a Windows PC reduces deployment time significantly.

New Features and Experiences

HTML 5 is a standard. Well, not really a standard in its’ own right (yet). In less time than it has taken HTML 5 to gain some traction, Silverlight and Adobe Flex (an SDK for Flash) are in their fourth production releases with features being added all the time. Granted, some features are still not complete, but there are many customers of Silverlight and Flex solutions that are remarkably happy with their rich user experiences. Particularly in the last two versions of Silverlight, we have seen IIS Smoothing (Adaptive Video Streaming), Web-Cam integration, Drag-and-Drop integration and the roadmap list for both products is growing considerably. HTML 5 is still being drafted and parts are being implemented into browsers claiming to be standards – when they really aren’t! Standards take years to develop, features take months to develop and continue growing. Are we really going to be talking about non-DRM Video Streaming in 2020, or even using a 2D Web by then? Truth is, no one knows – but one thing is for certain, “now” technology can be provided by sandbox frameworks.

[0 Comment(s)]

Very, Very Basic Game Prototype! (17/01/2010 12:13:06 AM)

Hi All,

Yes - it's 2:20AM in the morning and I've been on a role working on a prototype of a little 2D game I'm in the process of creating. For those who don't want to read the details can just go to the prototype located at:


This is a ClickOnce application, so things install a little differently (to your AppData folder as a Web Application). Why do this? Well, it makes it easier for me to push updates to anyone that wants to test the game logic. Everytime the application is launched, a check will run on the URL to see if there is a new update. If there is, it will automatically update. Pretty neat technology! It'll also pick up the prerequisites for the XNA Framework.

So, what is it? It's a pretty simple game concept. You click balls and they disappear. Ideally, I will put in logic for colour combinations, not missing balls, accuracy etc... The game is anticipated to be a sandbox game - so you keep going until either time runs out, your threshold is too low or something (yet to be determined). Feel free to make suggestions. Whilst I'm prototyping the game physics, I figured I'd better use XNA as it's pretty quick to prototype a 2D Game up using it.

At the moment, it's pretty plain. You get a menu screen and if you left click - you're given a blank canvas. Right Clicking on the screen will generate a ball that will float to the top of the screen. If you click the ball (slightly off centre to the right), the ball will disappear. So nothing thrilling at this stage - but if you want to keep your eye on it. Download, install and get the framework sorted out.

Once I'm satisfied with the game logic, I'll export to Zune (i.e. the Microsoft MP3 Player), Xbox 360 (I'll add Controller support) and then port it to the iPhone. I'm hoping soon that something like the following screenshot will appear on the App Store:




Anyway, I'll keep you all posted.

Craig Mattson.

[0 Comment(s)]

Key Performance Indicators for Programmers? (08/01/2010 12:50:45 PM)

Another Friday passing by ... slowly and I'm at work trying to determine what Key Performance Indicators apply to programmers. Maybe I can get some suggestions? Here is my list so far (feel free to agree / disagree - and keep in mind these really need to be tangible).

  1. Ratio of Defect / Bug Fixes versus Change Requests;
  2. Efficiency of code versus hours of development;
  3. Problems solved within allocated timeframe;
  4. Defect / Bug Fixes related to implemented Change Requests;
  5. Number of regression issues, and;
  6. Application stability (calculated by server uptime);

There is some argument to Quality of Code, but the problem is - how is it measurable? Performance and efficiency may be identical (or close to) for varying code. How does one differentiate between what is quality code and what is not? One developer may use less lines of code but the code may be less readable? Another developer may put too many comments into code, name things properly so it is easier for other developers to understand? There is also the fact that not many HR Personnel at review time who understand code well enough to make that distinction. In fact, unless you have the code peer-reviewed by a third party organisation (which may also have confidentiality impact as well) - how do you justify? 

Anyway, I'm kind of keen to see what others use to measure KPI's particularly aligned with an industry where a developer is hired for initiative and knowledge in problem solving rather than their ability to remember a large number of key words. At the end of the day, it's how we solve the problem that is important; not whether we can code in Low-Level Assembly and solder together our own circuits to produce an electronic abacus.

Craig Mattson.

[0 Comment(s)]

New Multi-platform Game Idea... (iPhone, PC, Xbox 360, Pocket PC (03/01/2010 01:08:27 PM)

Hi All,

Aside from doing absolutely nothing over the last 10 days (well, it's been a holiday away from work - but really looking forward to going back), I'm on the hunt for a graphics designer who would be interested in doing some tile-based 2D / 3D work for a small game plan I have. I'm kind of between projects at the moment, but one idea I have could be relatively successful in the indie scene. Something that would take about 6 weeks development time once I have the resources at my disposal to piece together.

Requirements? Well, not much really - just looking for a modern 2D Cartoony style of drawing. Things like Donkey Kong Country, Super Mario Bros, Knights on Rush for the iPhone, World of Goo etc... just something graphically easy on the eyes.

These ideas aren't huge, or designed to generate a substantial amount of income, but there would be benefits to the right individual.

Craig Mattson.

[0 Comment(s)]

VB6 --> VB.Net and J#.Net --> VB.Net and C#.Net --> VB.Net, C#.N (20/12/2009 09:58:56 PM)

Turns out I haven't posted about this one - unless you've been stuck under a rock for the last 12 months in the development industry, you've probably already heard of Microsoft's new introduction to the .NET Framework - F# (pronounced F-Sharp) - which is a multi-paradigm programming language (that is; a language built on incorporating flexibility in programming styles and code constructs). Ideally, those familiar with Object Oriented Programming and Functional Programming concepts are said to be able to adapt easily to F# to write logic the way they see fit to perform a function quicker than in, say, VB or C#.

The idea of incorporating multiple languages into one framework is supposed to mean that if we were to take a complex project such as a corporate website with heavy business logic, the classes could be written in one language, data access layers in another language (or a combination) and finally - the webpage could be written in one or more languages. Introducing F# is supposedly a way to allow more people write code to achieve a task. The fundamental idea is that you could effecitvely have a VB.Net developer write some source code, and a C#.Net developer could interface the object(s) writing equivalent C# code.Example of a VB Class.

Public Class Person

  Public Name as String
  Public Address as String
  Public DateOfBirth as DateTime

  Public Function GetAge()
    ' Calculate Age as age
    GetAge = (DateTime.Days / 365.24)
  End Sub

End Class

Example of a C# Class handling a Person object:

public class PersonDriver
    static void main(String[] args)
        Person person = new Person();

        person.Name = "Craig";


Now whilst a good developer who understands logic can understand just about any language by reading the source code, effectively in a larger project where you may be maintaining a module (particularly when a product reaches end of useful life), you need to understand all languages in use. This isn't particularly useful where as a developer - one now has to understand both languages anyway!

So with the introduction of F#  - are we going to see a similar trend with VB.Net and C#.Net? I understand that Visual Basic in many ways is an easier language to learn (semantics closer to English than C# is useful for many people starting out). C#.Net introduced a standard very close to Java which for me allowed me to design better applications and objects quicker. F# I'm not so sure where I place it yet. Obviously time will tell over the next few years with how well adoption of the new language will be, but seriously - a language built around flexibility of managing your own code which is effectively encouraged will have massive implications on developers in the near future. I could be wrong and it may supercede C# (given the similarities to F#).

I'm certainly not looking forward to have to maintain reasonable knowledge in VB.Net and F#.Net which distracts from my primary languages (which at the moment include Javascript, Classic ASP and ASP.Net (predominantly C#)).

Craig Mattson.

[0 Comment(s)]

Help! I don't understand how to program! (11/06/2009 09:48:48 PM)
Programming - yeah I get it. It's not everyone's cup of tea. It's also not terribly difficult either if you bother to plan your strategies properly. It's not hard to plan, and with a good plan - it becomes an instruction manual. Once you have your instruction manual, you're translating between your plan and the programming language. At the end of it, you have a program. It sounds so simple and so easy, so why do newcomers still find programming a challenge?

Lets face it - if you struggle with programming, when was the last time you actually sat down to plan out properly how you will tackle a program? We have standard ways to represent various abstractions of a program. We don't have them to look busy, or to make some business executive happy - we use them because they help. Granted, for many things I do - I don't need a plan, but as soon as something becomes complex - out comes Visio, NetBeans or just Pen and Paper. Again - I don't do it to look busy, it's merely there to help.

So why don't newcomers do it? Is it they are unaware (unlikely given most good tutorial websites and programming courses discuss Class Diagrams, Sequence Diagrams, Activity Diagrams, Pseudocode etc...) that tools exist to help? Is it considered "stupid" to plan? Is it just simply trying to cut corners and do the bare minimum to pass? I've been trying to work this out for a while - but the clear link between someone who struggles to understand programming and for those that do seems to be at the planning stage.

Over the years, I've worked with people that know the syntax, can write if I give them step by step instructions which suggests they understand the programming language - but getting an idea onto paper seems to be where the problem is. So why is it so?

Lets, for example, take a simple Member Database application. All we really have to do is Create/Read/Update/Delete members and provide a mechanism for doing so. A Member may have a First Name, Surname, Address, Suburb, State, Postcode. So instantly, I can see we need to set up a storage component for Member details, and an application to control the storage component. Class Diagrams (UML) are a good way of representing our objects, methods etc... If you know Class Diagrams, then you would understand the following:

* * * * * * * *

-firstName : string
-surname : string
-address : string
-suburb : string
-state : State
-postcode : string
+Member(firstName : string, surname : string, address : string, suburb : string, state : State, postcode : string)
+getFirstName() : string
+getSurname() : string
+getAddress() : string
+Add(member : Member)
+Get(id : int)
+Update(id : int, member : Member)
+Delete(id : int)
+Delete (member : Member)


* * * * * * * *

So it's easy to determine our data and methods based on the information above. So what about the methods? This is where Sequence and Activity diagrams shine - but for the purpose of this blog, I'll keep it simple with Pseudocode. I won't go through all methods here, but here's just a few:


Return the member's first name.


Add a member to the database


Find a member in the database corresponding to an ID
If member exists then
    return member
    return nothing

Update(id, Member):

Find if a member with an ID exists
If member exists then
    update member details in the database
    display error message

* * * * * * * *

So once you have your pseudocode down, and your classes drawn up - it's now just a translation process into your favourite language. Whether it be VB, Python, C#, Java etc... the process is simple. Translate the class diagram into a normal class, then for each of the methods - translate the Pseudocode.

If you practice enough, you will find that for smaller tasks you don't even need to plan, or that simply put - you end up coding your classes as if that replaces the need for a class diagram (I will more often do this instead of creating Class Diagrams followed by plenty of refactoring).

If I can be bothered in a future blog post, I'll translate it into various languages - but even a newbie programmer should be able to see how to piece an application together from this.

[0 Comment(s)]

LINQ - You know... just another acronym... (29/03/2009 08:43:45 PM)

crystal_clear_app_kedit_128Since the .NET Framework 3.5 was released, one buzzword floating around was LINQ (Language Integrated Query). I didn't take much note of it until tonight when I was looking for more jobs to apply for. So anyway, for those of you who haven't (and are C# or just .NET developers), this may be an interesting read for you.

What is LINQ?

If you've played with an ANSI SQL99 compliant database (read: MySQL, Oracle, MSSQL etc...), you will understand the following code:

SELECT * FROM table1 WHERE column1=expression ORDER BY column1 ASC;

The idea of LINQ is to take a similar structure and apply it to an array or list of objects. The concept though of LINQ isn't to create a list of methods (although the Language Integrated component acts as a pointer to a set of methods which I will discuss later), but to add keywords into the language to flow it similar to SQL.

Example Please!

The first and probably most easy example is to create a standard 1D array of strings. Lets assume we have Victorian suburbs / towns as the names:

string[] towns = { "Neerim South", "Caulfield", "Clayton", "Pakenham", "Drouin", "Warragul" };

These are in no particular order - so I will use LINQ to sort these into alphabetical order. However, LINQ (as far as I can tell) is only usable if the object uses the interface IEnumerable. This interface basically allows you to implement foreach iterations without requiring you to set up counters etc... Anyway, if you are using IEnumerable (or an object that implements the IEnumerable interface), you can use the following code:

IEnumerable sortedTowns = from t in towns order by t select t;

So that's just it. If you were to put a where clause in, you would do it between the from and orderby. From here, the data is sorted in alphabetical order and will return the t as the string.

What about classes?

Lets assume I have an object called Item with properties Name and Age. I will create 4 objects:

List i = new List();
i.Add(new Item() { Name = "Craig", Age = 21 });
i.Add(new Item() { Name = "Arkady", Age = 24 });
i.Add(new Item() { Name = "Claudia", Age = 21 });
i.Add(new Item() { Name = "Daniel", Age = 17 });
i.Add(new Item() { Name = "Benjamin", Age = 21 });

So now that I have my objects, lets create a query:

IEnumerable query = from item in i where item.Age > 18 orderby item.Name select new Item() { Name = item.Name, Age = item.Age };

What this does is iterate through the list and we are returning an Item (as defined by the ). Now, just like any IEnumerable class, you can use a foreach to iterate through:

foreach(Item itm in i)
    // Handle the Item

So how does it work again?

Quite simply, the keywords are mapped to methods in the IEnumerable interface. That is; OrderBy<>, Where<>, Select<> etc... are actually methods that are aliased by the use of "orderby", "where" and "select" keywords in the .NET Framework. So you could theoertically do the same thing above except use:



This LINQ stuff is pretty neat! It would have been particularly useful in one of my recent projects instead of writing a bunch of Stored Procedures to handle different sorts (or converting data to a dataset to sort). Anywho - we'll see how I go using this stuff now. Unfortunately, this is yet another one of those very handy at reducing code features that PHP is missing. Sure, I can code my classes to replicate those methods, but that takes time.

It's clearly evident that development time in ASP.Net is becoming substantially quicker than PHP, especially in data driven applications. With DataGrids, Classes, Direct Integration and Code Generation - you could build a Content Management System in hours (if you weren't worried about appearance) as opposed to a day or two in PHP.

Now all Microsoft have to do is speed up the processing of an ASP.Net website! (Oh, and stop using stupidly large amounts of RAM!)


Edit: Turns out TinyMCE is stripping away my < T > and < string > when no spaces are between the < and text. For the examples above, IEnumerator should read: IEnumator< T > to resemble type, and what you are trying to store shoud have a type as well. So the first example should have IEnumerator< string > and the second: IEnumerator< Item >.

[0 Comment(s)]

High Scores and Hacking (04/01/2009 05:49:06 PM)

Ever wanted to create a High Score system, but couldn't think of a way to prevent (or at least, deter) hackers from submitting fake scores? It's something I'm facing at the moment, and I have developed a few theories with Advantages and Disadvantages below. Hopefully it may be helpful to you!

PHP Script using Challenge (Public/Private Validation)

1. Client requests challenge from Server (i.e. random value between 0 and 100, lets say 3 in this example)
2. Client processes using own algorithm (i.e. 3 / 22)
3. Client responds with result (i.e. send 3 / 22)
4. Server validates the result (i.e. checks to see if a request was made by an IP, then checks itself using the same algorithm - 3 / 22 == 3 / 22)
5. Server waits for score (encrypted of course)
6. Client submits the score (i.e. 500)
7. Server checks the score is within reason (i.e. below 1000) and stores it

The problem with this method is that it relies on a server that accepts any input. What is stopping me reverse engineering a client and obtaining the algorithm? All I have to do then is query the server for that value, calculate it myself, then send it a random score.

A replacement for an algorithm based problem could be an image validation problem. If I make my own image format up (which could be cracked), I could display it in the program and request manual input. May not be ideal on mobile phones or PDA's, but a PC based game could utilise it. Be creative! Algorithms don't specifically mean an equasion.

Direct connection to the database in a client

1. Client requests password from server (encrypted of course)
2. Client connects to server
3. Client runs SQL Code

Secure right? Wrong... If it's decrypted in memory, it can be seen. You could obfuscate it by declaring lots of variables, but at the end of the day, some function has to restructure it. Also, what is stopping a protocol analyzer detecting the password when it is sent to the server?

Capture User Input and Validate

1. Game Starts with an Array for moves declared
2. On each game update, add to the array a move type
3. Compress and weed out unimportant data (a couple of kilobytes per update at 60 frames per second can be in excess of 1MB per 10 seconds!!!)
4. Send to Server the Array with Score
5. Server validates all input
6. Server stores the results

This is probably one of the most secure ways but at an expensive bandwidth cost. You can reduce the updates to just each keypress at a given timestamp (pending your game is programmed not to skip frames), but as soon as you remove data - there's room for doubt which must be factored in. It would still be pretty hard to predict most of the game output. In something like Tetris however, you could seed the time and pass that to the server. This almost makes for a foolproof way, as a PHP script could detect an applications output.

Maintain a persistent connection

Basically it just involves one of the following methods:

  • getUrl() in Flash (or whatever is the equivalent now)
  • WebClient in .NET Framework
  • Url in Java
  • wget in Unix/Linux
  • javascript in HTML

The URL to request would be a heartbeat monitor which naturally would have a threshold as to what is an appropriate delay in respect to the internet. For instance, a gap of 2-3 seconds may be appropriate, or if you're really smart, use a Ping request to get the maximum delay and multiply by 2. This doesn't exactly solve a memory hack problem unless used in conjunction with the above.

- - - - -

So with that all out of the way, it's clearly evident that the best security is a big problem in regards to usability. This isn't practical, in particular in a game that has more than just a player update. What if we look at a phychological approach?

- - - - -

If any of you know me when it comes to security, you know I love honeypots (a mechanism to isolate "caught hackers" in a play pen to simulate a real target). For a honeypot to work properly (and not catch legitimate traffic), what needs to be done? We need to check the process.

Lets assume a .NET game at this stage. We use a php script to collect a score at We use the first method described as normal (i.e. numbers / compute the challenge etc...). Unless the server (or client) is dodgey, this challenge should always register true. You know something is wrong if many logs start appearing from all sorts of IP addresses. What we can do is check for normal application use. That is; lets say the game is delayed 30 seconds from replaying packets. We can use this to our advantage as a hacker may try multiple times rapidly to log a score.

What we do is instead of going "HA HA! YOU'RE A HACKER AND YOU'VE BEEN BLOCKED" (which would only result in a more determined hacker), we simply black list the hackers IP address (or username if applicable), and still post the score with a mark next to it. In a getscores.php file, you would read that blacklist and if the hackers IP address exists, then return all scores (otherwise return a clean set of scores). The hacker thinks he is successful when in actual fact - all you're doing is simulating the scores he wants to see.

After a few days, you could run a clean up and simply ban any user with a blacklisted IP address. Simple as that. (The reason I would use IP addresses is the hacker may log out / in and check the scores are right. You would also want to blacklist any usernames at the time too!).

This method isn't 100% secure either. If the hacker gets wind of this, the system is ruined (which is why a closed source server is the only protection).

- - - - -

At the end of the day, there's no one method that is always going to work. Everything can be spoofed, so all we do is make it harder. Some hackers like the challenge, others will go for an easier target with more damage. For instance, what type of hacker is going to spend 6 hours trying to crack a Tetris High Score list, when he could spend that same amount of time getting money in Habbo Hotel?

Anyway, this is just some food for thought. Good luck!

- - Craig Mattson

[0 Comment(s)]

[Print View]