S I M P S O N S W A V E

Need some music for the winter holidays? Tired of the originals?

Try some S I M P S O N S W A V E. It’s a take on the vaporwave genre, set to memorable scenes from The Simpsons. Vaporwave works kind of like hiphop where artists take old school jams, often long forgotten ones, and soup them up with retro-modern digital DJ loopers and effects. The borrowed sounds range from Sade, Diana Ross and Kim Wilde tracks, to newer R&B stuff like Jamie Foxx, and even some of Jim Lang’s jazz from Nickelodeon’s Hey Arnold. It works well, almost too well.

Even if you’re not a huge Simpsons fan or haven’t seen the show, this stuff is very mellow and cool, with lush keys, saxophones and beats that conjure up a relaxing mood for the holidays. Every so often a disco funk track pulls you out of the chill zone and gets the energy flowing.

Still confused? What the Hell is Simpsonwave?

Or just check out this 1 Hour mix:

If you lurk on Reddit and you like this stuff, check out /r/simpsonswave.

There is Something Terribly Wrong With Windows 7 and svchost.exe / wuauserv

I recently purchased six (6) Dell Latitude E7000 series laptops with Windows 7, which are very nice by the way, but they all came fresh from the Dellcrosoft factory with one glaring showstopper. Straight out of the box, you lose about a quarter to half of the performance, operating time and battery life that you paid for as soon as you power them on.

Why’s that you say?

It’s because a core Windows 7 process called svchost.exe eats 25% of the CPU constantly:

You might think “this is a temporary issue, it’ll pass on it’s own”. No it won’t. We’re talking all day, everyday; this thing just keeps going and going. If you check that process with a tool like Process Explorer to see what internal service is chowing down on system resources, 9.5 times out of 10 it is the wuauserv service which is Windows Update.

Continue reading

Quick Status Update

Just found out today that CloudFlare DNS took a dump on my website, making it inaccessible for a week or two. This has happened before, last time it was caused by the Wordfence plugin for WordPress.

The DNS problem has been fixed.

UPDATE: turns out this issue may have been caused by 1and1 web hosting DNS failure or changes on their end. My subdomains broke too, which is not part of CloudFlare. I tried walking the 1and1 tech support guy through my problem, but he was very slow so I had to end the call and ask for a follow up from him once he finds the issue. I never received the follow up, so I just went into the 1and1 control panel, re-created all my subdomains, then everything was fixed. I still don’t get why even the CloudFlare page cache was failing to serve a cached version of my website though…I thought that was the whole point of using CloudFlare – to mitigate DNS issues and site downtime? Really scratching my head over this ordeal.

UPDATE 2: 1and1 got back to me and said a glitch in their system is what caused my sub-domains to stop working. They also informed their engineers of the problem and wanted me to know how important it is for them to answer my questions as quickly as possible. Although the support was slower than I would expect for a business package subscriber and I had to take matters into my own hands, I’m not too worried about this event and will be staying with 1and1 for the near future.

A Game Engine From Scratch In JavaScript Part 4 – Editor & Debugger

The editor serves as a live debugger and allows modifying the game objects in real-time. These are canvas sprites we’re talking about, not DOM elements. While this is still a work in progress, I wanted to share a screen capture so you can see how it might end up looking. The next screen capture shows some live editing capabilities.

Continue reading

A Game Engine From Scratch in JavaScript Part 3 – Breakout

I wanted to make sure this engine would be comparable or maybe even easier to use than some of the other engines out there, with the ability to build a variety of game types and not just the game I was hoping to build. For this, I decided to go with Breakouts, which is a website that aims to help other developers compare and choose a game engine. So here’s my attempt…

It’s a work in progress, please check back soon for the full article:

This GIF was recorded at 20 FPS; the game runs at 60.

Working: sound effects, level progression, game states, mouse/keyboard input, collision (a bit buggy), ball-bounce physics (a bit crude), sprites, spritesheets, sprite animations, rendering layers, async module/asset loader, fixed timestep. These are all provided by the core engine.

Not Working: power-ups, variable timestep, improved physics.

Continue reading

A Game Engine From Scratch In JavaScript Part 2 – Physics

About 1-2 weeks ago I decided to make a game engine in my spare time. The most challenging aspect so far has been the handling of physics – how objects in the game behave when they collide.

I was able to get a few collision prototypes working. Here’s what the first prototype looks like, it could handle many moving objects, but the accuracy wasn’t perfect:

Disclaimer: I do not own the graphics depicted in this article, nor do I have permission to use them in a commercial product. The graphics were found using Google Image search, and they are being used here solely for showcasing the engine’s capabilities and progress. The tree sprites are from Here Be Monsters, and the player/wolf sprites are from Ragnarok Online.

What you’re seeing in the screen capture above is a bunch of objects (wolf sprites) being spawned with a “roam” AI package, which just makes the objects move around. This AI package idea will be expanded upon later, but it’s kind of how Skyrim AI works, mixed with Final Fantasy XII Gambits – interchangeable and override-able behavior stacks for different scenarios.

(The screen capture above doesn’t reflect 60 FPS due to gif recording at the time. It’s also a .gifv image hosted by Imgur, my apology if the buffering is choppy…)

Continue reading

How to Make a Star Rating Widget – jQuery vs ReactJS vs AngularJS vs Polymer

I found a Quora article by ReactJS lead developer Pete Hunt which compares a Star Rating Widget built identically in AngularJS and ReactJS. Since I was wondering what a similar jQuery version might look like, and since I’ve done a few of these widgets before (see Rapid Platform’s ‘Choice’ component), I decided to build a lightweight jQuery version of this Star Rating Widget for comparison. Feel free to use the Star Rating Widget code in this article for your own projects.

Touch it, you know you want to:

First up, the HTML where our bare minimum template "myrating" lives...

<!DOCTYPE html>
<html>
    <head>
        <script type="text/javascript" src="https://code.jquery.com/jquery-2.1.3.js"></script>
        <script type="text/javascript" src="rating.js"></script>
    </head>
    <body>
        <div id="myrating">
            <span class="star" style="cursor:pointer;">&#9733;</span>
        </div>
    </body>
</html>

Next we have rating.js, where the jQuery component lives...

Continue reading

WP-OAuth Is Not Vulnerable to SpoofedMe Social Login Exploit

The SpoofedMe social login exploit is a known weakness of the OAuth2 “spec”. The OAuth2 spec doesn’t define strict implementation standards, so developers have free reign to come up with some pretty wild implementations, or hack together a few libraries until it works. And that’s where the problem lies. There is no standard. Furthermore, social login is something that is normally built on top of OAuth2, and there’s no standard for that either. Some folks are trying to standardize social login with OpenID Connect (I like to think of this as “OAuth2-Strict”), but until then we will be facing issues like SpoofedMe because developers are not gods.

The SpoofedMe exploit is actually similar to this one, from a Google security advisory earlier this year:

“An attacker could forge an OpenID request that doesn’t ask for the user’s email address, and then insert an unsigned email address into the IDPs response. If the attacker relays this response to a website that doesn’t notice that this attribute is unsigned, the website may be tricked into logging the attacker in to any local account.” –Link

Thankfully, I read the spec and decided not to implement this gaping security hole in WP-OAuth to begin with. Properly identifying users to perform the account match was one of the biggest design challenges that I encountered because not only were there numerous docs and specs to work through, there were a lot of existing implementations that did it wrong. I had to start from scratch.