Games Day #16 allows a glance behind the scenes. Thomas Feucht of Crimson Dragon starts with the development of a MOBA - "Indi"-stile. A MOBA is a game genre which belongs to the realtime-strategy games.
Maximilian Krauß, well known from his smart-watch talk at the last Games Day, will present LeapMotion. A new interface technology for game control via hands and fingers. He will explain LM and its competitors (e.g. Google's project Silo - a radar based gesture recognition technology) and show us, what LM can already do. The big question ist: will it create immersion or confusion for the players? And of course he brings a whole lot of demos like Blue Estate The Game, Mirror's Edge with GameWAVE - old games played in a new way and Ingenuity - his own project counseled by Andreas Stiegler.
There is no question, that Virtual Reality is a hot topic these days. We are lucky to have our own team at HdM which is concentrating on all things VR. Alexander Scholten from the dev team of Gravity³ will explain the main differences in asset creation between VR and classic media.
The next talk is going to be another "instant classic" in the long row of talks by Andreas Stiegler. This time he concentrates on multiplayer game development which is in our "onlized" world already a must. But which places a heavy burden especially on smaller dev teams. With a little touch of technology but without source code he will explain the construction of FPS, RTS and MMOs and in doing so explain the fundamentals of multiplayer and how it is done by "the big guys".
And last but not least two short previews of current projects at HdM. "SWITCH Team Racing", a cooperative-multiplayer-Online-Funracer, is being developed by students from Audio-visual Media, Mobile Media and Computer Science and Media. And "High Moon", a 3D-Role-Play-Beat`em in a Sci-Fi/Western-Scenario.As always: don't take the starting times given below too seriously. We are notorious for exceeding out slots...
Agenda: 13.30 Welcome, Prof. Walter Kriha 13.35 Multiplayer Online Battle Arena (MOBA) Entwicklung, Thomas Feucht, Geschäftsführer, Crimson Dragon 14.20 LeapMotion in Aktion, Maximilian Krauß, Medieninformatik HdM 15.25 Asset Erstellung: was funktioniert in VR und was nicht. Beispiele aus Gravity³", Alexander Scholten, Medieninformatik HdM. 16.20 Multiplayer, Andreas Stiegler, Doktorand, Mobile Medien, HdM 17.25 Preview: "SWITCH Team Racing" und "High Moon", HdM Teams 18.15 Ende der Veranstaltung
On this beautiful spring day, a surprisingly large crowd gathered in room 056 to learn about the latest developments in programming languages. To lighten the mood, I gave a short introduction to things on my feature list (see below), mostly from a security point of view. And I ran the famous video clip from destroyallsoftware/wat.
In his talk on C++ standards, Patrick Bader first explained some unique C++ features like value types and then continued with new features, especially for memory safety. The ownership concept seems to be the way to go in languages without garbage collection (like Rust) and features like uniqueptr try to control the way resource pointers are handled. C++ also saw improvement in the area of usability: the auto keyword automatically detects type information and results in a more concise source code. Threads have been added, easier iteration syntax and for the future a much better library support has been promised. The C++ fans have discovered the value of large libraries like in JAVA. The result of the talk was: C++ has everything, that a modern programming language needs, e.g. functions. But it still does not force overhead on its users, if they don't want it. And there is still no alternative in the area of system programming.
My biggest surprise came, when Patrick said, that C++ is no Object-oriented language - it only supports the style if you want it.
The GO talk by Tommy Funkhauser was another highlight of our day. The first surprise was the list of creators of GO, which included Rob Pike and Ken Thompson of Unix, C and Plan9 fame. And so it was obvious, that GO would support distriuted computing in a rather perfect way. I will concentrate here on the interprocess communication mechanism which turned out to be very close (one might even say a clone) to the Erlang channel concept, based on message passing. No shared anything. A server serving requests is almost a one-liner. I did not know, that docker e.g. has been written in GO already, and many other tools from Google as well. It does not have exceptions and they are probably not really neccessary in distributed computing. It does not use a special VM but includes its runtime with every single file image (yes, that causes rather large deployment files, but keeps everything togther.) Lots of tools exist as well.
My conclusion was, that I am going to use GO in my distributed systems lecture in the winter term and that the core principles of GO actually come from much older languages.
The talk on Java by Benjamin Reutter continued in the same vein: He showed, how the functional paradigm has been integrated in Java8. Based on the concept of functional interfaces (or method interfaces) he showed 4 basic types of functions, which can be used to implement function objects. Some syntactic sugar has been added as well, like the option to use methods directly as functions in case the parameters fit. A big step forward is the support for so called collection pipelines like the map/reduce pattern used by Google for large scale parallel computations. The pipeline concept allows full parallelization without the need to fall back on manual thread programming. Parallelism is fully declarative through the stream.parallel() statement. Well almost, because you surely need to watch out for side effects like using a collection explicitely in your own functions. This collection better be thread-safe in that case, and the synchronization overhead will probably anyway kill the gain from multiple cores running the pipeline functions.
Unfortunately I missed the final talk by Jonathan Brachthäser, but I will watch it from the archive later.
So what about security features in those programming languages? As I said in my wishlist (below), memory and type safety are the most important features to me. Neither c++ nor GO use a VM concept, that shields programs at runtime from violating type security. With respect to memory safety, C++ made some progress with the owner concept of pointers and references but it is still a complicated and error prone field. Both languages allow references and multiple assignments and are therefor prone to unwanted side-effects. The following is a diagram that displays the percentage of memory-related bugs of the highest category, from the vulnerability list of firefox/mozilla. In the currently latest release, memory corruption errors account for roughly 60% of highly critical security bugs (from: Oberste-Vorth/Rahnefeld). Due to the no-share concept, GO does support multi-threading in a very safe way. The channel concept allows independent (and safe) partitioning of functions and modules easily.
Security is my top-most concern. I want type-safety and memory safety. Almost every Remote Code Execution Vulnerability in Windows in 2014 was caused by buffer overwriting or use after free bugs. Type safety is only possible after memory safety and without type safety no security isolation within applications is possible. And therefore not damage reduction. This does not mean only garbage collection can solve the memory safety (see Rust).
Runtime Safety for types and memory ist a must. Compile time is just not good enough, because malicious code does not care about your compile-time checks. Safe treatment of resources is a must (not like "finalize")
Once we have type and memory safety, we can start with object capabilities. This concept uses the control of references to achieve POLA (Principle Of Least Authority). This allows us to load any kind of code or data without giving it all our rights. It is basically a software based virtualization of everything based on principles like Dependency Injection.
Usability is core for programming languages. Obscure features are not only a problem for productivity but also for security. The language must be parsed by people as well as tools. Good package management is a must.
Concurrency has become a big topic with multicores. We do not understand shared state concurrency and the language needs to offer simpler concepts like message passing, actors, parallel streams etc.
Asynchronous processing, especially in I/O has become an important topic, as we can see with the success of node.js etc. The language needs to offer easy ways to deal with async. calls like futures, promises, async/await etc.
Multi-paradigm support is a must. Why should I have to switch programming languages, when I hit a functional problem?
The language must support system programming and embedded control programming. I shudder, when I think about the "Internet of Things" based on C-code.
In the 1990 there was talk in the industrie, that the last programming language had been found (I believe it was C++), and that no further research was necessary. This started a period of little change and improvement in the area of programming languages. At the same time the concept of "modern software engineering" as a design-only activity became popular, finally represented by the UML standard. Everything seemed to point into the direction of automated software construction and IBM started to sink millions in Rational and its products. Well, who would have thought, that software development as a craftsmanship would make such a powerful comeback? Probably supported by the victory of agile methodologies over waterfall processes. Today, agile methods turn corporate cultures and development processes around under the concept of "Lean Enterprises" - a continuation of the "continuous everything movement", which started with test-driven development and continous integration and now covers continuous experimentation, continuous measurements, continuous delivery and continuous deployment. In other words: product development has gotten extremely agile. And of course, program languages play an important role - besides architectures like microservices and SOA - in those concepts. And suddenly new programming languages popped up almost every day. Some tried to re-discover lost paradigms like functional programming (due to usability advantages and the arrival of multi-core CPUs presenting a huge engineering problem for multithreaded applications). Some invented new concepts altogether. And some broken things are still around and I am going to start the talks with a little wishlist of features, especially for usable and secure programming languages. According to the TIOBE index, many old programming languages still prevail and prosper. One example is C++ with its history of more than 30 years. After a long dry-spell it caught momentum again with the C++11 standard of 2011 and is currently undergoing changes, which need not fear much younger programming languages. Patrick Bader, Computer Science and Media at HdM, will explain many critical changes and talk about future developments in this language. A language that, despite a lot of criticism, is still almost unchallenged in areas like embedded control amd operating systems or game development. Even Java, one of the most popular OO-languages, could not close its doors in front of technical trends like higher order functions. Supporters of the functional programming style have demanded for years, that Java should be extended with a functional paradigm. Finally, with Java8, higher order functions have been introduced and a framework for parallel collection pipelines like Google map/reduce on top of it. Benjamin Reutter just finished his Bachelor thesis on this topic and he will explain the new concepts and present some performance results. If functional programming (in Java) is news to you, don't miss his talk. Well, what about "modern" programming languages? Tommy Fankhauser of Mobile Media at HdM will present the new programming language from Google, called GO. Why do we need a language especially für large scale distributed systems (spelled Internet)? Just listen to his talk. The last talk on this day is not about programming languages but about the act of programming itself. Some defining moments of happiness due to recognizing the beauty of programming will be explained by Jonathan Brachthäuser, MI alumnus as well and currently doing his doctorate at Uni Tübingen. For sure something for all those, who still try to understand the role of programming -or should I say "computational thinking" in our world? A discussion with the audience will fit nicely at the end of our language day. To get into the right mood for our day, just watch the hilarious video from Destroyallsoftware .
Agenda 13.30 Welcome und Wishlist, Prof. Walter Kriha 13.40 Who's not using C++? M.Sc. Patrick Bader, Medieninformatik HdM 14.40 Hey Ho, Let's Go!, M.Sc. Tommy Fankhauser, Mobile Media, HdM 15.45 Functions und Stream-Processing im neuen Java8, Benjamin Reutter, Medieninformatik Bachelor 16.30 The joy of programming -- Four distinguished moments of beauty, M.Sc. Jonathan Brachthäuser, Uni Tübingen 17.30 Ende
Tip: Monday, 12.1.2015 23.30: Schlachtfeld Internet, The term "desaster" is simply too weak to express, what happened in the last two years with respect to the security of IT-systems. Is there still a company that has not been compromised? That did not loose vital data or saw its functions corrupted? Which infrastructure has not been the target of cyber attacks, in spite of extensive security measures taken? Which citizen has not been in some way affected by stolen passwords or account informations, phishing attacks, theft from clouds or simply the permanent need to update and update and update....
To finally get violated in their privacy by state organisations either directly or via large internet sites like google and facebook? After Snowden, the world of IT-security it no longer the same but the extent of weaknesses in our IT only slowly makes its way into our conscience. Surprisingly - like living on a different planet - there is no lack of IT-visions for the future: autonomously operating cars, intelligent power grids, advanced biometric technologies etc. Are they going to secure those things like they were doing till now? I suspect so. Can we develop secure software at all? Daniel Kefer from 1&1 is going to answer this question. He will show us the 1&1 lifecycle for the development of secure software. How long can vulnerabilities exist in protocols of fundamental importance? Prof. Dr. Roland Schmitz will talk about "Hacking UMTS" and some research done many years ago which seems to be still valid today. How are large corporations today dealing with the security of their systems? Can we still talk about prevention or is limiting the damage all that is left? How do those highly specialized attacks called Advanced Persistent Threats (APTs) really work? What kind of tools and components are used? Is IT-forensics the next step after IT-security? Moritz Seltmann and Christoph Alscher from Bosch Security - both Alumni of our computer science and media faculty - will give an overview of the latest attacks and countermeasures. Is perhaps IT-Security part of the problem instead of part of the solution? Why are our systems so weak? How do the vendors of systems get away with lame excuses and ever more vulnerabilities? Is it really the hacker that is the problem, or is the development of our software and our systems fundamentally flawed? The 4th talk by Prof. Walter Kriha is going to deal with those questions - against the background of new developments in critical infrastructures in this post-Snowden time. In the future, IT will control all essential areas of a society und failures will immediately cause the loss of lifes on a massive scale. But also on an individual level infrastructures like the e-health card can threaten the economic and social existence of citizens in case of data loss. He will be supported by Dr. Franz Hein in the area of intelligent power grids. The talk will challenge some very fundamental assumptions and processes in IT-Security, like the way risk management is done, the process of blaming the users for attacks and so on. And it will try to show ways to achieve more robust and resilient systems which allow damage reduction. But this will possibly require changes in many areas like basic software development and the system building approach we are using.
Agenda 13.30 Welcome, Prof. Walter Kriha 13.35 "Secure SDLC@1&1: Was alles 1&1 während den einzelnen Entwicklungsphasen bzgl. Security macht um mit sicheren Produkten an den Markt zu gehen.", Daniel Kefer, 1&1 Security 14.40 Hacking UMTS, Prof. Dr. Roland Schmitz, Medieninformatik, HdM Stuttgart 15.15 IT-Sicherheitsvorfälle erkennen und abwehren, Moritz Seltmann, Christoph Alscher, Bosch Security 16.30 IT-Security am Ende? - Wege aus der Krise der kritischen Infrastrukturen, Prof. Walter Kriha, Computer Science and Media, HdM Stuttgart, Dr. Franz Hein, mpc Esslingen 17.30 Ende der Veranstaltung
This games day will be a bit more technical than the last ones: Illumination, physical properties of textures and realtime rendering processes will be covered, as well as mobile games on smart watches and artificial intelligence for games. Illumination is a central part of perception. It has a big influence on the atmosphere in a game and the gameplay itself. During the last couple of years the technology for realtime lighting has improved considerably, despite the performance-heavy calculations needed. Two alumni from our faculty will present techniques and effects. Both are working for Havoc - a software company which specializes in game engines. Clemens Kern will present Physically Based Rendering. PBR separates material properties from light information. Textures contain information about the physical properties of surfaces and objects and allow individual effects on lighting. Benjamin Thaut will talk about Global Illumination in Games: Gone are the days when light informatin had to be preprocessed in textures. Today, games calculate the light path across different physical surfaces in realtime and by doing so achieve a highly realistic rendering. Of course, this also reflects the different lighting across an in-game day. But games are pushing the limits in other areas as well: e.g. new hardware quickly becomes a target for game development. In this case we are talking about smart watches. Maximilian Krauß will report from his internship at handygames - a company specializing in game-development on mobile devices. Finally, games needed to become more intelligent and usable. This is the area of game-AI, which covers simple things like path and navigation support but also complex behaviors of NPCs. Cand. PhD Andy Stiegler will give a talk on this subject.
Agenda: 13:30 Welcome, Prof. Walter Kriha, HdM Stuttgart 13:35 Physically Based Rendering, Clemens Kern, Havok 14:45 Global Illumination in Games, Benjamin Thaut Havok 15:45 coffee break 16:30 Beyond Mobile, Maximilian Krauß, HandyGames, current work on games for smart watches 17:35 Future of Game AI - Techniques and concepts of artificial intelligence in games, Andreas Stiegler, HdM Stuttgart