A summary of Mike 2016

October 25th, 2016

Hello! If you’re here, you probably saw me mention that I’ll be looking for work in 2017.

I haven’t had to look for a job since 1999, so I don’t have a resume/portfolio handy. If you follow my work, you’ll know that I’m very busy right now working on Ludum Dare, and I will be for the rest of the year. Formal stuff is going to have to wait until then.

But thanks to Ludum Dare, I know that a number of people do follow my work. So I wrote this to confirm that yes, I am looking for work, and give folks an opportunity to reach-out early. My apologies if I don’t get back right away.

So here’s a brief post about myself. If you’re feeling nosy, you can browse my public GitHub repo, or even this blog, but this blog is an anomaly (some parts a decade out of date).

These days my blog is more of a notebook; Collecting thoughts and details on topics I’ve researched, so that I can more easily repeat them or pick-up where I left off.

About Me

I run Ludum Dare. I didn’t start it, but I am its caretaker. I have been a part of it since the beginning (2002).

Besides that, starting in 1999 I worked for several game companies over the years (Sandbox Studios, Digital Illusions Canada, and Big Blue Bubble). I’ve done contracting as well. I’ve shipped more than a dozen commercial games (mostly licensed games, including a few more Barbie games than I’d care to admit); Written lots of low-level C and C++ code for Nintendo and Sony consoles, and a few games entirely in Assembly. I’ve also written lots of OpenGL, ES, and SDL code, shaders, and ported code to dozens of popular and exotic mobile and embedded platforms (most don’t exist anymore). I can 3D math, build engines, assemble a toolchain, and wrangle my way through physics. I’m formerly the Technical Director of a large Canadian game studio (Big Blue Bubble), and I ran a “financially underwhelming” indie studio for many years. That was until this side project of mine (Ludum Dare) became my focus.

I’m based in London Ontario Canada (yes, there’s a London in Canada).

I enjoy doing low-level, performance, and optimization work. I’m at-home on Linux, but spent many years on Windows using Cygwin. I’m not a fan of “black boxes”. I like to know how everything works, and know exactly what to expect. Thanks to Ludum Dare, I also know a lot about PHP, JavaScript, MySQL, Linux Servers, and all those trendy web technologies and standards that are all-the-rage. I like Vulkan and VR, but I haven’t done anything real with them.

In my spare time (ha) I toy with a bunch of other projects. I like to dabble with Arduinos, Electronics, Retro Computers, exotic SBC’s (Single Board Computers), and IOT devices. I get nerdy about getting the most out of the least expensive devices (the old cost vs power ratio), and I think eSports is cool (I used to be really in to Starcraft 2 and Smash).

I’m a pretty good cook too. 😀

I’m looking for something interesting. Not necessarily gamedev, but who knows. Something compatible with me having my own projects and commitments, like Ludum Dare. I can’t relocate to the US, but I can visit (I have no diploma. I dropped out of college to take my first industry gig). I really don’t know what options I have, but I’ve done soooo much low level and backend work, that despite industry trends, taking a Unity gig just seems like a waste (I’ve barely touched it, and I have “opinions” of C# 😉 ).

To summarize, I’m looking for: “interesting”, “flexible”, and “not Unity”.

Still here? Want to tease me for being so picky? You can get in touch with me here: [email protected]

Notes: CORS, the thing you wish you could ignore

November 19th, 2016

It’s 2016, and that means security… even if it’s just sandboxing.

Modern web browsers implement a protocol called CORS, i.e. Cross-Origin Resource Sharing. This is a fancy protocol that gives a web browser hints that a transaction should be allowed or not. It was a few years ago that for the sake of security, browsers switched from trusting every request to trusting no request. For the sake of compatibility, some requests are still honoured (HEAD, GET, POST with specific content-types), but some of the most useful ones are not.

Combined with Fetch, the modern/correct way to fetch data from the internet in current browsers (previously XmlHttpRequest), this can messy. But hey, it’s for the greater good… I guess.

Fetch, Promises and Lambda Arrow Functions

JavaScript’s new Fetch method is the recommended way to handle what we used to call “XHR” requests (i.e. getting data by URL) for any new code that’s written. It’s supported by all the major current browsers, and can be polyfilled for backwards compatibility.


The old way (“XHR”) was inelegant, and poorly named (XML HTTP Request). Fetch has a much improved syntax.

Fetch relies on another modern JavaScript feature: Promises. Promises let you wire up code that can be run asynchronously immediately after (in this case) the Fetch completes, be it a success or failure. As with Fetch, this can be introduced in older browsers with a Polyfill.


Furthermore, Promises benefit from another modern JavaScript feature: Lambda Functions or Arrow Functions as they’re sometimes called. In essense, this a new syntax for creating functions in JavaScript. Unlike Fetch and Promises, Lambda Functions cannot be added to JavaScript with a Polyfill. They require a modern JavaScript compiler (or transpiler) to add them in a compatible way.

Or any combination of the above.


And these can be further enhanced with some new features.

Rest parameters (i.e. “the rest of”), which let you write varadic functions.


As well as Destructuring, a new syntax that lets you expand or extract data from arrays.


And at the time of this writing, Rest Destructuring is starting to pop up as a feature (currently unsupported in Buble, without a patch… a patch that exists, and is one click away from being merged in, tee hee).

Legacy Fetch Support

We can do a number of things without worring about Preflights or Cookies, but we still need a CORS header (Access-Control-Allow-Origin). These also work if the origin (protocol+domain) is the same, but CORS is the whole mess when origins (protocol+domain) differ.

You can also do HTTP POST, but when we start talking HTTP POST, we need to start caring about content-type.

In legacy mode, HTTP POST only supports 3 different content types.

  • text/plain
  • multipart/form-data
  • application/x-www-form-urlencoded

That doesn’t mean you can’t use other content-types, but it introduces a new “feature” that we’ll get to soon.

Bypassing CORS

There is a mode you can set…

But this is effectively the same as a HEAD request. It will correctly pass (.then) or fail (.catch) depending on the response code, but you can’t look at data.

Not very useful, ‘eh?


Preflights (i.e. the HTTP OPTIONS request)

To make matters worse, if you want to be modern and use an alternative content type (such as application/json), you now need to handle OPTIONS headers.


That means JavaScript now does 2 HTTP requests per transaction. The first, an HTTP OPTIONS request, and if that succeeds, your actual requested request (HTTP GET, POST, PUT, etc).

This is the ideal case. If server handles these, then you can write optimal Fetch code.

Unfortunately if you PHP, the content type for the above is application/json, which is routed to php://stdin and not the $_POST variables you may be used to.


Server Side CORS

Somehow you need to include CORS headers on your server. You can do this with Apache.

Or as part of the code that emits stuff.

If you only need basic CORS support (no cookies), you can be simple with your headers.

If you require cookies, you NEED to be specific about the origin.

If you are not specific about the origin, it will fail.


Fact, this fail case is the reason this post exists. Gawd. I spent way too long trying to diagnose this, with no really good references. I had to dig through the spec to find this line:

If credentials mode is “include”, then Access-Control-Allow-Origin cannot be *.

In hindsight, now that I knew what I was looking for, I did find a PHP example how to do it correctly.




Anyways, I think I’ve suffered through CORS enough now. Like always, this post is here so when I have to revisit the topic (uploads), I’ll know where to start (configure server to Allow-Origin: * (i.e. readonly GET requests), but get specific in the PHP upload script so that credentials matter (PUT/POST)). (PS: I could stop hot-linking if Allow-Origin was specific to Jammer sites).

Notes: Customizing Ubuntu

October 29th, 2016

Yay more notes.

Changing the File Manager (Nautilus to Nemo)

So, I hate the default file manager in Ubuntu. Unity is fine (meh), but the file manager is dumb. Super dumb.

In this article, a dude did a comparison of file managers available for Linux.


Nautilus is the default, but dude liked Nemo (very much a Sea theme going on here).

His instructions for installing Nemo weren’t too useful (old), but these are totally fine.


Long story short:

Keep in mind, this has changed the default. If you search applications, you should 1 or more programs named “Files”. Click on it and see if it start the correct program.

Remember, you still have Nautilus installed, so if you have an icon on the Unity bar for Files, it links to the old program. Start Nemo, pin it, and unpin the old one.

UNFORTUNATELY this has no effect on the File->Open or Save dialogs. Those are rooted in a GTK 2+ vs 3+ issue, which is unclear. Bah.

Notes: USB/IP

September 25th, 2016

USB/IP is a Linux tool for sharing USB ports with other computers on your network.

It’s been available as part of the Kernel since 3.2, but thanks to the older package still being in the Ubuntu repository, it causes confusion. The following is the proper way to use it.

Read the rest of this entry »

Notes: Time Sync

September 21st, 2016

TBH I don’t have this figured out yet.

In my case, the HW clock is wrong (off by 1 hour).

It should be using NTP, but NTP doesn’t seem to take effect. I’ve read a bunch of conflicting information, like using “ntpd -qg” (which can’t be run until you stop the ntp service), or that a command “hwclock –systohc” will do it. One other dude said there’s some sort of check by hwclock that wont do it unless the date is only slightly off (safety feature). I don’t really buy that though.

Ah well, I just wanted a quick note for this.

Notes: Setting up a Webcam Server

September 21st, 2016


I have a small room, also known as a closet *cough* that I have my printer and some small computers in. Some day I plan to put a 3D printer there as well. It would be wise to set up a simple webcam, so I can check on it. You know, in case of fire and stuff. 😉

Read the rest of this entry »