PRISON OF MIRRORS We're not here because we're free. We're here because we're not free.

OUYA – Part IV: UI and UX

August 21, 2013

The Ouya’s UI (user interface) has been met with mixed reviews. It’s very simplistic and minimal but it gets the job done. For the most part the menus are fast and responsive, and you can get through them or back out with ease. Double-tapping or holding the menu button (or Ouya button) brings you back to the main screen. Let’s take a look through the main items here since this is where the UX (user experience) begins.

The main screen has four options. Play, Discover, Make, and Manage. Naturally the Play section is where you play the games you have downloaded. The layout has a Neflix feel to it, which I think they were going for due to its popularity. It’s just two rows of thumbnail images. When you have moved the cursor over a thumbnail the title of the game appears below it. You can launch the game right there or press U on the controller to bring up the info page. You can also update the game right from the play screen or from the info screen.

There’s not much else to this part of the experience. It gets the job done easily enough I suppose. Personally I think this portion could use a little more TLC. Immediately I’d like to see the games displayed in three rows instead of just two. Also the ability to sort and group the games. Basic customization and organization features. These are nice to have, though, and not need to have. I’m sure stuff like this will make it in future firmware update. For now, though, honestly it’s enough.

Next is the Discover store. Here is where you’ll be finding games to download. This portion of the UI seems to be met with the most harsh criticism. Some of it is warranted, some of it is not. Like the Play section, this section lists games in the same thumbnail format in rows. Some rows make sense while others do not. This section could definitely use some refining (perhaps a complete overhaul) but it’s not dreadful as some people would like you to think.

Each row represents some kind of grouping or categorization of games. For example you have the Ouya exclusives. Some of these lists are kind of pointless like the (few) select developer playlists. There’s nothing wrong with letting me know what some of the notable people in the gaming industry are playing, but they shouldn’t be so close to the top, especially when they are redundant; I think Towerfall is shown three or four times. We get it. It’s amazing and everyone loves it. Let’s discover some new games, shall we? I think these should be placed near the bottom or included in the genre row.


The featured row makes sense, but the criteria for games’ inclusion is a mystery. Likewise with the trending row – no real explanation on what qualifies a game to be “trending”. Is it the amount of downloads? Purchases? Some kind of ratio between the two, or the amount of play time? I’m not aware of the criteria, though it may exist out there somewhere.


The sandbox row is where the new games show up… and for some reason it’s at the very bottom. Shouldn’t this be closer to the top? Isn’t the idea of the console – and this section in particular – to discover new games? Not only that, but there’s no clear indication to what’s actually new or not. I see games in the sandbox that have been there for over a week while others just kinda show up. Would be nice to see new arrivals.

Escape Artists

This section is where games have recently exited the sandbox. As before, no real indication as to what qualifies a game to “graduate” from the sandbox to this section. I have heard it depends on the number of downloads and “likes”, but I haven’t been able to determine any kind of pattern.


This row is useful as it breaks the games down into common genres. The problem with this section is that not all games appear in these individual sections. There are over 300 games on the console but there’s no way they all appear here (or anywhere else in the Discover section, for that matter). The only way to find these hidden games is to press Y which brings up the on-screen keyboard. Here you can find all the games but the trouble is, if you didn’t know it existed, you would never find it, unless you happened to accidentally type something in that would show it.

The Make section is pretty bare, but if you do a lot of sideloading or other customization then it will become more populated. Here is where sideloaded apps appear (where you can launch them). This section is also for those who are developing a game for the console to test their builds. There’s not much to this section but there doesn’t really need to be.

As you might expect, the Manage section is where you can manage the console. It has a couple submenus with a number of different options. You can manage your controllers; updates; see information about your console such as build number, firmware version, etc.; check the storage space left on the console; check your network connection and settings; and other useful stuff.

This section of the console is stock Android, so it will look familiar to many, but because of that it’s not tailored to the Ouya or the Ouya experience, so some may be put off of it. But really, you’re in there to do some managing, not play, so it’s not a deal breaker in my eyes, and to be honest, it gets the job done. There are a couple kinks in this section that need to be ironed out, but all in all it does what it’s supposed to do.

Recently a firmware update changed the home screen. Now it shows the last game you played above the main menu, and six other random games that are randomly selected each week. This is a bid to increase exposure to games, since most are buried somewhere in the Discover section. You can download and/or launch these games right from the main screen.

Overall, the UX feels smooth. I think the UI can use some improvements but the experience is more then sufficient and intuitive enough that it shouldn’t give many people problems. It’s really easy to play games, which is the essence of the console. Finding games lacks some polish, but I have no doubt they are working on improving that area of the UX. I have had no problems navigating around and getting things done when I needed to.

Posted in Video Games

OUYA – Part III: Controller

July 19, 2013

OUYA ControllerI definitely feel like the controller deserves its own post, even though it’s technically part of the hardware. The controller has been met with mixed to negative reviews from what I have read and seen throughout the Internet.

The design and layout itself is considered pretty normal by today’s standards. It obviously takes heavy influence from the Xbox 360 controller design, which is not a bad thing because that controller is actually pretty good. It has the two analog joysticks offset from each other, the directional pad, four “action” buttons (labeled O, U, Y, and A), two bumpers, two triggers, an “Ouya” button, and unexpectedly, a track pad.

The controller connects wirelessly to the console via Bluetooth. Now, despite my pretty good experience with the console and the controller since I have owned it on launch day, I am going to have to talk about the bad things about the controller, because it really does have its faults (my mostly-positive experience notwithstanding), so let’s get into it.

There have been a lot of reports of lag between the controller and the console: movement that was never intended, characters moving off the screen, button presses not registering, or registering seconds later, etc. It appears that anything more than 10 feet from the console causes connection issues. Some people have even reported something as simple as putting their legs or knees between the controller and the console have caused lag issues.

I haven’t experienced these issues myself as I have an extremely small TV room, so I am no more than about four feet from my console with a clear line of sight. Even when I purposely put my legs or knees in the way, or a blanket, I do not experience any lag. I did however take the console to a friend’s house where there was about 20 feet between us and the console and we did experience some pretty bad lag – even with a clear line of sight. We had to kind of lean forward in his couch to get it to play properly. Hopefully this issue is just software related and they can push an update to fix them easily. Relating to this, some people have reported issues pairing the controller with the console (again, I have not experienced any problems with this).

The other issues with the controller that people have reported problems with are physical. The most notorious is the sticking buttons. Sometimes when pressing the O, U, Y, or A buttons, they will get stuck beneath the face plate. Press them again quickly and they return to their natural position. This was more of a problem with early Kickstarter releases and Ouya has since fixed the issue; you can contact their support to have new face plates sent to you. I bought mine retail and have noticed mine stick once in a while as well, but maybe only three or four times since launch day. It always happens at the worst times though.

A lot of the other complaints surround the directional pad and how it’s too sharp and spongy. Personally I don’t think it’s that bad, but other directional pads are definitely built better. I played Super Mario Kart for two hours straight and my thumb was only a little uncomfortable, but I remember having the same kind of discomfort with the SNES controller when I was kid with extended playing sessions. Some people have reported they have to press really hard to make it register any movements, but I have not experienced that issue at all.

And of course there’s the track pad. I have yet to read anywhere someone having a positive experience with it. It’s not completely unusable, but so close it’s hard to tell the difference. You can use it in very short bursts to do some quick navigation or point-and-click, but in any kind of game setting it’s impossible. It’s way too sensitive (though you can adjust the sensitivity in the Ouya settings) and it has a hard time registering taps as clicks. I don’t really recall any games that require it off the top of my head, but I’m sure there are a few.

Other general criticisms of the controller are the bumpers/triggers and buttons feel relatively cheap. The action buttons do feel pretty cheap, and look like they may fall out of the controller – but I assure you they will not. There has also been considerable wear on the joysticks from rubbing along the aluminum face plate. This isn’t a huge issue but it’s pretty noticeable, even after 15 minutes of use. You can sand it down to mitigate this, but it doesn’t stop it entirely.

OUYA Controller Face PlatesEnough negativity, what are some positives? Well I find the controller to fit well in my hands; the weight feels nice and is evenly distributed by the placement of the batteries: one in each side (hint: they’re located under the face plate). As mentioned earlier the layout is heavily based on the Xbox 360 controller so the buttons are pretty familiar. Overall the controller feels nice. The joysticks respond well and since I  have not experienced any lag, game responsiveness has been what I would expect.

I’m not going to talk about the games quite yet; that’s going to be a really big post since I want to touch on a lot of the games and show you what’s good (and perhaps bad) on the Ouya. Next I’m going to talk about the UI and the game store, and how it stacks up and what you can expect to see (and not see).

Get ready!

Posted in Video Games

OUYA – Part II: Hardware

July 15, 2013

OUYALet me begin this by saying that the Ouya console looks really sleek and cool. And it’s tiny. Very tiny. It’s about the size of a small apple or a Rubik’s cube. It even makes the Wii look large. Its presence may go completely unnoticed on one’s TV stand, especially amongst other consoles and media devices.

With that in mind, the Ouya isn’t packing the latest and greatest hardware; it’s not going to hold its own against the big three’s flagship consoles, so if that’s the kind of hardware you’re looking for, you’ll unfortunately be disappointed with the Ouya. Its hardware is comparable to a mid- to high-end phone. I’m sure there are phones out there right now that are more powerful than the Ouya, but they also cost a lot more as well (we’ll touch on price at the end of this post).

It’s running the SoC (System on a Chip) Tegra 3 by Nvidia. The Tegra 3 was released in late 2011 so it’s not the most powerful chip. The Tegra 4 is expected to be released some time before this year’s end. There are half-confirmed statements from Ouya that the console will get yearly upgrades, so it’s possible we may see the Ouya 2 (Touya?) in July 2014 with the Tegra 4 (chances are current controllers would still be compatible, which means updated consoles will probably be pretty cheap if not sold with a controller).

Let’s take a look at some of the specs:

Quad-core 1.7 GHz ARM Cortex-A9 MPCore (ARMv7-A architecture)

Nvidia GeForce ULP @ 520 MHz (12.48 GFLOPS)

Memory (RAM)

Internal storage
8 GB eMMC flash memory

USB ports
1 USB 2.0, 1 microUSB

Networking and wireless connectivity
10/100 Ethernet (8P8C), 802.11 b/g/n, Bluetooth LE 4.0

It connects to your TV via HDMI 1.4 and is capable of video output in 720p and 1080p, and there’s apparently support for stereoscopic 3D, though there are no games released at the moment that I am aware of that utilize 3D. There are also slots in the bottom of the console for the fan to bring in air and vents at the top to expel it. Some have commented that their console gets very hot, but mine has yet to experience this issue, even with several hours of sustained use.

Some have also complained about problems with the wifi connectivity, almost to the point that the console is unusable (since one cannot download games) but I have not had any wifi connection problems. I have my console wired via Ethernet, but I have tested the wifi on my home network and a friend’s, and both were able to connect without issue and download games.

Two things I think they missed out on is a microSD (or even just a standard SD) slot and gigabit Ethernet. The flash memory would make transferring data extremely easy. As of writing there’s no way to expand the internal storage (to many people’s dismay), but Ouya has confirmed they are working on a firmware update that should allow users to connect external hard drives via the USB port to expand it. The console currently detects external hard drives (though some are reporting issues with this) but you cannot install games to it. You can however access media content from an external drive or store and run ROMs for the emulators.

The gigabit Ethernet may not be a huge issue but I am disappointed that the Ouya is the only sub-gigabit device in my house. Megabit LAN should stream 1080p no problem, though I am not using my console as a media streaming device so I haven’t tried this yet. I am hoping the next iteration of the console includes it, though I am happy with its price point and I am certainly willing to forgo gigabit Ethernet if it means maintaining its price tag; I just would have thought gigabit Ethernet was cheap enough by now to fit in the budget but I guess not.

Which leads me into the last thing. How much will this little bundle of joy set you back? It’s selling retail for $99. That’s right, just a hundred bucks. Some may scoff at the price saying you get what you pay for, but this little box can do a lot, and I think a $99 price point is certainly reasonable. It’s low enough that it’s not a huge risk should you not like it, but I don’t think that will be the case. It may not be selling in droves, but you should be able to sell it on eBay pretty easily if you wanted, especially since buying it overseas is extremely limited right now, if not impossible. Even as a nice, streamlined emulation box or a media box, $99 isn’t bad, plus you have access to all the games that are free to try.

I have purposely left out the controller in this post, as I feel it deserves its own, which is coming up next.

Posted in Video Games

OUYA – Part I: Introduction and History

July 10, 2013

OUYA and its controller

I don’t normally talk about video games. I’m not really into them like I used to be when I was a kid. I wouldn’t say I outgrew them, though they don’t appeal to me quite like they used to. Maybe it’s because most games now it seems are all about the graphics and how many polygons they can cram onto the screen rather than the actual game play. That’s not to say there aren’t good games nowadays, but it just doesn’t feel the same anymore.

So what the heck is the Ouya (stylized as OUYA)? It’s a new video game console released June 25 (retail) for $99. It began on Kickstarter asking for $950,000. More than 63,000 backers pledged and they got more than $8.5 million, becoming the second most successful Kickstarter ever. I pre-ordered mine on June 19th via and I received it on June 25th. So far I have been pretty happy with it, but it can be rough around the edges.

The console is based on the Android operating system (running 4.1 Jellybean). Ouya (also the name of the company making it) pledged that it would be open and hackable, in both software and hardware, though I think they were a little overzealous with those statements and have since locked the console down a bit, but it’s still one of the most open consoles ever; you can open it up with a simple screwdriver.

Don’t expect the console to compete with the Xbox 360, PS3, or the new consoles of the eighth generation in both games or hardware. Most games right now are Android ports, but many developers have begun creating original games, and it does have a few exclusives that are pretty good. I’ll go into more detail about the games in a later post.

In upcoming posts I’ll go into more detail about the individual aspects of the console such as the hardware, the controller, the games, the shipping and communication fiasco, etc. I’d like to give each component of the console the attention it deserves, while (hopefully) keeping any bias I have in check.

The next post will be about the hardware of the console. Stay tuned.

Posted in Video Games

Why You Should Never Sanitize or Change User-Supplied Passwords

May 17, 2013

I recently wrote this story on a forum I frequent, but I thought I’d share it here as well and include some additional details.

A little more than a month ago at my work we were dealing with a website that was constantly being hacked. The website itself ran just fine; the hack was unnoticeable to majority of users. The attackers were injecting hidden code into the website that was only appearing to bots like the Google bot. When people googled the website the listing on Google would show ads for other things (usually undesirable) rather than the website’s description or any intended content. Needless to say the client did not want this.

The client’s website had been a victim of hacking several times in the past over the course of several months. They were running a very outdated version of Joomla! that we determined to be the most likely way the attackers were getting in. Due to the amount of customization to the website and the age of it, we recommended rebuilding the site in WordPress or dropping the CMS capability altogether and just create a static website. The client declined to do either to save money. They continued to get hacked though and we continued to clean it up as best we could.

Eventually someone noticed the undesirable text on the Google (and other search engines) listings and alerted the client, who subsequently alerted us and asked us to fix it. We eventually convinced them to rebuild the website in WordPress; however, the attacks continued. At this point the client was getting increasingly annoyed with us thinking we were incompetent at what we did. To be clear: we’re not a security company. We make websites. This doesn’t mean we don’t know stuff, but we’re not experts at cleaning infections. There are some basic things that pretty much any programmer or techie would know to do or look for but we don’t specialize in this kind of work. We already went through the normal motions of changing passwords, folder/file permissions, etc.

The client pretty much threatened to drop us. This was our oldest client, and was very important to us in both monetary terms but also on a relationship basis. We wanted to make them happy and fix their problem but as just mentioned, this isn’t what we do. In any case, we stopped everything and decided to take a “scorched Earth” approach.

We deleted everything from their FTP and we systematically went through our code (line by line in many cases) looking for anything that was suspicious and scrutinized it with extreme prejudice. Once we were satisfied that our code had no infections we were ready to reupload the files.

During this process I was also going through changing all the passwords to their various systems, including the control panel password. We have a password scheme but I made the call that it was not sufficient in this case and decided to use KeePass’ password generation tool to generate 40 character passwords comprised of random letters, numbers, and symbols; these passwords were stored securely so there was no worry of having to remember them or even typing them in.

I changed the control panel password and it came back with a success message telling me it was changed. Great. I recorded the new password and went to log back in. The log in failed. I tried again. And again. I tried the old password as well. No dice. I tried on a different browser, a different computer. I tried everything. I couldn’t get back in.

We were in a critical moment as well because the client declared 5pm as the deadline to have everything back up and working again or they were no longer going to do business with us. It was 4:45pm. Myself and my boss were very stressed and almost freaking out. We contacted the hosting company but they were unable to do much for us. We weren’t “on the account” and therefore there wasn’t anything they could do except send out the password to the email addresses that were already on the account. One of the emails was the person we were dealing with directly (who had set the deadline).

That was the last person we wanted to interact with at this point, but my boss got on the phone and talked to him. He twisted some facts to take some of the heat off us but managed to get the password email forwarded to us. I took a look at the password and it was exactly what I generated. I copied and pasted it into the log in form and voila – I was in. But I was very perplexed because it was the same password! In any case, due to the time crunch I finished my work and we got everything settled with literally minutes to spare.

I went back to take a look at the password because I knew something was wrong. After putting both the generated password and the password from the retrieval email into Notepad I noticed the one from the retrieval email was only 39 characters. It was shorter. I studied both of them carefully to see what was missing and the password from the retrieval email was missing a backslash!

The control panel form accepted the password, but it stripped the backslash from it without ever telling me! There were no indications of any restrictions on passwords, and without giving any kind of feedback to the me, I was completely oblivious to what they had done. I told my boss about what happened because I wanted to make it clear that this wasn’t my mistake, and that this is very frowned upon when it comes to security practices.

We were both quite surprised because we have used the host quite a bit in the past and are still using them for several current projects as well and we have never had a problem at all. They seemed like they really knew what they were doing. I guess not. I sent a strongly worded email to them letting them know that this was poor practice and the trouble it caused me. I never heard from them.

Stripping random characters isn’t the only offence. I’ve seen people apply trim(), addslashes(), strip_tags(), strtoupper(), etc. to passwords. These are all bad, and most of all, completely unnecessary.

Just an additional tidbit of information: WordPress doesn’t accept backslashes in their users’ passwords either, but at least they display a message to tell you!

Regardless though, there’s no reason to restrict a user’s password. Not like this, anyway. Passwords are just strings that should be getting fed directly into some kind of hashing algorithm or other security function. By the time they reach something like a SQL query, they should no longer resemble anything a human would be able to understand, or anything that would be able to mess with a query. Period. Don’t do this. This is bad. Even if you reject the password and tell the user.

Posted in Security