Month: September 2020

To brace or not to brace

To brace or not to brace

Abstract programming picture
Image by Gerd Altmann from Pixabay

This isn’t exactly confined to C, in fact it applies to many programming languages where braces or curly brackets {like this} are optional after an if. It even applies to Pascal with Begin ends which are optional after an if.

You can have the first or the second as shown below.

if (expressions) 

if (expression {

I saw a recent example where the DoSomething was a logging expression which the compiler optimised away so the if, which lacked braces applied to the next statement. As the if was only true on rare occasions. It meant that that statement which should have been run every time was only run on those rare occasions.

So the prevailing wisdom and one that I entirely agree with is that you should always use braces. If you don’t you risk accidentally introducing bugs like this.

Note. that link is to a discussion on the C programming Subreddit (on


A lovely MiniGolf game in C

A lovely MiniGolf game in C

MiniGolfA developer called Michael Gerdes just published a MiniGolf game on GitHub. This uses OpenGL for the graphiocs and according to GitHub is made up of

  • C 76.5%
  • C++21.4%
  • GLSL 0.8%
  • Scheme 0.7%
  • Objective-C 0.6%
  • HTML 0.0%

Every project on GitHub has these on the RHS of the home page. They include links with filters to see the particular set of files. Particularly telling is GLSL which are shaders. If you do 3D graphics, that’s something you need to learn. Its why I stick to 2D. The other stuff probably comes as part of various linked libraries.

It’s nicely done and the GitHub page has four animated gifs showing how it works. It also uses the open source Dear Imgui GUI library.

A portable Windows Devkit

A portable Windows Devkit

Tool icons
Image by mohamed Hassan from Pixabay

I spotted this the other day. A C and C++ development distribution for Windows called w64devkit. It’s less than 80 MB and you don’t need to install it so you could easily fit it onto a USB memory stick or download it.

As the author (Chris Wellons) says “Despite its simple nature and small packaging, w64devkit is almost everything you need to develop any professional desktop application, from a command line utility to a AAA game”. Note it doesn’t include source control, nor does it access the internet, though no doubt you could. So you could backup stuff say to GitHub or wherever.

I am fan of software like this that you can take with you on a laptop or a memory stick. You don’t always have to have a full dev system with multiple monitors, Visual Studio etc.

If you’re interested, do read the entire blog post.


First C Tutorial published

First C Tutorial published

TutorialAs I add these (one or two each week), I’ll add them to the tutorials page. The first is introducing C Programming and has the almost mandatory Hello World.  To speed up trying the code out, I’ve included links to two online C compilers where you can run the program.

The two online compilers and were both around when I wrote the original tutorial and the original C program (Ideone) link still exists on Ideone. (After you compile a program successfully they provide a shortcut back to it).

I’ve taken the original C tutorials and have stripped all the cruft (CSS, much Html, and JavaScript) and edited slightly).  It helps that I wrote them originally back around 2006-2007. There’s approximately 30 in total. I will be beefing them up as well.

Follow the Tutorials link on the top menu.

My earlier work in C, C++ and C#

My earlier work in C, C++ and C# screenshotThe tutorials I wrote on C++ and C# on between 2006 and 2013 are all a bit dated now. Both languages have been updated several times since 2013 when I stopped writing for But thanks to the Wayback machine you can view all of my work from the early stages in Mid 2006 to the finish in July 2013.  I owe the copyright to this material so I can reuse it as I wish.

On this page, there’s an index to 43 C tutorials, most written by me.  So as a little side task, I’m downloading these, cleaning them up, fixing the odd error and adding them to this website via the Tutorials page. Some but not all are also available on the ThoughtCo website which is the reinvention of

Ironically I got better at writing for them towards the end. had been very successful back in the late 90s when the web was still fairly new but could never sustain that and declined more or less from the year 2000. I think the highest daily viewing figure I ever got was 12,000 pages but some of the others (particularly Southern Cooking) got in the millions.

I recommend you visit earlier in the day as it slows up a bit once the USA wakes up typically around 1.00 PM (GMT). Given the volume of stuff it stores, it is a totally amazing place.

An example of what you can do with MonoGame

An example of what you can do with MonoGame

OpenVIII screenshotMonoGame is not just for mobile, as I’ve been doing. Open VIII is a Final Fantasy VIII game engine written in C#/MonoGame and currently works on Windows and Linux (not sure about Mac). Other games in the series have been ported to other platforms but not FFVIII, so that’s why the project was started.

The instructions for Open VIII on Windows suggest Visual Studio 2017 but I imagine 2019 might also work as MonoGame 3.8 has templates for it.  As the project says “OpenVIII is an open-source complete Final Fantasy VIII game engine rewrite from scratch powered in OpenGL making it possible to play the vanilla game on wide variety of platforms including Windows 32/64 bitLinux 32/64 bit and even mobile!

As with virtually all open source reimplementations, you will have to provide your own game assets such as images and sound. You can do this apparently by buying the original game on Steam. I took a look and sure enough it’s there and there’s an official remastering by Square Enix. I’m not sure why the Steam search brings up FF VII as well but hey that’s search for you… I’ve added a permanent link to the C#/MonoGame links page.

Steam Final Fantasy VIII

Adding Security to Web apps and Games

Adding Security to Web apps and Games

Image by Darwin Laganzon from Pixabay

Because I’m developing a server game, data has to flow in both directions. That means it might be read (by ‘tapping’ e.g. using utilities like WireShark) or maybe even spoofed. Obviously this would be a bad thing.

Now I’m obviously not going to say how exactly I plan to protect it. Here are a few ideas.

  1. Encrypt all data. I already do this with an SSL certificate. Apple for example block network connections that aren’t secured.
  2. Include checksums and other ways of checking that the data originated from where it purported to. A poor way of doing this would be to always include a constant value and check for its presence. The idea is good but if someone managed to disassemble an app, they might spot it and it would be game over. The principle is sound but not a constant value.
  3. I like the idea of a time based constant but it needs careful implementation. The idea is that every hour say a new constant is calculated. Now there are several issues with this: how do you derive the constant so that the server and mobile apps know what constants should be? One way would be a pseudo random number generator and there are many algorithms. So long as both client and server (which are programmed in different languages) can manage this then that’ is not bad. Another issue is “time dislocation”. My mobile and server may not be exactly in sync. It might only be a fraction of a second or maybe longer if they are on different time zones.  One way round this is to keep the last say two or three values and check not jut the current one but the one before that as well.  We’re not bothered about the time so much as when the hour changes.
  4. Or a simpler method, just have a list of constant values. And an index which is incremented every hour. It wraps round at the end. This is virtually the same as 3. but without the pseudo random number generator.
  5. Include a secure hash of the main data. This is like a digital certificate created from a document. It guarantees that the document hasn’t been tampered with because the certificate is created from the contents of the document. The only thing here is, the data must include a value from 3 or 4 to verify the document so a spoofer doesn’t just send their own data and a secure hash of that!


Adding an SSL Cert

Adding an SSL Cert

SSL connectionThese days, if you have a website or even a game server then you probably should have an SSL (or TLS to be more precise) certificate. Have you heard of telnet? It’s an old protocol that allows you to connect to a remote computer and issue commands. Do you know why you don’t hear of it any more? Because it was designed for an era where hackers didn’t spend all their time attempting to compromise computers. Telnet, like FTP has a flaw. Passwords and login details are sent in the clear. Not hashed, or encrypted.

Why don’t I use SSH to connect to it? I do. SSH has more functionality than SSL and is very good for encrypting remote connections. SSL needs a certificate, whereas SSH doesn’t but many think you should use a SSH certificate as a substitute for username/password and I intend to. If you’re not sure of the technical differences between SSL and SSH, this article isn’t a bad place.

So today I paid for an SSL certificate. I’d pointed a domain I had handy to the vps a few days ago, to give DNS a chance to settle, (24 hours max but usually much less) paid £20 for five years of SSL cert and installed it today. Thankfully, virtualmin which I use for configuring the server makes it straightforward to request a SSL by generating the CSR (Certificate Request an Private Key) . This blog uses an SSL cert from the same place (CheapSSL). Despite the low price the certificates are very good.

Although the world won’t see what the cert is protecting, you almost have to have them nowadays. This is for the connection between smartphone and server. As I found today, Apple is ramping up security and Google is doing the same. I have iOS 14 on my iPhone (upgraded yesterday) and it refused to connect to WiFi in my local coffeeshop. Their certificate doesn’t expire for another month but I suspect it is now over 398 days old. As far as Apple is concerned, that certificate is past its use by date. This is Apple’s new policy since earlier this year. My wife’s iPhone, still on iOS 13 connected quite happily.

For those who have bought a multi-year certificate as I have today, it just means you have to generate another CSR and install a newer certificate once every 400 days or so. I’ve started taking screenshots of the details so I get them correct! I believe Google is moving to this 398 day maximum as well.

So the commands from smartphone to game server are now sent over https and encrypted in flight as are the results. It’s one less thing to worry about.



Quake II – still a favourite

Quake II – still a favourite

Quake II screenshotOh I do play much newer games such as Far Cry 5 which I’ve completed recently but Quake II was a favourite of mine back in 1997 when I bought it. I’m more of a Quake than a Doom person. Unfortunately for me, my then PC couldn’t run it. It was only two years old as well.  But I got a new PC in 1998 and that played it just fine. I’m not saying I’m a saddo but I can play it through on the hardest level without losing a life.

The reason I mention it because of an article I came across that described the different ID Tech Game engines and the games made with each engine. All have been open sourced (Up to ID Tech 4). Quake II was written using the ID Tech 2 engine itself written in C and assembler.

For some reason the link to Quake II source code is wrong in that article but you can find it on GitHub. In one of 18 of ID Tech’s 18 repositories there.

If you are interested in downloading and trying to understand the Quake II source code, I strongly recommend you read Fabien Sangard’s walkthough of the code.