The chicken vs. cow argument goes chickens aren't as valuable as cows, and so you need a way to trade chickens for cows, and so you pay so much per chicken, and pay so much per cow, and now you have a way of trading the two.

However -- this assumes there are people who want chickens, people who want cows, and that the central authority has a relatively fixed pool of money.  In reality, that is not how MMOs function.  Instead, nobody wants the chickens except NPCs who pay from an infinite pot, in order to remove the chickens from the game.  All anyone actually wants are the cows, and so you get infinite and uncontrollable inflation.

To deal with that, you turn the problem on its side.  Why are you giving the players chickens, if what they need are cows?

I see this as like boosters in a collectible card game/trading card game.  There are only certain cards that have value, the rest are garbage.  In order to get the cards that have value, you either buy an ungodly number of boosters or you buy/trade for the card that you want.  All the useless cards have no value, at all, and are just filler.  Once you have a few thousand basic land cards, you don't really benefit at all from obtaining additional basic land cards.  And that is very much how it actually goes.

In the MMO, to remove those useless drops, they use those NPCs with infinite pools of cash.  The issue with that is that if someone can afford to buy a lot of boosters, they can generate a lot of cash -- that is, someone who can play all the time can generate infinite cash, and so inflation runs completely out of control.

You deal with that by removing the booster mentality, and instead going to a redemption or ticket approach.  When you kill something, rather than drop a rare item randomly, it drops a common item all the time.  You trade the common item to a NPC to get a rare item.  You have only chickens (stackable), and there's only one place you can trade them for cows.  That follows a basic pattern, and allows the players to obtain the items that they want.

So how do you handle crafting, then?

Well, the goal behind the redemption system is to reward based on results -- if I run through a mission in record time, without getting hit, etc. then I get a bigger reward than if I wipe a thousand times  It seems like that same logic (to me) applies to crafting -- you don't get the reward from the player asking you to craft the item, the reward -- instead -- comes from the game itself, for doing well at playing it.

This also eliminates the "I'll do that for donations" versus "I want your first born child" problem as well.  :)

Due to continued spamming after I enabled comment moderation, I've installed a plug in to check against a shared database.  We'll see if that cuts it down a bit.

I have both the main computers that I use converted to Windows 7 x64 now.  On the one, I have an adaptec SCSI card that is not recognized, but both systems are working at this point in time.

After waiting for 7 days for the slow computer to do an upgrade from Vista x32 to Windows 7 x32, I just did a reload instead.  The reload completed successfully in under an hour and a half (I was patient because even after a week, the installer was still animating but -- there's a limit to how long I was going to give it, especially since the computer had not had a clean install for many, many, many releases of Windows).

It's up and happy on both of the computers here.

I updated the blog software over the last couple days to the latest version of Blog Engine.  Because I’m still working on the OpenID stuff, it’s using SQL Server for a couple days.  Everyone’s logins should still work.

Because of the number of spam comments, I’ve enabled moderation on comments.

Just FYI,

With Yahoo and several other providers, you can just enter the provider's address (yahoo.com, for example) as your OpenID, and it will redirect to Yahoo and prompt you for credentials.  This is a good feature if you want to use their long, obfuscated identifiers -- but don't want to remember them.  If you have multiple valid identifiers, it will let you pick which one to send back to the site.

The "patcher" in a traditional MMO generally, in some shape or form, requires an account that has administrative privleges.  This is solved in a variety of ways; for example, the new version of the Station Launcher installs a service, which allows it to apply patches using the Local System account.  We are taking a different route, however.

A common approach to loading game resources is to have a "Virtual File System."  Most games do this, at some level, just to manage resources.  Resources could be on a CD-ROM, could be downloaded from the server, and so forth.  The concept is fairly straightforward -- you have a path like: "/themes/systemFaction/systemFaction.jpg."  Under the covers, the system takes the specified path and maps it to "C:\ProgramData\BattleBazaar.net\Iron\themes\systemFaction\systemFaction.jpg."  You don't have to worry about where the ProgramData folder is located in the code, just one spot has to ask the operating system for it.

What we find is that most players spend most of their time in a small subset of the game world, with most MMO's.  Why patch 30 zones the player doesn't care about, to patch the 3 in which they are currently playing?  Now there's something -- obviously -- to maximize the use of zones.  Large, outdoor zones have to be constructed with a target level, and as expansions come out, etc. people are going to move outside that target level.  Using a skills centric system, like we are, doesn't change that -- if you have a large, outdoor zone the difficulty level can't really be scaled.

A strategy that helps with keeping the game footprint small, then, would be to download just what you need as you go along.  This increases load time a little, but you can cache the data and perform just a quick check when returning to the zone.  This removes the need to patch all the various files that go into making a zone, such as the themed textures and so forth.  Meanwhile, it means when you add new content, you just add the new content and immediately start referencing it.  That rules out dial up, but dial up is not a huge market segment anymore.

Now, extending this to the application itself -- if you trust the application using a digital signature, then the assembly can be read from the cache just as easily as from program files or some other, patch-friendly, location.  By trusting the application using a digital signature, you can give the application the level of access that it needs for things like OpenGL calls, but at the same time, you can load it cache-friendly from the web.

The way it works is that you mark some resources "retain," and they are always retained.  You allow the user to set a minimum and maximum cache size, potentially for multiple games.  Then once they download the client, everything routes through the VFS and so the assemblies are brought down automatically, and trusted as necessary via the signatures.  This is similar to how Final Fantasy XI operates, for example.

Tentative update to Minimum System Requirements:

Intel ATOM 1.6Ghz or faster.

1GB RAM

Windows XP Home for Ultra Lowcost Computing

 800x600 min resolution (the specific device I am targetting is 1024x600).  16bit or 32bit color.

*** I believe that 1.6ghz is probably a reasonable target clock speed.  If we can run successfully lower than that, that's great, but I think that the target clock should be right around that anyway.  Like I said, I have a specific device in mind.

*** The invite still will be coming soon for the staff player association.  I'm testing things now, and will send it off as soon as I am sure that it is working.  Long term, the Wiki and blogs will have a visible change as well (authentication will be for all of BattleBazaar.net/BattleBazaar.com, and not for individual pages). 

 *** Part of the delay is that I want to make sure the web features as they stand are "working right."

* Launcher requires the "Install Software" permission on Windows.

* Patcher requires no permissions on Windows.

* Content updates do not require patching (at all).

* Launcher requires root to install for all users on Unix-like operating systems.

* Patcher requires a setuid process on Unix-like operating systems.

OK, so I was working on getting crossfire working again after some update knocked it out, and having no luck.  Some sites suggested uninstalling Service Pack 1 -- let me tell you now, save yourself a lot of grief, do not uninstall service pack 1.  That turned out very badly, incredibly badly.  The argument is that a Windows component has been damaged, and maybe that fixes it.  However, sfc /scannow will have that same effect without costing you a couple hours of recovery -- and it won't actually fix the problem in all cases.

 So anyway, I decide I'm going to reinstall the drivers -- catalyst install manager doesn't work though, and so I look up and again I see crazy advice on the Internet, so here's what I try:

Start > Control Panel > Classic View > Problem Reports

Report a problem with Catalyst Install Manager

Voila, it tells me to go to KB961894 for a solution.  Here's the download page:

http://code.msdn.microsoft.com/KB961894/Release/ProjectReleases.aspx?ReleaseId=2067

This fixes it, but per the discussion, there might be other issues with using the hot fix.  I hope that this saves someone else some time.

I've updated the TLS certificates for BattleBazaar.net and BattleBazaar.com.  Sorry for taking so long, but just did the rekey and reinstall.  That means no more nasty warnings when viewing them about them being expired.

I am getting ready to post a beta version of the patcher and some other software.  Among other things, I'm experimenting with SIP (Session Initiation Protocol) which is what Sony is using for their voice chat, and what Microsoft uses in Exchange.  That would allow us to have voice chat without being "in the middle."  I'll update on that when I determine if it's something I want to go forward with or not.  SIP is the protocol used by most VOIP phones also, which makes it convenient to route to soft phones for support.  It's also used by most Internet PBX-equivalent phone systems.  It is almost certain that I will go that way in place of the XMPP support I had been working on, just because of the potential to support Voice in this way.

* Be aware: if you're on the development or staff mailing lists, you will be receiving a link soon.  That link will get you set up with the OpenID software on the server.  The invite will be on the TLS (HTTPS) site, and will be to the "GM-Developer" and/or "GM-Staff" player associations.  You should accept those invites, and fill out your profile as needed.  If you're using Yahoo's OpenID provider, they will not provide profile information.  If you are using MyOpenID.com, they'll ask you what fields you want to share and you should mark them.

Marcus' website for his web comic is now up at:

http://www.awakened-dream.net

When I get the new BattleBazaar.com website up and running, it will be using the new OpenID authentication.  It is not up right now (what’s there now is just a dummy site I was using for testing).  When that happens, I will post it here as well as to the front page of the Wiki.

When it happens, to gain access to either BattleBazaar.net or BattleBazaar.com, you will have to use your OpenID to log in.  The first time you attempt to log in, it’s going to go to a registration wizard.  It’s going to ask the other website for as much information as it can get, to automatically fill in the registration, but Yahoo won’t give it very much.  Once you’ve gotten it filled in, you’ll go into an “activated but unapproved” status, and it’s going to give a notification to the administrators network that there is an unapproved user.  I’m going to log in, and approve the account and assign you to the roles and groups you should be in.

From that point in, logins throughout the website are going to be using OpenID.

Yahoo doesn’t currently give much information at all when a site asks for it, but some other providers (myopenid.com, for example) do.

Just FYI, I’m in the process of getting the new BattleBazaar.com website I promised a long time ago up and running.  I have OpenID working with the providers that I have tested, so I believe that it ought to be working OK.  The way I am working it is similar to FaceBook or other social networking sites.  I believe that all of this is going to work pretty well, but I need to test it some more before I “throw the switch.”  I believe that I will also be able to run Marcus’ comic site with the same setup.

I am working on passing the login information from the browser into the application; I will probably use a launch ticket application (like Kesmai and Asheron’s Call used to) that passes the necessary information to the launcher, versus other potential approaches.  That means to launch a game, you’ll go to a site (tentatively my.battlebazaar.com), where your games will be listed.  You’ll pick a game off the list, and click it to launch it. 

That also means all the login is done via a web browser.  :)

The user will probably receive an open, save, or cancel dialog box (just like if they are downloading a file) for now, but I’ll get rid of that entirely later in the process.

I know it might seem like a good idea to whoever is designing your web page, but do not ever, for any reason, use the ubiquitous lock icon and put next to it “This site is secure.”  Think about it for a minute – if you don’t get “why shouldn’t I do this,” then keep reading.

Lets say I am a phisher, and pretend that I am trying to fake users into clicking your link.  Where is the one place they can safely look to be 99.97% sure that they have reached a secure site and, more importantly, have reached your site in particular?  The lock icon, built-into the browser.  On Internet Explorer 7 and 8, it’s shown up at the top of the window like this (many other browsers follow this same pattern as well):

That tells me that I am hitting gemoney.com.  It gives me an icon I can click on to see who thinks it is General Electric Company, like so:

Additionally, the bar changed color to tell me that it is an EV certificate, issued to corporation like banks, and that it met the requirements set forth for those kinds of certificates.

Now, here’s what you should never ever do coming up:

Just to show how safe it is:

“   This site is secure”

Instead what the should have there is, roughly:

“Look for the lock icon on your browser address or status bar, to be certain you are connected to our website.  On newer web browsers, the address bar should be green and should identify us as “General Electric Company.””

Do not duplicate browser UI that is going to identify if a site is secure or not in the web page.  When you do that, it makes it easier to lure users into submitting information to a fake website.  Instead, point them towards where the information appears on their browser, and have them look there.  Let the browser do its job and protect the user.

Also, I find it ironic that while PayPal Buyer Credit is run by GE Money Bank, you can’t pay it from your PayPal balance, and you can’t set up automatic transfers either way.  Just seems like if I were doing a credit service for PayPal, I would run the transfers both way.

The main paypal website links to Verisign instead of displaying this widget, and also includes the verisign site seal.  I don’t agree with the site seals either, incidentally, because they are also too easy to fake.

I was going to post here a sample VB project using DirectX, but I remembered there's an easier solution.

 Download #Develop from http://icsharpcode.net/OpenSource/SD/Default.aspx -- it has a template for DirectX already set up.  To use it, you need three things:

1.  Either Microsoft's .NET Runtime 2.0 or Mono 2.0

2.  DirectX 9 (XP) or DirectX 10 (Vista) from http://www.microsoft.com/downloads/browse.aspx?displaylang=en&productID=9C954C37-1ED1-4846-8A7D-85FC422D1388 (the SDK and/or REDIST will install the support -- better to install the SDK, so you can get help if you need it)

3. #Develop or Visual Studio -- #Develop has a template, Visual Studio does not.  The two use interchangeable project formats.

Alternatively, with the Microsoft toolset go here:

http://microsoft.com/xna

That will give you the XNA toolset, which allows you to write code in any managed language (including C#, VB.NET, Python, PHP, C++, Delphi -- whatever language floats your boat and is applicable to the target) and deploy to the following devices:

1.  Windows Computers

2.  XBox 360

3.  Zune MP3 Player

The XBox 360 support requires whoever owns the XBox to pay an extra premium to play "Creator's Club" games.  Zune currently doesn't require this extra premium.

Alternatively, if you're writing a new engine from scratch, TAO from the Mono project is a good option.  TAO uses SDL, a highly portable 2D graphics platform, and has bindings for OpenGL and a large number of other highly portable libraries.  As a result, code in any .NET programming language compiled against TAO is itself highly portable -- it will run, from the same executable, on MacOS X, Linux and Windows.

If it is desired to run against Mono on non-Microsoft OS, then avoid DirectX -- DirectX is a Microsoft proprietary technology, not supported on non-Microsoft platforms.  OpenGL is widely supported and, additionally, offers the entire DirectX 10.1 feature set on Windows XP with nVidia and ATI drivers.  OpenGL is driven by the video card companies in conjunction with industry partners from CAD-CAM and video game companies, not by Microsoft.  It is easier to introduce proprietary extensions, it is easier to introduce agreed-upon standard extensions, and generally the video card companies are fully supporting their chipsets features on that side.

On Windows Vista and later -- as well as all Linux distros and MacOSX -- you should use OpenAL in some form for audio.  Either directly via C++, TAO's OpenAL support (from .NET languages) or via a library like fmod.  Pure and simple, on Windows Vista the driver natively speaks OpenAL.  DirectSound goes through a compatibility library that invokes OpenAL.  On Windows XP, you should install Creative Labs OpenAL driver (which works with all sound cards), and on Creative Labs cards, that card will bypass DirectSound and talk straight to the hardware.  On non-Creative Labs cards, it will route through DirectSound.

If you have an e-mail account, you should be able to access webmail using any of the following:

https://battlebazaar.com/MEWebMail

http://mail.battlebazaar.com

http://mail.battlebazaar.net

Take your pick -- also, if you have an account, the POP3, IMAP and HTTPMail servers should be working also, so you should be able to configure any common e-Mail application to work also..

The "Slow" computer is back among the living.

 However, I don't believe that it qualifies as a "slow" computer anymore.  We'll see after I can do some real testing on it...

 New Specs on the "Slow" Computer:

AMD Phenom x4 2.5ghz

Kingston "HyperX" DDR2 1066 x 4g

2x ATI Radeon 4650, with 1g of RAM each

SoundBlaster X-Fi PCIx

160g Seagate PATA

700g Seagate PATA

USB CD-ROM

We have completed the update at home to AT&T 6MBPS DSL and Internet-based cable.  Aside from getting local channels in high definition that were not included in Time Warner's channel line up, on the digital HD service, the image quality is just incredible.  The PVR is extremely cool, and allows downloading programming extremely easily

Sending out an email tonight to impacted users, however I activated webmail on battlebazaar.com on the secure site there (so that is now an option for mail users).  Should be able to guess what to change.

Didn't get the servers up tonight, will get them up tomorrow.  Sorry for the delay. :-)

Yeah!  You heard me, something is actually coming online. 

Master Accounts

Each account can be either a master account (parent is null) or a secondary account (parent is not null).  Secondary accounts share all contact information with primary accounts.  Secondary accounts are clearly indicated as such.  This is similar to what Turbine and NCSoft do, in that you only have to adjust billing information in one place. 

Characters

Since the character server is also going up, you will be able to create characters under a master or secondary account.  You will be able to specify the character's name and gender.  You will be able to obtain a signature block that can be embedded in most popular forum software for an avatar image, and you will be able to obtain a signature block that can be embedded as a signature.  The signature version will include online/offline status, and will link to a journal about your character.  It is up to you what events are automatically logged to the journal (completion of stories, etc.) and there will be a facility to log short messages to the journal as well (e.g. On vacation until 1/24).  People reading your profile will be able to instant message you in game, and chat with you in game, when those servers are finally up.

People on Jabber or Google will eventually be able to subscribe to presence notifications and also send IM in and out of the game.  I don't intend to support other chat networks at this time, but that is always subject to change.

Player Associations (Clans)

Master accounts will be able to create Player Associations.  These player associations may cross games and servers.  They will be able to create "subordinate" organizations, alliances and enemies.  There will be a membership roster and a guild events log (similar to the log in EQ2).  There will be the capability, as with characters, to add your own messages to the log as well.  The messages will be available as an RSS feed, filterable by game, server and unit. 

Characters applying for membership in a PA will have their character information added to an RSS feed as well.  Someone with add to clan permission will be able to view the feed, and click a link to allow the user to join. 

Services

The first round of externally accessible services will also be made available, surrounding these features.  As with the clan membership notifications, how this works is the remote site requests access to your character data (note: no personal data is available via this service, only character and clan information is available).  You will be allowed to select "allow this site to access my character" or "do not allow this site to access my character" (same with clans).  This is so that clans or fan web sites can pull data.

Game Cards

Support for game cards is also going up.  Staff accounts will be able to generate game codes for the "alpha test" group, and cards that add as-yet unnamed tokens to accounts.  These will be 25 digit alphanumeric codes that do not use the character 1, 0, I or O -- in upper case.  Note: generated codes won't work in master accounts for staff, and eventually this feature will probably be restricted to certain staff groups -- but for now, we don't have a mountain of staff so I won't lock it down. :-)

Profile Cards for Web Sites

In addition to all the above, there's also an option to generate profile cards for use on other web sites.  This is designed to be larger than a signature or profile box, and will eventually show much more information.  For now, it won't do a heck of a lot.  Player associations will be able to generate such cards.

Cardspace Login

Log in using a Windows Card Space or other information card provider will be supported.

You heard it hear first.  Instead of https://battlebazaar.net, you'll have to use https://battlebazaar.net:4343.  This change is so that I can activate https://battlebazaar.com on the server. 

This means the web site for accessing your e-mail will also change.  I'm sending that information out by e-mail in a couple minutes. 

For a long time, I have continued to keep dbacher@battlebazaar.com as a valid mail address.  This was because a significant number of people had the address.

 For the last several years, I have been using a different address.  The battlebazaar.com address gets, on average, between 100 and 120 spam e-mails a day (yes, one account, yes a day).  Most of these are eaten, these days, by the domain black list and the SPF verification.  I've said it before and I'll say it again, if you aren't using SPF -- turn it on.  If you're sending me statements or w/e, then send them digitally signed.

There is a domain keys module now for the mail server; I may install that, or I may not.  My personal opinion is that domain keys does not really bring anything to the table above SPF, while it does introduce a lot more processing.  The reason I say that is that if I'm not accepting mail from an unauthorized server in the first place, then domain keys buys me very little.  The domain key is stored in the DNS, same as the SPF.  The only thing that Domain Keys brings to the table is an additional check that an authorized server is also sending via an authorized process.  But thats not the issue with the spam I see -- I see the spam being sent via unauthorized computers.  And I see more spam than anyone.

 For now, I've split the dbacher@battlebazaar.com account off as a separate mailbox, instead of delivering messages to my primary mailbox.  Once I've confirmed who still is using the older address, I will disable that account (similar to my john@battlebazzaar.net and john@battlebazaar.com accounts, that just mark mail as spam)

http://blogs.msdn.com/andrewarnottms/archive/2007/10/29/what-do-you-think-of-the-new-wcf-store-and-forward-mail-transport.aspx

I can't speak for the mail transport in WCF, because I've not yet used it, however I've used other mail transports with .NET before.  The nice thing about the mail transports is that it is a technology that crosses firewalls easily.  If you have a client outside the firewall, it is almost never a problem for it to e-mail someone inside the firewall.  It is usually easy to get an e-mail account (regardless of the server software involved).

E-mail transports are also useful because Microsoft Message Queue requires a domain controller for some distributed scenarios, but you are sometimes on leased servers that aren't domain controllers.  In those scenarios, e-mail transport provides most of the same benefits as message queues, but without the need for a PDC.  That is huge for some setups.

The other really nice thing about e-mail transports is that given backup MX service (something that only costs around $20/year from companies like no-ip and the like), servers can go offline -- even for a week or more -- and the messages will recover when it comes back up.

The big drawback to e-mail is that it is very high latency.  The messages might get there in 10 seconds.  The messages might get there in an hour.  The messages might get there in a week.  This usually isn't a problem on internal e-mail, but it is a big problem for system domain boundaries. 

Also, you have to watch for filtering as well.  For example, is the remote system allowed to send mail by the SPF?  I am a huge advocate of SPF -- I have it set up on my servers, I enforce it on inbound mail, and you should too.  SPF blocks more than 300 messages a day on battlebazaar.com, and around twenty to thirty a day on battlebazaar.net, and we don't have a ton of users (but battlebazaar.com was used in several discussion lists and newsgroups, and so the spammers came).

Many anti-spam programs will trigger off of message headers, and off of receiving many similar messages.  You have to be certain whatever anti-spam you have server-side is able to handle the messages reliably also.