One of the things I love about Google is the language translation facility. On the wordnet website home page in yesterday's blog entry there was a complaint about a Ukrainian website and I took a look at it via Google's web page translation from Russian to English. It lists an algorithm and downloadable source code in C++ for playing Soccer in a virtual soccer league. It's not a perfect translation but good enough to understand.

I worked for six months on a soccer game simulator in the mid 90s (my first C++ program!) so of course this interested me. There's a reasonable explanation of how the algorithm works. Most commercial soccer computer games have something like this running inside, plotting the trajectory of the ball, interceptions etc. I think it's just too complicated to run as a challenge but it has given me ideas. Note the Russian site has some Word documents (in Russian). If you view them in MS Word, you can use cut and paste pages into the Google translate text. It can do about 9 pages in one go. I've added a link into the C++ games code library.

• Link to C++ Games Code Library

Supposedly this is the number of items (from 5-9) that typically humans can remember at time. Any more and you start forgetting. If you are designing GUIs with menus then it's considered good practice not to use more than 7 items in the menu as users have to spend longer searching. The author of "The Magical Number Seven, Plus or Minus Two: Some Limits on our Capacity for Processing Information" is George A. Miller, an Emeritus Professor of Psychology at Princeton. He has also made a big contribution to the field of natural language processing with the WordNet project.

Developed since 1985, WordNet is a large lexical database of English with Nouns, verbs, adjectives and adverbs grouped into sets of cognitive synonyms (synsets), each expressing a distinct concept. Supported by grants from NSF, DARPA and others, WordNet is freely available and now at version 3.0. It contains nearly 117,798 nouns, 11,529 verbs, 21479 adjectives, and 4481 adverbs and is around 12 MB in size.

The current versions are 3.0 for Unix like systems (incl Mac) and 2.1 for Windows. After installing you'll find it includes a folder with the C source code for the API. If you are interested in English language processing this is well worth checking out.

• Link to C Code Library

Last year Nokia acquired Trolltech ASA the Norwegian company that created the cross platform toolkit Qt that lets you write software for Windows, Linux/X11, Mac OS X, Windows CE, embedded Linux, and soon the Nokia S60. Nokia renamed Trolltech to Qt Software and gave it a new website. They have just announced that in March 2009 they will be making Qt available (version 4.5) as open source under the LGPL version 2.1 license, as well as under the GPL and Commercial. Qt is a well respected and used technology used for example in Google Earth. I reviewed a book about Qt development.

This is being done to help promote Qt as a platform for cross-platform development and making it available under LGPL means it can be used in closed source development. This has the additional benefit of letting external developers contribute to Qt (I wonder if it will be in this years Google Summer of Code) and improve the overall quality.

I've always admired Nokia's support for developers, they provided free compilers, sdk etc for their mobile phone business and this continues that spirit.

Just published by Sans.org is the list of 25 most dangerous programming errors. These were compiled by experts from more than 30 US and international cyber organizations so they relate to software that can be compromised and used to let an attacker take control of a PC. Two of these erors lead to more than 1.5 million security breaches during 2008.

I'm not going to publish the full list, just highlight some with relevance to C, C++ and C#.

1. Improper Input Validation. It sounds obvious but buffer overflows can be one way to attack. Instead of using strcpy for example use strcpy_s. Microsoft supports this but not everyone does. It adds an extra parameter describing the size of the destination buffer to stop overflows. Other alternatives includes strncpy and strlcpy.
2. Don't store passwords in plain text. I've often used a binary editor to view strings in an exe looking for interesting strings. Some programmers leave test passwords in (sloppy- should use debug conditional code for that). Other things might be connection strings which contain user/password. If you really must do that, there are various schemes such as rot-13 or xor that hide the data and are easy to decode at run-time. Or if its a really important task you could use a full crypto package.

Hopefully if you are writing important software, your best practices include checking for some of the listed errors. if not, maybe you should consider testing for them.

• Link to C Tutorials