Apr 15

Spy-E: Idea

This semester for Agile course, Arman Garip, Can Göçmen, Deniz Sökmen, Enes Şenel and I came together as a team to develop something that I personally wanted to be involved in.

It is Spy-E!, (pronounced as sphay-hee, not spahi, that’s something else.). It’s a game!

It may seem very standard goal for today’s world, well, all of us wanted to develop a one that we play and enjoy.

First we started talking about which games we enjoy most. Starting with Metal Gear Solid series, an upcoming MGS V: Phantom Pain, mostly Deniz and I enjoyed how the stealth is used as a game mechanics. Starting from MSX2 (very old gaming console from Japan), the first game of the series, Metal Gear was the first one to include these mechanics.  Furthermore it moved to NES platform with a very bad remake of the MSX2 version. After that Metal Gear Solid (over six million copies sold) was released on Playstation. Moving the game from 2D to 3D, for me it’s a unbelievable breakthrough. (Beware that Playstation has a MIPS R3000A-family R3051 CPU with 33.8688 MHz clock.)

Screen Shot 2015-04-08 at 15.55.48

(Water reflections are amazing, for that time.)


Metal Gear Solid: VR, (extra missions, which are a great expansion also to the story.) the main character of the series, Snake trains in a VR environment for a greater threat, a device which can launch a nuclear missile to every location on earth. (Summarising a very big franchise with a one sentence 🙁 ) You learn about stealth and weapons in those missions.

I met with MGS franchise, long time ago with MGS 3: Snake Eater via my PS2. One of our random conversations with Deniz, he convinced me to play the whole series to understand the whole franchise.

Long story short, we decided to make a game that has a theme like MGS:VR, except you are not a super-genetically-engineered soldier. Your character will be a anonymous person who wishes to be a Spy to be used by a fictional government to steal enemy intelligence from well-protected enemy headquarters. You should be able to avoid enemy soldiers, surveillance systems to be stay undetected.

It was a pity for MGS: VR to not be able to build your own levels. After you beat all of them, you probably get bored after a while. We decided to include an level editor to Spy-E for that reason.

We started developing Spy-E last month with agile methodology. Each week(sprint) we are required to show our additions to the project and discuss about the requirements with our instructor.

About the engine(is it in-house or third-party?), screenshots, models and more, in next post.

Feb 15

Magic Tricks in iOS Development

Yes, magic :-),

I started working in a firm that develops solutions for events like congress etc. As you know, in professional life, you need to deliver your products on the time. If you are doing repetitive tasks for the products, you definitely need to do some magic tricks.


My first recommendation before telling you my magic tricks, for the iOS developers(this is true for other developers as well) is to understand requirements, priorities very well. What is the most important thing to do first? A feature or half-finished mobile app that is delivered on time.

Secondly write clean code, you know very well why. Ask Uncle Bob.

And now magic trick number one: Most of time I got frustrated by lack of automation for taking screenshots of your application inside Xcode. Well I found a workaround, which is above my expectations.

It’s called Snapshot.(I highly recommended it. Kudos to its author.) It generates the screenshots of your app by executing a UI interaction script. Author of Snapshot, Felix Krause, also has small tiny components that can be combined with fastlane to automate the whole deployment process.

I am using Swift for a while and I want to recommend you the third party libraries that I use, and all of them are magical.

  • JSON.swift, very simplistic NSJSONSerialization wrapper by Dan Kogai
  • Async.legacy, Syntactic sugar in Swift for asynchronous dispatches
  • SQLite.swift, by Stephen Celis, saves you tons of headaches if you are using SQLite in your project. Plus has a very well-written documentation.

My final advice is, even though the 3rd party libraries are tempting at first, later you can get headaches too. Please be careful while choosing a 3rd party library. It may be buggy, make sure that you really need it.

The libraries that I shared with you above, are the ones that I really like. If you find a bug in any library that you use, please don’t forget to report it or fix it and send your patch to the author.  It will be very useful for other suffering developers.

And may the force be with you!

Jun 14

Automating Terminal Experience with Aliases

Even though, I think terminals are kind of ancient tool, it is unquestionably useful when you are accessing to a remote server and etc. Despite the fact that I know how to add aliases for my ssh connections(thanks to Murat Kırtay), I really hated to go through to my .zshrc configuration to edit it to add an alias.

First I wrote a very basic alias adder script and placed it to the /Users/tdgunes/Utils folder. (I am sorry that I didn’t find the time to make it completely modular and clean for other people.)

After putting this into Utils folder named as new_alias.py, go to your .zshrc file. And add this at the end of the file:

Now it will become so easy to add other python files. Go to my terminal utils gist, you can download the other scripts. For instance, you can automate your ssh logins by just adding the script (named as add_ssh.py) to your aliases and then when your alias is called, by filling user name and the host name, your password twice and it will put to your keychain, so you don’t need to write your password every time when you login to a remote server.

Happy hacking!

Nov 13

Dilixiri, Securing an REST API and OzU-EMS

Screen Shot 2013-11-21 at 11.00.14 PM

In 2010, I was working on moving web app of Dilixiri to a iPhone app. (Dilixiri is a Turkish-English and English-Turkish sentence translation app.) The problem was of that time, our small team does not know anything about handling data between different softwares. I knew some stuff about TCP/UDP because of my PyQt book‘s example. I first thought about making a TCP server on the server side and then since Dilixiri’s page is a Django based HTML page that simply uses a HTML POST to translate a sentence, I tried to do the same thing as web browser does.

For two major versions of Dilixiri (1.0-2.0), it worked pretty well. I was simulating what web browser does by using actually same headers that what a browser does while making a request. Another problem was parsing response(HTML file). I used some simple “split( )” functions to find the text that I am looking for. (Now I feel embarrassed about it, especially after learning about the side effects and regex.)

However in 2012, instead of making another big mistake, I made something right without knowing that it is the best practice for Dilixiri(partially).  In 3.0, I changed how the app handles the translation by using JSON in the middle. But I was afraid of third party users who could easily use it on their software. I got to think about a solution to handle it.

My first attempt was, implementing using GET parameters based API. So in this case:
But if somebody discovers this url pattern, it can be used without permission. Despite my first attempt that is in engineering may referred as a very bad implementation, this time I thought about giving an API key like some of the famous web services do. But if I request a translation:
It is the same thing. This request can be listened in the network and be repeated again. (like Man-in-middle-attack) At the end, I implemented something like:

I hashed request and API key same time that for every request, I use a different hash number. By implementing this, still relay attacks can be done but a fully working API that makes translations as same as Dilixiri became impossible without knowing API key.

A big drawback is you can only use just a one API key. Another is relay attacks. For an API like Dilixiri, it is not a big deal but when you think about other services. It should be handled, both immunity from relay attacks and being able to serve more than one clients.

How to achieve this ? Nowadays, in Computer Club, we are working on OZU-EMS(Özyeğin University Event Management System) that allows clubs to send their club events to this system and system will share it on its mobile app, web page and etc. Also it also saves time in the university side. (A professor that is responsible for the club, and the social coordinator in the university accept or reject this event request by the club easily in a painless way.) We were looking for a way to make an API to serve these events for different clients that are outside of the server. Such as an Android app or a Kinect based Windows app(CreativeOzu(another club) is working for that.). After a small research, I found that my Dilixiri 3.0 approach was the correct one, but lot’s of clients and different API keys, there should be a public key and private key. I personally wanted to share these links for detailed explanation about implementing this solution:

There should be other methods such as implementing HTTPS based service or something else. But I think such kind of custom solutions are better, if you wanted to handle and understand by yourself.