Feed aggregator

sweater swagger

Autumn Geisha - Thu, 04/11/2019 - 00:09

You guys! I don’t know how it’s happened but I am on a sweater finishing roll right now. The Weekender was such a joy to knit. Although I have to admit that when I first read the pattern and saw that it began with a tubular cast-on, my enthusiasm level was dialed down quite a bit. But there was a link in the pattern to a very helpful tutorial which has me now completely in love with the technique. The rest of the pattern was just as fun to knit and I love the cozy, relaxed style of the finished sweater. I honestly would be wearing this 24/7 if the darn weather here in Maryland would cooperate. At least it’s cool enough in the mornings to wear a wool sweater. The tweedy yarn is from Peace Fleece. It is very rustic and woolly but softened up a lot after a good soak. I am already dreaming of a marled version. Maybe I’ll splurge on some special farm yarn at Maryland Sheep and Wool next month.
Categories: Knitting Feeds

Four more Maps! The Wilderlands of the Magic Realm, Revised Edition is released!

Bat in the Attic - Wed, 04/10/2019 - 23:18
I am pleased to announce the release of the Wilderlands of the Magic Realm. This is one of four products covering the eighteen maps that encompasses the Judges Guild Wilderlands setting. This product covers five of the maps as detailed below. The four sets combined will cover a region equal in size to Western Europe providing years and decades of adventuring for you and your group.

Unlike many setting products, the Wilderlands sketches out the overview and history in light detail. Then presents a comprehensive list of local detail in a compact format that is customizable. This eliminates much of the tedious work involved in creating a setting and allows the referee to focus on the campaign and the grand adventures the players face as their characters.

This is presented as two products both in PDF and Print on Demand.

This product is a 48 page Guidebook for the four maps of the Wilderlands of the Magic Realm. The books has an introduction and commentary by Robert S. Conley who has used the Wilderlands as his main fantasy campaign for nearly forty years. Each map is detailed with the following listings: Villages, Castles and Citadels, Idyllic Isles, Ruins and Relics, and Lurid Lairs.

Due to the extensive use of monsters from the supplements to the original edition, this release details 17 monsters and provides full statistics suitable for use with Swords & Wizardry and similar RPGs.

Because the maps for Wilderlands of the Magic Realm are dominated by ocean; charts, tables, and rules concerning water adventures have been included from various Judges Guild publications. A three page summary of the ships presented in Dave Sering's Wave Riders & Sea Steeds are also included along with ship illustrations.

Included with the Guidebook PDFs are letter sized blank map of the Wilderlands that can be used to take notes during a campaign. A PDF with the map legend. A letter size black and white guide to the placement of each of the 18 maps within the Wilderlands. This guidebook covers the Ghinor Map 11, Isle of the Blest Map 12, Ebony Coast Map 13, Ament Tundra Map 14.

Finally a giant sized preliminary version of the master map that I used to crop the individual maps from. With the right printer this can be printed as a full scale map 5 feet wide and 8 feet long. With the PDF you can selectively copy out regions as complete maps that overlap the borders of the 18 maps. After the release of the final set of maps this file will be updated as a layered PDF allowing for custom maps of the Wilderlands to be copied or created.



The second product is a set of four maps:  Ghinor Map Eleven, Isle of the Blest Map Twelve, Ebony Coast Map Thirteen, Ament Tundra Map Fourteen. When ordered via print on the demand they are printed in two overlapping halves each on a 12" by 18" poster. In addition each map is presented as a 22" by 17" PDF file.

The maps have been redrawn from the original in a color style. Instead of the distinct symbols of the original maps, terrain has been drawn as a  transparent fill and vegetation represented by colored areas. This allows both terrain and vegetation to overlap. Representing more accurately the complexity and diversity of the Wilderland's geography.

This release will be followed by the Wilderlands of the Fantastic Reaches covering the last four maps of the Wilderlands.

A preview PDF

The Wilderlands of the Magic Realm Guidebook

The Wilderlands of the Magic Realm Color Map



Categories: Tabletop Gaming Blogs

Forum Crashed and ...

Two Hour Wargames - Wed, 04/10/2019 - 21:21
Looking into new options. More soon!



Categories: Tabletop Gaming Blogs

The Definitive History of the Marvel Universe Arrives This July!

First Comics News - Wed, 04/10/2019 - 20:13

From Mark Waid, Javier Rodriguez, and Alvaro Lopez with covers by Steve McNiven!

 

New York, NY—April 10, 2019—The Marvel Universe is a sprawling, interconnected web of rich history, dating back to its very beginnings…and now, it’s all coming together in a huge new story!

 

This July, Marvel invites readers to join legendary writer Mark Waid (Avengers No Road Home) and Exiles artists Javier Rodriguez and Alvaro Lopez for a brand-new tale in what is destined to become the DEFINITIVE history of the Marvel Universe!

 

HISTORY OF THE MARVEL UNIVERSE will reveal previously unknown secrets and shocking revelations, connecting all threads of the past and present from the Marvel Universe! From the Big Bang to the twilight of existence, this sweeping story covers every significant event and provides fresh looks at the origins of every fan’s favorite Marvel stories!

 

“We’ve seen Marvel histories and Marvel encyclopedias and Marvel handbooks, and I love that stuff. I absorb them like Galactus absorbs planets,” Waid told Marvel. “This is not that. There’s information here, but there’s also a story. The Marvel Universe is a living thing, it is its own story, and we’re trying to approach it with some degree of heart to find the heart in that story so it doesn’t read like 120 pages of Wikipedia.”

 

It’s a story you’ve never seen before…and it all starts this July with HISTORY OF THE MARVEL UNIVERSE!

 

HISTORY OF THE MARVEL UNIVERSE #1 (of 6)

Written by MARK WAID

Art by JAVIER RODRIGUEZ

Cover by STEVE MCNIVEN

Categories: Comic Book Blogs

“Star Trek” Feature Documentary “What We Left Behind: Looking Back at Star Trek: Deep Space Nine” Comes to Theaters One Night Only May 13th, 2019 from Fathom Events and Shout! Studios

First Comics News - Wed, 04/10/2019 - 20:07
‘What We Left Behind: Looking Back at Star Trek: Deep Space Nine’ Lands in Movie Theaters Nationwide For One Night Only
on May 13
Documentary Feature by Directors Ira Steven Behr and David Zappone Features Behind-the-Scenes Footage of the Making of Star Trek: Deep Space Nine, Interviews with Cast and Creators, and More DENVER – April 9, 2019 – Fans will get a special look into Star Trek: Deep Space Nine as the new documentary – “What We Left Behind: Looking Back at Star Trek: Deep Space Nine” – arrives in movie theaters across the country for one night only on May 13, 2019. The film presents a fascinating in-depth look at the past, present and future of a series whose dark, edgy take on Gene Roddenberry’s vision was often misunderstood when it premiered but has grown into a beloved mainstay in the Star Trek franchise. Featuring extensive new interviews with the cast and crew of Star Trek: Deep Space Nine as well as newly remastered HD footage from the television series, “What We Left Behind” also focuses on the original writers of the series as they craft a brand-new episode of Star Trek: Deep Space Nine, developing what would be the eighth-season premiere if the show were to return to the air today.


Following the feature presentation, a taped roundtable discussion with directors Ira Steven Behr, David Zappone, and the film’s producers will provide audiences with a comprehensive look at the making of the film, the show’s fans and the series’ ongoing appeal to Trekkers of all ages. Fathom attendees will also receive an exclusive double-sided poster with the theatrical poster art for “What We Left Behind” on one side, and an original illustration from the film on the other. (Quantities limited, while supplies last.)

Tickets for “What We Left Behind: Looking Back at Star Trek: Deep Space Nine” can be purchased beginning Friday, April 12 at www.FathomEvents.com and participating theater box offices. Fathom Events, Shout! Studios, 455 Films and Tuxedo Productions bring this event to more than 800 movie theaters nationwide on Monday, May 13, at 7:00 p.m. local time, through Fathom’s Digital Broadcast Network (DBN). A complete list of theater locations will be available April 12 on the Fathom Events website (theaters and participants are subject to change). Ira Steven Behr said, “When Dave Zappone asked me if I wanted to make a documentary about Deep Space Nine, my first reaction was, ‘What is there left to say about Deep Space Nine?’ Well, William Faulkner once wrote, ‘The past is never dead. It’s not even past.’ The cast, crew and fans have a lot to say about Deep Space Nine. What We Left Behind is their story; it’s my story, too. Turns out William Faulkner was a very wise man.” “A point of pride for Fathom Events is our ability to give fans cinema experiences that enhance their understanding and enjoyment of the original programming they love,” said Fathom Events CEO Ray Nutt. “’What We Left Behind’ will take Trekkers’ passion for the series one step further.”

Categories: Comic Book Blogs

Lose Your Inhibitions in FAITHLESS #2 from BOOM! Studios

First Comics News - Wed, 04/10/2019 - 20:00

Shocking Events Turn to Sex, Danger, and Supernatural Delight In May 2019

LOS ANGELES, CA (April 10, 2019) – BOOM! Studios today revealed a first look at FAITHLESS #2, from New York Times bestselling writer Brian Azzarello (Batman: Damned) and artist Maria Llovet (Loud), the next chapter in an unforgettable story about a young woman whose exploration of magic and sex takes her into forbidden territory. In short—Faith is bored as hell. And Hell has noticed.

Faith just had the best night of her life but it isn’t over yet. The mysterious and sensuous Poppy is more than Faith could have ever dreamt of, bringing excitement, passion, and that elusive spark of magic into her previously mundane daily life. But not everything is as it seems. While Poppy hands Faith the keys to the underground art scene, drawing her deeper into a world of wild parties and crazy nights, other mysterious figures begin to enter her life, bringing with them more than a hint of danger and the supernatural.

FAITHLESS #2 features an erotic variant cover by acclaimed artist Vanesa R. Del Rey (Redlands), that will be polybagged and not publicly previewed due to sexually explicit material. This issue also features a main cover by artist Paul Pope (Heavy Liquid) and a variant cover by artist Fábio Moon (Casanova: Acedia).

“This issue finds Faith diving straight into Poppy’s world without reservation and little consideration as to the consequences. Her world has rapidly become anything but boring,” said Sierra Hahn, Executive Editor, BOOM! Studios. “Brian and Maria continue to impress with each new page of Faith’s journey. When you think you know where the story is headed, the bottom drops out and everything takes a sideways step into the unknown.”

FAITHLESS is the newest release from BOOM! Studios’ eponymous imprint, home to critically acclaimed original series, including Abbott from Saladin Ahmed and Sami Kivelä; Bone Parish from Cullen Bunn and Jonas Scharf; Grass Kings from Matt Kindt and Tyler Jenkins; and Klaus from Grant Morrison and Dan Mora. The imprint is also home to popular licensed properties including Joss Whedon’s Firefly from Greg Pak and Dan McDaid and Buffy The Vampire Slayer from Jordie Bellaire and Dan Mora.

Print copies of FAITHLESS #2 will be available for sale on May 22, 2019 at local comic book shops (use comicshoplocator.com to find the nearest one) or at the BOOM! Studios webstore. Digital copies can be purchased from content providers, including comiXology, iBooks, Google Play, and the BOOM! Studios app.

For continuing news on FAITHLESS and more from BOOM! Studios, stay tuned to www.boom-studios.com and follow @boomstudios on Twitter.

Categories: Comic Book Blogs

DC’S YOUNG ANIMAL RETURNS THIS JULY WITH MORE DOOM PATROL…

First Comics News - Wed, 04/10/2019 - 18:23

Gerard Way’s pop-up imprint returns with DOOM PATROL: WEIGHT OF THE WORLDS

Author N.K. Jemisin makes her comic book debut with FAR SECTOR

Mikey Way and Shaun Simon introduce new series COLLAPSER

DC’s Young Animal is returning this July with the next chapter of its flagship title, plus two new, innovative stories. The pop-up imprint curated by My Chemical Romance front man Gerard Way will kick things off on July 3 with DOOM PATROL: WEIGHT OF THE WORLDS, followed by COLLAPSER on July 17 and FAR SECTOR in late 2019.

With these new series come new creative teams, with Mikey Way (MCR), Shaun Simon (Neverboy,Killjoys) and acclaimed artist Ilias Kyriazis (G.I. Joe: First Strike) introducing COLLAPSER, and author N.K. Jemisin (The Broken EarthInheritance trilogies) making her comic book writing debut with FAR SECTOR, a new and original Green Lantern story, alongside Jamal Campbell, artist of the breakout hit series, NAOMI. The next phase of Gerard Way’s DOOM PATROL will team him up once again with Nick Derington for covers, with interior stories illustrated by a series of amazing artists beginning with James Harvey, followed by Doc Shaner, Nick Pitarra, Becky Cloonan and more.

“We are thrilled to revitalize DOOM PATROL, and to present both COLLAPSER and FAR SECTOR, two books that push the medium of comics and their respective genres through uncharted territory,” says Gerard Way. “Readers can expect everything from high doses of cosmic weirdness and positivity, to deep examinations of anxiety and emotions while wielding immense power, to sci-fi explorations of authority and control and what it means to be a guardian while a world hangs in delicate balance. More fantastic comics outside the norm, as only DC’s Young Animal can do.”

More details about these new series can be found here:

 

DOOM PATROL: WEIGHT OF THE WORLDS
Written by:
 Gerard Way and Jeremy Lambert
Art by: James Harvey followed by Doc Shaner, Nick Pitarra, Becky Cloonan and more
Series debut: July 3, 2019

Gerard Way and the World’s Strangest Super Heroes return in an all-new series that takes them beyond the borders of time and space! The Doom Patrol will go on an epic road trip around the solar system, facing off against the unusual and bizarre including the fanatical fitness fiends of planet Orbius and the Marathon Eternal. Big changes are coming for these unusual heroes, including Robotman coming to terms with his new life as a human.

 

COLLAPSER
Written by:
 Mikey Way and Shaun Simon
Art by: Ilias Kyriazis
Series debut: July 17, 2019

Liam James is a wannabe DJ whose life goals are almost completely dashed by his crippling anxiety—until a package arrives in the mail containing a black hole that gives him amazing powers and draws him into a cosmic conflict far beyond anything he’d ever imagined. But Liam will discover that when it comes to life, love, mental health and superhero responsibilities, there’s no such thing as a quick fix, and that power comes with a cost.

 

FAR SECTOR
Written by:
 N.K. Jemisin
Art by: Jamal Campbell
Series debut: 2019

Newly chosen Green Lantern Sojourner “Jo” Mullein has been protecting the City Enduring, a massive metropolis of 20 billion people, for the past six months. The City has maintained peace for over 500 years by stripping its citizens of their ability to feel. As a result, violent crime is virtually unheard of, and murder is nonexistent.

But that’s all about to change.

This new series introduces a dizzying game of politics and philosophies as Jo discovers a brewing revolution in the City, aided and abetted by some of its most powerful citizens.

DC’s Young Animal continues to stretch the boundaries of creativity with experimental and genre-pushing stories. This next phase of the pop-up imprint solidifies its place as comics for dangerous humans.

Categories: Comic Book Blogs

HackMoor 2019/04/05 Rail Baron

Furiously Eclectic People - Wed, 04/10/2019 - 18:11

Games are normally on Friday nights sometime after 5:30PM at World's Best Comics, 9714 Warwick Blvd Newport News, Virginia 23601.

Because I realized it was a Friday during Lent, and one of my Players was Catholic, we paid a visit to Captain D's and bought a Fish Feast and distributed it to all players. There were no baskets left over.

++++ START OF SESSION ++++

The previous week was skipped due to falling on my company's fiscal month end period close. And I close the books.

Not having a quorum, we Played Avalon Hill's old "Rail Baron" after 3 hours the result was a statistical tie. But by extrapolation we guessed the game would go either go to the Player who got both AT&SF and Union Pacific or the one that got New York Central and Pennsylvania RR.

We also decided next it it is Played, we would use the 21st Century modified rules (easily found online). The main driver being Players don't have to pay when using their own railroads, thus speeding up play by eliminating the back and forth table to hand to bank motions of $1000 cash almost every turn.

++++ OUT OF CHEESE ERROR ++++

BT

BBBB

PART 2.

++++ CHARACTER ROSTER ++++

CHARACTERS

Paveltepec, first level Painted Mage
Sham, first level Samurai
Cadfael, first level Cleric
Glaxx, first level Druid
Namo, first level Thief
Thune, first level Berserker
10 Sprites, in a musical band called the Pharies

BT

BBBB

++++ RECORD KEEPING ++++

PART 3.

This is also posted on two forums, and a blog.



--

Tracy Johnson
Old fashioned text games hosted below:

BT

NNNN

tweetbutton: 
Categories: Miscellaneous Blogs

FIRST COVERS AND DETAILS TO ‘BLADE RUNNER 2019’ REVEALED!

First Comics News - Wed, 04/10/2019 - 18:05

Today (April 10, 2019) is a special date for Blade Runner fans — it’s the exact date of rogue Replicant Leon “Let Me Tell You About My Mother” Kowalski’s inception. (Even casual fans remember Leon as the Nexus-6 synthetic human who shoots the Blade Runner giving him a Voight-Kompff empathy test during the film’s opening sequence inside the imposing Tyrell Corporation double pyramid).

To mark the occasion, Titan Comics and Alcon Entertainment are excited to unveil the first covers and further details for Blade Runner 2019 — a brand-new, in canon series set during the exact timeframe of the original Blade Runner film.

In the polluted and rain-drenched neo-noir nightmare that is Los Angeles, 2019, the veteran Blade Runner known as Ash has a new case: a billionaire’s wife and child, both apparently kidnapped by violent Replicants.

The 12-issue series is being written by acclaimed Blade Runner 2049 screenwriter Michael Green (Logan) and veteran collaborator Mike Johnson (Star Trek, Superman/Batman), with interior art by noted artist Andres Guinaldo (Justice League Dark, Captain America).

Blade Runner 2019 will debut July 17, 2019. The first issue—featuring variant covers by Artgerm, Syd Mead, Andres Guinaldo, and John Royle, among others—is available to pre-order through the upcoming May edition (for July shipping) of Diamond PREVIEWS.

The new Blade Runner 2019 comic series is part of a line of original comics and graphic novels by Titan and Alcon, expanding the canon of this celebrated science-fiction world.

Categories: Comic Book Blogs

1d10 Random Eldritch Artifacts of The Beaktopus Of Neptune For Your Old School Campaigns

Swords & Stitchery - Wed, 04/10/2019 - 15:34
Neptune is one of the most dangerous planets in the solar system & home to a wide array of monsters including the savage semi fungi  beaktopus tribes that reproduce around the great white formations in the clouds. It is a violent world know among certain scholars of the forbidden as  "Yaksh". The Yakshians reproduce by using the locked & decaying corpse of one of the spawn of the Outer Gods. Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Who is managing the security of medical management apps?

Malwarebytes - Wed, 04/10/2019 - 15:00

One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical management apps pose a unique and more dangerous set of problems.

Now add to vulnerabilities the issue of data privacy, especially that of sensitive medical information, and you have a perfect storm.

In a recent report, Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis, published by BMJ, researchers analyzed the top-rated Android apps for medicine management and found that 19 out of the 24 tested apps shared user data outside of the app.

Because medical records are such a lucrative data set, attackers often target the healthcare industry, seeking out and eventually finding the weakest link in the supply chain. That’s why it’s important for stakeholders to consider the broader implications of weaknesses in health and medical apps.

According to the US Food & Drug Administration (FDA), medical apps that pose risks to patient health and safety have been regulated since 1997. “While many mobile apps carry minimal risk, those that can pose a greater risk to patients will require FDA review.”

As medical management apps offer the convenience of care at home, some devices have become directly intertwined with patient care. While some apps may only offer benign image-processing services, others may include data on test results, appointments, drug refills, and more. seem benign that some medical. This is why the FDA categorizes medical apps by risk.

What could go wrong?

Security concerns come not necessarily from the app itself, but from third parties that are creating the apps that interface with that data. “Developers relied on the services of infrastructure related third parties to securely store or process user data, thus the risks to privacy are lower. However, sharing with infrastructure related third parties represents additional attack surfaces in terms of cybersecurity,” the BMJ report said.

“Furthermore, the presence of trackers for advertising and analytics, uses additional data and processing time and could increase the app’s vulnerability to security breaches.”

Data that sits on any app or database can be compromised, but medical management apps are home to a trove of private information and different types of proprietary data, as well as whatever the healthcare provider has interfacing with that app, according to penetration tester, Mike Jones.

“From what I’ve experienced with medical management apps, the risks are through the roof because the apps are not under the same regulations as the Health Insurance Portability and Accountability Act (HIPAA). When you look at the amount of data that any kind of home health or medical service offers, if it is managed through an app, one of the biggest concerns is data leakage.”

Sharing and selling data might be a new reality in today’s digital, research-driven world, but it’s important to first strip the data of its context so that patient privacy is not interfered with. Yet, sharing and securing data don’t have to be mutually exclusive concepts, said Warren Poschman, senior solutions architect at comforte AG.

“Want to know what meds I’m taking or what procedures I’ve had so it can be cross referenced and insights gained? Absolutely! Want to know that it was me specifically that takes that medication or has had those procedures? Absolutely not! Regulatory bodies need to start ensuring that companies anonymize the data so that it can be safely used no matter where it travels to.”

Risk extends beyond the medical data

Perhaps even more concerning than an attacker being able to access the data collected or stored on these apps is the reality that if a malicious actor tampers with them, patients can get the wrong medications or medications could be diverted to different places, Jones said.

In Hacking the Hospital, a two-year study that evaluated cybersecurity risks in hospitals, Independent Security Evaluators (ISE) found two different web applications through which an adversary could remotely “deploy attacks that target and compromise patient health. We demonstrated that a variety of deadly remote attacks were possible within these facilities,” the report said. That was in 2016.

Fast forward three years, and ISE, executive partner Ted Harrington remains concerned about the risks to patient safety with medical management apps.

“What is critically important is that these solutions ensure that the appropriate amount of medicine goes to the right patient.”

When it comes to patient safety, the healthcare industry has established practices of redundancies, but these practices have largely been influenced by regulations. Highly-regulated industries are motivated to make changes in order to be compliant, but compliance isn’t synonymous with security, Harrington said.

Though many medical apps are regulated by the FDA, medical management apps don’t fall under HIPAA regulations, and those established practices that ensure patient safety among the providers and staff aren’t usually extended to software.

Still, there are a variety of direct and indirect implications for those that are responsible for delivering care if medical apps are compromised in any way.

“The delivery of care relies heavily on technology, which needs to be accurate,” Harrington said. “If there were instances that demonstrated these solutions are inaccurate, that could undermine faith in technology, and that can negatively impact things like the speed at which professionals can deliver care. Speed is second only to accuracy in the delivery of care.”

Where do apps go from here?

It’s a question to which there is no single, clear answer. The complexities and speed of innovation have created formidable obstacles when it comes to the security of medical and health apps.

As technology advances, more developers are relying on artificial intelligence and machine learning in software, “deriving new and important insights from the vast amount of data generated during the delivery of health care every day. Medical device manufacturers are using these technologies to innovate their products to better assist health care providers and improve patient care,” according to the FDA.

These changes in technology also drive the evolution of regulations, which Jones said have to ensure security throughout the development lifecycle. The FDA is, in fact, “considering a total product lifecycle-based regulatory framework for these technologies that would allow for modifications to be made from real-world learning and adaptation, while still ensuring that the safety and effectiveness of the software as a medical device is maintained.”

Greater than good intentions

Without falling victim to fear, uncertainty, and doubt, there is reality to the belief that medical management apps can be the difference between life and death. To shift the focus from compliance to security, Harrington said, “We need to understand technology the way an attacker would understand it. How would a hacker exploit this technology? So, you start with building out a threat model.”

Not all hackers are financially motivated, which is why it’s also important to perform a security assessment that goes beyond running a scanner. “That’s ineffective,” said Harrington. “You need to go deeper, as deep as an attacker would.”

Increasingly, more security-minded professionals are advocating for developers to take more personal responsibility. I am the Cavalry, for example, recently published The Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint in the Journal of Medical Internet Research (JMIR), in which the authors ask whether manufacturers and adopters of these connected technologies should be governed by the symbolic spirit of the Hippocratic Oath.

“The idea of holding developers responsible is in the right spirit,” Harrington said. After all, if a bridge collapses and an investigation finds that it was structurally deficient, contractors, inspectors, maintenance, and even the engineers who designed the bridge can be charged with negligence. Should not the same be true of those that build the technology that bridges the gap between medical professionals and patients?

The post Who is managing the security of medical management apps? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Cryptozoic and Cartoon Network Enterprises Announce Release of Rick and Morty Trading Cards Season 2

Cryptozoic - Wed, 04/10/2019 - 13:00

Cryptozoic Entertainment, leading creator of tabletop games, trading cards, and physical and digital collectibles and Cartoon Network Enterprises today announced the April 17 release of Rick and Morty Trading Cards Season 2. The second trading card set for the hit Adult Swim TV series Rick and Morty features a 45-card Base Set with images from Season 2 episodes, eight Chase Sets, and randomly inserted Sketch and Autograph Cards. Rick and Morty co-creator Justin Roiland signed Autograph Cards and drew one-of-a-kind Sketch Cards for the set.

Categories: Tabletop Gaming Blogs

House of Illthrix

Ten Foot Pole - Wed, 04/10/2019 - 11:04
By David A Hill
Mothshade Concepts
OSR
Level: ?

First, some secret shame. I have a Patreon! It’s got free adventures, commentary on adventure design, and random musings about RPG’s, etc. And, it does help me buy adventures to review. It’s at https://www.patreon.com/join/tenfootpole?

llthrix was an evil genius that liked to kill adventurers. His dungeons and traps earned him a measure of infamy matched by few villains of the age. He’s dead now. But, you’ve found a way to his hidden lair – Illthrix’s own home. A place rumored to contain special trophies and treasures from the long career of the famed trapsmith. Illthrix wouldn’t bother to trap his own house, would he?

This 35 page adventure details the house of a master trap maker and wizard, with about thirty rooms. There’s some nice ideas in this, but it lacks any real keying, has long DM text, and I find the read-aloud off putting and uninspired. Warning: I’m not fond of these “challenge” dungeons.

Some years ago Bob the trap wizard made a bunch of trapped dungeons and invited adventurers to come explore them. The party has found a map to his actual house, so off they go.

The fun starts outside. There’s a tree next to the house and some clouds in the sky. Climbing the tree causes some of the limbs to catapult you to the ground. Also, the clouds can either descend like a cloudkill spell or just solidify and fall on you. That’s cute. When the adventure is good its got that kind of outside the box thinking. When it’s bad it’s got some Bad Grimtooth going on.

In multiple cases doors slam shut behind you and then something bad happens in the room. This happens in the read-aloud. The read-aloud says things like “the door closes behind you with a soft click” or some such. Other read-aloud causes you to click latches on doors, and other things that no sane minded adventurer would do if they knew this was a trap dungeon, or after the second trap in a row had been sprung. This sort of forced player movement is a bane and should not be done.

The traps are sometimes telegraphed. The read-aloud for the clouds notes that they are tinged with green and turquoise. The front door description notes that they are two doors, one with  un motif and one with a moon motif. It is from this that one is expected to know that the sun door is used during the day and the moon door and night, otherwise a fire or cold trap is triggered. Initially, you don’t know it’s a trap. Once you know it’s a trap dungeon then these little trap clues make more sense. I’m still a little … iffy? about them though. On the front doors, for example, my own style is to do something like mention charred grass or a bare patch or something like that. Thus while the trap CAUSE is the focus of these read-alouds I tend to go more with a trap EFFECT in my own DM’ing. In any event, basically anything mentioned in the read-aloud is a trap and just about every room has one.  

The map is hand drawn. I like hand drawn maps. You know what I like more? Legibility. The map is small with words outside the rooms pointing back to the room. Not ideal for quick comprehension. Further, the keying of the dungeon is done via words. So there’s a tiny box on the map and some words outside the map, proper, that say “Study” with a line pointing at the tiny room. Then in the text of the dungeon there’s a section heading called “Study”. No, that would be too simple. It goes further by having the section heading say “Beyond the metal door (study) or something like that. As a reviewer you see a lot of the same stuff over and over again, so seeing novel new ideas is a joy. But the designer can’t lose track, as they did here, of the purpose of the adventure being to help the DM run it. Getting cute with the room names and relying on a non-key to key your dungeon doesn’t do wonders in that category.

The read-aloud tends to be bland, with “small” things in rooms, and other plain adjectives and adverbs. In other cases the read-aloud leads the party down the wrong path, a critical error in a trap dungeon. One room specifically notes the stairs are not slick, although the air is a bit damp. The DM text then notes that the surfaces are damp. I get it, not slick doesn’t mean it’s not damp. But we’re splitting hairs a bit in actual play. Telling the party its not slick is almost certainly going to lead to them thinking “not damp”, which doesn’t help them when the damp ass grey ooze shows up. There’s this thing tha DM’s, and adventures, sometimes do when they want you to say the exact thing. “I check the door over for traps and unusual things” isn’t good enough, because the trap on the hinge and you didn’t say you were checking the hinge and so … This sort of pixel bitching is not cool. There are a few places in the adventure where this happens, like the ooze, but it feels more like it’s from unclear or confusing read-aloud then it is from a deliberate attempt to jerk the players around. In other places the read-aloud leaves out text … in one room there are three homunculus rooting around, but no mention in e read-aloud. Again, not cool.

But, then there’s clouds falling from the sky thing, or the catapult tree, things that new under the sun. There’s also a nice little scene with a will-o-the-wisp that’s “at rest”, looking like a silver dandelion puff. That’s great! When the adventure is doing these sorts of things its firing on target. But then it goes and puts in a long backstory and embeds important information about an NPC in it.

Or it does something like “not putting a level range on the adventure. I still don’t know. 6 Maybe?

Finally, I leave you, gentle readers, with this little snippet from the adventure. It’s been a hard haul to get some treasure, for a GOLD=XP game, and then you come upon this section. I don’t like this. I like my designer to put a lot of the work in. If I wanted to put the work in I’m do my own adventure.

“For treasure, the Referee may include specimens of valuable metal ore, or rough gemstone. Other possibilities include rare antivenins, a variety of large pearls of various sizes and hues (10-800 gp each), curative pastilles or elixirs, valuable pieces of amber (20-500 gp each), and alchemical powders that replicate the magical varieties of “dust.”

This is at DriveThru for $3. The preview is six pages. You can see the hand map on the second to last page and tree/clouds on the last page. None of it really gives a good idea of the actual rooms though, so a poor preview.

https://www.drivethrurpg.com/product/271320/House-of-Illthrix-Adventure-Module?1892600

Categories: Tabletop Gaming Blogs

A5 Gamers' Notebooks Kicstarter is Live

Oubliette - Wed, 04/10/2019 - 08:20
I've just launched a Kickstarter to fund a reprint of our popular A5-sized Gamers' Notebooks. The design is almost the same as the previous version. I've increased the paper thickness and reduced the number of sheets to keep the overall weight of the book the same as last time (an important factor when posting them out). The only other small change is that logo on the back cover will be moved to the inside back cover and reduced in size.

https://www.kickstarter.com/projects/1730454032/a5-gamers-notebook-0

It's a short campaign ending on Monday 22nd April. As soon as I've posted the rewards for it I hope to launch a new campaign for a version with hexes.



Categories: Tabletop Gaming Blogs

Review & Commentary On Lady Satan 1974 By Steve Miller From NUELOW Games

Swords & Stitchery - Tue, 04/09/2019 - 17:53
"... and Lady Satan shall continue on at will!" After being dormant for centuries, a spirit of ultimate evil stirs and seizes control of young Anne Jason's body. What follows is a violent struggle for control of a life that's been stolen... and to stop the will of Satan to be manifest on Earth. Lady Satan 1974 is the first-ever collection of the entire series that first ran in Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Clover Amour Crochet Hooks – Check This Out!

Moogly - Tue, 04/09/2019 - 15:00

This week’s Moogly Giveaway is special – a Clover Amour Crochet Hooks Set! But it’s not here… Disclaimer: This post is sponsored by Clover USA. It’s over on the Clover Blog! So click the link below to read my thoughts on these fab crochet hooks – and enter to win a set for yourself! CLICK [...]

The post Clover Amour Crochet Hooks – Check This Out! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

4
Categories: Crochet Life

Say hello to Baldr, a new stealer on the market

Malwarebytes - Tue, 04/09/2019 - 15:00

By William Tsing, Vasilios Hioureas, and Jérôme Segura

Over the past few months, we have noticed increased activity and development of new stealers. Unlike many banking Trojans that wait for the victim to log into their bank’s website, stealers typically operate in grab-and-go mode. This means that upon infection, the malware will collect all the data it needs and exfiltrate it right away. Because such stealers are often non-resident (meaning they have no persistence mechanism) unless they are detected at the time of the attack, victims will be none-the-wiser that they have been compromised.

This type of malware is popular among criminals and covers a greater surface than more specialized bankers. On top of capturing browser history, stored passwords, and cookies, stealers will also look for files that may contain valuable data.

In this blog post, we will review the Baldr stealer which first appeared in underground forums in January 2019, and was later seen in the wild by Microsoft in February.

Baldr on the market

Baldr is likely the work of three threat actors: Agressor for distribution, Overdot for sales and promotion, and LordOdin for development. Appearing first in January, Baldr quickly generated many positive reviews on most of the popular clearnet Russian hacking forums.

Previously associated with the Arkei stealer (seen below), Overdot posts a majority of advertisements across multiple message boards, provides customer service via Jabber, and addresses buyer complaints in the reputational system used by several boards.

Of interest is a forums post referencing Overdot’s previous work with Arkei, where he claims that the developers of both Baldr and Arkei are in contact and collaborate on occasion.

Unlike most products posted on clearnet boards, Baldr has a reputation for reliability, and it also offers relatively good communication with the team behind it.

LordOdin, also known as BaldrOdin, has a significantly lower profile in conjunction with Baldr, but will monitor and like posts surrounding it.

He primarily posts to differentiate Baldr from competitor products like Azorult, and vouches that Baldr is not simply a reskin of Arkei:

Agressor/Agri_MAN is the final player appearing in Baldr’s distribution:

Agri_MAN has a history of selling traffic on Russian hacking forums dating back roughly to 2011. In contrast to LordOdin and Overdot, he has a more checkered reputation, showing up on a blacklist for chargebacks, as well as getting called out for using sock puppet accounts to generate good reviews.

Using the alternate account Agressor, he currently maintains an automated shop to generate Baldr builds at service-shop[.]ml. Interestingly, Overdot makes reference to an automated installation bot that is not connected to them, and is generating complaints from customers:

This may indicate Agressor is an affiliate and not directly associated with Baldr development. At presstime, Overdot and LordOdin appear to be the primary threat actors managing Baldr.

Distribution

In our analysis of Baldr, we collected a few different versions, indicating that the malware has short development cycles. The latest version analyzed for this post is version 2.2, announced March 20:

We captured Baldr via different distribution chains. One of the primary vectors is the use of Trojanized applications disguised as cracks or hack tools. For example, we saw a video posted to YouTube offering a program to generate free Bitcoins, but it was in fact the Baldr stealer in disguise.

We also caught Baldr via a drive-by campaign involving the Fallout exploit kit:

Technical analysis (Baldr 2.2)

Baldr’s high level functionality is relatively straight forward, providing a small set of malicious abilities in the version of this analysis. There is nothing ground breaking as far as what it’s trying to do on the user’s computer, however, where this threat differentiates itself is in its extremely complicated implementation of that logic.

Typically, it is quite apparent when a malware is thrown together for a quick buck vs. when it is skillfully crafted for a long-running campaign. Baldr sits firmly in the latter category—it is not the work of a script kiddie. Whether we are talking about its packer usage, payload code structure, or even its backend C2 and distribution, it’s clear Baldr’s authors spent a lot of time developing this particular threat.

Functionality overview

Baldr’s main functionality can be broken down into five steps, which are completed in chronological order.

Step 1: User profiling

Baldr starts off by gathering a list of user profiling data. Everything from the user account name to disk space and OS type is enumerated for exfiltration.

Step 2: Sensitive data exfiltration

Next, Baldr begins cycling through all files and folders within key locations of the victim computer. Specifically, it looks in the user AppData and temp folders for information related to sensitive data. Below is a list of key locations and application data it searches:

AppData\Local\Google\Chrome\User Data\Default AppData\Local\Google\Chrome\User Data\Default\Login Data AppData\Local\Google\Chrome\User Data\Default\Cookies AppData\Local\Google\Chrome\User Data\Default\Web Data AppData\Local\Google\Chrome\User Data\Default\History AppData\Roaming\Exodus\exodus.wallet AppData\Roaming\Ethereum\keystore AppData\Local\ProtonVPN Wallets\Jaxx Liberty\ NordVPN\ Telegram Jabber TotalCommander Ghisler

Many of these data files range from simple sqlite databases to other types of custom formats. The authors have a detailed knowledge of these target formats, as only the key data from these files is extracted and loaded into a series of arrays. After all the targeted data has been parsed and prepared, the malware continues onto its next functionality set.

Step 3: ShotGun file grabbing

DOC, DOCX, LOG, and TXT files are the targets in this stage. Baldr begins in the Documents and Desktop directories and recursively iterates all subdirectories. When it comes across a file with any of the above extensions, it simply grabs the entire file’s contents.

Step 4: ScreenCap

In this last data-gathering step, Baldr gives the controller the option of grabbing a screenshot of the user’s computer.

Step 5: Network exfiltration

After all of this data has been loaded into organized and categorized arrays/lists, Baldr flattens the arrays and prepares them for sending through the network.

One interesting note is that there is no attempt to make the data transfer more inconspicuous. In our analysis machine, we purposely provided an extreme number of files for Baldr to grab, wondering if the malware would slowly exfiltrate this large amount of data, or if it would just blast it back to the C2.

The result was one large and obvious network transfer. The malware does not have built-in functionality to remain resident on the victim’s machine. It has already harvested the data it desires and does not care to re-infect the same machine. In addition, there is no spreading mechanism in the code, so in a corporate environment, each employee would need to be manually targeted with a unique attempt.

Packer code level analysis

We will begin with the payload obfuscation and packer usage. This version of Baldr starts off as an AutoIt script built into an exe. Using a freely available AIT decompiler, we got to the first stage of the packer below.

As you can see, this code is heavily obfuscated. The first two functions are the main workhorse of that obfuscation. What is going on here is simply reordering of the provided string, according to the indexes passed in as the second parameter. This, however, does not pose much of a problem as we can easily extract the strings generated by simply modifying this script to ConsoleWrite out the deobfuscated strings before returning:

The resulting strings extracted are below:

Execute BinaryToString @TempDir @SystemDir @SW_HIDE @StartupDir @ScriptDir @OSVersion @HomeDrive @CR @ComSpec @AutoItPID @AutoItExe @AppDataDir WinExists UBound StringReplace StringLen StringInStr Sleep ShellExecute RegWrite Random ProcessExists ProcessClose IsAdmin FileWrite FileSetAttrib FileRead FileOpen FileExists FileDelete FileClose DriveGetDrive DllStructSetData DllStructGet DllStructGetData DllStructCreate DllCallAddress DllCall DirCreate BinaryLen TrayIconHide :Zone.Identifier kernel32.dll handle CreateMutexW struct* FindResourceW kernel32.dll dword SizeofResource kernel32.dll LoadResource kernel32.dll LockResource byte[ VirtualAlloc byte shellcode [

In addition to these obvious function calls, we also have a number of binary blobs which get deobfuscated. We have included only a limited set of these strings as to not overload this analysis with long sets of data.

We can see that it is pulling and decrypting a resource DLL from within the main executable, which will be loaded into memory. This makes sense after analyzing a previous version of Baldr that did not use AIT as its first stage. The prior versions of Baldr required a secondary file named Dulciana. So, instead of using AIT, the previous versions used this file containing the encrypted bytes of the same DLL we see here:

Moving forward to stage two, all things essentially remain equal throughout all versions of the Baldr packer. We have the DLL loaded into memory, which creates a child process of the main Baldr executable in a suspended state and proceeds to hollow this process, eventually replacing it with the main .NET payload. This makes manually unpacking with ollyDbg nice because after we break on child Baldr.exe load, we can step through the remaining code of the parent, which writes to process memory and eventually calls ResumeThread().

As you can see, once the child process is loaded, the functions that it has set up to call contain VirtualAlloc, WriteProcessMemory, and ResumeThread, which gives us an idea what to look out for. If we dump this written memory right before resume thread is called, we can then easily extract the main payload.

Our colleague @hasherezade has made this step-by-step video of unpacking Baldr:

Payload code analysis

Now that we have unpacked the payload, we can see the actual malicious functionality. However, this is where our troubles began. For the most part, malware written in any interpreted language is a relief for a reverse engineer as far as ease of analysis goes. Baldr, on the other hand, managed to make the debugging and analysis of its source code a difficult task, despite being written in C#.

The code base of this malware is not straight forward. All functionality is heavily abstracted, encapsulated in wrapper functions, and utilizes a ton of utility classes. Going through this code base of around 80 separate classes and modules, it is not easy to see where the key functionality lies. Multiple static passes over the code base are necessary to begin making sense of it all. Add in the fact that the function names have been mangled and junk instructions are inserted throughout the code, and the next step would be to start debugging the exe with DnSpy.

Now we get to our next problem: threads. Every minute action that this malware performs is executed through a separate thread. This was obviously done to complicate the life of the analyst. It would be accurate to say that there are over 100 unique functions being called inside of threads throughout the code base. This does not include the threads being called recursively, which could become thousands.

Luckily, we can view local data as it is being written, and eventually we are able to locate the key sections of code:

The function pictured above gathers the user’s profile, as mentioned previously. This includes the CPU type, computer name, user accounts, and OS.

After the entire process is complete, it flattens the arrays storing this data, resulting in a string like this:

The next section of code shows one of the many enumerator classes used to cycle directories, looking for application data, such as stored user accounts, which we purposely saved for testing.

The data retrieved was saved into lists in the format below:

In the final stage of data collection, we have the threads below, which cycle the key directories looking for txt and doc files. It will save the filename of each txt or doc it finds, and store the file’s contents in various arrays.

Finally, before we proceed to the network segment of the malware, we have the code section performing the screen captures:

Class 2d10104b function 1b0b685() is one of the main modules that branches out to do the majority of the functionality, such as looping through directories. Once all data has been gathered, the threads converge and the remaining lines of code continue single threaded. It is then that the network calls begin and all the data is sent back to the C2.

The zipped data is encrypted via XOR with a 4 byte key and version number obtained from contacting the C2 via a first network request. The second request sends the cyphered data back to the C2.

Panel

Like other stealers, Baldr comes with a panel that allows the customers (criminals that buy the product) to see high-level stats, as well as retrieve the stolen information. Below is a panel login page:

And here, in a screenshot posted by the threat actor on a forum, we see the inside of the panel:

Final analysis

Baldr is a solid stealer that is being distributed in the wild. Its author and distributor are active in various forums to promote and defend their product against critics. During a short time span of only a few months, Baldr has gone through many versions, suggesting that its author is fixing bugs and interested in developing new features.

Baldr will have to compete against other stealers and differentiate itself. However, the demand for such products is high, so we can expect to see many distributors use it as part of several campaigns.

Malwarebytes users are protected against this threat, detected as Spyware.Baldr.

Thanks to S!Ri for additional contributions.

Indicators of compromise

Baldr samples

5464be2fd1862f850bdb9fc5536eceafb60c49835dd112e0cd91dabef0ffcec5 -> version 1.2 1cd5f152cde33906c0be3b02a88b1d5133af3c7791bcde8f33eefed3199083a6 -> version 2.0 7b88d4ce3610e264648741c76101cb80fe1e5e0377ea0ee62d8eb3d0c2decb92 > version 2.2 8756ad881ad157b34bce011cc5d281f85d5195da1ed3443fa0a802b57de9962f (2.2 unpacked)

Network traces

hwid={redacted}&os=Windows%207%20x64&file=0&cookie=0&pswd=0&credit=0&autofill=0&wallets=0&id=BALDR&version=v1.2.0 hwid={redacted}&os=Windows%207%20x64&file=0&cookie=0&pswd=0&credit=0&autofill=0&wallets=0&id=BALDR&version=v2.0

The post Say hello to Baldr, a new stealer on the market appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The History of Traps In Dungeons & Dragons

DM David - Tue, 04/09/2019 - 11:19

In original Dungeons & Dragons, the three brown books only include one rule for traps. “Traps are usually sprung by a roll of a 1 or a 2 when any character passes over or by them.” That’s it. Except for the Find Traps spell, the rules never explain how characters can find traps. In D&D’s original play style, if you wanted to find pit traps, you just told your dungeon master how you pushed down on the floor ahead with your 10’ pole. Or you sent your hireling ahead first. See A Lack of Ability Checks Shaped How People Originally Played Dungeons & Dragons.

Book 3 The Underworld and Wilderness Adventures

In Book III, Underworld and Wilderness Adventures, Gary Gygax lists a dozen tricks and traps such as slanting passages, sinking rooms, and one-way doors. All foiled a retreat from the dungeon. They threatened to make characters lose their way out, or worse, deliver them to a deeper level and more more dangerous foes. None of these traps need rules to play, just player ingenuity.

Undoubtedly, Gary had thought of other traps such as spring blades, poison needles, and warning bells, but his list conspicuously omits any traps that seem to require game-world finesse to overcome.

In the May 1974 issue of a fanzine called the Great Plains Games Players Newsletter, Gary Gygax presented the thief class. In his introduction, Gary tells how the class was suggested by a gamer named Gary Schweitzer (probably Santa Monica gamer Gary Switzer). “He mentioned that his group was developing a new class of character—thieves. Gary gave me a few details of how they were considering this character type, and from from these I have constructed tentative rules for the class.” In 1975, Supplement I: Greyhawk made the class official.

The thief class featured the ability to “remove small trap devices (such as poisoned needles)” At level 1, the thief boasts a 10% chance! So when your new thief says, “Don’t worry, I’ve got this,” the party should dive for cover. Original thieves enjoy no special ability to detect traps. Keep your hirelings in front.

The thief’s limit to disabling “small trap devices” seems to exist as an attempt to confine thieves to working on traps that require a character’s game-world knowledge and dexterity. For example, a chest rigged to release deadly gas requires a thief’s game-world aptitude, and a die roll. Big traps like pits and rolling boulders, which can be beaten through player ingenuity, remain outside of the thief’s skills. Players can tell the DM the steps their characters take to bridge a pit or to chock the rolling-boulder trap.

In the summer of 1975, Gary  brought the Tomb of Horrors to the Origins convention for a D&D tournament. One of the tournament’s players wrote a first-hand account of the event for issue 4 of the Alarums & Excursions fanzine. Even though the party includes two members of the new thief class, the Tomb offers virtually no place for them to disarm traps, and the Tomb [SPOILERS!] is loaded with traps. To determine when players get caught by traps, Gary fills the adventure with an ad-hoc system of saving throws, rolls of 1-2 on a d6, and verbal countdowns. (Player tip: If the DM begins to count down, run!) The Tomb’s legendary status comes from the mix of ingenuity, divination, and attrition required to bypass its memorable deathtraps, rather than the number of disarm checks needed. (DM Tip: if you run the Tomb and allow thieves to detect or disarm much, you’re doing it wrong. The Tomb of Tiresome Checks is a different adventure.) See Tomb of Horrors tests patience, but still ranks as Dungeons & Dragons’ best villain.

In Advanced Dungeons & Dragons, thieves finally gained the ability to locate traps. A low-level rogue’s odds remained dismal, quickly upstaged when the priest gains Find Traps at level 3. This thief ability implied that no one else could find traps—after all, other classes lacked a Find Traps percentage. Third edition set this limitation in the rules by allowing rogues (and only rogues) to find traps “well hidden” behind a 20 or higher Search difficulty.

The rogue or thief’s limit to finding and disarming small traps remained in second edition. “These include poisoned needles, spring blades, deadly gasses, and warning bells,” but do not include “large, mechanical traps.”

In third edition, traps gained a systematic treatment, complete with triggers, effects, and difficulty classes. The Trapfinding ability enabled rogues the chance to locate and disable anything that the DM categorizes as a trap, small or large, magical or mundane. This gave rogues more chances to shine, but heightened the tension between the traps a thief can find and disable and the traps that test player ingenuity. We have all encountered players who insist that a disable trap roll will enable their rogue to easily bypass some elaborate and cunning challenge. So does staying at home, but neither tactic leads to much fun.

When the fourth edition designers rethought D&D, they saw traps as posing two core problems:

  • Traps can frustrate players
  • Traps can slow play to tedium
Problem: Traps that challenge player ingenuity can lead to player frustration.

This problem arises when when dungeon masters limit the players to a preconceived menu of potential solutions. This approach riddles the Tomb of Horrors, which includes many predicaments that require curiously-specific recipes of spells or actions to escape.

In Traps!, fourth-edition designer Stephen Radney-MacFarland writes, “In the early days, DMs all too often felt compelled to demonstrate their cleverness and punish players for making ‘wrong’ choices—even a choice as simple and random as which passage to explore.” For example, Tomb of Horrors. See Player skill without player frustration.

Problem: Traps can slow play to tedium.

Regarding the problem of slow play, Stephen Radney-MacFarland writes, “The ‘right’ way to play the game was to slowly and laboriously search each 10-foot square of dungeon before you set foot on it, or to use magic that made traps completely pointless. Neither option was much fun.”

Radney-MacFarland never mentions that old-school traps require wandering monsters or some other time pressure to avoid grinding the game to a halt. Of course, if time pressure denied characters the chance to look for the trap that killed them, the hazard seems arbitrary and unfair. See Three unexpected ways wandering monsters improve D&D play.

Fourth edition gives traps a new design

Radney-MacFarland admits designers thought about “disappearing” traps from the game, but decided to try fixing them first.

The fourth-edition design sought to fix the problem of frustrated players by eliminating traps that only challenge player ingenuity. “We wanted to expand the ways in which you could counter a trap. Much like figuring out that sometimes you wanted other skills to allow a character to recognize a trap’s threat, we made an effort to design traps that could be countered with an interesting skill uses.” Skill checks became the core mechanic for resolving traps. The game invited dungeon masters to allow as many different skills as plausible so everyone could share the fun of making skill checks.

Many players prefer traps that require ingenuity to overcome, because such challenges make the players’ decisions matter in the game world. But not all players favor this play style. The fourth edition design aimed to please players who insisted that a disable trap roll enabled their rogue to easily bypass some elaborate and cunning challenge. Still, the designers recognized that turning traps into a cause for skill checks failed to offer enough fun, so they redesign went farther.

“Most traps work best when they ‘replace’ a monster in a combat encounter, or serve as a hazard equally threatening to both sides.” In fourth edition, traps become a sort of stationary monster that the characters can disable or attack. Like monsters, traps make attacks, grant experience, and have solo and elite varieties. In this new concept, traps add spice to combat encounters, allow rogues to strut their skills, and target monsters as well as players—a new tactical element.

Radney-MacFarland writes, “Don’t fret, rogue fans. That class and other characters trained in Thievery are still the party’s best hope to shut down traps quickly and well.” But fourth-edition rogues soon learned to approach traps like everyone else, by attacking. Fourth-edition rogues inflict so much damage that a series of thievery checks always took longer than just attacking a battlefield trap.

Justifying battlefield traps

In the game world, the battlefield trap always seemed hard to justify. I pity dungeon builders stupid enough to bother enchanting, say, an automatic-crossbow trap rather than an iron defender or other construct. Unlike constructs, traps (a) cannot move, (b) can be disabled, and (c) will attack your guards as well as intruders. The dungeon builder’s henchmen, hired to fight alongside their master’s indiscriminate death machines, should look for a job at a better class of dungeon.

The fourth-edition approach to traps never proved as satisfying as hoped. As the edition evolved, we saw a gradual return to classic traps, even with all their problems.

Fifth-edition traps

Although complex traps revisit the good ideas from fourth edition’s battlefield traps, most fifth-edition traps recall the ones from before fourth edition. The rules offer advice for avoiding the problems with traps. “Traps are most effective when their presence comes as a surprise, not when they appear so often that the characters spend all their effort watching out for the next one.”

Just like thieves in D&D’s original game, fifth-edition rogues lack any special ability to find traps. Now, to find a trap, any character can attempt a Wisdom (Perception) check. The rules specifically allow players to find traps by looking in the right places. “You should allow a character to discover a trap without making an ability check if an action would clearly reveal the trap’s presence. For example, if a character lifts a rug that conceals a pressure plate, the character has found the trigger and no check is required.”

Depending on the trap, the best way to disarm may be a Dexterity or Strength check, but player ingenuity often works. “As with many situations, you shouldn’t allow die rolling to override clever play and good planning.” If disarming a device requires a check, the rogue’s proficiency with thieves tools can help.

Ironically, rogues rarely have high Wisdom, so they rate as bad at finding traps. Lucky for today’s rogues, the class pivoted from unlock-and-disarm specialists to hidden snipers. See The Thief’s Strange Trip From Non-Combatant to Battlefield Domination.

Categories: Tabletop Gaming Blogs

New OSR Monster Faction - The Dungeon Jugglers of Yuhzri

Swords & Stitchery - Mon, 04/08/2019 - 19:05
"Captain Cronus what are they doing? ""I have no idea Warboy "'But the pattern seems so dark, & yet there's so many colours there'  'So many pretty colours' The dungeon jugglers of Yuhzri are a troupe of performance artist/dungeon monsters made up of various  Yzel,brain lashers,  & blind morlocks   who come to various alien dungeons & other worldly ruins. They come for the tortured magical Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

A week in security (April 1 – 7)

Malwarebytes - Mon, 04/08/2019 - 15:52

Last week, Malwarebytes Labs took readers on a brief tour of some of the world’s most notable data privacy laws, explored how gamers can protect themselves against cyberthreats, and offered thoughts about the reports that a 23-year-old Chinese woman gained access to President Donald Trump’s Mar-a-Lago resort while carrying four cellphones, a hard drive, a laptop, and a thumb drive that was “infected” with malware.

We also provided an in-depth look into the importance of cybersecurity in critical public infrastructure, like water management plants and power plants.

Other cybersecurity news

Stay safe, everyone!

The post A week in security (April 1 – 7) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Pages

Subscribe to Furiously Eclectic People aggregator