Feed aggregator

[Anime Review] Sword Art Online

Furiously Eclectic People - Fri, 04/13/2018 - 01:09

SAO takes about 5 episodes to get going.

SAO is a Virtual Reality Massive Multiplayer Online Role Playing Game and the cartoon is about people playing that game. It touches on Human relationships, action, drama, romance, and how a writer can screw up a good idea.

I loved the novel “Dream Park” which would make you think I’d immediately love SAO but it’s just not that good, for five episodes. It lacks the charm, depth and humour evident in Danmachi (Familia Myth/Is It Wrong to Try to Pick Up Girls in a Dungeon?).

SAO is a fantastic concept (very much like Dream Park combined with modern ideas of MMORPGs) but it’s a bit boring and at times, painful to watch.

All that said, it gets better after episode 5 and starts to become more and more interesting. After 10 more episodes it turns suddenly into awesome and emotional.

Then…. Even more suddenly SAO becomes stupid through to the final 25th episode.

I see a lot of people toss Danmachi aside for it’s tame minimal fan service for the much more serious SAO however after episode 15 it becomes about boobs and a little fan service even up through tentacle fetishes.

It’s a slog through the rest of the episodes where the main character departs a little from who they are for no other reason than to keep you in suspense. As well, this later chunk of episodes have a lot of filler with multiple episodes that could just be skipped and nothing is lost.

Did I mention that the intro and outro credits are painfully long. The music is fairly average.
So in the end you can think of SAO as two parts and an epilogue. The second part feels like it was written by Stephen Moffat. It does not have the same feel as the first and there are his famous style of dues ex machina.

Slow to get going, awesomeness, stupidity, veering way off track and a finale. It stumbles through romance, action and horror. I really mean stumbles as it doesn’t do any of them well in the long run.

I’m glad I watched it but doubt I’ll watch it again or get the manga or even the original light novels. It didn’t really spark any imagination.

image_blog: tweetbutton: 
Categories: Miscellaneous Blogs

Thoughts on The Forgotten Temple of Tharizdun

Greyhawk Grognard - Thu, 04/12/2018 - 23:59
I'm going to take a break from my ongoing delvings into the inner workings of the Giants, Drow, and Temple of Elemental Evil adventures to venture into new territory. I'm going to start picking apart the Forgotten Temple of Tharizdun, and see if there's anything that we might glean from a close examination.

I should begin by saying there's a lot more to this adventure than my recollection led me to believe. It's been years since I've done more than crack it open for a quick glance, and it's much denser than I remember.

In terms of physical and narrative structure, the most obvious aspect of the module is the fact that the really cool stuff is completely hidden and almost entirely cut off. In fact, it's entirely likely that a party will battle the humanoids on behalf of the gnomes, grab their treasure, and not even realize there's an Undertemple to be explored. the PCs would have to discover one of two secret doors in a very out of the way place to do so, and then more secret doors to get to the really good stuff.

This seems to be a recurring feature in Gygaxian dungeons. Very elaborate encounter areas filled with interesting stuff, but which could easily be ignored or which could go undiscovered entirely. The original Castle was like this, and we see it in G1 Steading of the Hill Giant Chief with its secret third level and in S4 the Lost Caverns of Tsojcanth with the underground river and lake, among many other examples.

[As an aside, I think my proposed hidden shrine to the Elder Elemental God as the lowest level of the Temple of Elemental Evil would fit into this category, and doing so would be tonally consistent with this aspect of Gygaxian design.]

This design philosophy speaks of a sort of "strategic patience" in dungeon design, which pays off in ongoing campaigns run over the course of years with many players, wherein areas once discounted as "cleared out" are re-explored for things that might possibly have been missed, or moved in since they were first mapped out. This is at odds with contemporary dungeon design, which regards such "one missed secret door check means you miss the good stuff" as a serious flaw. In modern games, which are much more plot-driven and which demand the PCs move on to the next location to advance the story, this would indeed be a problem.

In a location-based adventure, however, which is still there years later for the PCs to return to and see what they might have missed, it's a jackpot which the patient DM can wait for years to see discovered, and he (and his players) can gain all the more satisfaction therefrom. I think this is an aspect of Golden Age dungeon design that is little recognized, let alone appreciated, today.

For all its near-inaccessibility, it's exactly this hidden area of the dungeon that stands out in one's memory of the adventure. It's not the well-organized waves of humanoids who will swarm over adventurers who invade their lair. It's the cyst, and the needlerock altar, and the rest. In fact, there's very little in the humanoid areas that isn't completely prosaic and ultimately forgettable as nothing more than a well-organized humanoid lair complex, a la the Caves of Chaos from B1 Keep on the Borderlands. There are a few trappings in the Lower Temple area, such as the columns and the carvings in the aisle, but even those are pretty low-key bits of weirdness that only set up what is to come below. And so it is to the hidden area that I will now turn my attention.

It's important to note that the Temple itself was very significant in the cult of Tharizdun. This isn't just some random temple that was lost to the ages - it was a vital center of the cult, and thus should hold a properly important place in the campaign as a whole. Behold this passage from the introduction:
The Temple was built in a previous age, a secret place of worship to Tharizdun, He of Eternal Darkness. It drew the most wicked persons to it, and the cult flourished for generations, sending ot its minions from time to time to enact some horrible deed upon the lands around. However, a great battle eventually took place between Tharizdun and those opposed to his evil.  Unable to destroy him, they were strong enough to overcome his power and imprison him somewhere...After a time his servants returned again to the Temple, deserted as it was of any manifestation of their deity. Amongst these wicked folk were many powerful magic-users and clerics. All sought with utmost endeavor to discern what had happened to Tharizdun, so that he could be freed and returned to rule over them once again. All attempts were in vain, although the divinations and seekings did reveal to these servants of Eternal Darkness that a "Black Cyst" existed below the temple. ... In the hemisphere of black needlerock (floating as if by manifestation) a huge form could be seen. Was this the physical manifestation of Tharizdun?The rhetorical question at the end there is of course intended to lead the reader to the conclusion that it is Tharizdun in there, although there's no actual evidence to that effect whatsoever. All we have are intimations and suggestions. In the description of the Black Cyst itself, and the block of needle-rock, no definitive answer is given as to what is within, nor is there any way to determine it. The PCs are able to get to the treasure (using means doubtless used by the ancient priests - more on that in a minute), but the hemisphere of needlerock remains an enigma.

That leads us to the biggest enigma about this adventure. Why? What is the point of the PCs coming into the Undertemple and the Black Cyst? There's a treasure to be had, sure, but it's pretty meager; 333 gems, worth about 40,000 gp or so all told. Plus a wand of force, a cube of force, and a book worth 33,000 gp. That's a lot, but for a party of 5th - 10th level characters, it's really not that much of a payoff for enduring all the weirdness of the place.

Speaking of the book, we're left with this tantalizing description:
If anyone other than a cleric of Tharizdun opens and attempts to decipher it, he or she will, with the aid of a read magic spell, be able to understand that it is titled LAMENT FOR LOST THARIZDUN before their mind goes blank for 2-12 rounds and they take 3-30 points of damage. What this tome is, says, and does is the subject of some later revelation.This module literally forces the PCs to dress up like
Tharizdun cultists or take damage"Later revelation???" What the heck could that be? Was there to be some sort of follow-up to the Lost Temple at some point? It was published in 1982, so not right on the cusp of Gygax's removal from TSR, and to my knowledge there was never a hint as to what that later revelation was to have been. Alas.

What intrigues me with the whole thing is that it seems designed to force the PCs into taking on the role of worshipers of Tharizdun.

Think about it - in the Inset Area, there are robes for them to find, which are required down in the Octagonal Chamber of the Undertemple, or else they'll start taking damage. There they will also find balls of incense which are used in the Undertemple and are necessary to reach the Black Cyst. Once there, the incense is again needed to get the gems and book, and leave. The iron horn called the Wailer for Tharizdun must be blown in order to activate the idols of Tharizdun in the Dungeon Level. Recalling what is said in the introduction:
As generations passed, various other things necessary to survival in the Black Cyst were formalized into a paeon of lament and worship for Tharizdun, and endless services to awaken the being were conducted by rote. Then, as time continued to pass, even this ritual grew stale and meaningless. The clerics of Tharizdun began to pilfer the hoard of beautiful gems sacrificed to him by earlier servants -- 333 gems of utmost value, ranging in worth from 5,000 to 50,000 gold pieces each. Replacing these jewels with stones of much less value, the former servants of this deity slipped away with their great wealth to serve other gods and wreak evil elsewhere.That's exactly the funnel the module demands the PCs move through; the very "various other things necessary to survival in the Black Cyst" are exactly what the PCs have to do. Sounding the Wailer. Donning the robes. Lighting the incense. Devoting themselves to Tharizdun in the Shrine, to get the benefit of the water. Touching the walls in the Aisle might cause one to subconsciously call on Tharizdun in a time of need. On and on and on. The module is designed to turn the PCs into worshipers of the Chained God.

This is done in a way that we don't see in other Gygaxian evil temples. Certainly the Elder Elemental God's shrines will only (!) cause madness. Tharizdun's temple seems designed to convert intruders to his dark service, whether through their own conscious actions, or purely through ignorance of the significance of their actions. It's downright subversive. I've got to say, that seems a bit more Kuntzian than Gygaxian in its own right, and let's not forget that Gygax gives "Special Thanks To" Rob Kuntz at the very end of the adventure.

And don't get me wrong - I think that's a Good Thing. That "if you keep going, you're going to be corrupted whether you want to or not" aspect is what I think makes this adventure unique, all said. Tomb of Horror will (almost certainly) kill you, but Forgotten Temple of Tharizdun will pollute you. It's as close to actual "character horror" as you can get. It certainly lends a much deeper and more layered aspect of horror to the second half of the adventure than one typically sees in the early TSR modules. I like it!
Categories: Tabletop Gaming Blogs

Magic Item: Mind Steel Coif

Ultanya - Thu, 04/12/2018 - 18:19
This very rare chain coif is created by the Githyanki* in the Astral Plane. Legend holds that over the epochs they found ways to avoid the terrible mind attacks of those whom enslaved them. The coifs are crafted from Mind Steel. This priceless ore is said to be the crystallized blood of a dead celestial being. How the Githyanki are able to work it into wearable armor is the subject of debate among the arcane.

Designed by Vanessa Walilko, @KaliButterfly Mind Steel Coif

Requires Attunement

You gain the following benefits while wearing it:

  • Resistance to Psychic damage.
  • A Mind Flayer must spend one round removing the Mind Steel Coif before using its Extract Brain ability.
  • The coif also protects the wearer from the dark whispers of things unimaginable. Once per long rest you may gain advantage on a Wisdom Saving throw against an effect caused by an aberration.

You gain the following hindrances while wearing it:

  • The coif does resemble an alien Mind Flayer or a metal octopus from the briny depths. The wearer is viewed with unusual suspicion, which causes disadvantage on all Charisma based checks.
  • Finally, Aberrations will take special interest in destroying a Mind Steel Coif. Their servants may actively try to steal it, or worse be sent to dispatch the wearer. 

*For the uninitiated the Githyanki are astral sea dwellers who were once enslaved by a malevolent and cthulhu-esque race known as the Illithid or Mind Flayers. The Githyanki first appeared in the 1979 issue #12 of White Dwarf, in the "Fiend Factory" column. However, they are most famous for being depicted on the cover of the 1981 AD&D book, Fiend Folio. Interestingly, the name Githyanki was first coined by George R. R. Martin in his 1977 sci-fi novel Dying of the Light.

Categories: Tabletop Gaming Blogs

Encryption 101: decryption tool code walkthrough

Malwarebytes - Thu, 04/12/2018 - 17:34

We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in this specific encryption scheme, the potential options we might have for decryption, and finally we made a game plan for creating a decryption tool.

To continue off of that point, and to close off this series, we will be walking through the source code of the Princess Locker decryption tool, which my colleague hasherezade has created. After Part 4 of our series, you could have most likely used that information to create your own tool. However, just to solidify everything and make sure it all clicks, I will explain the details of this already functioning tool, as I believe it is much easier to understand something and create your own tools in the future if you see how an already-functioning one works.

The process of reversing engineering the encryption code and forward engineering the decryption code essentially covers the same point from multiple angles.

Code overview

Let’s first walk through all the functions in this program at a high level and do a quick overview of what they are and how they are used together. This will help the specific lines of code within each function make more sense when we are going through in detail.

The full source code of this tool is available here: Princess Locker decryption tool source code. I strongly recommend you follow along with full source code open in another window as you read this article.

Lets start from the top of the main.cpp file.

#define CHARSET "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

If you remember from when we were analyzing the RNG portion of Princess, the numbers being generated were used as an index to look up a letter in this string. So, if the random number 38 was generated, it would have added the letter “c” to the victim ID string, since the “c” is at the 38th position if this is treated as an array. This is what the CHARSET is here.

Below is a list of the major functions that are worth talking about:


Any of the other functions I did not mention here because they are either not directly related to the decryption/key searching, or they are just self explanatory. For instance, read_buffer is literally what it sounds like: It is a helper function that reads a buffer in from a file. This is used within some of the above functions,  but it is not worth talking about specifically in detail.

find_key – Incrementally generates key with seed value, decrypts file, and checks against original file
dump_key – writes key out to file
check_key – uses a potential key,  decrypts file with it, and checks it against the original version
find_start_seed – wrapper function; calls others to find seed value which was used for UID or ext
find_seed – incrementally test seeds, generate random strings to verify against UID
find_key_seed – NOT USED, wrapper for find_seed with direction
find_uid_seed – wrapper for find seed, setting isKey param to false

Of all of these, the find_seed and find_key are the two functions that are doing the major portion of the work.

Main function

Now let’s start from the wmain() function and walk through all the logic in detail.

We will skip past to the line on 314,  printf(“Searching the key…“);

Everything pictured above is just input checking to make sure everything that is needed was provided properly.

The rest of the main is below:

The next line is DWORD init_seed = time(NULL); This is just getting the current time. This will be the first seed we test against. We know from Part 4 that the current time was the only input being used to seed the random number generator. So, we will be using the current time and decrementing this doing our test key generation as we go on.

do { DWORD uid_seed = find_start_seed(unique_id, extension, init_seed); key = find_key(filename1, filename2, check_size, uid_seed, limit); init_seed = uid_seed - 1; } while (!key);

We see the find_start_seed function being called. The parameters unique_id, extension, init_seed at this point are the following in order: ransom note ID or NULL if none is used, random file extension, which Princess added on, and current time. As the loop progresses, the init_seed is decremented because we essentially are trying to find the exact second when the Princess infection occurred on these files.

There are three different second values which were used for seeding each of the RNG uses. As I mentioned in the previous post, they are the extension, the UID, and the AES key password. Once we find one of these, the others are very close by in time, so we can easily find the others.

Let’s look at the details of find_start_seed before continuing on. Let’s assume we are passing in a UID we got from the ransom note.

The first call you see inside of here is the find_uid_seed(). This is a wrapper function to find_seed(), which is the main workhorse. The false boolean variable passed in is telling it to decrement when searching for the UID value. This makes sense because the seed we start with here is the current time, so obviously the infection has occurred in the past.

Before going into the details of the find_seed function, I’ll just go over a high level of what’s going on in the rest of this function. The result of find_uid_seed function will be the seed value, a.k.a the exact second which the RNG was seeded, to generate the ransom note ID during the infection.

You’ll notice the “if” for UID variable. This is here because the ransom ID is not a requirement. It is here to make the result more sure. If someone did not have their ransom ID referred to as UID, then they can still try to decrypt with just their file extension.

The reason this works is because the UID was one RNG seeding during infection, the random file extension was another, and the actual AES password was the third. So having either the extension or the UID should be enough to be able to find the AES password seed. If you do have both, however, you make it that much more verified.  Like a double verification.

Next we have the extension part:

if (uid) { ext_seed = find_uid_seed(ext, uid_seed, true); } else { ext_seed = find_uid_seed(ext, seed, false); }

What’s going on here is if UID was passed in, that means that we have found the seed value for UID. If that is the case, we can use that seed value (the time which the UID RNG was seeded) as the starting point for looking for the extension seed. In the analysis of Princess Locker from Part 4, we saw that the UID was seeded first and then very soon after the extension RNG was seeded. So we can expect that the two seeds will be close in value.

This is why the true variable is passed in here. We are starting from the UID seed time and now counting forward to find the extension seed time. Now, if the UID was not provided by the user here, you see the same call is made with the false variable passed in. The seed is now the current time seed, which means we are just counting back from now until we find a seed match for the extension. 

if (uid && ext_seed - uid_seed > 100) { printf("[WARNING] Inconsistency detected!\n"); }

After it has found both the UID seed time and the ext seed, it then does this final check and makes sure that the difference is less than 100. The reason for this is again that during the Princess Locker execution, the UID seed is generated, and then very shortly after in code flow, the ext seed is generated. If these two times are more than 100 seconds apart, something strange is occurring.

DWORD find_uid_seed(wchar_t* uid, DWORD start_seed, bool increment = true) { return find_seed(uid, start_seed, increment, false); }

As I said before, find_uid_seed is just a wrapper for sind_seed, which is the main code that does the seed searching. So let’s go into that now.

After some variable initialization, we have the main loop of the function:

while (true) { srand(seed);

What’s going on in this loop in general is a recreation of the random number generation portion of the ransomware itself. This is why it starts with srand(seed). The seed is the time passed in. This will determine the sequence of numbers that comes after by using the rand call.

So in the loop we are building, the string by taking the random number as the index into the charset. If the number being generated does not match with the UID provided by the user, it knows that the seed is not correct, so it will decrement the time and try again.

If this function was being called to find the ext after it already found the UID in a previous call, the seed time would be incremented. Here is a picture of the timeline so you can understand when and why we increment vs. decrement in various stages.

So, the stage that you are starting from will determine if you pass true or false into this find_seed function to make it decrement time or increment time.

Back to main function

Now that we have covered the details of the find seed functions, let’s get back to the main function after the find_start_seed where we left off.

The find_start_seed is a series of loops in itself. So after this call, most likely, it will have found a working seed value. If both ransom ID and ext were provided, it will return the UID seed as it is closer in timeline to the AES password seed.

Otherwise, if the UID was not provided, it will return the seed it found for the extension. If we look at the timeline, we see that the UID seed time occurred after the AES seed time. This means that we will need to do a couple things in a loop:

  • decrement the seed one by one
  • attempt to generate a AES password using the random seed
  • decrypt the encrypted test file
  • check it against a known clean version

So let’s now take a look at the find_key function and talk about the mentioned steps here in detail.

wchar_t* find_key(IN wchar_t *filename1, IN wchar_t *filename2, size_t check_size, DWORD uid_seed, DWORD limit=100)

Again, I’ll skip past the initial parts of the code that are just doing some reading and error checking. We get to the interesting parts at line 234.

Setting the key_seed variable to the moment in time which the ransom note ID was generated, we found this with find_start_seed and passed it into the find_key function.

do { key = make_key(MAX_KEY, key_seed, true);

The first line in the loop for finding the keys here is the make_key call. I will not go into much detail here because it is not too different from how we generated UID or ext. It is just taking a seed and creating a random string the size of the ransom note ID using indexes to the charset string.

Next is a small loop for actually creating the AES key password and hashing it, which is what Princess Locker does. It does not use the randomly-generated password on its own. It created a random string and hashed it using sha256, then it used that as the key. Finally, it checked the key by decrypting.

for (key_len = MIN_KEY; key_len <= MAX_KEY; key_len++) { if (check_key(in_buf, expected_buf, check_size, key, key_len)) { printf("\nMatch found, accuracy %d/%d\n", check_size, BLOCK_LEN); key[key_len] = 0; found = true; break; } }

The check_key function performs the following:

aes_decrypt(inbuf, outbuf, BLOCK_LEN, key_str, key_len)

It’s creating an AES encryption using the test random-generated password, and seeing if it worked properly.

You may ask: Why waste time doing all the checks for the other RNGs? Why find the ext and the UID seed, when we could just start with the current time and decrement, testing if the seed works with a test AES decryption?

We could do this in theory. However, it is much faster of an operation to do a string comparison (which is all we need to do to find the UID seed) compared to:

  • Generating a random string
  • Hashing the string
  • Creating AES key
  • Encrypting data
  • Checking against clean file 

This is a lot more computationally intensive and would make the relatively fast UID search take much much longer.

Because the AES key was generated during the Princess Locker execution, and the ransom note ID was generated immediately after, once we find the ransom note ID (UID), we can then expect there will only be a few seconds of difference between these two seeds. So, this loop should only need to run a few times doing the encryption checks. Hopefully, you understand the efficiency of doing it the way that hasherezade has chosen.

Finishing off the find)key function, we basically just have some checks now, making sure it found the right key. If not, it will keep looping and decrementing the counter until it either finds it or hits a set limit.

Which brings us to the final portion of the main function at line 320:

If for whatever reason, it never found the correct AES password within the limit set, it most likely means that the seed time was not correct for the UID. So it will start over from the initial seed of one less than where it left off, and start this whole process over again. It will continue this until it finds a UID seed that works and a password seed close by.


Hopefully, this series has brought you up to speed on the art of finding exploits in ransomware encryption and creating decryption tools for them. Now, this not to say that if you master this specific weakness and this decryption tool, that it is easy to find and create one for a new ransomware. But, this is a step toward mastering one of the core skills.

Just like with exploit development/bug hunting, there are some core concepts and generic weaknesses that exist. The difficult/fun part is understanding the twists of those core concepts that any individual might come up with while creating their programs. It is about seeing the same concept or technique being used in an unfamiliar way, but ultimately understanding and identifying what the underlying mentality or technique is.

The important part is to understand the concepts. After that, it is a mix of creativity and thinking outside of the box to be able to identify and create your own exploits, or in our specific case, cracks for the ransomware encryption.

The post Encryption 101: decryption tool code walkthrough appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Rick and Morty Trading Cards Season 1 - Sketch Card Previews, Part 2

Cryptozoic - Thu, 04/12/2018 - 17:00

Please enjoy the second installment of our Rick and Morty Trading Cards Season 1 Sketch Card previews, hand-drawn by our talented artists. Links to contact the artists can be found below the images of their Sketch Cards. Set coming soon!

Categories: Tabletop Gaming Blogs

A Black & Bloody War - A World On The Razor's Edge OSR Campaign Pitch

Swords & Stitchery - Thu, 04/12/2018 - 16:58
How does marry the resources of great OSR material with one's old school campaigns?! For months now I've been marrying Arthurian literature, the Thirty Year War, & Dark Albion's product line by Rpg Pundit.So then I got the bright idea of marrying super heroes into a TSR classic era adventure but then got shot down because of scheduling conflicts. But then I was also told that it wasn't Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Moogly CAL 2018 &#8211; Afghan Block #7

Moogly - Thu, 04/12/2018 - 15:00

It’s time for lucky number seven – and we got lucky indeed! Square #7 in the 2018 Moogly Crochet Along is an absolutely lovely block, courtesy of Petals to Picots! Disclaimer: This post includes affiliate links; yarn provided by Red Heart. Just getting started with the Crochet Along? CLICK HERE for the intro info! Want to [...]

The post Moogly CAL 2018 – Afghan Block #7 appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Free Stuff Section

Fail Squad Games - Thu, 04/12/2018 - 13:58

FSG is adding a “Free Stuff” page to the site. As time allows it will get new additions, tools, NPCs, Monsters, Pregens, and encounters to add to your adventures. All focused on old school gaming. This will be a place to add tic-bits to your game that are unique, unusual, and helpful for un-prepped DMs (The story of my life). Being an under-prepared DM was one of the core reasons I started creating adventures and supplements!

Expect – BECMI, Labyrinth Lord, OSRIC, 1E type of material, not to mention Lands of Lunacy and other slick stuff to keep your players off-guard.
Bookmark the page HERE also don’t forget to “subscribe to blog” at the bottom of the page so you won’t miss anything.

For some real up-coming treats, sign up for FSG exclusives at the top-right of the page.

The post Free Stuff Section appeared first on Fail Squad Games.

Categories: Tabletop Gaming Blogs

The Return of Descriptions in Need of Hexes

Sorcerer's Skull - Thu, 04/12/2018 - 11:00
Edd Cartier
Between Inaust and Rynaw on the Old Panarch Road, a hired coach rumbles past pulled at breakneck speed by a velocipede team. One wonders what mission drives the passengers to brave the dangers and discomforts of the road at night with marauding Gog bands in the vicinity, an ogre slain nearby within a fortnight, and the uncanny croak of a nyctoghoul heard in the distance.

In a clearing in Unthran Wood, a flame-colored thrykee has fallen, bleeding and broken-winged, dying. Skeleton Men pirates move out from their flier, stalking cautiously toward the creature with weapons drawn. The thrykee's saddle is empty. Citrine scintilla glint in the grass, forming a loose trail out from it and toward the surrounding trees.

Enrique AlcatenaBeyond the old fortress of Eneb-Draath, at the edge of the Sanguine Desert, youthful bands of tribesfolk howl and dance around fires built amid the fearsome, angular shadow of their war machines, their war gods. Drunk on liquor made from desert lichen and machine ichor, they whip themselves into a battle frenzy. The tribes claim descent from the First Men who were born in the void and reared solely by machines, and so view the ancient and derelict things left from the First Men's war with the ieldri as their birthright.

These are from this world.

Ch. 5, Page 15

Castle Greyhawk - Thu, 04/12/2018 - 04:16
Robilar did not have time for this nonsense...but, on the other hand, he did not want to get too far ahead of the others on his own. Glancing back, he could see that Quij had his hands full keeping the guard dogs they had bought from attacking some bystanders in the street. Otto was still struggling to keep up. Tenser had this opportunistic young maiden after him, undoubtedly after the riches he had accumulated over two years of delving the depths of Castle Greyhawk.

Well, he would spare Tenser one minute -- but not a second longer!


Looking For Group - Thu, 04/12/2018 - 04:08

The post 1182 appeared first on Looking For Group.

Categories: Web Comics

HackMoor 2018/04/05 Level 10 and King Funk III

Furiously Eclectic People - Thu, 04/12/2018 - 02:38

Games are (usually) on Thursday nights sometime after 6:30PM at World's Best Comics, 9714 Warwick Blvd Newport News, Virginia 23601.

We had a Steak pizza with fresh lumps of Mozzarella and Garlic.



If you haven't guessed by now, Gorignak is an Earth Elemental.

Gorignak was in a friendly mood, so Numrendir cast a "Comprehend Languages" spell, knowing this would be a one-way conversation. Gorignak, having lived in this dungeon since its beginning aeons ago was quite patient and wise, and understood what Numrendir was doing. (While wise, Earth Elementals are still limited to one language by their Intelligence score, and Modern Standard Common wasn't it.)

Numrendir learned from Gorignak there were "Pig Noses" and "Small Giants" living on this level. (Orcs and Ogres respectively). and Gorignak uses Ooze Para-elementals to run errands for him.

The party was about to wrap this conversation up and decide which way to go, when from the Southeast passage from Gorignak's lair comes this large Orc, apparently the twin brother of the Orc just slain last session. (I rolled snake-eyes to get this encounter, just like his twin.) Not wanting to let a good thing go, I had the Orc ask everyone in the room, "Has anyone seen Gronk my twin Brother?"

"You mean the one we just offed?", replied Gnomex, "his carcass is in the next room."

This of course necessitated another Honor Duel with the Orc (who called himself Stratra) who eventually lost. This wasn't just any orc, it was an 8th Level Fighter Orc (like his twin). High level Orcs are not normally allowed in HackMaster, but the module provided it. Anyway, the last blow dealt brought Stratra down to exactly zero hit points, so Gnomex (since he was a Cleric), had a few segments to healed the Orc before it was considered Hackmaster dead. It thus satisfied the Honor Duel and using movie-logic, put the Orc forever in Gnomex' debt.

A "take me to your leader" deal was struck with the proviso the Stratra could retrieve his dead brother in the next room for proper burial. Thus laden, the Stratra led the party and its entourage to Orc territory, where they were challenged by the sentries but passed Stratra's word. This included the Id Cultists, whom the Orc tribe was nominally at war with.

Stratra found his priests and took his brother to be entombed saying he'd be right back. Allowing the party in their free time to tour local Orcdom, including the slave pens, brothel, and local bar and grill. Especially the bar, while expensive, they found that this Orc tribes brew was quite good. (It must have been the water in this dungeon as the pools they found were exceptionally clear and pure.) They stopped at the entrance to the King's double-wide entrance doors where they were not permitted entry as there was a sign posted stating that "King Funk III Tours are held at the bottom of the hour" and it was the top.

Meanwhile an Ooze Para-elemental appeared in the hallway carrying a waterproof pouch, it stopped by one of the guards, took a letter from the pouch and placed it in a puka near the entrance marked "King's Post" and departed. (There was no explanation for this but the party learned later both Earth and Water Elementals living on this level employ Ooze Para-elementals to run errands and are this Level's Postal Service.)

Finally at the bottom of the hour, Stratra (who had just buried his brother) showed up and gained entrance to King Funk the Third's hall the by way of the nickel tour. As if on queue a buxom female Orc in a slinky dress and stilletto's invited them in and they got the official tour. When asked about having an audience with the King, she told them he was away in his Sensitive Compartmented Orc Facility making war plans.

Finally the King arrived and the Party gained an audience.

These became diplomatic talks. So the first question asked by the King was, "Why should we make a pact with you? We have been at war for years!"

"Why not?", replied the Priestess of Id, "We're both Evil, Lawful Evil in Fact".

"Yes but we're still a different kind of Evil.", argued the King.

"Not so much, really, what's so different?", said the Priestess.

"At least we don't sacrifice an innocent child every Monday." , said the King. (GM's note: In game terms it was Sunday.)

The Priestess countered "Oh nooo. You use slaves and when they're no longer any use, you eat them. How is that so different?"

Even the King, faced with this form of logic relented. A peace treaty was made and a deal struck.

They decided to trade muscle for supplies, notably since the cultists could pass as normal people outside the dungeon in Blackmoor. They could obtain the hops and barley on the open Blackmoor market needed for the tasty Orc brew. In return the Orcs (who are growing in ever increasing numbers) could build their forces to invade Blackmoor again and retake what King Funk the First lost long ago. In due time Numrendir, who has the brewing skill, could lend his assistance.

The Party it was deemed, were free to continue further down the dungeon and explore. Since no one in the Orc's dominion had ever returned from that direction, the King deemed it a safe bet.

To seal the deal the High Priestess Cultist asked for a private audience in the King's Chambers. They were gone only a few minutes and they both emerged with the familiar glowing blue eyes the party knew too well.

"One last request,", the Priestess said and whispered in the King's ear. The King then summoned one of the guards and gave private instructions. The guard returned shortly with an innocent slave child tied to a rope.

"Thanks, we'll be leaving now,", said the Priestess, "we have a ceremony to prepare for."

"IDspeed." replied the King. And the Cultists left.

Now the Party, no longer followed by Cult observers were led by the King to the stairs leading down to Level Eleven. "Beware the trap.", informed the King as he pulled down a lever. "The scything blades along both walls are the only thing that keeps the lower critters out and there is no off switch at the bottom."

"How do we get back up if there is no off switch?", asked Gnomex.

"I'll keep guards posted, when you need to get back up just call out the password.", replied the King.

Gnomex had to ask, "What's the Password?"


Thus warned, the party went down.






Grok the Dwarf, a third level WitchRanger (Battlemage subclass of Magic User).
Aerys, an Elvariel, a Fingersmith (Thief class).
Baronet Huang - a Master of the West Wind of the Stone Tiger Order, (Monk class).
Numrendir - a human Conjurist (a Conjuror, Magic User subclass)
Junkbot Jackson - a human Tracker/Friar (a Ranger 5th and Cleric 6th level).

Baronetess Honda - a Human Datai Samurai, Steward of Catan (formerly Temple of the Frog)
Gnomex, a Gnome Adept of Geardal Ironhand (Cleric class.)
Tanzen - a Fae-Born first level Exciter. (Fourth level Invoker, a Magic User subclass).
Fundisha - a half-Elf Swordsperson/Tout (Fighter and Infiltrator, a Thief subclass).

Gerry Castagere, human Fingersmith, (Thief class) and ever loving devotee of Elefus, abandoned to the Blood Cult in the City of Brass on the Plane of Fire.

Felipe the Dwarf, a third level Sigil (Chosen One subclass of Cleric).
Jacko, an Albino Dork Elf, a Master Espion (Infiltrator, subclass of Thief).
Serena 2.0 - First Level Battle Mage Second (a Protege of Jacko).
Sir Weasel, human Guild Soldier, Warlock, & Champion (Thief, Magic User, & Fighter classes) he stayed back in BlackMoor.
- and nine Pilgrim henchmen of various levels. (They wear hoodies.)
Slade Wilson - Dwarven Professional (a Bounty Hunter, Fighter subclass) Left behind at Catan.





This is also posted on three forums, and a blog.


Tracy Johnson
Old fashioned text games hosted below:



Categories: Miscellaneous Blogs

Altipalno from Renegade Games Studio

Gamer Goggles - Wed, 04/11/2018 - 22:59

The inhabitants of the Altiplano, the high plateau between the Easter and Western Andes, need to be creative to develop the scant vegetation and the available resources.

By fishing at Lake Titicaca, mining ore in the mountains, breeding alpacas, and actively trading local goods, the inhabitants generate continually grow in wealth.

New production sites are built, orders are fulfilled, and goods are stored for hard times. And road construction should not be neglected either, as that is needed to speed up development.

The inhabitant who best uses his potential will have the highest yield in the end!

Categories: Tabletop Gaming Blogs

Review & Commentary On Barbarian Conquerors of Kanahu By Alexander Macris & Omer Joel

Swords & Stitchery - Wed, 04/11/2018 - 22:46
Over the course of a couple of days I've been doing a lot of hard thinking about old school systems & Pulp Era campaigns. I've also been doing revamps & rewrites on much of the current Pulp Era campaign. To that end I began to look into Barbarian Conquerors of Kanahu . This book is right in my wheel house leaning close to the edge of both Sword & Planet with a huge foot hold in the Sword & Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Clades From Atlas Games Ships in April

Gamer Goggles - Wed, 04/11/2018 - 20:49
Clades Ships in April

A “clade” is a complete branch of the evolutionary family tree, like mammals, arthropods (“bugs”), and sauropsids (reptiles and birds together).

Clades and Clades Prehistoric are versions of a card game where players must quickly scan an array of cards on the table — as well as their own private card — to make triples as quickly as possible. The player who spots the most is the winner.

Clades and Clades Prehistoric were created by Jonathan Tweet and Karen Lewis, the author and illustrator of the Grandmother Fish, a children’s book about evolution.

Categories: Tabletop Gaming Blogs

Dragonfire Full Playthrough

Gamer Goggles - Wed, 04/11/2018 - 19:10

My Dragonfire play through and review. This is my first attempt at a real play through. Dragonfire is a fully cooperative deck builder where I would say you must cooperate or die. Dragonfire is set in the realm of Dungeons and Dragons and is made by Catalyst Game Labs.

I hope you like it. I do believe  I made an error or 2. I think i’m going to post a follow up video that is a play through of the first round. I learned a lot and had all kinds of problems with software.

Click here to view the video on YouTube.

I have played Dragonfire several times since I filmed this video and I I think I’ll be replacing this in the near future.

Categories: Tabletop Gaming Blogs

Junk Orbit Early Release for Friendly Local Games Stores on June 20th!

Gamer Goggles - Wed, 04/11/2018 - 18:51

Local retailers will get a 2-week early release window for Junk Orbit!

Receive one promo pack free when purchasing from participating stores!

Space. The final junkyard. Good thing one planet’s trash is another planet’s treasure! You’re a captain of your own scavenging spaceship, picking up space junk and transporting it to any city that will take it. Launch your junk… uh… *cargo* out of your airlock to propel your ship!  Race to deliver your cargo as you navigate the orbits of nearby planets and moons!  It’s astrodynamics for fun and profit!


  •  Captain your own salvage spaceship to collect Junk!
  •  Carefully navigate your ship using the gravitational pull of the planets!
  •  Deliver your cargo to collect profit!


Number of Players: 2-5
For Ages: 10+
Playing Time: 30-40 Minutes
MSRP: $35.00

Categories: Tabletop Gaming Blogs

James Ernest promotes himself to “Super President for Life”

Gamer Goggles - Wed, 04/11/2018 - 16:35
James Ernest promotes himself to “Super President for Life”
General concern for Ernest outweighed by potential profit Seattle, WA—April 1, 2018. Concerned that the title “President” is being shared much too liberally, James Ernest of Cheapass Games has decided to give himself a promotion to Super President for Life. His new job responsibilities include seeing the future, winnowing the wheat from the chaff, and boiling away the sea with his heat vision.

Ernest considered several other titles for this new position, including “Lord-Emperor,” “President Plus,” and “Chief Naming Officer” before finally settling on a title which he hopes will not be tarnished through massive overuse.

The staff of Cheapass Games are pleased and proud of their new Super President. “I think it’s great,” says marketing director Cassidy Werner. “He seems happier now, and that means less hassle for the rest of us.”

Vice President Carol Monahan added “I don’t particularly care what he calls himself, as long as he thinks up a decent game every few years.”

To celebrate his promotion, Ernest ate the last half-donut in the box and enjoyed five minutes of Candy Crush Saga. Then it was back to the darkness of the basement to write press releases and dream of a better world.

Categories: Tabletop Gaming Blogs

Keeping your business and personal instant messages secure

Malwarebytes - Wed, 04/11/2018 - 15:00

Most people want to know their instant messages are securely wrapped up—whether that’s for personal privacy or making sure online scammers can’t grab the message content. If you’re sending text on a sensitive topic, or perhaps some photo attachments intended for one person only, you definitely wouldn’t want them falling into the wrong hands.

The same goes for business; what’s to prevent a disgruntled employee sending messages outside the network? There are a lot of solutions out there for better securing IMs. Here’s what we recommend.

The business cases

Many industries have compliance issues to contend with, and rogue IMs are one of the easiest ways to fall foul of an eye-watering fine. IM controls have been around for years as far as business is concerned, and most companies affected by this tend to have a number of solutions in place. Here are a few we suggest:

1) Securing IMs with company-issued mobile devices. Many people will happily use their own phones for work-related activities, which could pose a risk if left unsecured. These policies should typically be decided upon by the business itself, but that’s not quite accurate, with various authorities taking a dim view of Bring Your Own Device (BYOD, also known as Shadow IT).

As a result, many orgs will now simply issue locked down, pre-secured phones, which don’t allow things like user initiated installation of apps. It’s also a lot easier to kill those phones remotely if lost, rather than a general smattering of panic as Steve from marketing tries to remember if he signed his personal phone up to a find my phone service.

2) The usual staff training on best practices and sensible device use, in particular extending the training into the types of message sent, and why sending company secrets around by SMS is probably a bad idea.

3) Monitor messages sent on the network. This is tricky, especially when the company decides to use an ultra-secure messaging app. How do you monitor and log the message content when everything is scrambled? Companies must decide what falls in line with their own practices, whether that’s fully secured (and thus unable to be monitored) messaging, or secured with monitoring capabilities.

There are many solutions out there which can control comms, block out keywords or phrases (and send a message back to base if it detects something like a corporate secret being mentioned), in addition to logging and archiving multiple types of IM messaging.

In fact, providers of IM for business will often include their own (occasionally limited) archiving or logging for ease of use, and will work with compliance solution providers to ensure a result which works for everyone (besides the would-be corporate secrets sharer).

Generally speaking, business IMs are much more secure that personal IMing (or at least, given the possibility for getting in trouble with the law, it should be), but the weight of said security tends to lie in the direction of the parent company. The employee is just one part of a large machine trying to keep the organisation as a whole safe from harm.

The personal cases

Of course, with the device being fully your own, you’re free to break out of necessarily restrictive business requirements and grab whatever tool you like to send an instant message. The flipside is, you’re completely on your own and the standard, boilerplate caveats about “not downloading random junk that’s bad for your phone” applies.

There are many, many piece of coverage online about secure instant messaging. You can easily dig through lots of top five style lists and see what, exactly, is on offer versus your needs and expectations. Perhaps you want no frills IM lockdown. Maybe you want the ability to send secure SMS, even accounting for the fact you may need to do a little reading to help you on your way.

Whatever you need, there is absolutely going to be something out there for you which fills the gap alongside in-depth instructions for using your shiny new messaging system. Half the time, the biggest problem is convincing the friends or relatives you want to communicate securely with to download the same program. Apart from that potential roadblock, secure IM is but a few clicks away.

The real-world case

What I tend to be most interested in with regards secure IM isn’t so much the app going horribly wrong, but the possible assumption that after a quick download the job is done and your messages are safe forever. In practice, we tend to forget really obvious problems where secure bits of text are concerned. You may wish to keep the following in mind:

1) Your messages are likely more than secure enough if you’re using one of the apps from the “what’s on offer” link up above, be it Signal, Telegram, or Wickr. The problem is that you still have them all sitting there in plain text, on your phone screen, for anyone to see. While this may seem obvious, you’d be amazed at the number of people who loudly state everything from date of birth to bank details on a bus / train / plane / quite literally anything at all.

By the same token, people leave their devices unattended all over the place, often without any sort of lock screen enabled. If you have messages you’d really rather not expose to prying eyes, consider leaving them well alone in public unless absolutely necessary. If that’s not possible, be aware of your surroundings and keep an eye out for potential shoulder surfers.

You should also keep in mind that not everyone you talk to on IM may be trustworthy; sure, the messages are sent in a secure manner but that doesn’t mean the recipient can’t take a bunch of screenshots and post them online.

2) Did I mention lock screens? I hope so, because those are really, really useful for helping to ward off a case of exposed message syndrome should your phone be lost or stolen. If you have an iPad or iPhone, then this comprehensive guide to locking your screen is what you need. If you’re on Android, the same deal applies.

3) Unfortunately, the lock screen isn’t a magic bullet. Depending on your specific device, which network you’re with, and how many security options you’ve set, you may well be able to disable any locks applied via various network operated websites. In theory, a clever social engineer could pretend to be you, find the lost phone (skip this part if they stole it), and log right in.

Either way, if find my phone doesn’t work, or the device is languishing somewhere utterly inaccessible like a really big storm drain, you should have the “wipe device remotely” option available at least. Sure, your texts will go bang, but in a situation like that, you’d likely have additional content on the phone you wouldn’t want going public anyway.

The first rule of collateral damage club is don’t join collateral damage club.

Otherwise, cut your losses and hope you made a backup first.

Instant messaging might have fallen out of the news cycle a little over the years, but it never really went away and is still one of the best methods for communication around. Better than that, there’s now a truly diverse set of options available to give yourself the privacy you feel you might need when sending an IM.

You may not need locked down messaging right now, but should the situation ever arise, the tech is ready. Just make sure you have the real-world considerations locked down, too.

The post Keeping your business and personal instant messages secure appeared first on Malwarebytes Labs.

Categories: Techie Feeds


Subscribe to Furiously Eclectic People aggregator