Feed aggregator

OSR Commentary - Castles & Crusade Dreams of Dungeons & Editions - Ghosts of Saltmarsh

Swords & Stitchery - Sat, 05/25/2019 - 18:02
The Castles & Crusades rpg series of products  has been a very interesting play & campaign ride over the last year or so. Its been one of those learning curbs combining the older classic era TSR adventures with the 3.0 or 3.5 D&D books that I own. This has caused all kinds of rancor among the OSR crowd. The big secret I assume is the fact that many of the 3.5 books work perfectly fine with CNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

(5e) Masque of the Worms review

Ten Foot Pole - Sat, 05/25/2019 - 11:14
By Kelsey Dionne The Arcane library 5e Level 1

Baronness Elenore Rennet has yet to return home from a masque at Moldavia Manor two nights ago. Can the players find her and uncover the hideous secrets brooding inside the grim estate of Count Moldavia?

This sixteen page adventure features a dungeon with six rooms described on four pages. It’s formatted well and evocative. It’s creepy. It’s lacking a bit on the interactive side of the house, but it’s not a museum tour by any definition. I’m going to praise it and then nitpick, but it’s a good adventure.

Take a deep breathe and stay with me here. I promise I know what I’m doing. Ready? This adventure was written for streaming play, like Twitch. But it’s good! I know, There have been others, and the cnic in me notes this is a new way to market. In this case the “written for streaming play” seems to mean the inclusion of a high-res digital player map. Oh, there’s some mention made of being optimized for play and drama, but, since those are core elements that every adventure should do it’s not really relevant to just twitch play. It’s like saying “written down on paper!” or “uses roman numbers!” Well, yeah. Duh.

But, I get where the designer is coming from. While _I_ expect those things it’s clear that most designers don’t. They write dreck after dreck with shitty ass formatting that fights your attempt to use it in actual play. Even the major publishers, WOTC & Paizo, do this (so it’s no wonder people imitate them.)  

But this designer rages against the dying of the usability. Kelsey notes in one small list the changes she’s using. Each encounter on one page. Bulleted lists and bolded keywords. A summary sheet of monster stats. Short room and area description. No paragraphs of droning text. Briefly explained non-encounter rooms. That’s her words! “No paragraphs of droning text.” I can’t tell you how revitalizing it feels to see a 5e adventure from someone who gets it.

And it’s all here. There’s a summary sheet for the monsters, stats all in one place for ease of use at the table. The encounters/rooms don’t span more than a page. Smaller, less interesting rooms get less text. Other features, like a pond out back, are just mentioned in passing. We were told “A dark pond next to the manor ripples in the chilly wind. Low clouds gather overhead.” What more do you need to run this? Nothing. There’s nothing there, why else would the designer devote more space to it? It’s not driving the adventure, it is at best setting mood and creating space for tension, hence its inclusion in the first place. This is exactly what SHOULD happen in ANY adventure written for use that the table. (That, of course, being the dirty secret of the publishers. At. The. Table. Isn’t their market.)

The designer actually fucking says “This adventure is meant to be run at a glance” It’s the first fucking words of the “A word to the GM” section that includes that small list I mentioned earlier. This designer gets it. This is how EVERY adventure should be written. Eight years. Three adventure reviews a week. 90% utter garbage. And then this, a bright jewel buried under the 5e DriveThru cesspool. This adventure delivers on the promise of usability.

You know what else it does? It has more than throw-away hooks and consequences. The baron hired you. He can pardon you. Or make you a knight. Fuck yeah he can! Consequences? If you brough back the big bad alive then he makes you fucking constables with full on cloak pins and writs! Consequences for different decisions! Rewards that are meaningful and drive future roleplaying! And further hooks with the baron turning evil (and some more boring stuff about returning to manor.) Things that drive the world AROUND the party. The environment they adventure in. Rock. Solid.

NPC’s get little offsets. A little one sentence-ish description, quirk, secret. Just enough to run them, easy to find in the text. One little girl is hiding on the grounds. Her secret is shes’ afraid her mother got taken by The Willowman (a folk story) because she stole some cookie. Word for word, that’s it. It’s fucking great. It appeals to Scared Little Kid imagery. It appeals to folklore. It appeals to Slenderman and everything else in the woods. And it tell you every fucking thing you need know to run it by including “(a folk story.)” Note how specific it is. Not that she was a bad girl, but that she stole cookies. Not a monster, The Willowman. The designer doesn’t include any more words because they don’t need to. The specificity and evocative nature of it give us all we need to know to run it.  Bad girl is an abstraction. Stole cookies is specific. It didn’t take any more words. It wasn’t two paragraphs. Perfection Personified. At one point a body is holding not a wine bottle but a bottle Amontillado wine. Specificity for the win.

The bad guy is crazy and mutters to himself. Because the designer is actual good, she includes for us a page of his ravings. On a page, so you can print it out to have it always at hand instead of flipping through the book to find it. Bulleted. Little snippets, just about two-ish sentences each. Just enough to get the DM started out. Perfect. The designer recognized we needed this and they provided it. IE: what a designer is supposed to do.

Let’s cover the misses now. One of our hooks has a section heading of “Appeal to discovery” with a bolded section saying “dark discovery.” This is meaningless. The first hook has a section heading of “Appeal to reward” with knighthood, pardon, and 100gp all bolded. It’s easy to tell what the reward is, it’s bolded. The second section heading is Appeal to Heroism. That’s pretty self-explanatory, the same old do-gooder stuff. The third id the Appeal to Discovery with the “dark discovery” bolded. This tells us nothing. Further, the normal text mentioned “dark rumor and mystery” … an abstraction that is NOT specific. Bolding some rumor, mystery, or something else would have been better here. Then the DM’s eye would land on it, thanks to the bolding, instead of the generic “dark discovery.”

The map is hard for me to read. The player map is 12 meg and done digitally, no doubt for streaming/online play purposes. The DM map is the same map but with numbers, etc. It’s busy for that purpose, the “artistic” quality makes the number not stand out well, and the detail of the map, meant to inspire, is instead hard to read if running off of paper. I’m a big advocate of overloading the map with additional data, like a checkboard floor, then not needing to mention it in the text, but it can’t be to detriment of the core room/key usability. Larger numbers, in boxes, off to the side, with arrows pointing in, or something, maybe? It’s busy in a way that’s not useful to DM and even begins to detract. Not disastrous, but not doing what I think it wants to do.

The cover (which I love, and is the reason I bought it) implies a two-story manor. Some of text also implies that, with climbing up to open windows being mentioned. The map seems one story though and I can’t figure out from the text if there is a second story or what. Either some text was left in or the text isn’t clear.

The bulleted format with bolding words well, along with the evocative descriptions, to give the DM what they need to run it a glance. But there are individual misses. The bulleted lists are not always formatted with the most obvious thing listed first. When the players open the door and the DM does their glance and summarizing for them then the most obvious and/or important things should come first. You don’t put 12 charging orcs at the bottom. In some cases the most obvious things are not first. A kitchen with bodies … do you mention a kitchen with dead bodies first or a kitchen with pots on the stove first? If the bodies are last then that implies they are hard to notice, I guess? But this was the results of a monster massacre, not a serial killer hiding bodies. Similarly, sometimes important things are left out. A common example of a room description is a library or kitchen. You don’t need to describe what it looks like or its contents, we all know what that it. You only need to describe what important and/or relevant to the adventure. There’s a grey area though. Let’s say the room is called a library, or study. Somewhere , deep in the text, it says there’s a secret door behind a bookcase. (Because there should ALWAYS be one there. Likewise, waterfalls. Life should be wondrous and magical.) But … that’s the first mention of a bookcase. As a DM you don’t know to include a bookcase in the players description, it wasn’t in the initial description. A bookcase in a library? Sure, but it relies on a kind of implicit understanding rather than a more explicit statement. If there’s a bedroom, is it fair to put a secret door under a rug on the floor if I never mention there’s a rug on the floor … until three paragraphs later? I like relying on universal knowledge and troped to add flavor … but I get nervous when something requires your knowledge. Of course, every medieval bedroom had rugs on the floor … A bookcase in the library isn’t that egregious, but it still feels wrong to me. It should have been a mention higher up.

More seriously, I think the chosen format of the adventure tends to run the text together and create a wall of text effect. The bullets and bolding work well, as to the offset boxes. The sections headings though don’t do a great job separating areas, or maybe I mean getting that message across to the DM. I look at it and my eyes glaze over at the full page instead of focusing in on just the room, one of three on the page. I don’t know if this is a layout/style template provided by DMsguild or what, but it stinks. Nire indepts, better whitespace, the background image, idk. But I do know it doesn’t work well.

Ending on an upnote, here’s the first bullet point for a room. Great imagery. Draped. Fresh. And then red smears and handprints to juxtapose.

• The hall is draped in fine white curtains; the walls are freshly painted white to match. Red smears and handprints dot the walls.

This is a good adventure. It easily hits the usability and evocative marks. Interactivity could be a little better, but it IS a horror adventure (I left unmentioned all of the Poe inspiration and references.) and that requires some room to build tension. Or I’m making excuses for something I like, won over by the blatant explicit appeal to usability, this blogs core thesis for eight years now.

This is $3 at DriveThru and easily worth that. The preview is fiv pages. The second preview page shows you the bullet/GM list I mentioned. The third the hooks/Appeal to Discovery section I mentioned. The third is the outside of the manor, with the little girl I mentioned, the pond throw-away, etc.The fourth some typical rooms. It’s a good preview, showing you what you’re actually getting.


Categories: Tabletop Gaming Blogs

A New Post Apocalyptic Faction - El Circo De Los Monstruos y Memonios For Mutant Future or Any Old School Post Apocalyptic Campaign

Swords & Stitchery - Sat, 05/25/2019 - 03:27
There's a circus coming through the wastlands but this isn't just any circus this is the El Circo De Los Monstruos y Memonios. A circus of mutant menaces, performing oddities, freaks, madmen, & much more. For this circus holds a deadly secret or two. Com'n the performance under the big top is about to start & you don't want to be late. El Circo De Los Monstruos y Memonios is a Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Monte Cook and Shanna Germain Announced as Gen Con 2019 Industry Guests of Honor

Gamer Goggles - Fri, 05/24/2019 - 21:53
Monte Cook and Shanna Germain Announced as Gen Con 2019 Industry Guests of Honor


INDIANAPOLIS (May 22, 2019) — Gen Con, the largest and longest-running tabletop gaming convention in North America, announces Monte Cook and Shanna Germain as Gen Con 2019 Industry Guests of Honor. Each will host a seminar event during this year’s convention, and both will participate in an “Uncommon Conversation” main stage speaking event moderated by veteran game designer Tyler Bielman.

“We’re very excited to present our Industry Guests of Honor for Gen Con 2019,” said Jeannette LeGault, Gen Con’s Senior Director of Event Programming. “Monte and Shanna have years of experience and influence in the tabletop gaming industry, and we’re honored to host them on our stage to share their knowledge and insight with attendees.”

All three Industry Guest of Honor events will be streamed live on Gen Con’s Twitch channel during the convention, and posted afterward on YouTube for on-demand viewing.

Gen Con returns to Indianapolis August 1-4, 2019.

About Gen Con

Gen Con is the largest and longest-running annual event devoted to tabletop gaming culture in North America. The convention, which began in 1968 in Lake Geneva, WI, attracts 70,000 attendees and 520 exhibiting companies each year. During the convention, attendees choose from 17,000 ticketed events representing a wide array of board games, card games, roleplaying games, seminars, entertainment events, and more. Gen Con takes place each August in the Indiana Convention Center, Lucas Oil Stadium, and surrounding downtown hotel spaces in Indianapolis, IN.

About Monte Cook

Over his 30-year career, Monte Cook has written hundreds of roleplaying game products, along with numerous short stories, novels, nonfiction titles, and comic books. Best known for his work on such notable titles as Planescape, the 3rd edition of Dungeons & Dragons (co-designed with Jonathan Tweet and Skip Williams), Numenera, the Cypher System, and Invisible Sun, he was inducted into the Hall of Fame of the Academy of Adventure Gaming Arts & Design. Monte currently works as Creative Director of Monte Cook Games. More information can be found at montecookgames.com.

About Shanna Germain

Shanna Germain’s award-winning body of work encompasses stories, games, poems, and essays, about lust, lies, and leviathans. Her best-known work includes Predation, No Thank You, Evil!, As Kinky as You Wanna Be, The Lure of Dangerous Women, and The Poison Eater. The co-owner of Monte Cook Games, she’s currently hard at work on a fantasy novel about drunken gods and sticky notes, a roleplaying game about fairy tales and madness, and a cookie recipe that she hopes will bring all the puppies to her yard. More information can be found at shannagermain.com.

Media Contact for Gen Con

Stacia Kirby, (206) 363-1492, stacia@kirbycomm.com

Categories: Tabletop Gaming Blogs

The Specter of Kelek the Cruel & Fan Speculation From XL1: "Quest for the Heartstone" (1984), by Michael L. Gray.

Swords & Stitchery - Fri, 05/24/2019 - 18:23
"The king is dead. And the queen is in trouble. She has chosen you to find the fabled heartstone, which is buried somewhere deep in the Mountains of Ice.   Is the gem in the hands of the corrupt Master Thief? Has he harnessed its powers for his own vile purposes? Or does it lie unguarded in the frozen ranges to the north, which teem with horrible creatures?"   Right so life has been Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Medical industry struggles with PACS data leaks

Malwarebytes - Fri, 05/24/2019 - 18:05

In the medical world, sharing patient data between organizations and specialists has always been an issue. X-Rays, notes, CT scans, and any other data or related files have always existed and been shared in their physical forms (slides, paperwork).

When a patient needed to take results of a test to another practice for a second opinion or to a specialist for a more detailed look, it would require them to get copies of the documents and physically deliver them to the receiving specialists. Even with the introduction of computers into the equation, this manual delivery in some cases still remains common practice today.

In the medical field, data isn’t stored and accessed in the same way that it is in governments and private businesses. There is no central repository for a doctor to see the history of a patient, as there would be for a police officer accessing the criminal history of a given citizen or vehicle. Because of this, even with the digitization of records, sharing data has remained a problem.

The medical industry has stayed a decade behind the rest of the modern world when it comes to information sharing and technology. Doctors took some of their first steps into the tech world by digitizing images into a format called DICOM. But even with these digital formats, it still was, and sometimes still is, necessary for a patient to bring a CD with data to another specialist for analysis.

Keeping with the tradition of staying 10 years behind, only recently has this digital data been stored and shared in an accessible way. What we see today is individual practices hosting patient medical data on private and often in-house systems called PACS servers. These servers are brought online into the public Internet in order to allow other “trusted parties” to instantly access the data, rather than using the old manual sharing methods.

The problem is, while the medical industry finally joined the 21st century in info-TECH, they still remain a decade behind in info-SEC, resulting in patient’s private data being exposed and ripe for the picking by hackers. This is the issue that we’ll be exploring in this case study.

It’s in the setup

While there are hundreds of examples of exploitable medical devices/ services which have been publicly exposed so far, I will focus in detail on one specific case that deals with a PACS server framework, a system that has great prevalence in the industry and deserves attention because it has the potential to expose private patient data if not set up correctly.

The servers I chose to analyze are built off of a framework called Dicoogle. While the setup of Dicoogle I discovered was insecure, the framework itself is not problematic. In fact, I have respect for the developers, who have done a great job creating a way for the medical world to share data. As with any technology, often times the security comes down to how the individual company decides to implement it. This case is no exception.

Technical details

Let’s start with discovery and access. Generally speaking, anything that exists on the Internet can theoretically be searched for and found. It cannot hide, as far as a server on the Internet is concerned. It is just an IP address, nothing more. So, using Shodan and some Google search terms, it was not difficult to find a live server running Dicoogle in the wild.

The problem begins when we look at its access control. The specific server I reviewed simply allowed access to its front end web panel. There were absolutely no IP or MAC address restrictions. There is good argument to say this database should not have be exposed to the Internet in the first place, rather, it should run on a local network accessible only by VPN. But since security was likely not considered in the setup, I was not required to do any of the more difficult targeted reconnaissance necessary for more secured servers in hopes of finding the front page.

Now, we could give them the benefit of the doubt and say, “Maybe there are just so many people from all over the world legitimately needing access, so they purposely left it open but secured it in other ways.”

After we continue on to look at the remaining OPSEC fails, we can strike this “benefit of the doubt” from our minds. I will make a note that I did happen to come across implementations of Dicoogle that were not susceptible and remained intact. This fact just serves as a confirmation that in this case, we are indeed looking at an implementation error.

Moving on, just as a burglar trying to break into a house will not pull out his lock pick set before simply turning the door handle, we do not need to try any sophisticated hacks if the default credentials still exist in the system being audited.

Sadly, this was the case here. The server had the default creds, which are built into Dicoogle when first installed.

USERNAME: dicoogle
PASSWORD: dicoogle

This type of security fail is all too common throughout any industry.

However, our job is not yet done. I wanted to assess this setup in as many ways as possible to see if there were any other security fails. Default creds is just too lame of a bypass to stop there, and the problem is obviously easy enough to fix. So I began looking into Dicoogle’s developer documentation.

I realized that there are a number of API calls that were created for developers to build custom software interacting with Dicoogle. These APIs are either JavaScript, Python, or REST based. Although there are modules for authentication available for this server, they are not activated by default and require some setup. So, even if this target had removed the default credentials to begin with, they could be easily circumvented because all of the patient data can still be accessed via the API—without any authentication necessary.

This blood is not just on the hands of the team who set up the server, but unfortunately, the blame also lies in part on Dicoogle. When you develop software, especially one that is almost guaranteed to contain sensitive data, security should be implemented by design, and should not require the user to take additional actions. That being said, the majority of the blame belongs to host of this service, as they are the ones who are handling clients’ sensitive data.

Getting into a bit of detail now, you can use any of the following commands via programming or REST API to access this data and circumvent authentication.

[SERVER_IP]?query=StudyDate:[20141101 TO 20141103]
Using the resuilts from this query, the attacker can obtain individual user ID’s, the performing the following call:

All of the internal data and meta data from the DICOM image can be pulled.

We can access all information contained within the databases using a combination of these API calls, again, without needing any authentication.

Black market data

“So whats the big deal?” you might ask. “This data does not contain a credit card and sometimes not even a social security number.” We have seen that on the black market, medical data is much more valuable to criminals than a credit card, or even a social security number alone. We have seen listings that show medical data selling for sometimes 10 times what a credit card can go for.

So why is this type of info so valuable to criminals? What harm can criminals do with a breach of this system?

For starters, a complete patient file will contain everything from SSN to addresses, phone numbers, and all related data, making it a complete package for identity theft. These databases contain full patient data and can easily be turned around and sold on the black market. Selling to another criminal may be less money, but it is easier money. Now, aside from basic ID theft and resale, let’s talk about some more targeted and interesting use cases.

The most simple case: vandalism and ransom. In this specific case, since the hacker has access into the portal, deleting and holding this data for ransom is definitely a possibility.

The next potential crime is more interesting and could be a lot more lucrative for criminals. As I have described in this article, medical records are stored in silos, and it is not possible for one medical professional to cross check patient data with any kind of central database. So, two scenarios emerge.

Number one is modification of patient data for tax fraud. A criminal could take individual patient records, complete with CT scan images or X-Rays, and, using freely-available DICOM image editors and related software, modify legitimate patient files to contain imposter information. When the imposter takes a CD to a doctor to become a new patient, the doctor will be none the wiser. So it becomes quite feasible for the imposter to now claim medicare benefits or some kind of tax refunds based on this disease, which they do not actually have.

Number two is even more extreme and lucrative. There have been documented cases where criminals create fake clinics, and submit this legitimate but stolen data to their own fake clinic on behalf of the compromised patient, unbeknownst to them. They then can receive the medical payouts from insurance companies without actually having a patient to work on.


There are three major takeaways from this research. The first is for the client of a medical clinic. Being that we have so much known and proven insecurity in the medical world, as a patient who is concerned about their identity being stolen, it may be wise to ask about how your data is being stored when you take it to any medical facility. If they do not have details on how your data is being safely stored, you are probably better off asking that your data be given to you the old fashioned way: as a CD. Although this may be inconvenient in some ways, at least it will keep your identity safe.

The second takeaway is for medical clinics or practices. If you are not prepared to invest the time and money into proper security, it is irresponsible for you to offer this type of storage. Either stick to the old school patient data methods or spend the time making sure you keep your patients’ identities safe.

At the bare minimum, if you insist on rolling out your own service, keep it local to your organization and allow access only to pre-defined machines. A username and password is not enough of a security measure, let alone the default one. Alternatively, if you do not have the technical staff to properly implement PACS servers, it is best to pay for a reputable cloud-based service who has a good record and documented security practices. You should not jump into the modern information world if you are not prepared to understand the necessary constraints that go along with it.

And finally, the last takeaway is for the developers. There have been enough examples over the last five years to prove that users either do not know or care enough about security. Part of this responsibility lies on you to create software that does not have the potential to be easily abused or put users in danger.

The post Medical industry struggles with PACS data leaks appeared first on Malwarebytes Labs.

Categories: Techie Feeds

On a Trip Though Hell

Hack & Slash - Fri, 05/24/2019 - 16:29
I said every day this week, but let's pretend like Thursday didn't happen. I wasn't expecting my daughter's kindergarten graduation to be so. . . disruptive to my schedule.

She sang a song and it was just great.

Oh! I ran Perdition (my excellent Dungeons & Dragons clone) online! I've never edited film before, so I spent two days and taught myself how to edit. Let me apologize in advance that the vision in my head doesn't match what's on screen, due to my lack of proficiency in video editing.

We've already addressed a lot of the technical issues, and the next episode should be even better. It's not the video of us playing--It's a movie I made of the video of us playing.

Have at it.

Hack & Slash FollowGoogle +NewsletterSupportDonate to end Cancer (5 Star Rating)
Categories: Tabletop Gaming Blogs

Crochet Tissue Box Organizer and Tray: Pampering Vanity Set

Moogly - Fri, 05/24/2019 - 14:01

The Pampering Vanity Set features two perfect pieces – a Crochet Tissue Box Organizer and Tray to help you pamper someone special (and that includes you)! Make this crochet vanity set with these free patterns on Moogly! Disclaimer: This post includes affiliate links; materials provided by Red Heart and Furls. 2019 Celebrate Mom Blog Hop...

Read More

The post Crochet Tissue Box Organizer and Tray: Pampering Vanity Set appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Weird Revisited: Ursoid Mutant Dunes

Sorcerer's Skull - Fri, 05/24/2019 - 11:00
The original version of this was posted in 2015, shortly after I had seen Mad Max: Fury Road.

I've got just the thing for a Mutant Future or Gamma World mini-sandbox: do a bit of reskinning on Chris Kutalik's Slumbering Ursine Dunes (if you don't have copy--well, it's available now.)  Here's some thoughts on changing the basic setup.

Out in the desert, there's an ancient rune and a crashed alien spacecraft, slowly burning holes in reality itself.

The Background as Only the GM Knows It
Milt Grisley was an underground cartoonist who got his chance to sell out in the eighties. His Sleepy Beartm character went from counter-culture anti-hero to toyetic, afernoon cartoon pitch-man--and made Grisley rich in the process. Theme parks followed--the one outside of Las Vegas was the biggest, Once Grisley was well into Howard Hughes level eccentricity, he even had a futuristic, planned community built nearby. It was going to be a utopia in the desert run by a super-conputer and thoroughly Sleepy Bear-branded. Then the bombs dropped.

The super-computer has grown more self-aware over the centuries--and also crazier. It thinks it's the real Sleep Bear, now. Its public face is one of the old animatronic, amusement park bears. Somewhere along the way, a tribe of mutated ursoids found it (perhaps following the old signs emblazoned with Sleepy Beartm) and now worship it like a god, following the computer's every command no matter how ridiculous.

They lived peaceable and kept to themselves. They even allowed some humans to settle nearby. Everything was fine until the crash. A saucer full of Greys, sliding across dimensions, went down in the desert near the installation. Maybe it had something to do with a top secret military installation the government never officially acknowledged that was hidden near Bear Town, or maybe it was just a freak coincidence. Whatever the cause, crash it did, and its reality-shifting engines went critical, dumping their cosmomorphic fuel all over the landscape, turning everything weird...

So, hopefully the recastings are clear: Medved is the super-computer whose avatar is an animatronic cartoon bear. The Eld are Greys and their golden barge is a big saucer (don't worry about the different deckplans. It's weird on the inside.) The Weird is created by spaceship fuel. Ondrej is probably a mutant shark and cartoonish pirate, holed up in the pirate island in the middle of the brackish and radioactive artificial lake in the amusement park.

See, not so hard? I'll let you take it from there. Make your own adventure in the Mutants Dunes.

Session Report: West of Keep on the Borderlands

Jeffro's Space Gaming Blog - Fri, 05/24/2019 - 04:46

So I ran with my notes I worked up from a couple of Lovecraft and Howard stories. Here’s what went down:

The players took the survivor from the bandit attack and decided to take him to the city of Ib. The players go to the temple which looks like the parthenon. But there’s this green statue in the likeness of Bokrug inside it… of course with gigantic gemstones for eyes. Easily worth enough gold to level up the party!

The dwarf with charisma 17 brashly calls for a healer. Ten ugly green guys with flabby lips come out with daggers drawn. The dwarf just leaves. The players ponder trying to do something weird with flaming oil, but think better of it. They find an inn and refuse to eat the green gruel that the survivor slurps up. They stay the night and leave the guy there with a few gold pieces.

(All of this takes a long time to play out because the players are insanely careful describing their actions and deciding what to do.)

The party elects to go back to where they found the survivor and then leave the road, travelling a half day to the north… then making for the keep from there.

I roll a bunch of wandering monster checks and nothing comes up. The players find the skinned man that is staked to the ground. The players bury him and then attempt to make it look like he escaped.

The thief is painstakingly scouting ahead and then reporting back. A harpy comes and attacks him. He runs back to the party, but is grabbed and carried into the sky. The dwarf shoots the harpy twice with his crossbow and fails to kill it. The thief is murdered and carried away.

From there the players travel on to the keep without incident.

Total playing time was about two and half hours– a fair game session for people that still have lives. Three distinct adventure hooks were added to the campaign situation that time. No idea if the players will abandom them all to go grind on the Caves of Chaos instead!

Categories: Tabletop Gaming Blogs

Steven Universe Trading Cards: Sketch Card Previews, Part 1

Cryptozoic - Fri, 05/24/2019 - 01:31

In anticipation of next month's release of Cryptozoic's Steven Universe Trading Cards, we're excited to present our amazing collection of Sketch Card previews from the set! 

Categories: Tabletop Gaming Blogs

Lake Geneva Original RPG Campaign: CASTLE GREYFALKUN™ UPDATE

Lord of the Green Dragons - Thu, 05/23/2019 - 20:12
Lake Geneva Original RPG Campaign: CASTLE GREYFALKUN™ UPDATE: Castle Greyfalkun™ Organization © 1973-2019.  Robert J. Kuntz.  All Rights Reserved. North 2 Mordenkaine's Menagerie North 3 ...
Categories: Tabletop Gaming Blogs

Knowing when it’s worth the risk: riskware explained

Malwarebytes - Thu, 05/23/2019 - 19:22

If there’s one thing I like more than trivia quizzes, it’s quotes. Positive, inspirational, and motivational quotes. Quotes that impart a degree of ancient wisdom, or those that make you stop and consider. Reading them melts our fears, sorrows, and feelings of inadequacy away.

Some of the most inspiring quotes urge us to take risks in order to find meaning. If you don’t take risks, they say, you won’t be able to achieve remarkable things. The biggest risk, they say, is not taking a risk at all.

But when it comes to computer security, all that goes out the window. Taking risks on software you download onto your devices is not a recipe for success. Even if the programs are inherently benign, some may have features that can be used against you by those with malicious intent. No good can come of that.

What are these risky programs you’re talking about?

Did I lose you at “quotes?” That’s alright. These software programs that contain features that can easily be abused are known as riskware. They may come pre-installed on your computing device or they are downloaded and installed by malware.

How can something legit be a risk?

Such software was designed to have powerful features so it can do what it was programmed to do. Unfortunately, those same features can be used and/or abused by threat actors as part of a wider attack or campaign against a target. Riskware contains loopholes or vulnerabilities that can be exploited by cybercriminals and the threats they develop.

For example, there are monitoring apps available in the market that private individuals, schools, and businesses use to look after their loved ones, watch what their students are doing, or check employee activities. Those with ill intent could take over these apps to stalk certain individuals or capture sensitive information via logging keystrokes.

Read: When spyware goes mainstream

Riskware can be on mobile devices, too. On Android, there are apps created with an auto-install feature that have system-level rights and come pre-installed on devices; therefore, they cannot be removed (but can be disabled). The auto-installer we detect as Android/PUP.Riskware.Autoins.Fota, however, cannot be manually deactivated. Once exploited, it can be used to secretly auto-install malware onto susceptible devices.

Note that if you install software that your anti-malware program detects as riskware, then you need only make sure your security program is updated to stay safe.

How can you tell which software is riskware?

There are varying levels of malicious intent and capabilities for all software. In fact, any program should be assumed to have potential flaws and vulnerabilities that can be exploited. However, there are criteria for determining what is considered malware vs. riskware, and which software is deemed “safe.”

Pieter Arntz, malware intelligence researcher and riskware expert, makes this clear when he said that riskware can be classified based on the risks to data and devices involved.

“In my opinion, there are a few major categories of riskware, and you can split them up by type of risk they introduce,” Arntz said. “Some bring risk to the system because they introduce extra vulnerabilities, such as unlicensed Windows with updates disabled. Some bring risk to the user because having them is forbidden by law in some countries, such as hacking tools.”

Arntz continues: “Some monitor user behavior. When this is by design, a software may be labelled as riskware rather than spyware. Some bring risk to the system because they are usually accompanied by real malware, and their presence can be indicative of an infection. [And] some bring risk to the user because their use is against the Terms of Service of other software on the system, such as cracks.”

What’s the difference between riskware and PUPs?

Riskware and potentially unwanted programs (PUPs) are similar in that their mere presence could open systems up to exploitation. So, it’s no surprise that users might liken one to the other. However, there are different criteria for classifying riskware and PUPs.

Programs might be termed riskware because they put the user at risk in some way by:

  • Violating the terms of service (ToS) of other software or a user platform on the device.
  • Blocking another application or software from being updated and patched.
  • Being illegal in the user’s country.
  • Potentially being used as a backdoor for other malware.
  • Being indicative of the presence of other malware.

Whereas programs might be considered PUPs because:

  • They may have been installed without the user’s consent.
  • They may be supported by aggressive advertisements.
  • They may be bundlers or part of a bundle.
  • They may be misleading or offer a false sense of security.

Regardless of whether a program is a PUP or riskware, it’s important to evaluate critically whether or not the software is as useful and relevant as it is a nuisance or a potential risk.

Should I keep quarantined riskware or remove it?

If your anti-malware program detects and quarantines riskware, you likely have a choice whether or not to keep it. Our advice is to make a decision based on whether or not you installed the riskware yourself and then, if you did, weighing the benefits of the app against the risks outlined in the detection.

If riskware was installed without the user’s knowledge, it’s possible the software is part of an attack ensemble delivered by malware. I’d be more worried about the presence of malware in this case, and would delete the offending riskware.

If you want your anti-malware to stop detecting software you use that is classified as riskware, see if you can configure your security solution to exclude the file or whitelist it. That way, the software won’t be detected in the future. Want to know how to do this with your Malwarebytes product? Go here.

Stay safe out there!

The post Knowing when it’s worth the risk: riskware explained appeared first on Malwarebytes Labs.

Categories: Techie Feeds


Torchbearer RPG - Thu, 05/23/2019 - 13:00
Paton, Joseph Noel (1821-1901); The Fairy Raid: Carrying Off a Changeling, Midsummer Eve; Photo Credit: Glasgow Museums

Hello friends!

Luke has been noodling around with a new Middarmark stock. We’re still playtesting and would love your feedback!

The changeling is a special stock. Trolls pick a human family with a new infant, abduct the child and leave one of their own its place. Sometimes the changeling knows what it is, sometimes it only learns the truth later in life. Changeling children are frequently malevolent or destructive and their unwitting adoptive families often come to grief.

To reflect this, Troll Changelings don’t have a class of their own. Instead they choose from the classes available to humans: Cleric, Magician, Thief or Warrior. They cannot be paladins.

If you’re interested, I highly recommend reading Poul Anderson’s The Broken Sword, which also happens to be a great primer for Middarmark gaming in general. In The Broken Sword, the elf lord Imric kidnaps the infant son of Orm the Strong and Aelfrida, leaving the troll changeling Valgard in his place.

Troll Changeling

Nature descriptors: Tricking, Boasting and Breaking


Troll Changelings choose one wise from the following list to start: Troll-wise, Giant-wise, Changeling-wise, or Folklore-wise.

Trait: Hulder

In addition to their class trait, troll changelings must take a second required trait: Hulder. Hulder are troll changelings left to be raised by human parents, sometimes as punishment, sometimes in exchange for a human child stolen. In their human form, they are beautiful to behold (though most have a telltale tail). In their troll form, they are hideous, long-nosed and misshapen.


Troll Changeling characters may choose from the cleric, magician, thief or warrior classes.

Nature Questions

Do you play cruel tricks on your human parents, frightening them with your trollish ways or do you have mercy on their simple souls and keep to human tradition?

  • If you play cruel tricks, increase Nature by one.
  • If you have mercy on humans, take the Filial or Compassionate trait at level 1 in place of your home trait.

Do you boast of your wild deeds, even ones you haven’t accomplished yet? Or do you remain secretive about your true nature?

  • If you boast of your deeds, increase Nature by one.
  • If you remain secretive, take Secrets-wise, Ancient Grievances-wise or Revenge-wise.

Troll strength flows through your blood. Do you rend and snap your way into and out of trouble? Or do you hide your strength and your trollish origins?

  • If you break bones and snap locks, increase Nature by one.
  • If you hide your trollish origins, increase your Hulder trait to level 2.
Categories: Tabletop Gaming Blogs

The Secrets of Harveylands

Sorcerer's Skull - Thu, 05/23/2019 - 11:00

This map of "various Harveylands" comes to us from Richie Rich #230 (1987). Before its publications, the proximity of many Harvey characters was apparent, but the fact that their entire kids comic "universe" existed in one locality was a bit of surprise. Looking at the map, I think we can discern other truths about the "Harvey Universe."

The mountains separating it from the outside world reveals it to be a hidden land in the old tradition of Oz or Opar. It is primarily inhabited by magical or fairytale creatures (some in semi-isolated subregions), with one isolated island being the home of talking animals. Based on the comics, these animals enjoy a higher level of technology and infrastructure than the surrounding "enchanted forest" dwellers (though so stories suggest at least the Devils have access to TV and radio.) There are also the two anomalous comics related industries.

Richville's wealth and isolation are a bit of a puzzle. I suspect it is something like the isolated Amazon cities of the rubber boom. The only question is what provided the fortune for the Richs and their city? Whatever it is, it likely has something to do with the magical nature of the surrounding countryside.

Spooktown seems to be the next largest city, and it is walled. Possibly it isn't open to non-ghosts? Maybe witches, since they seem to live in close proximity. Spooktown is big enough that it has suburbs, apparently, where Casper resides.

I always took Tiny Town to be a settlement of normal humans in the Stumbo stories--tiny only in comparison. I wonder now if they are actually smaller, and so Stumbo's size in the stories was exaggerated by the comparison.


Looking For Group - Thu, 05/23/2019 - 04:00

The post 1298 appeared first on Looking For Group.

Categories: Web Comics

FNG Tour of Duty and FNG Unconventional Warfare now Out!

Two Hour Wargames - Thu, 05/23/2019 - 02:07
In FNG: Tour of Duty you’ll step into the dusty, muddy boots of a Grunt, a Boonierat who slogs through jungle and rice paddies, and fights house to house in Hue City and scores of villages and towns across Vietnam. You will be Infantry, but you will encounter people of different Professions during your Tour of Duty that will serve as the focus of Missions, help or hurt you in your campaign – or just add to your story.
UW introduces the “tactical role-playing game” side of FNG. Players can use UWto “flesh out” their characters, giving them an almost life-like feel. UW blends Role-Playing elements with a fast and easy to follow combat system. 

Unlike FNG this combat system is on a personal level and truly unique. 

Check it out here!
Categories: Tabletop Gaming Blogs

From the Desk of Jason Hardy – Shadowrun 6

Gamer Goggles - Wed, 05/22/2019 - 19:42

From Jason Hardy, Shadowrun Line Developer:

Shadowrun, Sixth World is coming soon!

Wait, Shadowrun, Sixth World isn’t out yet? But I’ve been thinking about it for years! Playing it for more than a year! How are other people not playing it? Development time can be so disorienting.

There was a time—six years ago, to be specific—when I threatened physical violence to anyone who said the words “sixth edition” in my presence. (The threats didn’t work. No one is ever scared of me. But I digress). Fifth Edition took a lot of effort to produce, and I didn’t want to think about starting that whole process again. But then there were a few years where I didn’t have to think about a new edition, and I could recharge. Actually, that’s not entirely true, because every time I play a game—whether it’s one I worked on or not—I’m kind of thinking of a new edition. I’m looking at what works well, what works differently than intended, and what possibilities might open up with a tweak here and there. So when the time came to envision the next edition of Shadowrun, I had a few ideas, as did the excellent roster of Shadowrun writers and gamemasters I could tap into.

All those ideas needed a framework, of course. As we started our work, we decided the sixth edition of Shadowrun needed to possess three main qualities:

Be no more than 300 pages long;
Use D6 dice pools; and
Feel like Shadowrun.

Those last two points are related, because it’s tough for a game to feel like Shadowrun if you’re not rolling a healthy handful of D6s. But there’s more to it than that. Combat specialists, spellcasters, conjurers, adepts, faces, deckers, technomancers, riggers, enchanters, weapon specialists, and more all need to exist, and they all must have different and meaningful ways to contribute to a run.

In this edition, all that had to happen within 300 pages. Which is a trick. Fifth Edition, not counting the index, is 466 pages; the anniversary edition of Fourth Edition was 351 pages, and Third Edition was 325 pages (minus the sample record sheets). Second Edition is a lean 284 pages, but it had no bioware, no technomancers, no alchemy, and no qualities, to name a few things that have changed in the intervening years. The book that started it all is an even leaner 207 pages, but along with the elements Second Edition didn’t have, it lacks things such as adepts and foci, and it offers only twenty guns—heresy! (Fifth Edition has 52, while Shadowrun, Sixth World will offer 53–we didn’t cut back much on those options!) All this is to say that streamlining the core rulebook back to 300 pages was not going to be easy.

It’s important to note that simply making the book shorter doesn’t, by itself, do any good. You can make any book shorter by simply ripping every third page out, but you end up with a book that makes no sense. Making the book shorter only is useful if the game also becomes smoother to play. In other words, we didn’t just want a shorter game—we wanted one that moved faster and was easier to get into, while still offering lots of meaningful options. We also didn’t want this to be Shadowrun: Anarchy for the simple reason that Anarchy already exists. Anarchy represents a more extreme end of the rules-light spectrum than Shadowrun, Sixth World–one way to understand the difference between the two is that the gear rules and listings take up about seven or eight pages in Anarchy, compared to fifty pages in Sixth World. Did I mention we wanted to offer lots of options?

Anyway, this means that if the rules were changed, they needed to be changed with an eye toward enabling players to do the things that they wanted to do more quickly. Combat should be faster. Hacking should be smoother and more intuitive. Magic should adapt to be just what the caster wants it to be. And so on. So what, specifically, did we do? Here’s a sample:

Expanded Edge: Yes, one of the things we did to streamline the game was to make one function much more detailed. But stay with me for a second. The definition of Edge has shifted—rather than being that undefinable something extra you reach for in a tough spot to help put you over the top, Edge now represents the accumulated advantage you get in opposed situations. Whether you’re fighting, spellcasting, hacking, or negotiating, you’ll have a chance to earn and spend bonus Edge. And you should spend it—if you’re not gaining and spending Edge regularly in Shadowrun, Sixth World, it might be time to rethink your tactics. Or find less formidable opposition. Gaining and spending Edge replaces a lot of other functions in the game, like calculating situational modifiers, dealing with recoil and armor piercing, and environmental modifiers. Edge also provides a chance for a character to really have an impact when it’s time to spend it.
Fewer action types: There are two, Minor and Major. That’s it! You get one Minor and one Major per turn, with an additional Minor for various circumstances, such as reaction-enhancing augmentations or spells. One Major Action may be traded for four Minor Actions, or four Minor for one Major.
Simplified initiative: You roll initiative at the start of an encounter and then don’t re-roll it. Certain actions or effects may change your initiative score, though.
No limits: Limits served a valuable function of balancing attributes and providing different opportunities for rule effects, but in a streamlined ruleset, they are not needed. Limits on most tests and Force for spells have all been removed.
Skill list narrowed: Fifth Edition has 80 skills, while Sixth Edition has 19. That’s a big difference. There’s definite streamlining there, but it comes at the risk of characters not being distinct from each other. To deal with that, players can still select specializations but can also upgrade a specialization to an expertise, giving their character +3 bonus dice instead of +2, and once they have an expertise they can select an additional specialization. This will provide characters with chances to become truly distinct.
More intuitive Matrix: This is an ongoing goal, and it’s always fun to try to make Matrix activities happen alongside and in parallel with the other actions. Deckers will have meaningful things to do and ways to get in, make things happen, and get out—all while trying to avoid the watchful eyes of the Grid Overwatch Division, of course.

Those are some of the major changes, but far from the only ones. We haven’t talked about Attack Ratings, the uses of armor, changes to Knowledge skills, revamped spell design, new vehicle stats, cyberjacks, and more. I hope this gives you a taste of the upcoming changes, and I look forward to you all playing Shadowrun, Sixth World as much as I have and will! And look for more information on this blog each Wednesday in May!

May 1: Initial Announcement
May 8: Product Overview
May 15: Developer Overview
May 22: Setting Overview/Fiction Announcement
May 29: Developer Q&A
June 5: Rigger Dossier
June 12: Shadowrun at Origins preview
More to follow – I will nail him down at Origins if it’s the only thing I do this year.

Categories: Tabletop Gaming Blogs

New official D&D Paint Set from Gale Force 9 and The Army Painter

Gamer Goggles - Wed, 05/22/2019 - 19:40

New official D&D Paint Set from Gale Force 9 and The Army Painter
Deep under the crust of the adventurers’ feet, lies a whole world of terror and evil. To some it is best avoided; to others it is a calling; to most, it is death. Welcome adventurer, to the Underdark – the most hostile and dark place imaginable; a place where nightmares are real and aberrations spill forth from the depth of terror.
D&D Underdark is an expansion set to Nolzur’s Marvelous Pigments painting series. 10 high-quality acrylic paints toned specifically to match many monsters and horrors dwelling in this nightmare realm. The Underdark Set includes 8 colours unique to Dungeons and Dragons, and also comes with an exclusive Drizzt Do’Urden miniature included in the set.


Warpaints are a high–quality acrylic paint range specifically designed to paint detailed miniatures. The paint has a creamy consistency and is extremely rich in pigment, 100% non-toxic, and always delivers a perfect matte finish.

Recommended to use in conjunction with D&D® Adventurer’s Paint Set.

Categories: Tabletop Gaming Blogs

This Just in from Paizo Kingmaker extension!

Gamer Goggles - Wed, 05/22/2019 - 19:32


Thanks for the all the Kingmaker 10th Anniversary crowdfunding campaign press! The Level-ups keep going… so we’ve decided to extend it to midnight on June 4th (Pacific). That’s one of the advantages of running the campaign on Game On Tabletop.

It is late in the day on Friday, so please consider this a simple courtesy, not a attempt at breaking news.

I’ve copied the announcement here for you:

“When we first launched the Kingmaker 10th Anniversary campaign on Game On Tabletop, we heard from Pathfinder players worldwide wondering why the campaign was only two weeks. For some, the campaign timing didn’t match their paycheck deposits. Others didn’t hear about the campaign until much later. Many others still haven’t heard about it.

With PaizoCon beginning next week and UK Games Expo the week after, Paizo and Game On Tabletop have decided to extend the campaign through those events to allow more time to unlock greater value for backers—and to give everyone more time. The campaign will now end at midnight Pacific on June 4th.

Thanks again for all your feedback and support! Together, we’re going to make the 10th anniversary of Kingmaker a truly epic event!”

Categories: Tabletop Gaming Blogs


Subscribe to Furiously Eclectic People aggregator