Feed aggregator

Rawborgs For Your Old School Super Science or Planar Campaigns

Swords & Stitchery - Wed, 02/06/2019 - 21:23
Alignment : Chaotic/Lawful 'Programming  dependent' # Appearing 1-3  AC: 7 (18)Attacks : Weapons or 1d6 claw  HD:6 (4d10+4 or 26 hit points)Move:20 footIntelligence: Low to GeniusSpecial Purpose Driven Powers: See Below  Sanity:Nil  Saves: F1 (P or M) % In Lair : 29%  Type: Construct  Treasure : Nil/B (see below) Russian invented cyborgs made of slain soldiers, cybernetics, Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Google Chrome announces plans to improve URL display, website identity

Malwarebytes - Wed, 02/06/2019 - 18:16

“Unreadable gobbledygook” is one way to describe URLs today as we know them, and Google has been attempting to redo their look for years. In their latest move to improve how Chrome—and of course, how the company hopes other browsers would follow suit—displays the URL in its omnibox (the address bar), Google’s Chrome team has made public two projects that usher them in this direction.

First, they launched Trickuri (pronounced as “trickery”) in time for a talk they were scheduled to present at the 2019 Enigma Conference. Second, they’re working on creating warnings of potentially phishy URLs for Chrome users.

Watch out! Some trickery and phishing ahead

Trickuri is an open-source tool where developers can test whether their applications display URLs accurately and consistently in different scenarios. The new Chrome warnings, on the other hand, are still in internal testing. Emily Stark, Google Chrome’s Usability Security Lead, confesses that the challenge lies in creating heuristic rules that appropriately flag malicious URLs while avoiding false positives.

“Our heuristics for detecting misleading URLs involve comparing characters that look similar to each other and domains that vary from each other just by a small number of characters,” Stark said in an interview with WIRED. “Our goal is to develop a set of heuristics that pushes attackers away from extremely misleading URLs, and a key challenge is to avoid flagging legitimate domains as suspicious. This is why we’re launching this warning slowly, as an experiment.”

These efforts are part of the team’s current focus, which is the detection and flagging of seemingly dubious URLs.

Google Chrome’s bigger goal

The URL is used to identify entities online. It is the first place users look to assess if they are in a good place or not. But not everyone knows the components that comprise a URL, much less what they mean in the syntax. Google’s push for website owners to use HTTPS has rippled across browser developers and consequently changed user preferences to favor such sites. In effect, by pushing HTTPS, Google changed the game to give the user a generally safer online experience.

However, Google wants to go beyond this, and are set on raising user awareness of relevant parts of the URL (so they can make quick security decisions). As a result, they are refining Chrome to present these parts while keeping users’ view away from the irrelevant gibberish.

In a separate interview with WIRED, Adrienne Porter Felt, Google Chrome’s Engineering Manager, has this to say about how users perceive the URL: “People have a really hard time understanding URLs. They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it, as we’re figuring out the right way to convey identity.”

While these may all sound good, no one—not even Google—knows what the final, new URL will look like at this point.

A brief timeline of Google’s efforts in changing the URL

Below is a brief timeline of attempts Google has made to how Chrome displays the URL in the omnibox:

“…it just raises too many questions.”

With Google’s new effort, how will it affect redirection schemes? SEO? Shortened URLs?

Will this, in time, affect the behavior of new Internet users entering URLs in the address bar? For example, what if they don’t know that certain URL elements are (by default) elided but should now be typed in (such as entering ‘www’) to go to their desired destination? Will they understand the meaning of .com or .org if these elements are erased from view?

How can web developers, business owners, and consumers prepare themselves for these URL changes?

Right now, there’s more uncertainty than there are answers, as Google admits there is still a lot of work to be done. And based on the tone of several spokespersons in interviews, the company also expects some pushback and a degree of controversy that may arise from their efforts. Change is never easy.

Let’s keep an eye on this URLephant in the room, shall we? And let’s also keep giving feedback and raising questions. After all, this is Google’s way of keeping Chrome users away from URL-based threats. If changes are not implemented with thoughtful precision, then threat actors can easily find a way around them, or at least bank on the confusion resulting from a poor rollout of new processes.

While the future of URLs is still murky, one thing’s for certain: the bad guys know how to exploit weaknesses. So we hope, for Google and all its users’ sake, changes in URL display only serve to strengthen everyone’s security posture online.

Further reading:


The post Google Chrome announces plans to improve URL display, website identity appeared first on Malwarebytes Labs.

Categories: Techie Feeds

New critical vulnerability discovered in open-source office suites

Malwarebytes - Wed, 02/06/2019 - 17:16

A great number of attack techniques these days are using Microsoft Office documents to distribute malware. In recent years, there has been serious development on document exploit kit builders, not to mention the myriad of tricks that red-teamers have come up with to bypass security solutions.

In contrast to drive-by downloads that require no user interaction, document-based attacks usually incorporate some kind of social engineering component. From being lured into opening up an attachment to enabling the infamous macros, attackers are using all sorts of themes and spear phishing techniques to infect their victims.

While Microsoft Office gets all of the attention, other productivity software suites have been exploited before. We recall the Hangul Office Suite, which is popular in South Korea and was used by threat groups in targeted attacks.

Today we look at a vulnerability in LibreOffice, the free and open-source office suite, and OpenOffice (now Apache OpenOffice) available for Windows, Mac, and Linux. The bug (CVE-2018-16858) was discovered by Alex Inführ, who responsibly disclosed it and then published the results with an accompanying proof of concept on his blog.

Proof of concept code exploiting the vulnerability and launching the calculator

An attacker could take advantage of this bug to execute remote code, which could lead to compromising the system. The flaw uses a mouseover event, which means the user would have to be tricked into placing their mouse over a link within the document. This triggers execution of a Python file (installed with LibreOffice) and allows parameters to be passed and executed.

We tested several proof of concepts shared by John Lambert.  The process flow typically goes like this: soffice.exe -> soffice.bin -> cmd.exe -> calc.exe

The vulnerability has been patched in LibreOffice but not in Apache OpenOffice—yet. Malwarebytes users were already protected against it without the need for a detection update.

Time will tell if this vulnerability ends up being used in the wild. It’s worth noting that not everyone uses Microsoft Office, and threat actors could consider it for targeting specific victims they know may be using open-source productivity software.

The post New critical vulnerability discovered in open-source office suites appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Yarn Love: Red Heart Sweet Home

Moogly - Wed, 02/06/2019 - 15:52

Red Heart Sweet Home is a “chenille-style yarn that is made for cozy home décor and more!” So let’s get cozy with this new yarn in this month’s Moogly Yarn Love yarn review – and get some free patterns to make with it! Disclaimer: This post was sponsored by Red Heart Yarn, but all opinions are [...]

The post Yarn Love: Red Heart Sweet Home appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Cryptozoic and Sony Pictures Television Announce Release of Outlander Trading Cards Season 3

Cryptozoic - Wed, 02/06/2019 - 14:00

Cryptozoic Entertainment and Sony Pictures Television today announced the February 15 release of Outlander Trading Cards Season 3. This is the first set for the hugely popular series Outlander to feature Autograph Cards signed by Caitriona Balfe, who stars as Claire Randall Fraser. Based on the third season of Starz’s time-travel drama, the release includes a 72-card Base Set, four Chase Sets, and randomly inserted Autograph, Wardrobe, and Sketch Cards.

Categories: Tabletop Gaming Blogs

On the Best Books Released for Dungeons & Dragons part II

Hack & Slash - Wed, 02/06/2019 - 13:00
Dungeons and Dragons has been around long enough for people to notice it taking a few aspirin every morning for its stiff fingers. This continues our look at the best things ever published for Dungeons and Dragons. Part I is here.

The Dungeon AlphabetBeyond the fact that this book combined with Stonehell gave us the gift of Michael Curtis writing full time; it's his way with words that makes this book so very, very good. In a time when third edition and Pathfinder had sapped the life from Dungeons and Dragons, reducing adventures to linear combats and leaving no room for old-school type play, this book stood out (and sold) like a beacon to all those who remembered the weird and exciting play of mysteries below the ground. A solid source of ideas on each page, all of which will make the game more exciting.

Book of WarThere have been many attempts at modeling mass battle for Dungeons & Dragons. This masterwork put together by Delta Collins is the best of them. It allows you to simply resolve mass combat that the players are involved in, and is designed to match the statistical outcomes of any monster as a unit in the game. It's fast, quite nice, and really makes running into 30-300 bandits a fun time for you as the Dungeon Master.
It's designed to take into account the percentages of actual game statistics, requires no conversion for pretty much any version of Dungeons and Dragons and smoothly scales for various sizes of armed conflicts. Additionally, the system encourages smart tactics, making large battles a strategic challenge for both the Dungeon Master and the players.
The ability to allow your players to command 100 footmen and 50 archers, fighting 300 orcs in a massive battle without slowing everything down to a crawl is worth the price of admission and something you should do at your table as soon as possible.

Tome of Adventure DesignGamers are a particular bunch, often concerned with minutia. At some point, everyone has thought, what if you just put all the ideas ever into one book.
This is that book.
It's top selling, because it's useful. It's an exhaustive collection of plots, ideas, schemes, structures, ideas, traps, substances, and more. It's intentionally designed so that random results work in tandem, providing the structure and inspiration to make creativity easy.
Finch outdid himself with this book, and it will far outlive our generation of resources. It sits next to me now.

Grimtooth's TrapsEarly traps are a strange thing. Often teens running games would submit breathless descriptions of traps that involved no agency of the players as well as a plethora of run on sentences.

This presented traps as they were in the original megadungeons. Not gotcha hit point taxes, but each a strange occurrence and presentation.  The traps become the encounter. How do you get that gem off that pedestal without getting slammed into the ceiling or smashed by an absurdly large hammer? They are presented tongue in cheek, but it doesn't matter how silly a trap is, when it's doing 57 points of damage to your fighter it's deadly serious.

It's lovingly illustrated by Steve Crompton and is full of ideas you'll find yourself struggling to figure out how to integrate them into your next dungeon for a fun puzzle.

Creature CatalogueThe Creature Catalogue was a british release, but it was a monster manual for Basic/Expert, forming a weird patchwork of monsters that were representative of Mystara, the crazy high-fantasy setting of basic expert.
At a certain point in your gamemaster career, you realize that monster books are worthless for the stats—monsters provide particular combat or encounter effects, the actual hit dice and armor class are not nearly as important as the idea.
And the thing about the creature catalog is that it is the best type of setting book, you can just through using the monsters in that book, immerse your players in a specific weird ecosystem.

The Wilderness AlphabetNot nearly as popular of the Dungeon Alphabet, but instead written by a blogger in the old school renaissance, this provides a wonderful character to the overworld, ladening hexes and areas with imaginative description and mystery. It's idiosyncratic, and yet, very universal. I use it for all my wilderness expeditions.

Rogues Gallery + GeomorphsThis combination of supplements at first seems as though it's nothing but meaningless lines and numbers. And it sort of literally is. And yet, you can use those arcane numbers and lines to create adventures remarkably similar to the ones that took place in Castle Greyhawk, by virtue of the fact that the gemorphs are from Castle Greyhawk, and the encounters matrix was the one in use for dungeon play. Sadly, I don't think they are available online, but any traditional geomorph will do.
The fact that the Rogue's gallery has write ups for a dozen classic non-player characters, along with a bunch of pre generated classes with relevant equipment made it useful in play.

MetamorphicaA lot of these products take it to the bone. This is one of them. This is bar-none the resource for mutations. Running a campaign with mutations, want to hand out random effects? Is somebody touching the altar of Jubilex? Boy do I have the solution for you. Never leave home without it.

On the Non-Player CharacterI know this is self-promotion, but I'm talking about all the books I use for a game, and I wrote this to be one of them. It's an objective answer for non-player character interactions. It uses player skill, not magical tea parties to determine the outcome of conversation and social conflict. The non-player character descriptors aren't a random list, they are specifically selected to be immediately accessible to the players in play. This may not belong on the list, but it's a book I'd never run a game without, the back page is always open during play for me as a reference.

That's the list. Find what you wanted?

If you like posts like these, then I'd really appreciate you taking a look at my Patreon or signing up for my newsletter. I'm at the threshold of being able to complete my quest of 'living indoors', and if you like what I'm doing, that might be in your heart as well! My daughter will love it!
Hack & Slash FollowGoogle +NewsletterSupportDonate to end Cancer (5 Star Rating)
Categories: Tabletop Gaming Blogs

Wednesday Comics: Heroes of the Golden Age Reference Guide #2

Sorcerer's Skull - Wed, 02/06/2019 - 12:00

The pdf's for the Kickstarter of Heroes of the Golden Age Reference Guide #2 are out, which is a bit confusing because there wasn't a issue 1. It's actually a remaining of the series that started out as Heroes of the Public Domain, which I discussed previously.

Other than the man change, it is much the same as the first one. It has art by Chris Malgrain (who's name and work you may recognize from Armchair Planet Who's Who stuff) and entries on a number of Golden Age characters from Airmale (not a typo) to Tommy. This issue highlights just how many captains there were in Golden Age comics. There are seven in this issue alone.

If this sort of thing interests you, issue 3 will be not doubt Kickstartered as well, so be on the look out.

Hookin On Hump Day #184: A Yarny Link Party!

Moogly - Wed, 02/06/2019 - 02:00

Welcome all to Hookin On Hump Day – where we share the most popular new crochet and knit projects every two weeks. This round, we’ve got 5 gorgeous crochet projects to share – read on to get all the fab links – and then add your own to the HOHD link party on Moogly and [...]

The post Hookin On Hump Day #184: A Yarny Link Party! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Well There Now

Yarn Harlot - Tue, 02/05/2019 - 22:15

I know, I know. I absolutely remember what I said about knitting with grey this time of year just a few days ago, but surely, the rule (that I made) can be broken by me at any moment I see fit, and surely, surely, it was not intended for spectacularly perfect little skeins of yarn like this.

That’s the little Jacob from two posts ago – spun up in entirety, into five gorgeous little skeins that are exactly as I imagined them. (If a little plumper than I intended, after their baths.) Each is a two ply, somewhere between a laceweight and a fingering, and since they’re all from the same sheep, they make a lovely gradient, of sorts.

The big skein of cream is about 180m, and each of the smaller greys are about 70m, near as I can figure it. That gives me a little less yarn to work with than I had planned, just 480m (that fleece was really tiny) and means my original plan isn’t going to work. I’ve tried about a hundred times to convince myself that 480 and 530 are just about the same in terms of meterage,  but they’re not and it won’t work, and that’s okay, because they’re so lovely it was easy to come up with another plan. (I use the word “easy” here to mean that it was a two hour Ravelry search and involved the wits, skills and experience of six or seven knitters dedicated to the hunt to work it out, which is pretty easy considering how picky I was. Shawl hunts can be epic.)

This afternoon, after I finish all my work (or as much as seems reasonable, considering the unending nature of it all) I’m giving up on cleaning the kitchen, casting on for Dover Castle, in sublime grey, and suddenly, it seems like the most perfect colour. Just look at those skeins.


Categories: Knitting Feeds

How to browse the Internet safely at work

Malwarebytes - Tue, 02/05/2019 - 16:00

This Safer Internet Day, we teamed up with ethical hacking and web application security company Detectify to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you’re a programmer looking to create secure websites, visit Detectify’s blog to read their guide to HTTP security headers for web developers.

More and more businesses are becoming security- and privacy-conscious—as they should be. When in years past, IT departments’ pleas for a bigger cybersecurity budget fell on deaf ears, this year, things have started looking up. Indeed, there is nothing quite like a lengthening string of security breaches to grab people’s—and executives’—attention.

Purely reacting to events is a bad terrible approach, and organizations who handle and store sensitive client information have learned this the hard way. It not only puts businesses in constant firefighting mode, but is also a sign that their current cybersecurity posture may be inadequate and in need of proper assessment and improvement.

Part of improving an organization’s cybersecurity posture has to do with increasing its employees’ awareness. Being their first line of defense, it’s only logical to educate users about cybersecurity best practices, as well as the latest threats and trends. In addition, by providing users with a set of standards to adhere to, and maintaining those standards, organizations can create an intentional culture of security.

Developing these training regimens requires a lot of time, effort, and perhaps a metaphorical arm and a leg. Do not be discouraged. Companies can start improving their security posture now by sharing with employees a helpful and handy guide on how to safely browse the Internet at work, whether on a desktop, laptop, or mobile phone.

Safe Internet browsing at work: a guideline

Take note that some of what’s listed below may already be in your company’s Employee Internet Security Policy, but in case you don’t have such a policy in place (yet), the list below is a good starting point.

Make sure that your browser(s) installed on your work machine are up-to-date. The IT department may be responsible for updating employee operating systems (OSes) on remote and in-house devices, as well as other business-critical software. It may not be their job, however, to update software you’ve installed yourself, such as your preferred browser. The number one rule when browsing the Internet is to make sure that your browser is up-to-date. Threats such as malicious websites, malvertising, and exploit kits can find their way through vulnerabilities that out-of-date browsers leave behind.

While you’re at it, updating other software on your work devices keeps browser-based threats from finding other ways onto your system. If IT doesn’t already cover this, update your file-compressor, anti-malware program, productivity apps, and even media players. It’s a tedious and often time-consuming task, but—shall we say—updating is part of owning software. You can use a software updater program to make the ordeal more manageable. Just don’t forget to update your updater, too.

If you have software programs you no longer use or need, uninstall them. Let’s be practical: There’s really no reason to keep software if you’ve stopped using it or if it’s just part of bloatware that came with your computer. It’s also likely that, since you’re not using that software, it’s incredibly outdated, making it an easy avenue for the bad guys to exploit. So do yourself a favor and get rid. That’s one less program to update.

Know thy browser and make the most of its features. Modern-day browsers like Brave, Vivaldi, and Microsoft Edge have launched quite a bit differently than their predecessors. Other than their appealing customization schemes, they also boast of being secure (or private) by default. By contrast, browsers that have been around for a long time continue to improve on these aspects, as well as their versatility and performance.

Regardless of which browser you use, make it a point to review its settings (if you haven’t already) and configure them with security and privacy in mind. The US-CERT has more detailed information on how to secure browsers, which you can read through here.

Refrain from visiting sites that your colleagues or boss would frown upon if they look over your shoulder. Most employees know that visiting and navigating to sites that are not safe for work (NSFW) is a no-no, but they still do it. Trouble is, not only does this welcome malware and other threats that target visitors of such sites, but it could also result in being—rightfully or not—accused of sexual harassment. Browsing sites of a pornographic nature could make coworkers incredibly uncomfortable, and if this behavior is generally tolerated by the brass, it could result in the company becoming the subject of a hostile environment claim. So if hackers don’t scare you, maybe a lawsuit will.

Use a password manager. It may sound like this advice is out of place, but we include it for a reason. Password managers don’t just store a multitude of passwords and keep them safe. They can also stop your browser from pre-filling fields on seemingly legitimate, but ultimately malicious sites, making it an unlikely protector against phishing attempts. So the next time you receive an email from your “bank” telling you there’s a breach and you have to update your password, and your password manager refuses to pre-fill that information, scrutinize the URL in the address bar carefully. You might be on a site you don’t want to be on.

Read: Why you don’t need 27 different passwords

Consider installing apps that act as another layer of protection. There is a trove of fantastic browser apps out there that a privacy- and security-conscious employee can greatly benefit from. Ad blockers, for instance, can strip out ads on sites that have been used by malicious actors before in malvertising campaigns. Tracker blockers allow one to block trackers on sites that monitor their behavior and gather information about them without their consent. Script blockers disable or prevent the execution of browser scripts, which criminals can misuse. Other apps, such as HTTPS Everywhere, force one’s browser to direct users to available HTTPS versions of websites.

Consider sandboxing. A sandbox is software that emulates an environment where one can browse the Internet and run programs independently from the actual endpoint. It’s typically used for testing and analyzing files to check if they’re safe to deploy and run.

We’re not saying that employees should know how to analyze files (although kudos if you can). Only that employees who normally open attachments from their personal emails, stumble into sites that may be deemed sketchy at best, or want to check out programs from third-party vendors do so in a safe setup that is isolated from their office network. Here is a list of free sandbox software you can read more about if you’re interested in trying one out.

Assume you are a target. Not many employees would like to admit this. In fact, it may not have crossed their minds until now. A lot of small businesses, for example, would like to think that they cannot be targets of cyberattacks because criminals wouldn’t go after “the little guy.” But various surveys, intelligence, and research tell a different story.

Employees need to change their thinking. Each time we go online at work, whether for valid reasons or not, we are putting our companies at risk. So we must take the initiative to browse safely, adopt cybersecurity best practices, and embrace training sessions with open minds. Realize that a lot is at stake in the office environment, and a single mouse click on a bad link could bring down an entire business. Do you want to be the person responsible?

We’re all in this together

When it comes to preventing online threats from infiltrating your organization’s network and keeping sensitive company and client data secure, it is true that they are no longer just IT concerns. Cybersecurity and privacy are and should be every employee’s concern—from the rank-and-file up to the managerial and executive level.

Indeed, no one should be exempted from continuous cybersecurity training, nor should high-ranking officials go on thinking that company policies don’t apply to them. If every employee can adhere to the simple guideline above, we believe that organizations of all sizes are already in a better security posture than before. This is just the first step, however. There is still the need for organizations to assess their cybersecurity and privacy needs, so they can effectively invest in tools and services that help better secure their unique work environment. Whatever changes they choose to implement that require employee participation, IT and high-ranking work officials must ensure that everyone is in it together.

Stay safe!

More Safer Internet Day blog posts:

The post How to browse the Internet safely at work appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The Kree Sentry For The High Tech Mysticism & High Caliber Adventure Campaign & Old School Campaigns

Swords & Stitchery - Tue, 02/05/2019 - 14:06
The alien Kree empire created billions of Sentry cybernetic life forms to guard all of their important caches of weapons, artifacts, & even spacecraft. These robotic sentries are capable of taking on many threats to their charges & should be used sparingly by dungeon masters. Kree Sentries are found through the remains of the Kree Empire & their former interstellar colonial protectorates. Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

10 Ways to Build a Character That Will Earn the Love of Your Party

DM David - Tue, 02/05/2019 - 11:15

In Dungeons & Dragons, rolling handfuls of damage dice feels like a good way to shine among party members, but know this secret: Other players usually overlook the damage you do. If you really want to shine, find ways to make other characters better. Make them hit on a roll that would have missed. Make them save when they would have burned. Make them happy you brought your paladin.

This post lists 10 ways to build and play characters that will earn the love of your party.

10. Build a cleric and prepare bless and aid

Between short rests and a choice of classes able to heal, D&D groups no longer require a cleric for healing. Clerics now can prepare some spells so useful that no one will gripe about the spell slots you should have hoarded for cures.

Bless lets up to 3 targets add an extra d4 roll to their attack rolls and saving throws. Unlike most 1st-level spells, which pale at higher levels, bless remains strong all the way up to a level-20 showdown with Orcus.

Players have enough trouble remembering their characters own abilities, so they sometimes forget even a buff as useful as bless. When you bless characters, loan their players a super-sparkly d4 to set beside their d20 and act as a reminder of who helped them shine.

Aid increases current and maximum hit points of up to 3 allies for 8 hours. This spell rates as one of the best to cast with a higher-level spell slot. Cast it once on your front line, or twice to give everyone in your party a boost.

Clerics and druids can also help friends with the guidance cantrip, the best utility cantrip in the game.

9. Build a wizard or sorcerer and a prepare haste

Fireball ranks as the 3rd-level spell strong enough to shape D&D’s power curve, but haste boasts nearly as much power. Against smaller groups of foes or spread out targets, haste works better. Just cast haste on the party’s most damaging attacker, typically the sharpshooter or great weapon master. They will relish the extra attack, and thank you every turn.

8. Build a barbarian who follows the Path of the Ancestral Guardian

Some support features work as reactions, making you watch the battle for chances to use the ability. Instead of waiting between turns with no chance to act, you stay involved in the fray. Such abilities bring you deeper in the game while earning the love of your party.

Barbarians who follow the Path of the Ancestral Guardian gain a feature like this. At 6th level Spirit Shield lets you use your reaction to reduce the damage that your allies suffer. Who needs a cleric when no one takes damage?

7. Build a fighter with the Battle Master archetype

Fighters with the Battle Master archetype can learn a couple of maneuvers that help allies.

Distracting strike lets you give an ally advantage on the next attack on a foe. I suggest putting an attention-grabbing marker on the enemy’s figure, so your friends remember to take their advantage.

Rally lets you grant temporary hit points to a friend in need.

6. Build a wizard in the School of Abjuration

At 6th-level, Abjurers gain the Projected Ward feature that lets you use your reaction to prevent damage to your friends. That’s immediate healing, and another ability that keeps you involved outside your turns.

5. Build a bard in the College of Glamour

The Bardic Inspiration feature lets every bard give friends a die that they can add to their choice of one d20 roll during the next 10 minutes. Set real, shiny dice next to the inspired players’ d20s, so they remember the boost—and remember who enables their success.

Bards in the College of Glamour can spend just one use of Bardic Inspiration to help a number of allies up to their Charisma modifier. Everyone inspired gains temporary hit points and can spend a reaction to move their speed without provoking opportunity attacks. In a tight spot, a bonus action plus Bardic Inspiration could make you the party MVP.

4. Build a wizard in the School of Divination

The diviner’s Portent feature rates as underrated. After a long rest, you roll 2 or 3 d20s and record the result. Then, when any creature you see is about to make a d20 roll, you can substitute one of your portent rolls. By tagging a foe with a bad roll, you can guarantee that save-or-die roll just means die. More to the point of this list, you can guarantee that a friend saves, lands their killing blow, or makes that vital check.

3. Build a rogue with the Mastermind archetype

Rogues who choose the Mastermind archetype can use the help action as a bonus action. Plus, they can help allies attack foes up to 30 feet away, adding combat advantage to attacks, both melee and ranged.

2. Build a barbarian following the Path of the Totem Warrior and choose a wolf totem spirit

As a wolf totem spirit warrior, while you’re raging, your friends have advantage on melee attack rolls against any creature within 5 feet of you. Unlike advantage-granting features from the Mastermind and Battle Master, this ability helps all your melee friends rather than just one.

1. Build a paladin

At 6th level, paladins gain an Aura of Protection that extends to every ally within 10 feet. Those allies gain a bonus to saving throws equal to the paladin’s charisma bonus. For most 6th-level paladins, the bonus starts at +4 and will rise to +5—roughly equivalent to advantage on every save.

Too few people play paladins, so when a level-6-or-higher paladin shows up with an aura, everyone gets a shocking reminder of how good paladins are. Adventure author Eric Menge writes, “That aura is the bane of my DM existence in my home game. No one fails saves.” I hear you, brother. Players under the aura shed magical attacks like Superman sheds bullets.

At 7th level, the paladin’s aura gains an extra measure of protection. As a player, I love the Aura of Warding, which grants you and friendly creatures resistance to spell damage. As a dungeon master, I tell everyone not to play boring, dumb paladins.

The paladin’s aura earns enough love to vault the class to the top of this list, but the class also brings enough healing to cure a fallen ally. Plus paladins gain the bless and aid spells listed in item 10.

Also, the Divine Smite ability lets you roll fistfuls of damage dice. I hear that can be fun too.

Categories: Tabletop Gaming Blogs

Lycanoid Mutates A Monster For Your Old School Campaigns

Swords & Stitchery - Tue, 02/05/2019 - 04:28
Lycanoid Mutates No Encountered :1d6 Alignment: Chaotic Movement:120' Armor Class: 5 Hit dice:3 Attacks: Bite or  1(weapon) Damage: 1d4 or weapon Save:F4 Morale:9 Hoard Class:X XP:20  A product of Hodgkin's Law of Parallel Planet Development are these monsters who come from a world where WW II boiled down into the worst dirty Atomic War seen out side of Earth's past. Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

HackMoor 2019/01/31 Campaign Reset

Furiously Eclectic People - Tue, 02/05/2019 - 01:22

Games are on Thursday nights sometime after 6:30PM at World's Best Comics, 9714 Warwick Blvd Newport News, Virginia 23601.


This week we did a campaign reset and scratched out all the old characters and rolled up new one.

This was predicated on two new Players showing up and rather than deal with assimilation into the party everyone starts at first level.

We rolled up one Samurai, one Druid, one Cleric, one Thief, and one Magic User.

Sounds like one interesting First Level party.

There were a couple of no shows, but one had just rolled a First Level sidekick, I can roll that in to the new campaign. That leaves only one Player who has not yet re-rolled.






None compiled at this time.





This is also posted on three forums, and a blog.


Tracy Johnson
Old fashioned text games hosted below:



Categories: Miscellaneous Blogs

5150: Bugs Breakout! Now on Sale

Two Hour Wargames - Mon, 02/04/2019 - 21:26
The last of the 5150: Bugs Wars Trilogy has just been released. There's Bugs in New Hope City and the various groups have allied to kick them out. Play as Civilians Police, Gangers, Survivors, Planetary Militia or Star Marines. All have different goals, but all can agree...
The Bugs must go!
We're now offering all three Bug Wars books for one low price. Click here of more info..
Kill the brain; save the world!
Categories: Tabletop Gaming Blogs

[ZINE] 2019 Shipping Cost Changes

Beyond Fomalhaut - Mon, 02/04/2019 - 20:25
TL;DR version: Due to recent changes in postal tariffs, my store has switched to a flat $6.50 shipping fee as of 4 February. Shipping for single items will increase by 50%, shipping for two items will stay identical, and shipping for 3-5 items will be reduced. Customers are kindly asked to batch their orders into no more than 5 items each. 

Longer version: The entrepreneur’s life is an exciting one. Changes in the tax code, shifting regulations, economic cycles, and acts of Government introduce new challenges to overcome, and in the end, good old “creative destruction” sorts it all out. Here is a new one, and a post on what it means for you. Less fun than a pack of owlbears digging up your cabbage patch. 
Today, as I was bringing a handful of zines to the post, I was surprised to find shipping rates had increased overnight by a whopping 50%. Ooops. Price increases are a fact of life, but I didn’t see this one coming. Here is what happened.
  • In a price reorganisation scheme, the Post has eliminated several weight categories to “create a more transparent and customer-friendly structure, which conforms to the modernisation process of mailing services” (their words).
  • This included the 50-100 g category, which just happens to be the one I have been using the most, since the materials I publish weigh between 88-95 g apiece. This is how I set up my enterprise – I consider one below-100 g product “one unit”. Everything has been carefully set up to fit into into this specification.
  • What we have instead is a new scheme where we have one category for everything between 50 and 499 g (see Fig 1., below).

Postal prices, January to February 2019
In the “under 100 g” category, the price increase is a whopping 50%, so Worldwide shipping has just increased from $4.00 to $6.50 (European shipping is slightly lower, but the same principle applies). This change is bad news for most of my customers, who tend to be regulars buying single items (typically right after publication), and also tend to be located in North America and Australia (about 70% of my orders). Selling to them is my business model – and it is also something more: return customers are also a matter of professional pride. They tell me I should keep doing this – and I should aim high. 

Now then. There is no doubt the change sucks, but if you bear with me, there is a way to reduce its impact. 
You may note that there is now a single weight category between 50 and 499 g. This means it does not matter to the Post if the package is 100 g, 200 g, or 490 g. It is all $6.50 (or $5.4 in Europe). Compared to my old shipping formula ($4.00 for the first item, and $2.50 for each additional item), this is what the flat fee means:
  • If you order a single item, you pay $6.50 ($2.50 over the old price).
  • If you order two items, you pay $6.50 (NO CHANGE).
  • If you order three to five items, you still pay $6.50 (and you save $2.50, $5.00 and $7.50, respectively).
  • If you order six items, you still pay $6.50, but I would have to absorb the loss, since shipping jumps from $6.50 to $23.40! Instead, I will batch your order into multiple packages, since until I exceed 12 units, I am better off sending you two smaller envelopes at $13.00 than a single big one at $23.40. I hope the inconvenience will be a minor one.

This is kind of crazy, but it is the doing of the Postal Gods (I really should have been more diligent with those sacrifices).

What is the best solution for both you and me? Simple. Order two to five items on a single occasion. If you want to save some cash, wait until the next zine issue. Or… if you like the zine, buy a module to go with it. There will be a few in this coming year, and I hope they will be worth your consideration. I will remain a print-oriented publisher as long as it remains viable, but PDFs are an option, too. And in the US, Exalted Funeral is stocking my releases as well.
In the general sense, this is a hobby enterprise, and my intention with it is to take the high road of good, honest game materials, sold at an affordable and fair price. My strategy is to make things which are worth buying. As long as I can carry out this mission, I will feel good, and keep doing it.
Categories: Tabletop Gaming Blogs

Well hello there...

My Sister's Knitter - Mon, 02/04/2019 - 18:11
Hello loves! I am back, a day later than promise...but some days are just like that. :) I have missed you loads. Thank you for being so understanding about my time away. I know that it did me a world of good and it feels like my words have come... Andi
Categories: Knitting Feeds

Movie stream ebooks gun for John Wick 3 on Kindle store

Malwarebytes - Mon, 02/04/2019 - 17:30

We discovered a novel spam campaign over the weekend, targeting fans of John Wick on the Amazon Kindle store. The scam itself involves paying for what appears to be the upcoming third movie, turns into a bogus ebook, and goes on to hyperlink potential victims to a collection of third-party websites.

How does this begin?

With a dog, a grieving assassin, and a pencil.

Actually, it begins with me hunting for John Wick graphic novels on the Kindle store. What I found isn’t exactly hidden from view—as you can see from the screenshots, the bogus results kick in right under the second genuine entry:

Click to enlarge

What are we looking at here?

Roughly 40 or so individual items uploaded from around January 25 to February 2, each one from a different “author.” At first glance, you might think you’re looking at movies, thanks to the play button icon on each image preview. The fact that each entry is called something along the lines of “John Wick 3: free movie HD” probably helps, too.

Click to Enlarge

All of the items are on sale for a variety of prices including £0.99 each, £9.93, £12.19, and up to an astonishing £15.25 (roughly $20 USD). A few of them are listed as free, and all of them have a preview available.

Click to enlarge

At this point, someone seeing this may think they’re actually buying a copy of John Wick 3. This is where it gets interesting.

This isn’t John Wick 3, is it?

Correct, it absolutely is not John Wick 3. What we have here is an incredibly basic ebook with a “play movie” image bolted onto the preview. Opening up the preview gives us a slice of “coming soon” style text for the movie, due out in May.

The text reads as follows, and appears to be the same content used in each ebook:

John Wick: Chapter 3 – Parabellum 

When we last observed John Wick, he wasn’t in the best shape as he’d quite recently had a worldwide contract hit put out on him toward the finish of John Wick: Chapter 2.  

So most would agree that the third motion picture in the hit activity establishment, driven by Keanu Reeves, won’t be a steady walk around the recreation center. Indeed, even the full title, John Wick: 

Chapter 3 – Parabellum, insights at the massacre in store as Reeves clarified recently.  

“[It means] get ready for war. It’s a piece of that popular sentence, ‘Si vis pacem, para bellum’ which interprets as, ‘On the off chance that you need harmony, get ready for war’,” he laid out. All things considered, Wick said he’d “execute them all” toward the finish of Chapter 2.

Looking at the “Click here” text isn’t useful on a mobile device, because in practice I couldn’t get it to recognise my clicks. I also couldn’t figure out what the clickable link was from looking at it on the mobile, either. With that in mind, it was time to port over to a desktop and fire up an appropriate reader.

A quick port to a desktop reader later, and we now have a fully clickable link:

Click to enlarge

Where does the link go?

It takes would-be Wick watchers to:


Which is a portal that claims to offer up multiple movies:

Click to enlarge

The movie we’re interested in here is John Wick 3:

Click to enlarge

No matter what you do at this point, the only option here is “be forwarded to another site” via the register button: 

Click to enlarge

Our tour of the movie world upside-down now takes us to:


Click to enlarge

This style of site may be familiar to regular readers. They typically claim to offer all sorts of media content and claim free sign ups, but there’s usually a rolling charge or fees somewhere in the mix. The site says the following:

You agree that, on registration for a Membership, you authorise us to place a pre-authorisation hold (between USD $1.00 to 2.00) on your Payment Card to validate your billing address and other Payment Card information.

Depending on your region, you may find yourself sent to similar sites like:


Click to enlarge

However, there is no further information in the T&C or Privacy Policy for either site that states exactly what sort of payment is (or isn’t) expected after signing up. One thing is for certain: Someone wasting up to £15 on a bogus ebook then bouncing from site to site isn’t going to end up with a legitimate version of John Wick 3.

Don’t set him off

It’s tricky to flag dubious content on the Kindle store, as you have to report each title individually and give reasons. We contacted Amazon customer support and have been informed these ebooks have been escalated to the appropriate teams.

Amazon has had problems with fake ebooks before, though those were in the business of swiping author’s content and making as much money as possible before being shut down. What we have here are worthless ebooks with no content, save for clickthrough links to streaming portals. At time of writing, the ebooks we discovered are still available for purchase [UPDATE, 5th Feb: we’ve not heard back from Amazon, although all of the dubious ebooks now appear to have been removed].

If you’re on the hunt for John Wick, the lesson is clear: don’t bring an ebook to a gunfight.

The post Movie stream ebooks gun for John Wick 3 on Kindle store appeared first on Malwarebytes Labs.

Categories: Techie Feeds

A week in security (January 28 – February 3)

Malwarebytes - Mon, 02/04/2019 - 17:00

Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light  on a Houzz data breach, and what exactly happened between Apple and Facebook.

Other cybersecurity news
  • Kwik Fit hit by malware: Car service specialist runs into trouble when systems go offline. (Source: BBC)
  • Mozilla publishes tracking policy: Mozilla fleshes out out their vision of what is and isn’t acceptable in tracking land. (Source: Mozilla)
  • Distracting smart speakers: How you can effectively drown out your smart speaker with a bit of distraction. (Source: The Register)
  • Privacy attack aimed at 3/4/5G users: Theoretical fake mobile towers are back in business, with an investment in monitoring device owner activities. (Source: Help Net Security)
  • How my Instagram was hacked: A good warning about the perils of password reuse. (Source: Naked Security)
  • Social media identity thieves: Scammers will stop at nothing to pull some heartstrings and make a little money in the bargain. (Source: ABC news)
  • Another smart home hacked: A family recounts their horror at seeing portions of their home cut open for someone’s amusement. (Source: Komando)
  • Facebook mashup: Plans to combine Whatsapp, Instagram, and Facebook Messenger are revealed with security questions raised. (Source: New York Times)
  • Phishing attacks continue to rise: Worrying stats via security experts polled who agree in large numbers that phishing is at the same level or higher than it was previously. (Source: Mashable)
  • Researchers discover malware-friendly hosting service: After a spike in infections, researchers track things back to a host that looked like a “hornet’s nest of malware.” (Source: TechCrunch)

Stay safe, everyone!

The post A week in security (January 28 – February 3) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The Blood Soaked Messengers of Fate In Old School Campaigns - Greyhawk,Mystara, & Beyond

Swords & Stitchery - Mon, 02/04/2019 - 16:52
I've been very busy all weekend with lots of folks & I talking about Greyhawk & Mystara. The these two campaign settings are incredibly important & the reason is simple. Events flow back & forth around the planes with echoes of why & how. Mystara & Greyhawk world settings about movers & shakers of power. So let's look at the fact that Ernie Gygax's Tenser is one of the original wizards of Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs


Subscribe to Furiously Eclectic People aggregator