Feed aggregator

Magecart criminals caught stealing with their poker face on

Malwarebytes - Tue, 08/20/2019 - 15:00

Earlier in June, we documented how Magecart credit card skimmers were found on Amazon S3. This was an interesting development, since threat actors weren’t actively targeting specific e-commerce shops, but rather were indiscriminately injecting any exposed S3 bucket.

Ever since then, we’ve monitored other places where we believe a skimmer might be found next. However, we were somewhat intrigued when we received a report from one of our customers saying that they were getting a Magecart-related alert when they ran their poker software.

Typically, skimmers such as those used by Magecart criminals operate within the web browser by using malicious bits of JavaScript to steal personal details, including payment data, from victims. In this blog, we review the curious poker case that started with a detection for a Windows program but was also tied to a website compromise.

Software application connects to Magecart domain

Poker Tracker is a software suite for poker enthusiasts that aims to help players improve their game and make the online gaming experience smoother. The Holdem and Omaha versions retail from $59.99 to $159.99 and can be purchased directly from the vendor’s website.

From the customer’s report, we saw that Malwarebytes was blocking the connection to the domain ajaxclick[.]com when the poker software application Poker Tracker 4 (PokerTracker4.exe) was launched.

Our first step was to try and reproduce this behavior to have a better understanding of what was going on behind the scenes. Sure enough, after the installation process was complete and we launched the program, we also noticed the same web connection block (Figure 1).

Figure 1: Malwarebytes stopped the connection to a malicious domain when we launched the poker application. Traffic analysis reveals web skimmer

In order to find out more about the data this application may be requesting or sending to ajaxclick[.]com, we inspected the network traffic and in particular any communications with the 172.93.103[.]94 IP address. The interesting bit is this HTTP GET request that retrieves a JavaScript file (click.js) from the aforementioned domain name.

Figure 2: Network traffic capture reveals the full URL path for the malicious domain

If we take a closer look, we recognize the typical attributes of a credit card skimmer. (As a side note, another JavaScript snippet also hosted on ajaxclick[.]com was recently identified by a security researcher.) After decoding the entire script, we can see in greater detail the data exfiltration process:

Figure 3: Code snippet showing how the skimmer collects and exfiltrates the stolen data

The skimmer was customized for the pokertracker.com site, as not only do the variable names match its input form fields, but the data portion of the skimmer script has the site’s name hardcoded as well.

Figure 4: Checkout page and credit card number field targeted by the skimmer

Based on our observations, ajaxclick[.]com includes different skimmers that have each been customized for individual victim websites. To prevent security researchers from scrutinizing each skimmer, in some instances the threat actors have implemented server-side code that ensures a unique referer is passed with the HTTP request headers.

By enumerating the ajaxclick[.]com/ajax/libs/x.x.x/click.js URL path, we can check if a skimmer script exists at that particular location. If it does, the server will return the 200 HTTP status code. If it doesn’t, it will return a 404 instead. This process allowed us to discover several other skimmers, including another, more detailed one for the pokertracker.com site located at ajaxclick[.]com/ajax/libs/1.3.6/click.js.

Figure 5: More skimmer scripts hosted on the same malicious domain Drupal site hack behind incident

For a minute, we thought the poker application might have been Trojanized. However, when using the software, we noticed that the program also acts as a browser by displaying web pages within its user interface. In this case, content is retrieved from pt4.pokertracker.com:

Figure 6: Web traffic revealing the sub-domain that the poker application loads internally

This sub-domain, as well as the root domain (main website at pokertracker.com), are both running Drupal version 6.3x, which is outdated and vulnerable. They were both injected with the skimmer. This is the type of activity we are accustomed to with Magecart, although the fact that the site was running Drupal instead of Magento (the most targeted platform by web skimmers) was a bit of a surprise.

Figure 7: The main website poketracker.com was also hacked with the same skimmer.

Every time users were launching PokerTracker 4, it would load the compromised web page within the application, which would trigger a block notification from Malwarebytes as the skimming script attempted to load. However, it’s worth noting that users going directly to the poker website were also exposed to the skimmer.

We reported this incident to the owners of PokerTracker and they rapidly identified the issue and removed the offending Drupal module. They also told us that they tightened their Content Security Policy (CSP) to help mitigate future attacks via harmful external scripts.

What this incident tells us is that users might encounter web skimmers in unexpected locations—and not just in online shopping checkout pages. At the end of the day, anything that will load unvalidated JavaScript code is susceptible to being caught in the crosshairs. As a result, the Magecart robbers have a nice, wide playing field in front of them. Of course, they’ve got to get through defenders first.

Indicators of Compromise

Skimmer domain and IP address

ajaxclick[.]com
172.93.103[.]194

Known skimming scripts

ajaxclick[.]com/ajax/libs/1.0.2/click.js
ajaxclick[.]com/ajax/libs/1.1.2/click.js
ajaxclick[.]com/ajax/libs/1.1.3/click.js
ajaxclick[.]com/ajax/libs/1.2.1/click.js
ajaxclick[.]com/ajax/libs/1.3.2/click.js
ajaxclick[.]com/ajax/libs/1.3.4/click.js
ajaxclick[.]com/ajax/libs/1.3.6/click.js
ajaxclick[.]com/ajax/libs/1.3.9/click.js
ajaxclick[.]com/ajax/libs/1.4.0/click.js
ajaxclick[.]com/ajax/libs/1.4.1/click.js

Exfiltration gate

www-trust[.]com

The post Magecart criminals caught stealing with their poker face on appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to Reveal a Dungeon Map on an iPad as Characters Explore

DM David - Tue, 08/20/2019 - 11:15

Mapping rates as one of the chores in the original Dungeons & Dragons game that players learned to skip. In early D&D, one player assumed the role of mapper and transcribed a description of walls and distances onto graph paper. Map-keeping dominated play as much as combat. In the original example of play, the dungeon master spends half the game reciting dimensions. Although a few exceptional folks enjoy mapping, count me out.

Still, a map offers players a visual picture of a dungeon and the characters’ place. You are here. With a map, players can see explored and unexplored areas, and sites worth revisiting. In small dungeons, as characters move, I often draw or uncover a ready map. In a dungeon as big as Undermountain in Dungeon of the Mad Mage or the Tomb of Nine Gods in Tomb of Annihilation, mapping the sprawl during the game would tax players’ patience.

So for Undermountain, I devised a way to load the maps into my iPad and reveal the map as players explored. The trick worked. The tablet proved big enough to see on the table and revealing worked faster than drawing. If the game room had a television, I would have connected the screen and had a bigger visual. That requires a Lightning to Digital AV Adapter.

For my process, I used the $4.99 app Procreate, but every drawing app supports the features for this trick. For precise erasing, an Apple Pencil works best, but a fingertip will suffice.

How to reveal a dungeon map on an iPad as characters explore.

To load the dungeon map and conceal it, do these steps:

  1. Take a photo of the map or upload a map image to iCloud Photos.

  2. In Procreate, tap Photo, and then select the map’s image from the collection.

  3. Select a color for fill that will conceal the map by tapping the colored dot in the upper-right corner.

  4. Add a layer by tapping the Layers button, and then the + sign.
    Result: A new layer named “Layer 2” appears in the list.

  1. Tap Layer 2 and select Fill Layer from the list that appears.
    Result: Color fills Layer 2.

To erase the concealment, do these steps:

  1. Tap the eraser twice, and then select Airbrushing and Hard Airbrush.

  2. Move the Opacity slider on the left of the screen to maximum.

  3. Touch the map to erase concealment and reveal parts of the map.

The upper slider on the left adjusts the size of eraser.

If you erase too much, use the undo button on the left.

To annotate the map, create another layer, change the color and pen, and then write.

Related: Mapping—or not-fun things that Dungeons & Dragons players learned to skip

Categories: Tabletop Gaming Blogs

Geek Picks for August 21st, 2019!

Stash My Comics - Mon, 08/19/2019 - 23:37
From The OG Staff… With school starting back for millions of college students, the comic shops are going to be packed! This might be an important week to get in an early call to your favorite store and request a … Continue reading →
Categories: Comic Book Blogs

RAGNA ROK ! B.P.R.D. : THE DEVIL YOU KNOW, VOLUME 3 review

Stash My Comics - Mon, 08/19/2019 - 18:14
Review by A.J. Jones Mike Mignola and Scott Allie – writers Laurence Campbell – artist Dave Stewart – colorist This is the conclusion to the B.P.R.D. series’ master story arc, 15 years in the making – and another conclusion of … Continue reading →
Categories: Comic Book Blogs

New Comics for August 21st, 2019 #NCBD

Stash My Comics - Mon, 08/19/2019 - 18:06
Another Wednesday is right around the corner and that means another new comic book day is nearly here. We’ve got the entire list of new comics for August 21st, 2019 #NCBD via PreviewsWorld. Discuss these new releases and more over … Continue reading →
Categories: Comic Book Blogs

A week in security (August 12 – 18)

Malwarebytes - Mon, 08/19/2019 - 17:55

Last week on Malwarebytes Labs, we took a look at the potential pitfalls of facial recognition technology, looked at ways domestic abuse survivors can secure their data, and explored the education threat landscape. We also kicked off a series looking at the Hidden Bee infection chain, and put QxSearch installs under the spotlight.

Other cybersecurity news

Stay safe, everyone!

The post A week in security (August 12 – 18) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Uncommon Goods Yarnie Giveaway

Moogly - Mon, 08/19/2019 - 15:00

Coming up with great gift ideas for knitters and crocheters can be a challenge sometimes – but Uncommon Goods has some great ideas for yarn lovers! And they want to let everyone know – with a $100 gift certificate giveaway on Moogly! Disclaimer: This post was sponsored by Uncommon Goods, but all opinions are my...

Read More

The post Uncommon Goods Yarnie Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

How much personalization is too much?

Malwarebytes - Mon, 08/19/2019 - 15:00

This story originally ran in The Parallax on January 25, 2019, and was written by Dan Tynan.

In 2012, when Target used data analytics to identify customers who were expecting a baby, then mailed them coupons for maternity clothing and nursery furniture, it inadvertently revealed a teenage girl’s pregnancy to her parents.

Back then, the revelation caused an uproar. Today, that kind of artificial intelligence-assisted profiling is rapidly becoming routine. Personalization is the new mantra of marketers. And most people are perfectly OK with that.

According to a 2018 survey by Accenture Interactive, 91 percent of consumers said they’d prefer to shop with brands that know their preferences and offer personal recommendations. Three-fourths of them said they wanted brands to deliver a curated experience. And only 27 percent complained about companies being too invasive.

Personalization can be a boon. It’s helpful when Amazon.com remembers past purchases so you can easily reorder them. It’s a plus when Netflix recommends shows you want to binge on. And you may appreciate receiving a personally curated box of clothing from StitchFix.

But how much personalization is too much? And how do you control what happens to this highly personal information? The answers aren’t always clear.

How marketers get to you

For decades, marketers have relied on generic personas to customize their advertising: He’s a stay-at-home dad who watches basketball and drives a minivan; she’s a mother who shops at Whole Foods and goes running on weekends.

Now, thanks to the data explosion generated by Internet-connected devices, and the ability to rapidly analyze this tsunami of information using AI, marketers are on the cusp of crafting offers specific to individual consumers, at scale.

“One-to-one marketing is really the holy grail,” says Patrick Tripp, vice president of product strategy for RedPoint Global, which offers a customer data platform to help brands personalize their marketing campaigns. “Not simply knowing your name, background, or interests, but also recommending the right path of personalized experiences, delivered at the right moment.”

By analyzing data from smart appliances, fitness trackers, and grocery purchases, for example, a marketer could figure out that you’re trying to avoid gluten. In response, it might recommend a wheat-free pasta recipe or a fat-burning exercise regimen, Tripp says.

The challenge is doing it in a way that’s helpful but not creepy.

“Marketers need to be explicit about how they ask consumers for permission and capture data, but implicit about how they’re actually delivering these experiences,” he says. “There are subtle ways to recommend products that are in line with the clues you’ve been giving but aren’t invasive.”

Where’s the data coming from?

But this level of personalization requires lots of data—much of it collected, aggregated, and shared without most users ever being aware of it. In addition to information they collect in the course of doing business with you, many brands also augment your profiles with data acquired from third-party brokers and web-tracking companies.

December 2017 study by web browser privacy add-on maker Ghostery found that three out of four web pages contain some kind of tracking technology, and one in six sites use them to collect and share personal information. (Trackers for the biggest collectors of personal info, Google and Facebook, were respectively found on 60 percent and 27 percent of all sites surveyed.) Some trackers can uniquely identify individuals, such as when a URL request contains the user’s email address, says Jeremy Tillman, Ghostery’s director of product.

The information can get very personal. For example, he says, if you search a site like MayoClinic.org for information about HIV, or schedule an appointment with a clinician, that information could be shared among other companies that use the same tracking technology.

A recent report by Privacy International revealed that 20 popular Android apps—including those by Kayak, Spotify, TripAdvisor, and Yelp—are automatically transmitting data to Facebook, even if their users don’t have a Facebook account.

“If combined, data from different apps can paint a fine-grained and intimate picture of people’s activities, interests, behaviors, and routines, some of which can reveal special-category data, including information about people’s health or religion,” the report notes.

What could go wrong?

Any large collection of data is vulnerable to breaches and serves as a rich target for malicious actors, notes Paul Bischoff, a privacy advocate for Comparitech. The more personal the information, the more valuable it is. Companies may also share this data indiscriminately—as Facebook did when it allowed Cambridge Analytica to access personal data related to 87 million of its members, he adds.

“The same information used to personalize apps and websites can also be used to target you with political ads, and in more extreme cases can be used for harassment or discrimination,” Bischoff says.

And if a company goes out of business or is acquired, that highly personal data is almost always an asset that can be sold or transferred.

Personalization can also come back to bite you in the wallet. Life insurance giant John Hancock will soon require your Fitbit data, for example, to determine how much it charges you for coverage. Orbitz and Hotel Tonight already show different prices for flights and hotels, respectively, depending on the kind of device you use or the location of your phone. One-to-one personalized pricing is the next logical step, writes Neil Howe, a demographer and author credited with coining the term “millennials.”

What can you do?

If you’d rather not get personalization-themed offers from brands—or at least have more control over the data used to generate them—your options are pretty limited.

The Ghostery browser extension allows you to manage and block tracking technologies on each website. Android users can reset the unique advertising ID number on their phones, which essentially erases your previous tracking history and starts over. Google and Facebook let you opt out of seeing personalized ads, though they’ll continue to track you.

And while even Silicon Valley giants Amazon, Apple, and Google support some kind of overarching federal privacy regulation, it’s unlikely to go as far as GDPR’s “right to be forgotten,” which gives consumers control over the data companies generate about them.

“I definitely think we’ll see regulation in the US and other places beyond the European Union,” says Mike Herrick, senior vice president of Urban Airship, which helps brands engage with their customers using first-party data. “The key thing about GDPR is that it takes a privacy-by-design approach. Every company should be getting in front of that, being thoughtful about the data they use, and avoid doing anything sketchy.”

For now, though, the price of privacy remains eternal vigilance, Bischoff says.

“Any time you get a new device, sign up for a new account, or install a new app, take a moment to adjust your privacy settings,” he advises. “Often, it’s possible to opt out of a lot of data collection schemes, but most people never bother to do it.”

The post How much personalization is too much? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The Corrupted Jungle

Ten Foot Pole - Mon, 08/19/2019 - 11:15
By Peter Rudin-Byrgess Self-published Zweihander / ROlemaster

The action starts with the wrecking of the Wight’s Shadow. With the characters washed up on the beach they have many adventures before them and will face many horrors in a strange land of jungle, witchcraft and mutated monsters. … The adventure should cumulate in a confrontation with a Defiler who has returned to her homeland to exact her revenge and destroy her own people who drove her away centuries before.

This fifteen page adventure gives a general overview of three or four locations on an island you’re shipwrecked on. “Abstracted outline with weirdly specific mechanic details” would be how I’d describe it. 

Let’s say I write an adventure. Your ship runs aground on an island, and the crew turn to zombies to attack you. There’s four locations on the island. One is a ruined city full of religious cultists who are friendly but really want you to, voluntarily, sacrifice yourself in the volcano. There’s another set of ruins with some carnivorous apes in it. There’s a third set with an evil necromancer, who is going to wipe out the cultist village. 

That’s it. That’s the adventure content. That’s what you’re getting here, except in 15 pages. There is barely anything more specific than what I write above. Is that an adventure? It’s more of a setup, and certainly could be used like a sandbox, I suppose. But it’s just an outline. Or, even less than outline. 

The rest of the pages are taken up with wall of text descriptions of what happens in each area. The necromancers history takes nearly a column. There’s a bunch of trivia for the carnivorous apes. There’s a detailed description of how the cult leads (willing) sacrifices up to the volcano to sacrifice them … and the skill checks needed to escape. It’s all one great big giant block of text. There MIGHT be paragraph breaks, but everything is left justified so you can’t tell where a paragraph starts, just where the last one ends, I guess? It’s just a continual list of what is, essentially, if/then statements. If the party defeats x then Y. if the apes spot the characters then Z. If you defeat D then J. All back to back in that weird left-justified format.

There no main map, just a text description. You see some paths going in to the jungle, some pyramids and ziggurats over the trees. From this the DM is left to figure out which one is the “Jungle Settlement”, the “Pyramid Settlement” and the “Ziggurat”.  I find this lack of even the most basic cross-referencing maddenning. If you say that there are jungle paths and then the next section is Jungle Settlement, how am I to figure out that A leads to B? Call it Jungle Paths or something else obvious. Or, better fucking yet, use a fucking kay & fucking map! That’s what they exist the fuck to do! 


I can’t fucking stand it when I have to fight the text. When people leave shit out like a map and key. When they seem to be purposefully obtuse. The fucking left-justified wall of text shit. There is no way in hell this was ever given to anyone to look at before publication. … I find it impossible to believe that even the most kind of reviewers would overlook this shit.


This is, inexplicably, $3 on DriveThru. The preview is six pages. The shipwreck is on page four while the cult settlement is on page six. Both to a fine job of exemplifying the “content” you’ll be getting. 


https://www.drivethrurpg.com/product/270035/The-Corrupted-Jungle–Adventure-Compilation-for-ZweihanderRPG?1892600

Categories: Tabletop Gaming Blogs

I Believe the Resurrection!

Just Call Me Pastor - Mon, 08/19/2019 - 11:00

Fra Angelico’s ‘Noli Me Tangere’ (c.1438–50), public domain.

To reflect on the resurrection of Jesus I like to read the account in the Gospel of John as he reports the first visits disciples made to the tomb where Jesus‘ body had been laid. This is reported in chapter 20.

First, I ponder what Mary Magdalene was doing there alone on that Sunday before sun-up in the deserted burial district outside Jerusalem. Why wasn’t she in solitude as other disciples were, almost in hiding, after the brutal death and hasty burial of the Lord?

She was probably drawn to his tomb by her great love for him, since he had given her life back to her by delivering her from demon possession. She was there seeking nearness, and to weep and grieve over her loss.

She did not expect to find the entrance to the tomb a gaping hole in the face of the rock. Its closure by the soldiers the day before should have been permanent. Historians tell us it would have taken great strength to roll back the stone in the groove at the mouth of the tomb.

A glimpse into the open tomb was all she needed in order for her to conclude that there could be only one explanation.

She ran to Peter and the other disciple (John, the one recording the account) to report. Panting from exertion, she said: “They have taken the Lord out of the tomb and we don’t know where they have put him!”

According to John, the two men ran to the site to verify her report. John outran Peter, and it is likely that Mary returned, though at a slower pace.

John arrived at the tomb first, but once there was less venturesome. Without entering he stooped down to peer into the gloomy interior. Impetuous Peter caught up to him and was the one who first entered.

There was no body. Mary’s assumption seemed correct. Unexpectedly, John saw the linen strips in which the body had been hurriedly wrapped for burial. They were lying on the stone shelf where the body had been placed in repose.

And, more remarkably, it was as though the body had sublimated out of the wraps, which collapsed in place, with the wrap from his head perfectly spaced and separated from the strips that had enclosed the body.

The writer tells us that John saw and believed. But what did he believe? Only that the body had been moved? Possibly so at first, since the Scriptures had not yet been opened to them clarifying the promise of Jesus’ resurrection. So the two men started back to their lodgings in the city.

After they had left Mary arrived back at the tomb. She stood weeping. Bending down to look inside this time, she saw two angels dressed in white sitting where Jesus had lain and they ask her why she is weeping.

Through her tears she answers that someone had robbed the tomb of the body of the Lord and she didn’t know where it had been placed. It was as though to say: I have unspent grief and am angry at such an indignity.

At that moment she turned around and saw a man standing there, but with vision blurred by her tears and grief, she does not know it is Jesus. He asks her the same question the two dressed in white had asked: Why are you weeping?

She assumes it is the gardener and, perhaps again indignantly, asks the location of Jesus’ body so she can see that it is properly cared for.

Jesus speaks her name, … Mary … In an instant she recognizes him and utters in a burst of joy: Rabboni! Teacher! She is obviously the first of his followers to witness the Lord as resurrected.

I review this particular account to refresh my faith and give life to Jesus’ promise elsewhere made: Because I live, you too shall live (John 14:19).

Categories: Churchie Feeds

Weird Revisted: The Weird Frontier

Sorcerer's Skull - Mon, 08/19/2019 - 11:00
The original version of this post first appeared in 2010. I've revisited it from slightly different angles a couple of times since.
 

This cover deserves to be the basis of an rpg setting.

Well, maybe not just this cover all on its own, but the crazy idea it and the series (Tomahawk) it's a part of suggests (at least to me)--namely, combining the James Fenimore Cooper-style frontier tale with fantasy. Transplanting the whole civilization-against-the-wilderness thing to a colonial pseudo-America.

It’s almost completely unmined territory. It’s only been sort of attempted once, as far as I know--Orson Scott Card’s Alvin Maker series does early nineteenth century fantasy in an alternate North America. Sure, one could point to novels (and even an rpg or two) with a kind of “Illuminati/Masonic magic behind the revolution” or a “Ben Franklin cavorts with the Hellfire Club” sort of deal, but all of that pseudo-historical “hidden magic” speculation fails to deliver a moment of rpg inspiration Zen like:


Wilderness adventures wouldn’t be the only way to go. Surely things like Mystery Hill, and the rampant speculation such sites inspired (even at the time) ought to suggest plenty of ancient American civilization to provide honest to goodness dungeons. There might not be demi-humans (though there could be), but all the other standard D&D ingredients are easy to find.

1323

Looking For Group - Mon, 08/19/2019 - 04:00

The post 1323 appeared first on Looking For Group.

Categories: Web Comics

Warren Ellis and Jason Howard’s TREES Returns in September; PREVIEW

Stash My Comics - Sun, 08/18/2019 - 19:19
Preview by Gaumer TREES RETURNS WITH THREE FATES STORY ARC & TEASES INTERIOR PAGES AHEAD OF SEPTEMBER RELEASE “A uniquely exciting read.” —IGN “A mystery that’s creepy and wondrous, the best of science fiction.” —Graphic Policy “Pick it up and … Continue reading →
Categories: Comic Book Blogs

Star Wars Adventures Annual 2019: A Family Comic Friday Extra!

Stash My Comics - Sun, 08/18/2019 - 19:12
Review by Tony Dillard Some weeks there’s just so much great stuff coming out that you can’t put in into just one review. That’s why we have Family Comic Friday Extra! This week, meet a forgotten character from a galaxy … Continue reading →
Categories: Comic Book Blogs

Family Comic Friday- Art Baltazar’s Fraggle Rock!

Stash My Comics - Sun, 08/18/2019 - 19:03
Review by Tony Dillard For this week’s Family Comic Friday, we trek into an underground wonderland. Join Boober, Mokey, and friends in the all-new young readers graphic novel: Jim Henson’s Fraggle Rock: Where Is It?  Jim Henson’s Fraggle Rock: Where … Continue reading →
Categories: Comic Book Blogs

Omni #1 (Review) The Speed of Thought

Stash My Comics - Sun, 08/18/2019 - 18:57
Review by William Pace Omni #1 Script: Devin Grayson Art: Alitha E. Martinez Colors: Bryan Valenza Letters: A Larger World Studio Cover A: Mike McKone and Leonardo Paciarotti Cover B: Afua Richardson Published by Humanoids Welcome to the H1 brand. … Continue reading →
Categories: Comic Book Blogs

Hawkman #15 Review – Top Book

Stash My Comics - Sun, 08/18/2019 - 18:49
Review by Antonio Pedro Hawkman #15 Review Written by: Robert Venditti Art by: Pat Olliffe Inks by: Tom Palmer Colors by: Jeremiah Skipper Published by: DC Comics After a surprisingly difficult encounter with the Shadow Thief, Hawkman goes to Opal … Continue reading →
Categories: Comic Book Blogs

Garage Sale

Sorcerer's Skull - Sun, 08/18/2019 - 14:00

My local gaming store (Firefly Toys & Games) had a "Gamer Garage Sale" where they sold old games that folks had brought in. Not a lot of rpg stuff, but some. In picked up the box set, Gary Gygax's Hall of Many Panes for five bucks, the Exalted boardgame War for the Throne, and most randomly this miniature, paper Old West town, and assorted Western miniatures. They're all different scales (H/0, 00, 1:72), but hey, that's an impulse buy for you.

Read for that next Boot Hill game, I guess.


Not-So-Scrappy Scrap Blankets

Knitting | Work in Progress - Sun, 08/18/2019 - 13:00
As much as I love the look of a nicely executed scrap blanket, you might have noticed random is not a thing I do well. 

Unfortunately like most knitters, I have an abundance of scraps, leftovers and partials tucked in the stash. The challenge for me, therefore, has been to create a variety of ways to put these leftovers to good use. These afghan designs have helped me do just that, and they might help you do the same.


Angletyn



Worked on the bias, Angletyn's large-scale chevron design is highly adaptable. If you have lots of leftovers of similar weight, simply arrange the colors in a sequence you find visually pleasing, then knit each strip in a series of two-row stripes. If you have varied scrap amounts, try knitting stripes of different depths based on how much you have of each color. 

Color Check



Designed as a multi-color project, Color Check features a simple slip stitch that's ideally suited to burning through scraps and leftovers. Pick a unifying color for the check outlines and use scraps and leftovers for the fill colors. Since this reversible design consists of two panels seamed together, you can change colors as often as you choose without worrying about lots of ends to weave — simply bury them inside.


Drumlin



Worked with another easy slip stitch, Drumlin is a versatile, quick knit and is fully reversible. The stitch creates a fluted texture on both sides, and its attractive worked in a single solid color or in alternating two-row stripes. For each strip, try pairing two solid colors (like the example above) or match a solid with a complementary confetti, speckled or variegated yarn.


Herlacyn (pattern coming soon!)



From the beginning, Herlacyn was designed to help use up some of the many partial skeins lingering in the stash. In the example shown, colors were arranged in a diagonal pattern to create an ombre or gradient effect, but there are countless ways to adapt this pattern to accommodate yarn on hand. Try working the triangles in a single contrasting solid, rich or bright rainbow colors, or various shades from the same color family.


Lucben



Worked in strips rather than individual blocks, Lucben offers a fresh take on the timeless look of a classic 9-patch blanket. You can do what I did and mix various shades from the same color family to create a custom gradient, or choose a light and dark color, then alternate them for a checkerboard effect. Try a tonal approach using closely related hues for the blocks and borders, or try a simple two-color strategy, using one for the blocks and the other for the borders. 


Tikkyn


With its charming pindot stitch, Tikkyn offers a host of scrap-busting possibilities. Keep the emphasis on the cozy texture by working each strip in a different color. Tone down a busy variegated, speckled or confetti yarn by pairing it with a related solid shade. To accommodate different amounts of yarn, try working long stretches in one color combination and shorter sections in another, similar to Tikkyn Flagstone.


Twegen



Worked in yet another reversible slip stitch, Twegen is an attractive, easy way to put leftovers and partials to good use. For an interesting effect, choose a unifying main color and work each strip with that and a mix of colorful scraps and leftovers, both solid and variegated. For lighter weight yarns, try multistranding to create a fun marled fabric. For an ombre effect, sort yarns by color family and work each strip with the darkest shades at the bottom, medium ones in the middle, and lightest ones at the top.


Valere



With its compact geometric shapes, Valere readily lends itself to scrap-busting. Try a strategy similar to the one shown above, using a single color for the background and vivid contrasting colors for the banners or flags. If you have a lot of similar leftovers in a single color family, work all the banners in these varied shades. To use up small bits of yarn, work the banners in alternating two-row stripes. 


Keep in mind most of these ideas will work with a wide range of patterns. While you think about what type of scrap-busting project you prefer, take time to organize and inventory your scraps, leftovers and partials. That alone may be enough to prompt ideas and inspiration.

Some knitters, of course, are hyper-organized with yarny leftovers, but I'm not one of them. If I have lots of a specific type (I'm looking at you Cotton Fleece), I store all of them in the same small bin. With more limited leftovers, I tend to tuck them in with other yarns of the same or similar weight and fiber makeup, while super-small quantities often live out their last days snuggled with other small bits in a plastic container or ziploc bag.

Whatever you choose to do, I hope you found some of these tips useful. Each pattern highlighted here includes directions for three sizes (baby, lapghan, throw), along with detailed yardage breakouts, and easy modifications to help you transform all the yarn into something pretty and practical. Happy not-so-scrappy knitting! 


Categories: Knitting Feeds

(5e) Darkest Dream

Ten Foot Pole - Sat, 08/17/2019 - 11:08
Alphinius Goo Gooey Cube LLC 5e Level 1

The Darkest Dream begins the epic tale of a group of Hanataz youth who are charged with working security for the last Carnivalle of the season. The Hanataz are the Traveling Folk of the world of Zyathé and are an ostracized people due to the many Blood-Touched membevrs of their troupes. But while the Traveling Folk are not welcome in most towns and villages, the shows they put on are enjoyed by many. However, this is no ordinary Carnivalle. Horrid and vile schemes are afoot. An ancient foe plots deadly revenge. A group of organized criminals looks to frame the Hanataz for murder. And, nearby, creatures from the Dark Below plan an attack on the camp. Beyond this, it is Darktide’s Eve, which is a time of fearful and evil portents. Can you and your friends overcome the many dangers set against you, protect the troupe, and solve the mystery of the Darkest Dream? If you don’t. Many will die. Including those you love.

It’s not a railroad, but it’s mostly unusable, or, maybe odious to use. 

At GenCon I stopped by a booth doing 5e Adventures, Gooey, and they were giving out free download coupons for a large boxed set adventure. It turns out that it is free to download for everyone. What caught my attention was the guy pitched it as a play aid to DM’s and usable, making design choices like a lay flat spiral adventure book and so on. And thus, this review.

It comes with a seven page info dump booklet for the players on the background of the setting, their carnival-folk home & setting. A twelve page philosophy/house rules booklet. A 74 page reference book with monster stats, optional encounters and so on. Seventy pages of handouts. An 82 page “items” booklet (representing about 41 cards to hand out), 51 pages of pregens, 22 pages of reward cards (about 11 2-sided cards), a 4-page NPC reference sheet (Yeah!) and the 64 page adventure book. 

You’re part of a travelling carnival group. The junior members of a rather large (by usual RPG conventions) troupe. The adventure is built around the last day of the carnival near a town before the troupe moves on to another site. The parties job is to roam the grounds watching out for trouble. There is essentially one encounter, the last one, where some kids get abducted. The rest of the adventure is wandering around the carnivals fifteen locations, each with a little encounter, and some additional optional encounters thrown in from the DM reference book. Almost like wanderers, but not quite. Thus it’s not REALLY a railroad, but not quite an adventure either. More of an “experience.” This is, I guess, a compliment. At the very least, the adventure structure is not confusing and not a railroad which makes it better than the vast majority of adventures floating around for 5e. 

“Experience” is not my thing. I’m also capable of understanding that other people like other things. I’m going to address the “experience” aspect of the adventure a bit and then move on to more universal themes, like usability, and why this adventure is bad even for those looking for an Experience.

The adventure goes to great lengths to remind you it is epic. And a story. To experience. It is CONSTANT in reminding you of that, as if in justifying itself. I would suggest that this is the wrong approach. The adventure is unlikely to convince the non-story crowd and the story crowd don’t need convinced. It wants to provide you an immersive experience, it says so several times. But what is an experience? If the DM says you’re the Chosen One and you can’t die in the campaign and the DM tells a story, ala Giovanni Chronicles, then did you have an experience? Experiences come through play, it comes through the emergent opportunities that arise during play. There must be SOME pretext and/or structure to frame things but the experience comes through the parties actions during play. It does NOT come from the story the DM is telling. That is weaksauce. And yet, that is the way the vast majority of players have learned to play D&D. The sins of the 90’s continue to haunt us. 

Experiences usually come with plot armor and its present here. The pre-gens are tough. There’s advice on not killing the party (in 5e, imagine …) and instructions to run things tough … but also on how to not kill the party. The contradictions are ripe and they all stem from The Story. 

And yet … this thing doesn’t fuck around in that area. It goes on and on and on about plot, experience, not killing, being tough, and so on. But then the adventure is actually nothing like that. The adventure does that over and over and over again. I read the adventure last, concentrating on the supplemental materials first and, based on the text in those, I was prepared to rip this thing to shreds. Not killing. Plot. Story. Experience. But that’s not actually what the adventure is. It’s fucking around for awhile to root the party in the campaign and then an encounter. There’s nothing necessarily wrong with that. The booklet tells you that you cant just peruse a Gooey Cube adventure and be ready to run a game. But that’s not true either. This isn’t complex at all. I might suggest that there is one thing missing/keeping you from doing just that: what the locals know. If there were, like, six bullet points on the Old Well and the Sinkhole Ruins, concentrating on what the locals/carnival folk know, then this would be runnable almost out of the box. NPC’s have summaries. The encounters are cross-referenced. It’s fifteen locations, some NPC’s, and some random social-ish encounters. You could probably figure out what the locals know and make notes from the extensive backstory present. But I don’t make notes, that’s the designers job. When the party finds the old well or the sinkhole then they are likely to grab someone and ask questions … consulting twelve pages of backstory scattered around the various books is not going to be a simple task. 

This adventure does a dozen different things wrong. The NPC portraits have full paragraphs on the back instead of being scannable.  Skill rolls are perfunctory or poorly handled … but then again almost every adventure does that and I’m not ready to fight THAT battle yet. A door regens 20hp/round to keep the party from bashing it down cause it’s not story time yet! The lay-flat book does not make up for these. (And, as an aside, just like Ravenloft, this uses gypsies reskinned. I don’t understand why people do that. The adventure does give a one sentence inspired/bigotry note on the credits page, but, still, better I think not to go near the subject at all.) 

But none of this is the major problem with the adventure. The major problem is the complete lack of understanding on how to format an encounter. Ok, ok, combats are cross-referenced to the DM reference booklet so full stats, etc, are not in the main adventure text. That’s a plus. But the rest of the encounters are terrible. Not in their interactive element but in their formatting/presentation.

The read-aloud is long and usually has multiple paragraphs. It can frequently end with “What do you do?” The DM text is is conversational rather than presented in a reference format, making finding things difficult. Section breaks are largely not present in any meaningful way. Read aloud frequently tells you what you think and do. Clearly this is an attempt to provide a richer experience but this technique, in particular, just communicates a railroad novelization. 

Looking at the very first area in the carnival: “Area A – Main Food & Drinks Wagons”, a nice bold section heading. A read-aloud then follows. It says there’s a Wagon of Smile and a Wagon of Tastes and 4-5 people in line and some enticing spicy aroma from Sunnessy’s. The DM text then tells us that the PC’s know they can get something to eat from Sunnessy’s wagon and something to drink by going to the Wagon of Smiles. It then tells us that if the party goes to the back of Leena’s wagon then (mor read-aloud and DM text for her wagon.) 

The issue, here, is the lack of consistency. The adventure is mixing wagon names (taste/smiles) with names (Leena/Sunnessy.) And this is on top of read-aloud which is FAR too long. And the “if you go to Leena wagon” has no section break at all, or subtitle, it just launches in to more read-aloud for her wagon. This the effect is a long multi-page string of text, lengthy sections bolded for read-aloud, and no real ability to quickly locate which sections of text are relevant to the situation the party is in … forcing the DM to waste time and hunt the information down. This is not usability; it’s the opposite.

The adventure is trying desperately to create an immersive experience with ethe read-aloud but it instead comes off forced. Here’s but two sentences in an overly long section: “But of greater interest to you is that she also pours the sweet libations that she and Stoof so expertly dis- till. You can see Leena – her face just above the counter on the wagon-side – grumbling as she pays out to a local for winning an arm-wrestling match.” Clearly more appropriate to a bad fantasy novel than an adventure. The read-aloud is trying present vignettes, little scenes, full of color and life … which run them in three or four paragraph length. This is not the way to accomplish this. At one point, in front of a (seven?) page read-aloud then DM advice is “If yours is the type of group that doesn’t like ‘story time’ …”  No one likes story time. Yes, thats the background data to be handed out beforehand, but, no one likes a three paragraph read-aloud. This is not the way you accomplish the immersive experience.

Trim the read-aloud. A lot. Format the DM sections so information is easier to find. Trim WAY back on the useless DM advice like “you can vary the length of the people standing in line if the party comes back later …” Put in a summary of what the locals know about the area, somewhere. 

Finally, the adventure feels like a series of encounters. Given the locations and the “wandering” encounters, it feels more like little self-contained items. Instead, integrating some of the encounters together in a suggested format would have been a good idea. Hints and foreshadowing. The guy with the eye-patch? Imagine a chart that has little hints and stuff as an aid to the DM, so the party catches sight of things before the main event happens. A sort of timeline of the optional events, or, rather, hints and foreshadows of the optional events, with the location events worked in, to give a more organic feel to the entire adventure.

A timeline isn’t a railroad. It throws out hooks, right and left, giving the party options. It creates a depth to the carnival that individual encounters can never have, no matter how much read-aloud there is. THAT’S what is going to create an immersive experience.  

 I applaud the goal of usability and immersion. Usability is more than a four-page reference sheet with 50 NPC’s on it. Immersion is not read-aloud. Trivial DM asides are not useful information. 

The Darkest Dream – Chapter One of the Red Star Rising Campaign
Categories: Tabletop Gaming Blogs

Pages

Subscribe to Furiously Eclectic People aggregator