Feed aggregator

Warm Wet Ragged Tendrils - C.L. Moore's Shambleau & Michael Moorcock's Stormbringer mythologies

Swords & Stitchery - Mon, 04/26/2021 - 01:59
 "Somewhere beyond the Egyptians, in that dimness out of which come echoes of half-mythical name - Atlantis, Mu - somewhere back of history's first beginnings there must have been an age when mankind, like us today, built cities of steel to house its star-roving ships and knew the names of the planets in their native tongues..." "Man has conquered space before, .... and faint echoes still run Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Doctor Who Alumni Head to the Oscars!

Blogtor Who - Sun, 04/25/2021 - 13:18

The Oscars are on tonight, and actors from Doctor Who are up for big awards Today’s the highlight of the awards season calendar as the Academy of Motion Picture Arts and Sciences are handing out their coveted Oscars. And the world of Doctor Who is well represented with an unprecedented number of former guest stars […]

The post Doctor Who Alumni Head to the Oscars! appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Test 2

Blogtor Who - Sun, 04/25/2021 - 10:18

We had a problem with an update on our site yesterday.  Just trying to reconfiguration a few things.  

The post Test 2 appeared first on Blogtor Who.

Categories: Doctor Who Feeds

The Murder Carnivals - a Post Apocalpytic Encounter For Cepheus Atom & Sword of Cepheus

Swords & Stitchery - Sun, 04/25/2021 - 06:54
 In the shadow years of Nineteen Eighty One when the limited nuclear war broke the back of reality weird radiations flooded into the world. And strange mutations began to roam the countryside. Some of these mutations found niches in road side attractions & touring carnivals. Travelling from city to city these elaborate rides, attractions, & touring carnivals hide their mutations in plan sight Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Doctor Who’s Pearl Mackie Turns Detective for ITV’s The Long Call

Blogtor Who - Sat, 04/24/2021 - 16:33

Former Doctor Who companion Pearl Mackie has joined ITV’s adaptation of crime novel The Long Call as DC Jen Rafferty   Filming has begun on the latest ITV drama series based on the novels of Ann Cleeves. The creator of the Vera Stanthorpe novels (on television as Vera) and the Shetland Island series (filmed as […]

The post Doctor Who’s Pearl Mackie Turns Detective for ITV’s The Long Call appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Test Post

Blogtor Who - Sat, 04/24/2021 - 16:09

The post Test Post appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Robert E. Howard, Michael Moorcock, & Karl Edgar Wagner - Age of Conan & Nightshift Veterans of the Supernatural Wars By Jason Vey

Swords & Stitchery - Sat, 04/24/2021 - 15:38
  Yesterday was one of those days where you find yourself stuck in a waiting room of a garage. This happened to be in my home town which meant 2 hours or so of garage back & forth for car parts. So grabbing the first printed out pdf from the stack. And in this case it was a print out of two classic OD&D resources Grey Elf' (Jason Vey)'s Age of Conan II: Secrets of Acheron,a sourcebook for Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

REVIEW: Torchwood: Gooseberry – Intriguing and Dark

Blogtor Who - Sat, 04/24/2021 - 07:00

PC Andy has gotten himself a girlfriend. Just one issue… she’s dead. She’s not the only dead person walking around Cardiff though. She and Owen have a lot to talk about. Torchwood: Gooseberry is a character-driven story that pushes Owen, and his friendship with Andy, right to the edge. This is the latest in what […]

The post REVIEW: Torchwood: Gooseberry – Intriguing and Dark appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Brackett & Moorcock - Leigh Brackett, Astonishing Swordmen & Sorcerers of Hyperborea, & Michael Moorcock's 'Kane of Old Mars'

Swords & Stitchery - Fri, 04/23/2021 - 17:38
 Today we're going to dive into a very different Mars then readers might be familar with. A Mars that sits in the sights of three very distinctive authors of Sword & Plantary fiction Its been a very busy couple of weeks & its only getting busier. So during this St.George's day it seems like the perfect opportunity to return to the shores of Mars. DM Ricky & DM Steve have been riding my behind nowNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Ring Rose Bag Tutorial

Moogly - Fri, 04/23/2021 - 14:43

The Ring Rose Bag Tutorial will demo how to crochet this lovely textured stitch pattern, and how to assemble the bag – in both right and left-handed videos! Follow along with the free pattern here on Moogly! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations. Ring Rose Bag Tutorial: How to Crochet the...

Read More

The post Ring Rose Bag Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

SUPERNOVA malware discovered on SolarWinds Orion server

Malwarebytes - Fri, 04/23/2021 - 14:00

The Cybersecurity and Infrastructure Security Agency (CISA) has reported finding the SUPERNOVA web shell collecting credentials on a SolarWinds Orion server. These observations were made during an incident response to an Advanced Persistent Threat (APT) actor’s year-long compromise of an enterprise network. In its analysis, the organization warns that this threat actor behind the compromise “targeted multiple entities in the same period”.

NOT part of the SolarWinds attack

The SUPERNOVA web shell is placed by an attacker directly on a system that hosts SolarWinds Orion and is designed to appear as part of the SolarWinds Orion monitoring product. So, SUPERNOVA is placed by a lateral movement inside a network and not considered as a part of the SolarWinds supply chain attack. The threat actors are believed to be different from the ones behind the infamous supply chain attack.

Pulse Secure VPN

CISA found that the attacker(s) had access to the enterprise’s network for nearly a year, between March 2020 and February 2021. According to its investigation, the threat actor connected to the entity’s network via a Pulse Secure Virtual Private Network (VPN) appliance. CISA reports that it “does not know how the threat actor initially obtained these credentials” but, by coincidence, just two days ago we detailed multiple Pulse Secure vulnerabilities that are being actively exploited in the wild, and which could leverage such an attack.

The attacker(s) authenticated to the VPN appliance through several user accounts that did not have multi-factor authentication (MFA) enabled and were able to masquerade as legitimate teleworking employees.

From there they moved laterally to its SolarWinds Orion server to establish a backdoor that would allow them to persist, so they could connect even if their initial point of entry was closed.

Web shells

Web shells are usually small scripts that act as a backdoor or a first point of entry for an attacker. A minimal web shell can be as simple as this:

<?=`$_GET[1]`?>

A shell like this will site on a compromised server and simply execute whatever command an attacker sends it via a web URL. The SUPERNOVA web shell is more sophisticated, and written in .NET rather than PHP, but it is essentially no different.

It is initially installed by a PowerShell script and hides in a malicious version of the SolarWinds Orion Web Application module. It enables remote injection of C# source code into a web portal provided by the SolarWinds software suite. The injected code is compiled and directly executed in memory.

Harvesting credentials

The goal of the operation looks to have been to gather even more credentials. CISA reports that the threat actor was able to dump credentials from the SolarWinds appliance via two methods:

  • Cached credentials used by the SolarWinds appliance server and network monitoring.
  • By dumping Local Security Authority Subsystem Service (LSASS) memory.

The cached credentials are normally protected by encryption unless they are marked as exportable. So, either the threat actor was able to change or bypass that property, or the victim mistakenly marked the private key certificate as exportable.

The attacker put a renamed copy of procdump.exe on the SolarWinds Orion server to dump the LSASS memory. The credentials were then dumped into a text file and exfiltrated by an HTTP request.

CVE-2020-10148

Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). CISA believes that a vulnerability listed as CVE-2020-10148 was used to bypass the authentication to the SolarWinds appliance.

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Bypassing the authentication would have enabled them to run commands with the same privileges the SolarWinds appliance was running, which was SYSTEM in this case.

Recommendations

Based on findings done during the ongoing investigation CISA recommends all organizations implement the following practices to strengthen the security posture of their organization’s systems:

  • Check for common executables executing with the hash of another process
  • Implement MFA, especially for privileged accounts.
  • Use separate administrative accounts on separate administration workstations.
  • Implement Local Administrator Password Solution (LAPS).
  • Implement the principle of least privilege on data access.
  • Secure Remote Desktop Protocol (RDP) and other remote access solutions using MFA and “jump boxes” for access.
  • Deploy and maintain endpoint defense tools on all endpoints.
  • Ensure all software is up to date.
  • Maintain up-to-date antivirus signatures and engines.
  • Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators’ group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Enable a personal firewall on organization workstations that is configured to deny unsolicited connection requests.
  • Disable unnecessary services on organization workstations and servers.

It also urges users of SolarWinds Orion versions 2019.4 through 2020.2.1 HF1 to to review Emergency Directive ED 21-01 and associated guidance for recommendations on operating the SolarWinds Orion platform. US federal agencies are required to comply with these directives.

Stay safe, everyone!

The post SUPERNOVA malware discovered on SolarWinds Orion server appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Artificial Intelligence ban slammed for failing to address “vast abuse potential”

Malwarebytes - Fri, 04/23/2021 - 11:34

A written proposal to ban several uses of artificial intelligence (AI) and to place new oversight on other “high-risk” AI applications—published by the European Commission this week—met fierce opposition from several digital rights advocates in Europe.

Portrayed as a missed opportunity by privacy experts, the EU Commission’s proposal bans four broad applications of AI, but it includes several loopholes that could lead to abuse, and it fails to include a mechanism to add other AI applications to the ban list. It deems certain types of AI applications as “high-risk”—meaning their developers will need to abide by certain restrictions—but some of those same applications were specifically called out by many digital rights groups earlier this year as “incompatible with a democratic society.” It creates new government authorities, but the responsibilities of those authorities may overlap with separate authorities devoted to overall data protection.

Most upsetting to digital rights experts, it appears, is that the 107-page document (not including the necessary annexes) offers only glancing restrictions on biometric surveillance, like facial recognition software.

“The EU’s proposal falls far short of what is needed to mitigate the vast abuse potential of technologies like facial recognition systems,” said Rasha Abdul Rahim, Director of Amnesty Tech for Amnesty International. “Under the proposed ban, police will still be able to use non-live facial recognition software with CCTV cameras to track our every move, scraping images from social media accounts without people’s consent.”

AI bans

Released on April 21, the AI ban proposal is the product of years of work, dating back to 2018, when the European Commission and the European Union’s Member States agreed to draft AI policies and regulations. According to the European Commission, the plan is meant to not just place restrictions on certain AI uses, but to also allow for innovation and competition in AI development.

“The global leadership of Europe in adopting the latest technologies, seizing the benefits and promoting the development of human-centric, sustainable, secure, inclusive and trustworthy artificial intelligence (AI) depends on the ability of the European Union (EU) to accelerate, act and align AI policy priorities and investments,” the European Commission wrote in its Coordinated Plan on Artificial Intelligence.

The proposal includes a few core segments.

The proposal would ban, with some exceptions, four broad uses of AI. Two of those banned uses include the use of AI to distort a person’s behavior in a way that could cause harm to that person or another person; one of those two areas focuses on the use of AI to exploit a person or group’s “age, physical or mental disability.”

The proposal’s third ban targets the use of AI to create so-called social credit scores that could result in unjust treatment, a concern that lies somewhere between the haphazard systems implemented in some regions of China and the dystopic anthology series Black Mirror.

According to the proposal, the use of AI to evaluate or classify the “trustworthiness” of a person would not be allowed if those evaluations led to detrimental or unfavorable treatment in “social contexts which are unrelated to the contexts in which the data was originally generated or collected,” or treatment that is “unjustified or disproportionate to their social behavior or its gravity.”

The proposal’s final AI ban would be against “’real-time’ remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement,” which means police could not use tools like facial recognition in real-time at public events, with some exceptions.

Those exceptions include the “targeted search” for “specific” potential victims of crime, including missing children, and the prevention of “specific, substantial, and imminent threat to the life or physical safety of natural persons, or of a terrorist attack.” Law enforcement could also use real-time facial recognition tools to detect, locate, identify, or prosecute a “perpetrator or suspect” of a crime of a certain severity.

According to Matthew Mahmoudi, a researcher and adviser for Amnesty Tech, these exceptions are too broad, as they could still allow for many abuses against certain communities. For instance, the exception that would allow for real-time facial recognition to be used “on people suspected of illegally entering or living in a EU member state… will undoubtedly be weaponised against migrants and refugees,” Mahmoudi said.

Aside from the proposal’s exceptions, it is the bans themselves that appear quite limited when compared to what is happening in the real world today.

As an example, the proposal does not ban post-fact facial recognition by law enforcement, in which officers could collect video imagery after a public event and run facial recognition software on that video from the comfort of their stations. Though the EU Commission’s proposal of course applies to Europe, this type of practice is already rampant within the United States, where police departments have lapped up the offerings of Clearview AI, the facial recognition company with an origin story that includes coordination with far-right extremists.

The problem is severe. As uncovered in a Buzzfeed investigation this year:

“According to reporting and data reviewed by BuzzFeed News, more than 7,000 individuals from nearly 2,000 public agencies nationwide have used Clearview AI to search through millions of Americans’ faces, looking for people, including Black Lives Matter protesters, Capitol insurrectionists, petty criminals, and their own friends and family members.”

Buzzfeed found similar police activity in Australia last year, and on the very same day that the EU Commission released its proposal, Malwarebytes Labs covered a story about the FBI using facial recognition to identify a rioter at the US Capitol on January 6.

This type of activity is thriving across the world. Digital rights experts believe now is the best chance the world has to stamp it out.

But what isn’t banned by the proposal isn’t necessarily unrestricted. In fact, the proposal simply creates new restrictions based on other types of activities it deems “high-risk.”

High-risk AI and oversight

The next segment of the proposal places restrictions on “high-risk” AI applications. These uses of AI would not be banned outright but would instead be subject to certain oversight and compliance, much of which would be performed by the AI’s developers.

According to the proposal, “high-risk” AI would fall into the following eight, broad categories:

  • Biometric identification and categorization of natural persons
  • Management and operation of critical infrastructure
  • Education and vocational training
  • Employment, workers management, and access to self-employment
  • Access to and enjoyment of essential private services and public services and benefits
  • Law enforcement
  • Migration, asylum, and border control management
  • Administration of justice and democratic processes

The proposal clarifies which types of AI applications would be considered high-risk in each of the given categories. For instance, not every single type of AI used in education and vocational training would be considered high-risk, but those that do qualify would be systems “intended to be used for the purpose of determining access or assigning natural persons to educational and vocational training institutions.” Similarly, AI systems used for employment recruiting—particularly those used to advertise open positions, screen applications, and evaluate candidates—would be classified as high-risk under the broader category of AI for employment, workers management, and access to self-employment.

Here, again, the proposal angered privacy experts.

In January of this year, 61 civil rights groups sent an open letter to the European Commission, asking that certain applications of AI be considered “red lines” that should not be crossed. The groups, which included Access Now, Electronic Privacy Information Center, and Privacy International, wrote to “call attention to specific (but non-exhaustive) examples of uses that are incompatible with a democratic society and must be prohibited or legally restricted in the AI legislation.”

Of the five areas called out as too dangerous to permit, at least three are considered as “high-risk” by the European Commission’s proposal, including the use of AI for migration management, for criminal justice, and for pre-predictive policing.

The problem, according to the group Access Now, is that the proposal’s current restrictions for high-risk AI would do little to actually protect people who are subject to those high-risk systems.

Per the proposal, developers of these high-risk AI systems would need to comply with several self-imposed rules. They would need to establish and implement a “risk management system” that identifies foreseeable risks. They would need to draft up and keep up to date their “technical documentation.” They would need to design their systems to implement automatic record-keeping, ensure transparency, and allow for human oversight.

According to the European Digital Rights (EDRi) association, these rules put too much burden on the developers of the tools themselves.

“The majority of requirements in the proposal naively rely on AI developers to implement technical solutions to complex social issues, which are likely self-assessed by the companies themselves,” the group wrote. “In this way, the proposal enables a profitable market of unjust AI to be used for surveillance and discrimination, and pins the blame on the technology developers, instead of the institutions or companies putting the systems to use.”

Finally, the proposal would place some oversight and regulation duties into the hands of the government, including the creation of an “EU database” that contains information about high-risk AI systems, the creation of a European Artificial intelligence Board, and the designation of a “national supervisory authority” for each EU Member State.

This, too, has brought pushback, as the regulatory bodies could overlap in responsibility with the European Data Protection Board and the Data Protection Authorities already designated by each EU Member State, per the changes implemented by the General Data Protection Regulation.

What next?

Though AI technology races ahead, the EU Commission’s proposal will likely take years to implement, as it still needs to be approved by the Council of the European Union and the European Parliament to become law.

Throughout that process, there are sure to be many changes, updates, and refinements. Hopefully, they’re for the better.

The post Artificial Intelligence ban slammed for failing to address “vast abuse potential” appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to choose the best VPN for you

Malwarebytes - Fri, 04/23/2021 - 11:13

If you’ve been shopping for a VPN service in 2021, you’ve probably noticed how many providers are available. Using a personal VPN has grown in popularity in recent years, and for good reason. You may no longer be asking, “Should I use one,” but rather, “Which one should I choose?”

The answer might be different for different people. There are many features and providers to consider. Here, we guide you through some of the decision factors so you can select the best VPN for your needs.

Is a free VPN the best choice?

One of the first questions VPN shoppers might ask is whether to use a free VPN service or pay for one. If you’re familiar with what a VPN is, you probably know that there are costs associated with being a provider. A VPN is like a middleman for your Internet traffic, and just like you probably pay an Internet Service Provider for your home Internet, a VPN provider somehow has to cover the costs of their service.

You might compare free vs paid VPNs to free vs paid Internet access. For home Internet access, an Internet Service Provider maintains the infrastructure to deliver Internet to homes, and charges customers for it. If you go to a café and use their free WiFi, the café pays for the WiFi and might build that cost into how much they charge you for a cup of coffee. So, how would a free VPN provider build their costs into a free service?

A common way free VPN services cover their costs is through advertising. That might be showing you ads when you use the service, or by taking your Internet activity data (as well as their other customers’ data) and selling that to advertisers as marketing data. Given that one of the main reasons to use a VPN is to increase your online privacy, it seems that using a free VPN that covers its costs by using your Internet activity for advertising might not accomplish that goal.

If you decide you want to use a paid VPN service for your online privacy but you’re not ready to commit to a long-term subscription right away, many providers offer a free trial before you have to make that commitment.

Choosing a VPN for gaming, streaming, or torrenting

One of the key decision factors in choosing a VPN is what you plan to use it for. In your research, you’ll likely explore reviews to help narrow down your selection, and one of the best ways to make your choice is to take advantage of free trials, so you can take the VPN for a test drive, so to speak. 

The best VPN for you might not be the best one for someone else. Online privacy is the main concern for most VPN users, but if you intend to use one while gaming, watching streaming services based in other countries, or for torrenting, you will have other considerations too and might choose a different provider in each case.

Best VPN for gaming

Many avid gamers have not wanted to use a VPN while gaming due to increased lag caused by encrypting traffic and routing it through a VPN server. However, many VPNs have gotten faster and more efficient, and “gaming VPN” is less of an oxymoron than it used to be. In addition to the online privacy benefits, gamers may also be keen to hide their IP addresses due to threats like doxing and swatting.

Alternatively, some users don’t want to use a VPN for gaming, but do want to use a VPN for everything else other than gaming. In that case, they will want to pay attention to how easily and transparently they can do this. Do they have to do one thing at a time and remember to turn the VPN on and off as they need it, or can they keep their VPN on all the time while allowing games to bypass it?

If you’re a gamer searching for the best VPN specifically for gaming, take advantage of free trials, and test out your selections while gaming to see how they impact speed and performance. 

Best VPN for streaming

Most VPN services enable you to select a server in the country of your choice, and this can enable you to watch some streaming services as if you were located in that country. However, some streaming services have cracked down on this practice, and so not every VPN will enable you to watch the content you want. Testing out a VPN with the streaming services you want to watch is a good way to determine what works now, but keep in mind that your access may change as streaming services adapt. Before using a VPN to access a streaming service, be sure to check that doing so does not violate their terms and conditions.

Best VPN for torrenting

Torrenting is a form of peer-to-peer (P2P) file sharing. Torrent downloads are quick because they are drawn from multiple nearby peers instead of from a single faraway location. To get access to the network users must become peers and allow a small portion of their computer’s resources to be used for hosting torrent data. While sharing files with other users isn’t illegal in and of itself, torrenting is often associated with pirating copyrighted material. However, there is perfectly legal content that people torrent, such as classic movies, TED Talks, and content in indie or niche genres that might not be readily available on large streaming services.

Often for torrenting, connection speed is most important factor in choosing a VPN so you can start watching content quickly. Unlike gaming, where download performance is most important, torrent users will also care about upload performance. This is another example in which taking advantage of free trials to test out VPN speeds while torrenting can help you to pick the best VPN for this purpose.

VPN features

Once you’ve thought about how you plan to use a VPN, the final step to select the best one for your needs is to compare features. This includes:

  • Ease of use: Is the interface easy to navigate and use?
  • Connection speed: You can test this if you do a free trial of the services you’re considering, and look at VPN speed comparison tests.
  • Server locations: In how many different countries are servers available?
  • Data limits: Does the service provide unlimited data, or is there a cap?
  • Simultaneous usage: How many devices can use your plan simultaneously?
  • Operating systems: Can you use the same VPN service on Windows, Mac, Android, and iOS?
  • VPN protocol: Do they use WireGuard, OpenVPN, or another protocol?
  • Encryption: Does the VPN use 256-bit AES encryption, the current best-in-class standard? 
  • Logging: Do they keep activity logs or have a no-log policy? What data gets logged?
  • Kill switch: Do they offer a kill switch, to close your browsers or apps if the VPN disconnects unexpectedly?
  • Split tunneling: Do you want to be able to do some online activities inside the encrypted VPN, and others (such as high-bandwidth activities) just on your regular Internet connection?
  • Support: Is support available 24/7? Is it available via chat, email, phone?

What’s the best VPN for your needs? Different people will have different answers. Considering the available features and reasons you want to use a VPN service will help you to answer that question.

The post How to choose the best VPN for you appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Sentinel Comics Role-playing Game

Sorcerer's Skull - Fri, 04/23/2021 - 11:00

The Sentinel Comics rpg
is based off of a superhero card game. Presumably like the card game, it has the conceit of being based on a comic book universe. Mock covers are shown and issue numbers thrown around, etc. It's art is a bit cartoony, which seems to be kind of a trend in supers rpgs (ICONS is the same way).
The game is best characterized as a somewhat narrativist, superhero combat simulator. "Somewhat narrativist" meaning that it is built to emulate superhero stories not model a world which has superheroes, and that some things that might be specified in other games are left loose, or a lot of different fictional descriptions might fit the same basic mechanics. I say "combat simulator" meaning that it, like 4e D&D, seems geared toward combats. Almost all of it's abilities are aimed in that direction and it's bells and whistles for players to engage with are combat oriented. Unlike 4e, combat really isn't tackle; their is no strict movements or battle maps. I guess you could say combat most reflects its card game roots.
I find a lot of things about the system compelling. In many ways, it seems a refinement of some of the concepts in Marvel Heroic Roleplaying (at least one of the same designers worked on both). It's basic mechanic is make a dice pool from a Power, Quality, and their status (more on this soon), and take the middle number. It's pretty easy and quick.
Status follows a color-coded system called GYRO (Green, Yellow, Red, and Out). Advancing from one color to the next "unlocks" new abilities specific to your character. I think this models pretty well something seen in comics, where Spider-Man does usually seem to have the proportional strength of a spider until he really needs to have the proportional strength of a spider. The Hulk gets angrier and stronger the longer he fights, etc. 
All actions are subsumed into four categories: Attack, Overcome, Boost/Hinder, Defend. Overcome is probably the broadest of these. It's used for most sorts of story obstacles from finding information to disarming a bomb. It's also the main one that gets leaned on in none combat situations. Success at it is graded with narrative consequences: twists of the major or minor variety, than are similar to 2d20 system Complications. Sentinel Comics only having subsystems for combat is one of its deficits for me, though admittedly the Overcome action works in a more "cinematic" (or comic book) way than a bunch of skill challenges or the like.
My biggest complaint with it is character creation. It's kind of a mini-game onto itself and can be done Guided (random die roll), Constructed (choosing the options you could have rolled), or then for modelling characters, just picking and choosing individual abilities, which would be the hardest of the three. Every step gives you certain options and dice types to distribute to those options. It takes a longer time than I would like and requires a lot of flipping back and forth in the book, without even giving you the freedom that other "complicated character generation" supers games like Champions or Mutants & Masterminds. It's easier to tolerate an extended character generation to get exactly the sort of character you want, but Sentinel Comics rpg is an exercise in making compromises, some of which seem arbitrary.
Ending on my big complaint perhaps makes my review seem more negative than I intend. With two sessions in, I feel like the game plays pretty well at the table. It would be great for pregens and a con game. I'm less sold on it, as yet, for a longterm campaign.

The Paladin's Lion A New Monster of Law For The Sword of Cepheus, Cepheus Atom, & Barbaric!

Swords & Stitchery - Fri, 04/23/2021 - 06:02
 The Paladin's Lion is a former elemental god of Law that has taken the form of a lion to guard the wild places against the forces of chaos. This guardian of humanity & the demi races often can be found in places where legends of big cats take on the reality of myth. The paladin lion often accumutates treasure from bandits & other criminals it slays who crosses the monster's path. The Paladin's Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

5150 New Beginnings Who, What and Where Deck

Two Hour Wargames - Thu, 04/22/2021 - 19:14

 Coming out in the 5150 New Beginnings Kickstarter next month.

More info  here.

Categories: Tabletop Gaming Blogs

Clark Asthon Smith's Zothique, Appendix 'N', & Castles & Crusades - The D'Amberville's Secrets & Necromancy

Swords & Stitchery - Thu, 04/22/2021 - 17:28
“Gaunt as starved herons they were, and great of stature, with a common likeness; and their sunk eyes were visible only by red sparks reflected within them from the blaze. And their eyes, as they chanted, seemed to glare afar on the darkling sea and on things hidden by dusk and distance. And Yadar, coming before them, was aware of swift horror and repugnance that made his gorge rise as if he had Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Pages

Subscribe to Furiously Eclectic People aggregator