All RPGs and Storygames by Tod Foley are now available at DrivethruRPG and RPGnow. Bring these games to your table!
I spent more than 3 years making a project that went nowhere. Today I'm cancelling it, and I'm the happiest I've ever been. - by Dan Aronas
Taxonomy Quick Child allows users to quickly add child terms to a taxonomy term when adding or editing the term.
This week's highlights include an overview of a very odd old Mac game, Keita Takahashi on making games in tough times, and a close look at Life Is Strange 2. ...
Think of your best friend who keeps things to himself - a characteristic that would sometimes make it strenuous for you to understand if he is in distress. Juxtapose such a character with another friend who is an open book which makes it a downhill task to know what he is thinking and feeling. Such a correlation can be observed in this digital world where the security of open source software and proprietary software is constantly debated.
Getting to know open source software
Dr. A.P.J Abdul Kalam, former President and renowned scientist of India, once reiterated that “open source codes can easily introduce the users to build security algorithms in the system without the dependence of proprietary platforms”. The security that open source software offers is unparalleled. Drupal, as an open source content management framework, is known for its provision of magnificent security for your online presence and is worth considering.
It was in 1999 when Eric Raymond stipulated that more eyeballs can make the bugs look shallow. He coined the term “Linus’ Law” which was named in honour of Linux creator Linus Torvalds. Since then, it has been almost two decades for continuous usage of Linus’ Law as a doctrine by some to explain the security benefits of open source software.Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone - The Cathedral and the Bazaar by Eric S. Raymond (Lesson 8)
Open source software consists of source code that is openly available for anyone to do inspection, adjustments or improvements. This code may comprise of bugs or issues that require to be flagged.
Furthermore, public availability means attackers could study and exploit the code that emphasises on inculcating code level security practices. Some of the common open source security practices constitute:
- Governing an inventory of all software used. This data must consist of the version, hash value and the original source of the code.
- Verification of the availability of security updates and bug fixes. This makes sure that the patch management processes are being done regularly.
- Testing and scanning the source code. This is performed using code analysers, auditing tools, or a community like Drupal.
- Make sure that open source applications are in compliance with the existing network architecture to avoid violations of any firewall or security policies.
Whether it is the Heartbleed incident in 2014, where the vulnerability was discovered in OpenSSL. Or, the Microsoft Vulnerability Exploit in 2014, when credit card information of millions of Home Depot customers was compromised. Both open source and closed source software have a history of encountering security threats. But which one is more secure?
Closed-source software, also known as proprietary software, is only distributed to authorized users with private modification and republishing restrictions. On the flip side, OSS is distributed under a licensing agreement which makes it available for the general public to use and modify for no cost.
It is this ability to modify the code that forms the crux of the argument within the Linux community that open source is more safer and less susceptible to security attacks in comparison to closed source software Microsoft Windows.
OSS allows anyone to rectify the broken code. In contrast, closed source can only be fixed by the vendor.
So, when more people are testing and fixing the code within the OSS community, open source gradually increases its salience on security over time. Although attacks are still discovered, it has become a lot easier to identify and fix bugs. Open source enthusiasts believe that they experience fewer exploits and their code receives patches more rapidly as there are a plethora of developers contributing to the project.
When digging deeper, the notion that open source platforms offer users the capability to keeping itself relevant with new and altering requirements underpins the argument for open source over closed. OSS does have a reputation of being more secure as the University of Washington states in a report.Open source security in Drupal Source: AcquiaDrupal Security Team in action
The Drupal open source project has a dedicated team of volunteers who track security-related bugs and release updates. They help in:
- Resolving security issues that are reported in a Security Advisory.
- Offering help for contributed module maintainers in fixing security issues.
- Offering documentation for writing secure code and safeguarding Drupal sites
- Providing assistance to the infrastructure team for keeping the Drupal.org infrastructure safe.
Anyone, who discovers or learns about a potential error, weakness or a security threat that can compromise the security of Drupal, can submit it to the Drupal security team.Process cycle
The process cycle of the Drupal security team involves:
- Analysis of issues and evaluation of potential impact on all the supported releases of Drupal.
- Mobilizing the maintainer for its removal if found with a valid problem
- Creation, assessment, and testing of new versions
- Creation of new releases on Drupal.org
- Using available communication channels to inform users when issues are fixed
- Issuing an advisory if the maintainer does resolve the issues within the deadline and recommending to disable the module thereby marking the project as unsupported on Drupal.org.
The security team keeps issues private until there is a fix available for the issue or if the maintainer is not addressing the issue from time-to-time. Once the threat is addressed and a safer version is available, it is publicly announced.
In addition, the security team coordinates the security announcements in release cycles and works with Drupal core and module maintainers. For any concern with the management of security issues, you can also ask email@example.com.Security features
- You can enable a secure access to your Drupal site as it has the out-of-the-box support for salting and repeatedly hashing account passwords when they are stored in the database.
- It also lets you enforce strong password policies, industry-standard authentication practices, session limits, and single sign-on systems.
- It provides granular access control for giving administrators full control over who gets to see and who gets to modify different parts of a site.
- You can also configure Drupal for firm database encryption in the top-notch security applications.
- Its Form API helps in data validation and prevents XSS, CSRF, and other malicious data entry.
- It limits the login attempts that can be made from a single IP address over a predefined time period. This helps in avoiding brute-force password attacks.
- Its multilayered cache architecture assists in reducing Denial of Service (DoS) attacks and makes it the best CMS for some of the world’s highest traffic websites like NASA, the University of Oxford, Grammys, Pfizer etc.
- Notably, the Drupal addresses all of the top 10 security risks of Open Web Application Security Project (OWASP).
In the 2017 Cloud Security Report by Alert Logic, among open source frameworks assessed for content management and e-commerce, Drupal was reported for the least number of web application attacks.Source: Alert Logic
Sucuri’s Hacked Website Report also showed that Drupal was the most security-focused CMS with fewer security vulnerabilities reported. It stood on top against leading open source CMSs like Wordpress, Joomla, and Magento.Source: SucuriChallenges in open source security
Open source software has its share of challenges as well. Equifax’s 2017 breach was notable because of the millions of US consumers who were affected. For the digital transformation to transpire, developers are moving from perfect to fast using open source components as vital assets for swiftly adding common functionality. For letting developers move as swiftly as customers demand, security pros must address some fundamental challenges.For the digital transformation to transpire, developers are moving from perfect to fast using open source components as vital assets for swiftly adding common functionality
The time between disclosure and exploit is shrinking. Today, there is enough information in the Common Vulnerability and Exposures (CVE) description of a vulnerability consisting of affected software versions and how to execute an attack. Malicious hackers can make use of this information and decrease the time between disclosure and exploit as was witnessed in the case of Equifax.
Identification of open source component vulnerabilities listed in the National Vulnerability Database (NVD) increased by 10% from 2015 to 2016 with a similar increase in 2017. For instance, in components from Maven packages, Node.js packages, PyPi packages, and RubyGems, published vulnerabilities doubled (see graph below).
Security pros must assume that prerelease vulnerability scans are not executed by open source developers. So, software composition analysis (SCA) and frequent updates to open source components will be the responsibility of the enterprise.
Open source security does pose a significant case for itself and can be a better option than a closed source or proprietary software. Also, it is a matter of preference looking at the organisational needs and project requirement, to choose between them for your digital business.
Drupal, as an open source content management framework, comes out as the most secure CMS in comparison to leading players in the market. At Opensense Labs, we have been perpetually offering digital transformation with our strong expertise in Drupal development.
Contact us at firstname.lastname@example.org for amazing web development projects and leverage open source security in Drupal 8.blog banner blog image open source security Open Source closed source proprietary cms closed source cms open source cms closed source security Drupal 8 Drupal CMS drupal security open source cms vs closed source cms open source cms vs proprietary cms Blog Type Articles Is it a good read ? On
The more conventions I attend the harder it is to decide how to allocate my limited time among the many amazing people that I want to play with and exciting games I want to try. I typically sign up for convention games months in advance, and I tend to forget what I signed up for until I pick up my tickets. However, each one had something special in the description that put it on the top of my list.
At its core, the art of writing a convention game description is all about establishing expectations. They say brevity is the soul of wit, but it is also a necessity when it comes to writing convention descriptions where the word (or even character) count is extremely limited.Why it Matters
Convention descriptions are less about the setting, rules system, or story that will be told and more about getting the right players to your table. Convention descriptions are less about the setting, rules system, or story that will be told and more about getting the right players to your table. If you have players show up who are a good stylistic fit to the kind of game you run, it will be less work as a facilitator, and everyone is more likely to have a fun experience.
For example; I love the Warhammer 40,000 setting, but there are lots of games one can play in 40k. I gravitate towards intense political intrigue games filled with treachery and social manipulation. Other people may gravitate towards playing a game rooted in tactical combat. Those and other options are available in a Warhammer 40,000 game, hence a convention game description focusing simply on the setting or rules system is not inherently descriptive of the style of play. That’s why writing a convention description is so important.Keywords
One of the easiest and quickest ways to convey the expectation and tone of the game is through keywords, key phrases, or tags in the description. While I typically begin the convention description with 1-2 sentences that are descriptive of the goal or mission the characters will undertake, the keywords are the meat of the convention description.
I use keywords to convey not only the type of game I want to run, but also the style of players I think will thrive in a session I am running. The trick to an exceptional convention game is not about having the best plot, it is about having players that will respond to and embrace the experience the session provides. In short, the purpose of the convention description it to attract people who will have the most enjoyment, satisfaction, and fun during the game session.
Here are some examples of keywords and phrases that I have used.
- The core experience: Roleplay heavy, rules light. Tactical combat. Puzzle game. Learn to play.
- Tone of the game: Dark Fantasy, Horror, Pulp Adventure, Sci Fi, Four Color Superheroes, Space Opera.
- System and Setting: Warhammer 40,000 RPG Wrath & Glory/Dark Imperium, Savage Worlds Deluxe/Deadlands Noir, AD&D 2nd Edition/Dragonlance, Gumshoe/Harlem Unbound etc.
- Player familiarity: Rules taught/characters provided, beginners welcome. System experience preferred. System expertise required.
- Maturity of the players: All ages welcome, teen 13+, mature players 18+
- Important callouts: Play with the designer! Role Playing or creative writing experience preferred. Organized play/bring a character level 4-6. Emotionally intense/heavy subject matter.
It is most important to relay the core experience, but after that prioritize the keyword categories that are most descriptive of what you are trying to communicate. Skip any categories that aren’t useful to you or your specific game event.
For example, if your game is like Whose Line Is It Anyway where everything is made up and the points don’t matter, it may not be meaningful to spend your valuable word count on describing the rules system or setting. Ask yourself what kind of signals your are sending when you highlight certain features of your game and who will focus on those signals. If the game session uses a popular rules system like Pathfinder but your game won’t be the typical Pathfinder experience I don’t think it is helpful to call out the system. There are people who are going to see that system and sign up immediately regardless of what else the description might say, and that does not set the player or the GM up for success.Establishing Appropriate Expectations
For me, the mark of a good convention game is much like an end of year review; did the game meet or exceed my expectations? Perhaps it’s my analytical nature, but a significant amount of my “fun” relates to whether or not the game facilitator clearly defined what the game’s core experience will be and whether or not they deliver on that promise.
I think this is true of nearly every form of entertainment and media. When a movie trailer sets my expectations, they have set the bar they must overcome for me to fully enjoy it. When advertisements or word of mouth recommendations oversell or misalign my expectations to what the core experience is, I often feel dissatisfied. When a facilitator sets expectations and delivers on them the players are more likely to feel the “payoff” when the story arc is completed. (Give the people what they want!)The Bait and Switch
A convention description is a promise to the players about the experience they are buying. Players have allocated their very limited time to play in a game as advertised. Always deliver on what was promised. Share1Tweet1+11Reddit1EmailHere’s a story; years ago a friend signed up for a convention game based on a description because they were a huge fan of the specific pop culture setting that was referenced. That description generated interest and excitement from people in that fandom who registered for the game. However, just minutes into the game the GM revealed an unexpected twist: they cleverly plucked the game from the advertised setting and dropped it into a completely unrelated setting. Even the overarching tone was different jumping from Exploration Sci Fi to Epic High Fantasy.
Don’t do this.
A convention description is a promise to the players about the experience they are buying (reminder: conventions aren’t free). Players have allocated their very limited time to play in a game as advertised. Especially when referencing a specific intellectual property setting or world, know that you will likely attract fans of that setting and they expect you to deliver. If a player starts out disappointed the GM is going to have a much harder time keeping engaged and having fun. If the game you intend to “switch” to is so good, then use that as the advertised game! Simple.Introduction at the Event
This is your opportunity to remind players exactly what they signed up for. When the event starts, give an introduction that re-establishes the goal for the session. There are only a few hours to play, so aligning the group’s expectations up front will make the event run more smoothly.
First, I give a brief description wherein I may even read the convention description blurb to the players verbatim. I’ll include the system, the tone, content warnings, and review the safety tools we’ll use in the session.
Additionally, I set the players expectations about the purpose of the game. When I run a Protocol RPG I tell my players that we’re here to have fun and collaboratively tell a story. I specifically call out that there are no dice, no stats, and that “Winning is telling a great story.” In these games I facilitate the rules, but the system is there to support the core experience: the story.
This is in contrast to my purpose while running Wrath & Glory at conventions this summer. I want everyone to have a fun and satisfying roleplaying experience, but as a game designer and GM the story is there to support the core experience: learning the system. Since Wrath & Glory is brand new, my goal is to showcase the game system and teach the players the rules. Hence, my introduction focuses on setting a time expectation for learning the rules before we get into roleplaying.
These are two very different goals. By reiterating the core experience to the players up front I’m setting myself up for success. Since these goals tie back to the convention description this should seem familiar to the players and should help them to remember that this is the experience they signed up for.Final Thoughts
When certain features are important to the game experience prioritize and highlight those in the convention description. Make it clear what the core experience of the game is and it will help to attract the players who will enjoy your game the most. Finally, follow it up during the introduction to the session to ensure you are setting the players expectations about the experience they signed up for.
What features are most important to you when writing or reading convention game descriptions? Do you have any other helpful tools for creating convention descriptions? What are other pitfalls you have encountered?
This project is related to Opigno LMS distribution.
It provides a search feature based on Search API.
For additional details, please consult Opigno website.
This project is related to Opigno LMS distribution.
It provides the commerce feature, allowing to sell access to some trainings.
Commerce feature is based on Drupal Commerce, allowing to integrate with several different payment gateways and add-ons.
For additional details, please consult Opigno website.
This module is similar to the Message History module except where Message History marks each message as read, Message Thread History marks the thread as read. This enables a list of threads to display which threads have new messages in them. When a single message in a thread is read then the whole thread is considered read.
Social Auth Odnoklassniki is a ok.ru Authentication integration for Drupal. This module supports getting user's name, email and picture from OK.
It uses max107/oauth2-odnoklassniki package as a back-end for authentication.
Not only did DrupalEurope in Darmstadt a couple of weeks ago give me the opportunity to learn more about Drupal and meet old friends and community members - it was also the new start of coming back to doing a pod again.
The Drupal pod Drupalsnack has been on hold for a year when I wrote a book about old commercials found in comic books during the 60s, 70s, 80s and 90s. But when the book now is printed and can be found in stores - it's time to go back to recording a pod.
And the first episode is about DrupalEurope. Me and my podcast colleague Kristoffer took the opportunity to interview Michael Miles who came all the way from Boston, USA, to visit DrupalEurope. I also spoke to Baddysonja - Baddy Breidert - who has been the project manager, leading the masses in organising DrupalEurope, and Kristoffer stopped Dries in the hallway and interviewed him about all the news around Drupal.
All in all, it is great doing a podcast again, and this episode is in English since we did all the interviews in English. Next episode will be in Swedish again, which will be a relief. I consider my English to be quite good, but it is always easier to do a podcast in your native language.
Listen to the DrupalEurope episode of Drupalsnack by clicking here.
The sinceago module used to display node and comment created date as "less than a minute ago" or "10 minutes ago" and frequently updating the time ago without refreshing the page.
- Admin have provision to enable and disable this option for node created date.
- Admin have provision to enable and disable this option for comment created date.
- Its exploring the same for anywhere in the templates.
Please see the README for about more details.
So obviously, the pendulum of progress stopped swinging on my game. As much as I tried to prevent it, pressing obligations just wouldn’t take a back seat (nor would the burglars who, a few weeks ago, stole 90% of my wardrobe and who last week stole my monitor). So after a string of hectic weekends and even crazier weeks, this weekend has been pretty wide open for doing whatever I want to do. And not a moment too soon!
So after doing all the other things I try to do with my weekends, I finally loaded up the ol’ Inform 7 IDE and started working on my game. To get me back in the swing of things, so to speak, I started reading through what I’d already written. It was an interesting experience.
Strangely, what impressed me most was stuff I had done that I have since forgotten I learned how to do. Silly little things, like actions I defined that actually worked, that had I tried to write them today, probably would have had me stumped for a while. Go me! Except, erm, I seem to have forgotten more than I’ve retained.
I also realized the importance of commenting my own code. For instance, there’s this snippet:
A thing can be attached or unattached. A thing is usually unattached. A thing that is a part of something is attached.
The problem is, I have no idea why I put it in there – it doesn’t seem relevant to anything already in the game, so I can only imagine that I had some stroke of genius that told me I was going to need it “shortly” (I probably figured I’d be writing the code the next night). So now, there’s that lonely little line, just waiting for its purpose. I’m sure I’ll come across it some day; for now, I’ve stuck in a comment to remind myself to stick in a comment when I do remember.
It reminds me of all the writing I did when I was younger. I was just bursting with creativity when I was a kid, constantly writing the first few pages of what I was sure was going to be a killer story. And then I’d misplace the notebook or get sidetracked by something else, or do any of the million other things that my easily distracted self tends to do. Some time later, I’d come across the notebook, read the stuff I’d written and think, “Wow, this is great stuff! Now… where was I going with it?” And I’d never remember, or I’d remember and re-forget. Either way, in my mother’s attic there are piles and piles of notebooks with half-formed thoughts that teem with potential never to be fulfilled.
This situation – that of wanting to resume progress but fumbling to pick up the threads of where I left off – has me scouring my memory for a term I read in Jack London’s Call of the Wild. There was a part in the book where Buck’s owner (it’s late, his name has escaped me) has been challenged to some sort of competition to see if Buck can get the sled moving from a dead stop. I seem to remember that the runners were frozen to the ground. I thought the term was “fast break” or “break fast” or something to that effect, but diligent (does 45 seconds count as diligent?) searching has not confirmed this or provided me with the right term. Anyway, that’s how it feels tonight – I feel as if I’m trying to heave a frozen sled free from its moorings.
The upside is, I am still pleased with what I have so far. That’s good because it means I’m very likely to continue, rather than scrap it altogether and pretend that I’ll come up with a new idea tomorrow. In the meantime, I’ll be looking for some SnoMelt and a trusty St. Bernard to get things moving again.
So I didn’t get as much coding done over the weekend as I had hoped, mainly because the telephone company *finally* installed my DSL line, which meant I was up til 5:30 Saturday am catching up on the new episodes of Lost. That, in turn, meant that most of the weekend was spent wishing I hadn’t stayed up until such an ungodly hour, and concentration just wasn’t in the cards.
However, I did get some stuff done, which is good. Even the tiniest bit of progress counts as momentum, which is crucial for me. If the pendulum stops swinging, it will be very hard for me to get it moving again.
So the other day, as I was going over the blog (which really is as much a tool for me as it is a way for me to share my thoughts with others), I realized I had overlooked a very basic thing when coding the whole “automatically return the frog to the fuschia” bit…
As the code stood, if the player managed to carry the frog to another room before searching it, the frog would get magically returned to the fuschia. This was fairly simple to resolve, in the end – I just coded it so that the game moves (and reports) the frog back to fuschia before leaving the room. I also decided to add in a different way of getting the key out of the frog – in essence, rewarding different approaches to the same problem with success.
Which brings me to the main thrust of today’s post. I have such exacting standards for the games I play. I love thorough implementation. My favorite games are those that build me a cool gameworld and let me tinker and explore, poking at the shadows and pulling on the edges to see how well it holds up. A sign of a good game is one that I will reopen not to actually play through again, but to just wander around the world, taking in my surroundings. I’ve long lamented the fact that relatively few games make this a rewarding experience – even in the best games, even slight digging tends to turn up empty, unimplemented spots.
What I am coming to appreciate is just how much work is involved in the kind of implementation I look for. Every time I pass through a room’s description, or add in scenery objects, I realize just how easy it is to find things to drill down into. Where there’s a hanging plant, there’s a pot, dirt, leaves, stems, wires to hang from, hooks to hang on, etc. Obviously, unless I had all the time in the world, I couldn’t implement each of these separately, so I take what I believe to be the accepted approach and have all of the refer to the same thing. Which, in my opinion, is fine. I don’t mind if a game has the same responses for the stems as it does for the plant as a whole, as long as it has some sort of relevant response. Even so, this takes a lot of work. It might be the obsessive part of me, but I can’t help but think “What else would a person think of when looking at a hanging plant?”
Or, as I’ve come to think of it: WWBTD?What Would Beta Testers Do?
I’ve taken to looking at a “fully” implemented room and wondering what a player might reasonably (and in some cases unreasonably) be expected to do. This is a bit of a challenging process for me – I already know how my mind works, so trying to step outside of my viewpoint and see it from a blind eye is hard. I should stop for a second to note that I fully intend to have my game beta tested once it reaches that point, but the fewer obvious things there are for testers to trip over, the more time and energy they’ll have for really digging in and trying to expose the weaknesses I can’t think of.
I’ve found one resource that is both entertaining and highly informative to me: ClubFloyd transcripts. ClubFloyd, for the uninitiated (a group among which I count myself, of course) is a sort of cooperative gaming experience — if anyone who knows better reads this and cares to correct what may well be a horrible description, by all means!– where people get together on the IFMud and play through an IF title. The transcripts are both amusing and revealing. I recently read the Lost Pig transcript and it was quite interesting. The things people will attempt to do are both astonishing and eye-opening. In the case of Lost Pig (which, fortunately, I had already played before reading the transcript), what was even more amazing was the depth of the game itself. I mean, people were doing some crazy ass stuff – eating the pole, lighting pants on fire, and so on. And it *worked*. Not only did it work, it was reversible. You obviously need the pole, so there’s a way to get it back if, in a fit of orc-like passion, you decide to shove it in down Grunk’s throat.
Anyway, my point is, the transcripts gave me a unique perspective on the things people will try, whether in an effort to actually play the game, to amuse themselves, or to amuse others. Definitely good stuff to keep in mind when trying to decide, say, the different ways people will try to interact with my little porcelain frog.Other Stuff I Accomplished
So I coded in an alternate way to deal with the frog that didn’t conflict with the “standard” approach. I also implemented a few more scenery objects. Over the course of the next few days, I’m going to try to at least finish the descriptions of the remaining rooms so that I can wander around a bit and start really getting to the meat of it all. I also want to work on revising the intro text a bit. In an effort to avoid the infodumps that I so passionately hate, I think I went a little too far and came away with something a bit too terse and uninformative. But that’s the really fun part of all of this – writing and re-writing, polishing the prose and making it all come together.
Whattaya know. Midnight again. I think I’m picking up on a trend here.
Grrr… I’ve been so bogged down in work and client emergencies that progress on the game is at a temporary (no, really! Only temporary) standstill. I’ve managed to flesh out a few more room and scenery descriptions, but have not accomplished anything noteworthy in a few days. Hopefully after this week most of the fires on the work front will be extinguished, and I’ll have time to dive into the game this weekend.
(She says to no one, since there’s been one hit on this blog since… it started.)