Newsfeeds

Ultimate Guide To Mobile Playable Ads For Game Developers (Part Two) - by Luke Stapley

Gamasutra.com Blogs - 31 July 2018 - 8:01am
Continuing with the previous article, we look at the best practices in creating playable ads for mobile games. Find out what you need to do to improve the enjoyment of these ads as well as improve interest in installing your game.
Categories: Game Theory & Design

Confluence Core Rulebook For New RPG Up On Kickstarter

Tabletop Gaming News - 31 July 2018 - 8:00am
The world is flat. No, not the Earth, I’m not an idiot. I’m talking about the world of Confluence, the 9th of 14 world in the Cosmic Mirror. It’s flat. And there’s 4 suns (because My 3 Sons just wasn’t enough). However, it’s not a healthy world, as it’s about to collapse. Who will be […]
Categories: Game Theory & Design

Free-To-Play Strategy Games: How They Stack up Against Paid Ones - by Peter Smalls

Gamasutra.com Blogs - 31 July 2018 - 8:00am
Can free games really stack-up against paid/premium titles?
Categories: Game Theory & Design

Plaid Hat Games Announces Gen7

Tabletop Gaming News - 31 July 2018 - 7:00am
Many of you out there have played Dead of Winter and loved it. You’re hungry for more! Well, while it’s not another Dead of Winter expansion, Plaid Hat Games has announced what amounts to its spiritual successor. It’s called Gen7, and it puts players on board a space ark as it heads across the galaxy. […]
Categories: Game Theory & Design

Web Wash: Create Dropdown Menus using Superfish in Drupal 8

Planet Drupal - 31 July 2018 - 6:30am

The Superfish module allows you to create multi-level dropdown menus in Drupal 8. The module uses the JavaScript Superfish library to create and display a Superfish menu block for each menu available on your site.

With a few configuration options, you can control how it’ll behavior on mobile, turn multi-column menus, change the styling and more.

The module does come with a few styling options but you’ll have to style it yourself to match your theme. When you configure Superfish the first time the dropdown functionality will, however, it may not look good.

In this tutorial, you’ll learn how to install the module and how to configure it.

Categories: Drupal

Config Overlay

New Drupal Modules - 31 July 2018 - 6:02am

Provides a configuration filter to turn the configuration export into an overlay of the shipped configuration of all installed configuration. Installing this module and subsequently exporting configuration will leave only those configuration files in your export directory that have been added or modified relative to the shipped configuration of modules and installation profiles.

Categories: Drupal

Fantasy Flight Previews Rebel Commandos For Star Wars: Legion

Tabletop Gaming News - 31 July 2018 - 6:00am
While the Rebellion might’ve started out as just a rag-tag group of individuals fighting against the Empire, they’ve become a fighting force that, while they can’t match the Imperial’s numbers, they can certainly match their skill. The Rebel Commandos are elite troopers, trained in small-squad tactics and able to perform surgical strikes on enemy positions. […]
Categories: Game Theory & Design

Clockwise.MD API

New Drupal Modules - 31 July 2018 - 5:57am

This Clockwise.MD API module is for connecting and calling their API. It is a simple module, but it gives you a method and a class to work with to call the API to get results.

How to Use

Add your authorization token via the module's config page: /admin/config/services/clockwise

API CALL

The callApi method can take up to four parameters, only the endpoint is required.

Categories: Drupal

Publishing 101 - Should You Partner with a Game Publisher? - by David Logan

Gamasutra.com Blogs - 31 July 2018 - 5:57am
Should you partner with a game publisher? CEO of Akupara Games, David Logan, helps to guide developers throughout a series of articles surrounding the release of their game.
Categories: Game Theory & Design

Dusk City Outlaws Review

Gnome Stew - 31 July 2018 - 5:00am

Image from

I think the heist story may occupy a special place in my gamer heart as a tale I greatly enjoyed in media such as television and movies, and yet wasn’t high on my list of adventures to attempt to emulate in tabletop gaming. When I was a fledgling gamer, a lot of cyberpunk and espionage games were geared around modeling the heist by giving extensive floorplans, exact details of where the cameras were located, and exactly how fast the reinforcements would arrive in the case of a botched skill check.

I was never comfortable with that level of detail. Most of the time, I was the one running the game, and I never felt like I could give enough details to be fair to my players. I knew I wasn’t able to juggle all the sweeping fields of vision, patrol patterns, and response times.

I also have to be honest about another aspect of the heist. I am very impatient. I love coming up with quirks when PCs are interacting with NPCs, and I’ll come up with all kinds of side quests on the fly if they wander away from my plot. But if the players take too long planning, I get anxious. It’s not just that I’m in a holding pattern, it’s that the more they plan, the more I feel like I “owe” them something for that planning, even if they completely misread the clues and wandered off the beaten path completely.

In recent years, there have been numerous games that have addressed the heist in a much more narrative manner, recreating the tropes of the heist without the people around the table rolling out actual blueprints or timing how long it takes for someone to map a lap around the block. We’re looking at one of these newer heist-centric RPGs today, with Dusk City Outlaws.

There’s Something You Oughta Know About . . .

I initially purchased the PDF of Dusk City Outlaws, but I was provided a physical review copy by Scratchpad Games. I had thought about reviewing the game based solely on the PDF, but given the design of the game, I felt it was better to wait until I had a physical copy, and that copy was provided by the company itself.

What’s In The Box?

As you might have inferred, this review is based on the physical copy of Dusk City Outlaws. Since the box contains more than just rulebooks and reference guides, we will be going over the components of the box as well. The boxed set contains the following:

  • Cartel Sheets (19 total)
  • Specialty Sheets (26 total)
  • Character Sheet Pad
  • Player Rulebook
  • Judge Rulebook
  • Traveler’s Guide to New Dunhaven
  • Deck of Quirks (60 cards)
  • Deck of Enemies (40 cards)
  • Deck of Time (20 cards)
  • Advantage Dice (4)
  • Challenge Dice (4)
  • Percentile Dice (5 sets)
  • Heat Tokens (30 total, in both 1 and 5 heat denominations)
  • Influence Tokens (18)
  • Player Component Tray
  • Judge Component Tray

The books are well formatted, with big, bold headers and various sidebars explaining rules or concepts in the setting. It’s very easy to read and follow. As a lover of bullet points, I was not disappointed. The artwork has an exaggerated style that is unique and attractive, and very evocative of the setting and its mix of influences. In keeping with the name of the game, much of the artwork is in red, orange, and dark blue.

Both the Player and Judge books are larger, square format softcover books. They are both on high quality, glossy paper, but the cover is the same stock as the pages, so I’m a little concerned about wear and tear over time. The Traveler’s Guide to New Dunhaven is a digest-sized paperback that clocks in at 240 pages, with a heavier cover and full-color art throughout.

All the Cartel and Specialty sheets are on cardstock and feel sturdy. The cards all look amazing. The Deck of Time and the Deck of Quirks have the game logo on the back, and the Deck of Enemies has the same artwork of the adversaries on the back, without the stats that appear on the opposite side.

The tokens are on heavy cardstock and seem like they will hold up well over time. My set has percentile dice in yellow, purple, orange, blue, and green, enough for four players and the Judge to have their own set right out of the box. There are also sets of advantage dice (d8s) and challenge dice (d10s) with special symbols on them.

I was surprised by the plastic component trays that came with the set. They hold the components nicely, and the sheets and Traveler’s Guide all fit into the covers that go over the trays. The only real downside I can bring up about the trays is that if you are a compulsive sleever of cards, the Deck of Quirks and Deck of Enemies overflow their compartments a bit, although you can still seal the plastic lid on the tray.

Player Rulebook

The Player Rulebook is 28 pages, including a player reference sheet on the back that summarizes some of the most commonly used rules for players. The first two pages are a summary of the components of the game, with the next 16 pages summarizing rules and the sequence of play. The last ten pages before the summary on the back-cover deals with campaign play.

Character creation is basically picking a Cartel Sheet and a Specialty Sheet, and then drawing three quirk cards and picking the one that you like the most. Between the specialty and the cartel chosen, your character will have several things they know going into any job without making any checks, some things they can accomplish by spending influence, some gear, and a list of skills ranked at a specific percentage.

All characters start with 100 Luck, which is a buffer against being attacked, and can also be spent to boost skills. Getting help from other players, or doing something especially favorable for your character, allows you to roll advantage dice. Spending luck or doing something in less than ideal situations causes you to roll challenge dice. The symbols on the dice cancel each other out, and they don’t alter your ability to succeed, but they may let you learn something extra, do extra damage, take more damage, or build up more heat.

Once you are out of luck, Judge characters can force you out of a scene if they are making a social attack, or they can start causing you to take real wounds, if the attack is physical. When making an attack or attempting to reduce the luck of a challenge, the best thing you can do is roll as close to your skill number as possible, as the number you roll equals the damage you do in luck.

Heat builds up naturally as time progresses, but certain actions, like firing a gun or committing a crime against a noble, can cause even more heat to be generated. The Judge can then spend that heat to make life more difficult on the players as the job progresses.

The Deck of Time measures how many segments the crew has to pull their job. Each segment some heat automatically builds up, and the crew must decide if they will do legwork (learning information and setting up favorable situations), plan, or rest (to recover lost Luck or heal wounds). If the crew decides to plan, the Judge sets a timer and lets them make plans for 15 minutes of real time, then the segment is over.

The job will have a set number of obstacles that have to be overcome to be completed, and through legwork the players can find out what some of these obstacles are and mitigate or lessen them before they play the final act of the job.

Campaign play involves players earning XP as a crew and progressing story conflicts. When a crew completes a job, they get XP tied to that faction. They can spend it to gain advantage dice or to gain the effects of influence when spent. Story conflicts are broad themes that a character works towards resolving as they play, such as “I’ve got a bounty on my head.” When they lead a legwork scene, they can introduce that as a potential complication in the scene, and when there have been ten complications along that story conflict, the conflict will reach its climax – usually during a job – and afterward, the character picks a story award. Story awards often grant situational bonuses, or additional resources under the right circumstances, but can also be a means of retiring the character with some control over how that character’s story resolves.

Judge Rulebook

The Judge Rulebook is 48 pages. The first 15 pages expound on the rules from the Player Rulebook, summarize how to run scenes, give more details on spending heat, lay out how to construct a job and the challenges that comprise that job, and then present two pages of options and variants to the standard rules. There are eight pre-written jobs to use that round out the book, with a Judge Reference page on the back.

The jobs essentially lay out what the objective is and what any additional side goals may be (which can earn the crew more XP than just doing the bare minimum). There are a set number of obstacles to doing the job, and each of those obstacles has a list of information that the PCs may know or discover, summarized by information that players with a certain knowledge know automatically, things that require a legwork scene to learn, and deeper secrets. The jobs also have customized expenditures of heat that are tailored for that scenario.

This isn’t really an “expected” order of events. Once the Judge lays out the number of segments the crew has until they must pull off the job, the player leading the legwork scene explains what they want to get out of the scene, and where they want the scene to take place, and the Judge determines how many obstacles will stand between the players and their goal. More likely developments are represented with the custom heat expenditures (for example, explaining what kind of NPC is likely to show up in some areas to complicate the job for a certain amount of heat).

Legwork may be freeform in many ways, but there are guidelines for the Judge on how many challenges to put between the PCs and their goal. Additionally, the exact obstacles for the final goal are clearly expressed, and the degree of information handed out is succinct and bullet-pointed. If a character gains a boon on their successful check to find out about an obstacle, there is a clear list of deeper secrets to choose from, if the player wants to find out more by spending that boon.

Because each crew member has certain areas of knowledge, the information handed out to players with that sphere of knowledge preloads the crew with several leads to start their legwork. Given that an average job might hand out knowledge based on six or seven categories, it seems unlikely that the players will ever be starting out without some starter clues from which to make their plans.

Traveler’s Guide to New Dunhaven

This book is a digest-sized, 240-page guide to the setting. It gives details on the city, neighborhoods, history, and factions at play. Each chapter contains a few headers introducing broad topics, and a few sidebars, including the Thief Signs sidebars, which is usually a paragraph or two that explains how the information in a given section is relevant to the criminal organizations of the setting.

The setting has enough interesting details to make it functional, but it avoids hard dates, and the further away from New Dunhaven the lore gets, the broader the descriptions get. Elderland, the Vladov Empire, and Taona are extremely vague, other than being generally European, Russian, or broadly Asian in influence.

Even the city is mainly given “functional” details. There is a map showing what cartels control what sections of the city, but other than the broad strokes of slums, commoner, merchant, or noble district, the book seldom zooms in on specific neighborhoods, although the broader entries above have some example names for some of those districts.

The guide provides the level of detail I’ve been increasingly enjoying in-game settings — there is enough detail that two different Judges will likely recognize the city from one another’s games, but no one is going to correct you that district A is right across the canal from district B.

Between the cartel sheets and the information given out in the various jobs, much of the setting information is conveyed. If you picked up the box and wanted to play it only reading through the Player and Judge books, you can do that and not feel like you missed much vital setting information. In fact, I ran two jobs as a playtest before I finished this book.

That said, if you want to get the most out of campaign play, where characters are creating long-term story conflicts and adding recurring allies and villains to a game, it is much easier to do with this information. Many of those conflicts and ancillary characters are going to be more interesting when they aren’t drawn from the same pool of power groups that are directly associated with the jobs that are being done. I particularly liked the secret police, elite private detective agency, and zealous anti-criminal citizens organizations that are presented as complications to otherwise straightforward jobs.

Other Components

Image from and shows the deluxe tokens instead of the standard cardboard influence and heat tokens.

While the Judge Rulebook has statistics for general categories of opposing NPCs – such as minions, antagonists, minor, and major villains – the Deck of Enemies has much more specific examples, such as bounty hunters or sorcerers. These cards have artwork on the back showing an example of this type of NPC, and on the other side there are stats that the Judge can use to run them. Many of these characters have their own special rules that are quickly summarized in their stats, such as giving the Judge a new way to spend heat when they appear in a scene or adding challenge dice when a given action is attempted in their presence.

The Deck of Time is a set of cards with the time of day on one side, and a reminder of the heat generated when a segment ends. If the crew has three days to do a job, there would be three day cards and three night cards – and a visual reminder of what time of day is current for the segment is important, as some of the specialty sheets have abilities that trigger depending on the time of day.

The Deck of Quirks is one of the means that can be used to customize a character. The default method of using it is to draw three cards and pick the one quirk that the player most likes for that character. Quirks include things like having specific contacts, having a skill not listed on the character’s specialty sheet that may be useful in some jobs, or knowing something about a topic that is not already granted to the character by their cartel or specialty sheets.

Image from

At The Table

While I don’t always get a chance to playtest a new game before I can review it, having the physical copy of the game, and knowing that it was designed for minimal preparation, I asked some of the members of my regular game group if they would be interested in a playtest. Because of this, we had the opportunity to see the game in action.

Without reading through the Traveler’s Guide to New Dunhaven, just flipping through the cartel cards gave a clear idea of the setting and the various themes of the cartels. Between the images on the cards and the sheets, and the available gear, the components communicated a lot about the setting without the need for heavy research into the setting.

We played through two jobs. One was a job that I outlined myself, and the other was a job from the example jobs in the Judge Rulebook. The players played different characters for both scenarios to give them a wider range of how the different cartels and specialties played. I did have a few players that weren’t happy with any of their potential quirks, so I let them shuffle and redraw their cards to pick a better quirk for their concept.

Because the game is designed to be played with minimal prep, I decided I wanted to try to come up with a job without any previous work, in addition to running a job from the book. I wrote down what the job was, what the objective was, and how many complications the PCs would have to deal with and decided I could fill in their automatic knowledge on the fly. I would come up with information on the obstacles as they did legwork.

This taught me a valuable lesson—all the well-structured answers about all the relevant topics in the example jobs let the Judge relax a lot when they are running this game. Trying to make sure you are giving out relevant and useful information in legwork scenes when you haven’t planned out the facts of each of the relevant obstacles or complications is a little bit exhaustive, because those details will become relevant once they start to connect to other details. Unlike some other games where you can abstract large sections of a heist, you are detailing the ending of the heist, and then letting the PCs back-fill those details. I would recommend that any Judge who is going to run their own jobs look at the example jobs and make sure they have a similar level of detail on all the components that are going to come into play in the final scene. You don’t have to do any complicated number crunching, just have an organized list of things that fall under the categories of knowledge, as laid out in the assumed job structure.

  • The characters were framed for a botched job
  • They had to recover the evidence that would clear them with their own cartel before the false evidence about the job was delivered to agents of the Black Council
  • We ended up with multiple troops of randomly summoned distractions, and a church assassin that our Forsaken made into a recurring ally once he explained the situation

The second game we ran went much more smoothly from my perspective. I ran one of the jobs from the Judge Book, and it felt like I could relax and react to whatever crazy scheme my players came up with, because I had some clear lists of information to hand out to them when they did their legwork scenes.

  • One of the players took an assassin and attempted to take out an NPC that would complicate the job later during a legwork scene — this went spectacularly wrong, since no one else followed him into the legwork scene, and the NPC was a major villain
  • Another player that received the “Seduce Someone” skill from their quirks engaged the same NPC, but this time set up a date away from the site of the final scene, with the intention of standing them up on that date and keeping them away from the climax of the job
  • Thanks to the previous botched assassination and other mishaps, I managed to introduce a second assassin to the scene, as well as a watch officer and his second
  • After a massive display of sorcerous power that accidentally set fire to part of the district, the target was acquired and the job was done

I was really impressed with how smooth the game ran when using the pre-written jobs. The players had a lot of fun and expressed that they would like to play the game again in the future, but they weren’t certain that the long-term campaign play looked as robust as they would like. I think a lot of this can be attributed to not having enough setting information to come up with deeper conflicts or recurring NPCs, and not having time to put some of the story awards into context when paging through the book. That said, characters don’t change much mechanically, gaining favors, more resources to spend, and narrative permission to do things more than any change in core abilities.

Gaining Influence The rules for legwork, the timer on planning, and the clear format and structure of the example jobs make it very easy to roll with whatever crazy plans the players may come up with, while keeping everyone focused on playing the game and maintaining the pace. Share1Tweet1+11Reddit1Email

The stated goal for this game is to be an RPG you can pick up off the shelf and play on those nights when you don’t have something else planned, and it works exactly as intended. It is easy to pick up on the mechanics, and to get an impression of the tone and themes at play. The artwork not only sets the tone, but because of the construction of the components, players will see that artwork more often than they would in other games. The rules for legwork, the timer on planning, and the clear format and structure of the example jobs make it very easy to roll with whatever crazy plans the players may come up with, while keeping everyone focused on playing the game and maintaining the pace.

Heat

The artwork does a wonderful job of showing a diverse range of characters, including people of color. The setting book even goes out of its way to explain that New Dunhaven has a much more enlightened view of gender roles and interpersonal relationships than we might even see in the real world. That said, the world doesn’t draw on many cultures for its tropes outside of Europe and Asian.

Running example jobs is great, but a Judge that wants their own scenario needs to get familiar with the assumed structure and put in a little extra work. The campaign progression rules may not be robust enough for players that like more granular advancement, or advancement that allows for more dramatic change in the character they are playing. Getting the most out of campaign play involves investing more in the setting, and while the setting is enjoyable and engaging, that runs slightly counter to the pick up and play design philosophy.

The rule summaries on the back of the character sheets, Player Rulebook, and Judge Rulebook are great, but they could have used the chart for weapons and the charts for spending boons and drawbacks to fully eliminate page flipping.

Recommended — If the product fits in your broad area of gaming interests, you are likely to be happy with this purchase.

If you even vaguely like the idea of a fantasy heist game, this is a great game to have in your gaming library. There have been many times when I have wanted to play an RPG at a moment’s notice, but even some games with minimal rulesets felt like they required too much effort to easily throw together a pickup game. While I didn’t have the opportunity to try the game with people that have done little to no gaming, with the clearly presented components and the regimented table management built into the game, I feel like new gamers could really engage with this game quickly.

This feels like a good “bridge” product, no matter what someone’s primary RPG introduction might be. It contains many elements that are present in other modern games, but those elements are introduced in discreet, easy to process packets. The specialty dice introduce the idea of a secondary axis of success and failure without making the dice interpretation complex, and the primary resolution is still the purview of the d100, which may help to keep people that aren’t fond of specialty dice happy.

The game also introduces other modern game elements, such as spending a resource to resolve certain actions instead of rolling for those actions and having a pool that represents a buffer against attacks that can also be spent as a resource. These mechanics can serve as a bridge for explaining similar concepts that might appear in other games that the players may not have encountered.

What do you think of games designed for minimal prep time, or even for pickup games? How much prep is too much, if you want to start a game at the spur of the moment? What games already exist that do something similar? What other genres would benefit from having this kind of “pick up and play” design? I’d love to hear your ideas on these topics, so please take some time to respond below—I’ll look forward to hearing from you!

 

Categories: Game Theory & Design

OpenSense Labs: Going All Guns Blazing: Enforce Strong Password Policies with Drupal

Planet Drupal - 31 July 2018 - 4:58am
Going All Guns Blazing: Enforce Strong Password Policies with Drupal Shankar Tue, 07/31/2018 - 17:28

Ali Baba and the Forty Thieves, invented in the 18th century by the French Orientalist Antoine Galland, portrays the literary history of the password. The invocation, “Open, Sesame!” which was used in this classic tale to open the magically sealed cave enjoys a broad currency as a catchphrase today.


With the rapidly evolving digital space, password security is even more crucial and needs the right kind of strategic perspective with strong policies. Drupal, being one of the most secure platforms among the leading content management systems, can help in enforcing password policies with its enormous security-oriented abilities. 

Password Policy: A Close Look

Password security was brought into the computing world through the invention of the Compatible Time-Sharing System and Unics (Unix) system.  This was developed at the Massachusetts Institute of Technology and Bell Laboratories in the 1960s. The concept of the password was developed so that the users could only have the access to specific files in their allotted time of computer usage.

Source: Digital Guardian

A password policy is a particular collection of rules that enables proper storage and utilisation of passwords, helps in the creation of dependable and secure passwords and enhances computer security. Commonly, it is part of the official regulations of an organisation and might be employed as a component of security awareness training.

On what basis can you formulate password policy? One of the best collection of guidelines for password policy comes from the National Institute of Standards and Technology (NIST) which is a part of the U.S. Department of Commerce. They have framed a set of Digital Identity Guidelines that provide a great basis on which password policy can be crafted.

The guidelines provided by NIST stresses on user-friendliness. It states that excessively onerous password policies often impacts negatively. For instance, if the users are forced to change their passwords every week, many of them would wind up choosing bad passwords.

Security has always been a compromise between allaying risk and convenience.

A research from Microsoft on password strategies suggests that simple passwords, which can be easily memorised, should be used for low-risk sites. Intricate passwords should be reserved for the sites where the security risks warrant huge repercussions. This suggestion is debatable but it illustrates the trade-off.

For instance, if your site involves users sharing fields of their pet dogs, you can have a lenient approach towards your password policy. Complex passwords may be used for sites where users access sensitive financial or healthcare-related data.    

Can Drupal modules and configurations be used for implementing strong password policies?

Drupal’s rich security features for enforcing strong password policies

By default, Drupal offers guidance on how to make your password stronger. But it does not enforce any password policy out-of-the-box. In order to do that, it comes with a huge library of modules that can help in the enforcement of firm password policies.

Setting restrictions on password

Password Policy, a Drupal module, allows you to lay a set of requirements on passwords that are created by the users. These requirements comprise of length, digits, case, punctuation etc. For instance, you can set what sort of characters and in what amount could be used in a password. It also comes with a password expiration feature.

Setting composition rules

The Password Policy lets you set up intricate composition rules for the passwords. But another Drupal module, Password Strength, offers a user-friendly alternative to prescriptive composition rules. It offers real-time password strength measurement and server-side enforcement.

NIST guidelines suggest that spaces are permitted in passwords which can contribute towards more user-friendly policies when it comes to passphrases. Drupal allows spaces in passwords out-of-the-box.

In case, you do not need any special locks, you can disable the password strength check using a Drupal module called Password Strength Disabler and allow users to feel at ease while creating passcodes.

Avoiding hints and reminders

In case, your website requires hints and reminders, you can add an additional lock to the doors by incorporating security questions while logging in and resetting passwords. Security Questions, a Drupal module, helps you in achieving this numerous configurable options.

However, NIST guidelines suggest that it is better to avoid hints and reminders. Security questions which are fairly easy to guess can be used to compromise user accounts.

But Drupal offers another very useful module called Username Enumeration Prevention which can make it difficult for website hackers to find the usernames and attempt any brute-force attacks.

Leveraging authentication procedure

In case, you need more than one lock, the Two-factor Authentication module can come in handy. It provides an extra layer of security to the authentication procedure. This can be one-time passwords (OTP), codes sent through SMS, or pre-generated codes. It also allows integration with third-party services like Authy, Duo etc.

An authentication and authorisation infrastructure system, Shibboleth is capable of granting individual users with safe, anywhere, anytime access to resources which are available online. Shibboleth authentication, Drupal module, offers user authentication with Shibboleth.

This confrontation in the so-called shibboleth incident in the 12th chapter of the biblical Book of Judges delineates the earlier forms of password security:

“ ‘Say now Shibboleth’; and he said ‘Sibboleth’; for he could not frame to pronounce it right; then they laid hold on him, and slew him at the fords of the Jordan.” Implementing rate-limiting

Drupal does rate-limiting out-of-the-box. But there is no particular UI which exposes configuration that can be tweaked. Flood control, a Drupal module, allows you to limit the number of login attempts by using a convenient admin interface.

To take rate-limiting a step further, Login security module can be beneficial. It helps in limiting the number of invalid login attempts before blocking accounts or denying access by IP address temporarily or even permanently.

To facilitate the login attempts limitation by blocking out the sources of malicious requests, Fail2ban Firewall Integration module offers an automated firewall tool.

Enhancing login features

If your website is available via both HTTP and HTTPS, Secure Login module can ensure that your user login forms or other pages are transmitted via HTTPS. This keeps the passwords hidden from the prying eyes of hackers.

It is always appreciated when the user is given the convenience of using an all-in-one login. OneAll Social Login module allows users to sign in on your website using their social network accounts like Facebook, LinkedIn Twitter, Instagram etc.

In case, an user types an email address incorrectly in a sign-up form, he will not get any confirmation emails which can be troublesome. Email Verify module verifies whether the email address typed by the user exists or not.

Doing away with passwords altogether

What if you do not want to enter a password at all? The Passwordless module gives a possibility of logging in without using a password at all. So if a user has to log in, only the email address would be required. A login link will be sent to that email address which will be valid for 24 hours.

Outlining best practices of password policy

While Drupal is very efficacious in enforcing strong password policies, it is imperative to understand the best practices that can be adopted for incorporating intelligent password policy.

Source: Dashlane
  • Adopting the 8 + 4 rule can be beneficial. You can use 8 characters with 1 upper-case and 1 lower-case, a special character like an asterisk and a number. Make it as random as possible. Also, make sure the numbers and symbols are spread out through the password to foil hackers.
  • Avoid using personal information like your birth date or last name etc.
  • Use different passwords for different accounts. This can be helpful if there are numerous computers in the same department.
  • Adopting passphrases in combination with symbols and numbers can be useful. For example, The Sun Will Rise Again Tomorrow. Also, keep the characters less in the passwords that are easier to remember.
  • You may consider not changing the passwords frequently and it is safer not to write them down anywhere.
  • Do not share the password over electronic media.
  • Add other barriers like two-factor authentication and multi-factor authentication.
  • Set a number that will lock the user out after few unsuccessful attempts.
Conclusion

Password security has evolved over the years in the digital arena. It is significant to have a strong set of rules while deploying password policies. They should not only assist users in avoiding bad passwords but aid in employing high entropy secure passwords. Drupal provides a superb platform to enforce strong password policies with its amazing set of modules.
 
Not only we aid in Drupal development, we also provide continuous support and maintenance services, Contact us at hello@opensenselabs.com to for the enforcement of strong password policies in your business environment.

blog banner blog image drupal security password password security password policy cyber security website security Drupal 8 Drupal module authentication two-factor authentication multi-factor authentication Security Modules Blog Type Articles Is it a good read ? On
Categories: Drupal

Drush Content

New Drupal Modules - 31 July 2018 - 4:53am

Programmatically create, update, delete and deploy content with simply JSON and custom Drush commands.

Categories: Drupal

Violinist projects

New Drupal Modules - 31 July 2018 - 4:30am

This is the module that does some of the work related to projects on violinist.io

Categories: Drupal

Element class formatter

New Drupal Modules - 31 July 2018 - 3:26am

Coming soon!

Overview

A collection of field formatters which add classes to various elements (as opposed to the wrapper markup).

Categories: Drupal

DvG Search Overheid.nl

New Drupal Modules - 31 July 2018 - 3:07am

The Open data webservice for Overheid.nl allows you to search and reuse regulations, announcements and other datacollections of the Dutch government.

The DvG Search Overheid.nl module uses this api to store the results for publications on Overheid.nl in Drupal, so they can be added for example to a search index to make the publications searchable trough your website. The publications are updated twice a day, by default on 10am and 2pm.

Documentation on the overheid.nl API can be found on koopoverheid.nl.

Categories: Drupal

Agiledrop.com Blog: AGILEDROP: Rachel Lawson on the road with Drupal

Planet Drupal - 31 July 2018 - 2:57am
Agiledrop is highlighting active Drupal community members through a series of interviews. Learn who are the people behind Drupal projects.  This week we talked with Rachel Lawson. Learn how did she first came across Drupal, what change she just saw that she was working on and on what contributors she is most proud of.   1. Please tell us a little about yourself. How do you participate in the Drupal community and what do you do professionally? Well, I did spend a few years as a Drupal site-builder and maybe-developer and got involved in core contribution and mentoring, but recently I took… READ MORE
Categories: Drupal

S. M. Bjørklund: PHP method chaining - Fluent interface

Planet Drupal - 31 July 2018 - 2:36am

If you have used ever used Drupal or any other frameworks like Symfony, Laravel and so on have you probably come across code that look something like:

Categories: Drupal

Everyman Minis: Fey Shaman Spirits

New RPG Product Reviews - 31 July 2018 - 2:03am
Publisher: Rogue Genius Games
Rating: 3
An Endzeitgeist.com review

This Everyman mini clocks in at 11 pages, 1 page front cover, 1 page editorial/ToC, 5.5 pages of SRD, leaving us with 3.5 pages of content, so let’s take a look!


After a brief introduction, which also expounds upon the realms of faerie in a sidebar, we begin with the new shaman spirit included within, the fey spirit: The spirit magic spells provide a nice mixture of fey-related tricks, with invisibility at 2nd and conditional curse at 4th level as remarkable low level tricks. The hexes include a fey-themed disguise self that later upgrades the scaling fey form spells. There is also a 1-minute duration curse that enhances damage taken on a failed Will-save and the old teleport from one plant to another striding, with distance traveled as the limit. Better illusion disbelieving (with see invisibility added at 8th level) and memory lapse-use complement the hex-section, making it, as a whole, feel distinctly fey. The spirit animal gets fast healing 1 at 1st level, which can be problematic in conjunction with HP-sharing abilities. Fast healing should have a scaling daily cap. The sprit ability nets a dual blinding/stagger-gaze with a 1-round duration, which is very strong, but kept from being OP by only affecting a target once per day. The greater ability nets DR and a 10-ft. glitterdust burst. The true spirit ability allows the shaman to 3/day increase the save DC of an enchantment, illusion or transmutation spell. The capstone is a fey apotheosis that nets immunity to death effects and fast healing 5, as well as respawning in the faerie realms after death, with a 1/month cap.


The pdf also includes an archetype, the fey conduit. This archetype is locked into the fey spirit and replaces the wandering spirit ability with 3 + Wisdom modifier times per day standard action summon nature’s ally II, which improves over the level. As a balancing caveat, no more than one such effect may be in effect at any given time. The ability may also be used for crafting purposes. Instead of 6th level’s wandering hex, the archetype may, whenever the conduit uses the aforementioned summoning ability, choose to call from a lower level spell list and add the fey creature template. Instead of 14th level’s wandering hex, the fey conduit may not call a creature from her highest level summoning list with said template applied, but only Wisdom modifier times per day. Basically a fey summoner archetype. Okay, I guess.


The pdf also includes a new spell, available at 6th level for druid, shaman, sorcerer/wizard: Pixie pollen. Oddly not included among the spirit magic spells of the fey spirit, in spite of being a perfect fit, this spell can target up to 6 creatures with a batch of specifically-created pixie dust. Unique: When targeting a creature, you choose the duration individually and modify the spell save DC accordingly: Permanent effects have a lower DC. I like this! These allow the caster to make targets behave age-appropriately (using the mental age rules from Childhood Adventures), modify the age of the affected, reincarnate targets (also into 0-HD-critters, for -4 to the DC), erase all memories of the current age category, shrink targets (Microsized Adventures-synergy…) – and that’s not all! The spell is amazing. Potent, yes, but also limited enough, and by far, the coolest thing in this pdf. Kudos!


Conclusion:

Editing and formatting are very good on a formal and rules-language level. Layout adheres to the new two-column full-color standard of Everyman Gaming’s latest layout style, and the pdf has a nice full-color artwork. The pdf has no bookmarks, but needs none at this length.


David N. Ross’ fey spirit is a solid expansion for the shaman. Personally, I was rather underwhelmed by the archetype, and I am not a fan of the easily cheesable first level fast healing. The spell is inspired, though, and elevates this beyond what I’d otherwise rate it as…but not enough to increase the final verdict beyond 3.5 stars, rounded down.

Endzeitgeist out.
Categories: Game Theory & Design

Gizra.com: WebdriverIO Tests with Multiple Browsers

Planet Drupal - 30 July 2018 - 10:00pm

Everything was working great… and then all the tests broke.

This is the story of how adding a single feature into an app can break all of your tests. And the lessons can be learned from it.

The Feature that Introduced the Chaos

We are working on a Drupal site that makes uses of a multisite approach. In this case, it means that different domains are pointed at the same web server and the site reacts differently depending on which domain you are referencing.

We have a lot of features covered by automatic tests in Webdriver IO – an end to end framework to tests things using a real browser. Everything was working great, but then we added a new feature: a content moderation system defined by the workflow module recently introduced in Drupal 8.

The Problem

When you add the Workflow Module to a site – depending on the configuration you choose – each node is no longer published by default until a moderator decides to publish it.

So as you can imagine, all of the tests that were expecting to see a node published after clicking the save button stopped working.

A Hacky Fix

To fix the failing test using Webdriver you could:

  1. Login as a user A.
  2. Fill in all the fields on your form.
  3. Submit the node form.
  4. Logout as user A.
  5. Login as user B.
  6. Visit the node page.
  7. Publish the node.
  8. Logout as user B.
  9. Login back as user A.
  10. And make the final assertions.

Here’s a simpler way to fix the failing test:

You maintain your current test that fills the node form and save it. Then, before you try to check if the result is published, you open another browser, login with a user that can publish the node, and then with the previous browser continue the rest of the test.

Multiremote Approach

To achieve this, Webdriver IO has a special mode called multiremote:

WebdriverIO allows you to run multiple Selenium sessions in a single test. This becomes handy when you need to test application features where multiple users are required (e.g. chat or WebRTC applications). Instead of creating a couple of remote instances where you need to execute common commands like init or url on each of those instances, you can simply create a multiremote instance and control all browser at the same time.

The first thing you need to do is change the configuration of your wdio.conf.js to use multiple browsers.

export.config = { // ... capabilities: { myChromeBrowser: { desiredCapabilities: { browserName: 'chrome' } }, myFirefoxBrowser: { desiredCapabilities: { browserName: 'firefox' } } } // ... };

With this config, every time you use the variable browser it will repeat the actions on each browser.

So, for example, this test:

var assert = require('assert'); describe('create article', function() { it('should be possible to create articles.', function() { browser.login('some user', 'password'); browser.url('http://example.com/node/add/article') browser.setValueSafe('#edit-title-0-value', 'My new article'); browser.setWysiwygValue('edit-body-0-value', 'My new article body text'); browser.click('#edit-submit'); browser.waitForVisible('.node-published'); }); });

will be executed multiple times with different browsers.

Each step of the test is executed for all the browsers defined.

Instead of using browser you can make use of the keys defined in the capabilities section of the wdio.conf.js file. Replacing browser with myFirefoxBrowser will execute the test only in the Firefox instance, allowing you to use the other browser for other types of actions.

Using the browser name, you can specify where to run each step of the test. The Custom Command Problem

If you take a deeper look at previous code, you will notice that there are three special commands that are not part of the WebdriverIO API. login, setValueSafe and setWysiwygValue are custom commands that we attach to the browser object.

You can see the code of some of those commands in the drupal-elm-starter code.

The problem is – as @amitai realized some time ago – that custom commands don’t play really well with the multiremote approach. A possible solution to keep the custom commands available in all of the browsers is to use some sort of class to wrap the browser object. Something similar to the PageObject pattern.

An example of the code is below:

class Page { constructor(browser = null) { this._browser = browser; } get browser() { if (this._browser) { return this._browser; } // Fallback to some browser. return myChromeBrowser; } visit(path) { this.browser.url(path); } setWysiwygValue(field_name, text) { this.browser.execute( 'CKEDITOR.instances["' + field_name + '"].insertText("' + text + '");' ); } login(user, password) { this.visit('/user/login'); this.browser.waitForVisible('#user-login-form'); this.browser.setValue('#edit-name', user); this.browser.setValue('#edit-pass', password); this.browser.submitForm('#user-login-form'); this.browser.waitForVisible('body.user-logged-in'); } } module.exports = Page;

So now, you have a wrapper class that you can use in your tests. You can create multiple instances of this class to access the different browsers while you are running a test.

var assert = require('assert'); var Page = require('../page_objects/page'); describe('create article', function() { it('should be possible to create articles.', function() { let chrome = new Page(myChromeBrowser); let firefox = new Page(myFirefoxBrowser); chrome.login('some user', 'password'); firefox.login('admin', 'admin'); chrome.visit('http://example.com/node/add/article') chrome.setValueSafe('#edit-title-0-value', 'My new article'); chrome.setWysiwygValue('edit-body-0-value', 'My new article body text'); chrome.browser.click('#edit-submit'); // Here is where the second browser start to work. // This clicks the publish button of the workflow module firefox.visit('/my-new-article'); firefox.browser.click('#edit-submit'); // Once the node was published by another user in another browser // you can run the final assertions. chrome.browser.waitForVisible('.node-published'); }); }); What About Automated Tests?

You may be also wondering, does this work seemlessly for automated tests? And the answer is: yes. We have only tried it using the same browser version in different instances. This means that we trigger several chrome browser instances that acts as independent browsers.

If you have limitations in how many cores you have availble to run tests, it should not limit how many browsers you can spawn. They will just wait their turn when a core becomes available. You can read more on how we configure travis to optimize resources.

As you can see, having multiple browsers available to run tests simplifies their structure. Even if you know that you will not need a multiremote approach at first, it may be a good idea to structure your tests using this browser wrapper, as you don’t know if you will need to refactor all of your tests to run things differently in the future.

This approach also can help to refactor the ideas provided by one of our prior posts. Using JSON API with WebdriverIO Tests so you don’t need to worry about login in with the right user to make the json requests.

Continue reading…

Categories: Drupal

Ben's SEO Blog: Topic Clusters Are Old News to Drupal SEO

Planet Drupal - 30 July 2018 - 10:00pm

Topic clusters has been a hot topic in the SEO community lately. They move the emphasis in SEO away from individual keywords to broader categories. Instead of optimizing a page for a keyword like “reduced fat mozzarella cheese”, the goal is to create valuable content for a strategic category such as “cheese”. By focusing on multiple topics within categories and linking these pages to the main topic page, businesses gain authority and performance for the entire topic cluster.

I agree that it’s a great idea, I’m just not so sure that it’s a “new” one. Organizing by topic clusters is old news for Drupal; it has had this capability for years. If you have a Drupal website, you may be ahead of the trend and well positioned for changing SEO strategies. Even if you haven’t designed your... Read the full article: Topic Clusters Are Old News to Drupal SEO

Categories: Drupal

Pages

Subscribe to As If Productions aggregator