Gnome Stew Notables – Donna Prior

Gnome Stew - 20 August 2018 - 5:06am

Donna “Danicia” Prior is the Sparkly Princess of Social Media & Community Management. She is currently the Organized Play Manager for Catan Studio and the Executive Director of OrcaCon, the inclusive tabletop games convention. She has worked in both video games and tabletop games. In short, gamer, geek, and future wife of Wedge Antilles. Lives on Twitter as @Danicia. Find Donna on and

What projects have you worked on?

I’ve been working in the games industry now since 2007, starting with the video game industry. I got my start on Pirates of the Burning Sea, Guild Wars 2, Gods & Heroes: Rome Rising, TERA Online, and numerous properties for SOE (Sony Online Entertainment). I met Chris Pramas, CEO of Green Ronin Publishing, while working on PotBS, as we both worked at Flying Lab. I started contracting with Green Ronin a few years ago as the Events Manager, handling the Gen Con volunteer GM presence and outlining a Volunteer GM Program aka the Green Ronin Freebooters. After my last video game layoff, I was forwarded the Organized Play gig with Catan by a friend and that’s where I am today.


You work in areas of gaming that are often overlooked in favor of the creators and designers, but the industry relies on hundreds, if not thousands, of people who are not  in the limelight. What does your job entail, and how did you get into that area of games?

My role as the Catan Organized Play Manager involves a lot of spreadsheets. Hah! I schedule regional Qualifier tournaments for the Catan National Championships where Catan is published in the English language. My largest amount of work is the US program, but I’ve also restructured the Canadian, UK, and Australia programs, plus created new programs for Ireland and Vietnam. I’ve still got so many more to put into place. I also coordinate and facilitate the Catan Masters Invitational, which is a special tournament for the top tier US players. Plus, I coordinate with our team and Asmodee for a presence at shows such as Origins, Gen Con, UK Games Expo, and more.

Whilst Organized Play Management is different from what I’ve been doing (Community Management), it still involves community outreach, communication, coordination of people and events. There’s an aspect of content creation, social media interactions, and more. My plan is to also build out some typical community gathering spaces, to help grow said community of both competitive and casual Catan players.

As far as Community Management as a career? I was actually hired right out of a game community to work on PotBS’ Community Team. I was naturally already doing outreach, working with fansites, moderating and running communities on forums, LiveJournal, and more. It was a natural progression to actually start doing it for a living. Left the IT field behind without looking back!

For the future, I’d love to do some more writing and freelance work.

You spend a ton of time traveling to conventions and events. What are your secrets for survival? 

Alone time! No, seriously! I avoid parties. I make sure to take extra care to eat and drink plenty of water. I will meet with friends for dinner sometimes, but otherwise, I am back in my room in the quiet, watching Netflix or reading. It helps, when you’re running a 64-person event with all the chaos that it entails. I tend to bring along protein snacks with me when doing shows, or pick some up when I arrive. Nuts, cheese, trail mix, that sort of thing. Carbs might get you a big energy rush at first, but then you crash right on down. I also don’t drink sodas, eat candy, or chug coffee. I sit whenever I can, as the standing in one place thing is super hard on one’s body.

For the travel part of it, I tend to pay for slight upgrades on flights. As example, if it’s not too expensive, I’ll upgrade to first class for the relaxation of it. Doesn’t always work, but I go for creature comforts whenever possible.

There’s a lot of discussion of community and community responsibility lately. How can we build a better, stronger gaming community that welcomes everyone?

Gosh, there’s so much to unpack with this one. Really, it has to start from the top down. Geeks & gamers are not an oppressed group. Gaming and geek things are mainstream, and we should welcome the chance to play with everyone.

First, companies and community leaders should actually listen to people who aren’t already gamers. You’ll get a very different response on what people want in games and game communities. Listen to why people don’t feel welcome in game stores. Why people have a hard time finding D&D groups, tabletop groups. Find ways of making people feel welcome, instead of excluding. As an example, I was visiting a local game store. I talked with the owner at some length. He’s got a heavy Magic & Warhammer clientele. That’s not bad at all, a lot of those stores are very successful. But he wants to create a hub where everyone feels welcome to play games. Where women and families feel welcome. I asked him, “Do you have tampons and pads in your restroom?” and he looked at me like I was speaking a different language. It’s not that he was excluding people intentionally; I felt he was truly baffled why he couldn’t generate a good board game meetup hangout establishment. He’s got LOTS of potential in his store, but he just doesn’t know how to fix it.

I am experienced with games for years and years, so you have to do something super jerky for me to feel unwelcome. But, your average consumer will totally feel unwelcome if your store looks like someone’s extended basement. Clutter, posters on the wall with masking tape. Dust, unpainted concrete floors. Broken furniture (or cheap Costco folding tables and chairs) and the like. If you want to become a destination for communities, you need to clean the place up and make it friendly. It’s a hard thing, too, because that all costs money, which is something not a lot of FLGS (friendly local game stores) have, with the margins on games being so tight. That’s where it starts. If you create a welcome and safe environment, don’t tolerate harassment and grossness, you start creating a healthy community.

If you wanna have grognard shop, that’s fine, too. Some folks like that and that’s okay for them. For me, it’s sad, because it means there are heaps of people who will never feel welcome to play games, but folks can run their business how they want.

You’re also an avid gamer. Which properties and settings do you most love?

I am an unabashed lover of Forgotten Realms. One of my hobbies is actually just making characters and developing backstories, in hopes of playing them in a game someday. Hell, I hope to play in a game where people love the Realms as much as I do, and will have a super RPG heavy campaign. (HINT HINT IF ANYONE IS LOOKING FOR PLAYERS). I’m a huge fan of the Shadowrun lore, but HATE the system(s). I hate math. There, I said it (I’ve got Dyscalculia). I’ve always been a big Classic Deadlands fan, but it’s super hard to find compatible players. I love love love the Dragon Age setting and hope to kick off a Roll20 campaign after con season. I don’t know Blue Rose as much as some, but I love the setting and nope to get into a campaign (or run one). And I AM SO VERY EXCITED ABOUT THE EXPANSE RPG.

What is your dream game? (Either to make, or play.)

Sense8. I would LOVE to play in the Sense8 world, or run a campaign. Once Modern AGE comes out, I may try to pull together a mini convention game if Joe Carriker will help me. We have been chatting about working on this for fun ever since the series came out. Of course, I started brainstorming characters to be in different Clusters.

What upcoming projects or events are you excited about? 

I DID MENTION THE EXPANSE, RIGHT? I am also excited about REVOLUTIONARIES — American War of Independence RPG, Good Society: A Jane Austen Roleplaying Game, Sigil & Sign — Cthulhu Mythos RPG where you play the cultist, Satanic Panic, Mysteries of the Yōkai: An RPG Inspired by Japanese Folklore, A Delve in the Cave: 5th Edition Adventure, Overlight RPG: A roleplaying game of kaleidoscopic fantasy, and and and…well… a lot of other things.

Categories: Game Theory & Design Digital Services: Custom dashboards: Surfacing data where authors need it

Planet Drupal - 20 August 2018 - 3:31am
Helping content creators make data-driven decisions with custom data dashboards

Our analytics dashboards help content authors make data-driven decisions to improve their content. All content has a purpose, and these tools helps make sure each page on fulfills its purpose.

Before the dashboards were developed, performance data was scattered among multiple tools and databases, including Google Analytics, Siteimprove, and Superset. These required additional logins, permissions, and advanced understanding of how to interpret what you were seeing. Our dashboards take all of this data and compile it into something that’s focused and easy to understand.

We made the decision to embed dashboards directly into our content management system (CMS), so authors can simply click a tab when they’re editing content.

GIF showing how a content author navigates to the analytics dashboard in the CMS.How we got here

The content performance team spent more than 8 months diving into web data and analytics to develop and test data-driven indicators. Over the testing period, we looked at a dozen different indicators, from pageviews and exit rates to scroll-depth and reading grade levels. We tested as many potential indicators as we could to see what was most useful. Fortunately, our data team helped us content folks through the process and provided valuable insight.

Love data? Check out our 2017 data and machine learning recap.

We chose a sample set of more than 100 of the most visited pages on We made predictions about what certain indicators said about performance, and then made content changes to see how it impacted data related to each indicator.

We reached out to 5 partner agencies to help us validate the indicators we thought would be effective. These partners worked to implement our suggestions and we monitored how these changes affected the indicators. This led us to discover the nuances of creating a custom, yet scalable, scoring system.

Line chart showing test results validating user feedback data as a performance indicator.

For example, we learned that a number of indicators we were testing behaved differently depending on the type of page we were analyzing. It’s easy to tell if somebody completed the desired action on a transactional page by tracking their click to an off-site application. It’s much more difficult to know if a user got the information they were looking for when there’s no action to take. This is why we’re planning to continually explore, iterate on, and test indicators until we find the right recipe.

How the dashboards work

Using the strategies developed with our partners, we watched, and over time, saw the metrics move. At that point, we knew we had a formula that would work.

We rolled indicators up into 4 simple categories:

  • Findability — Is it easy for users to find a page?
  • Outcomes — If the page is transactional, are users taking the intended action? If the page is focused on directing users to other pages, are they following the right links?
  • Content quality — Does the page have any broken links? Is the content written at an appropriate reading level?
  • User satisfaction — How many people didn’t find what they were looking for?
Screenshot of dashboard results as they appear in the CMS.

Each category receives a score on a scale of 0–4. These scores are then averaged to produce an overall score. Scoring a 4 means a page is checking all the boxes and performing as expected, while a 0 means there are some improvements to be made to increase the page’s overall performance.

All dashboards include general recommendations on how authors can improve pages by category. If these suggestions aren’t enough to produce the boost they were looking for, authors can meet with a content strategist from Digital Services to dive deeper into their content and create a more nuanced strategy.

GIF showing how a user navigates to the “Improve Your Content” tab in a analytics dashboard.Looking ahead

We realize we can’t totally measure everything through quantitative data, so these scores aren’t the be-all, end-all when it comes to measuring content performance. We’re a long way off from automating the work a good editor or content strategist can do.

Also, it’s important to note these dashboards are still in the beta phase. We’re fortunate to work with partner organizations who understand the bumps in the proverbial development road. There are bugs to work out and usability enhancements to make. As we learn more, we’ll continue to refine them. We plan to add dashboards to more content types each quarter, eventually offering a dashboard and specific recommendations for the 20+ content types in our CMS.

Interested in a career in civic tech? Find job openings at Digital Services.

Custom dashboards: Surfacing data where authors need it was originally published in MA Digital Services on Medium, where people are continuing the conversation by highlighting and responding to this story.

Categories: Drupal

Sticky Elements

New Drupal Modules - 20 August 2018 - 2:35am

Provides context reaction to make any element on the page sticky


This is included as a library in the sticky_elements.make file.

Please refer to for more details on using libraries.

Categories: Drupal

OpenSense Labs: Preventing Brute Force Attacks with Drupal Login Security Module

Planet Drupal - 20 August 2018 - 2:20am
Preventing Brute Force Attacks with Drupal Login Security Module Raman Mon, 08/20/2018 - 14:50

The internet is a wild place. You never know who’s on the hunt for vulnerabilities of your site. In fact, the moment you deploy your application on the web, you are inviting all sorts of requests on your server. Apart from genuine users, these could potentially be automated scripts, (mostly harmless) bots or crawlers, ethical/non-ethical hackers or some curious geeks (like me).

Categories: Drupal

OpenSense Labs: Preventing Brute Force Attacks with Drupal Login Security Module

Planet Drupal - 20 August 2018 - 2:20am
Preventing Brute Force Attacks with Drupal Login Security Module Raman Mon, 08/20/2018 - 14:50

The internet is a wild place. You never know who’s on the hunt for vulnerabilities of your site. In fact, the moment you deploy your application on the web, you are inviting all sorts of requests on your server. Apart from genuine users, these could potentially be automated scripts (mostly harmless), bots or crawlers, ethical/non-ethical hackers or some curious geeks (like me).

One of the key areas of interest for them is to exploit the authentication or login system of an application. Compromising the security of your users’ accounts can lead to severe consequences such as the leak of their personal information, misuse of their identity (or your platform), and can even cause financial losses. 

It is of utmost importance to ensure that healthy security standards are implemented. These include enforcing strong Password Policies, employing salted password hashing, adopting HTTPS, preventing brute force attacks, utilizing two-factor authentication and so on.

Securing a Drupal site is a vast topic in itself, but in this article, we will focus on understanding the default flood control mechanism and then later explore the usage of Login Security, a contributed module, to enhance the security.

Default Flood Control Mechanism of Drupal

In Drupal, User, a core module, is responsible for providing the features related to user account management such as authentication, logging in/out, password management, registration, roles, and permissions. It also does a basic yet effective prevention against brute force attacks using its flood control mechanism.

Flood Control of Drupal in Action

Whenever a user authentication fails, it is considered as a flood event and its entry is made in the “flood” schema storing the event type, user identifier, timestamp, and expiration of this flood event. There are two ways (flood event types) in which Drupal keeps a track of login failures – IP address based, and user account based. 

Flood database table

By default, a user account gets blocked if there have been 5 login failures for that user account within a span of 6 hours, and an IP address gets blocked if there have been 50 login failures from that IP address within an hour. Thus, preventing an attacker to run through a series of passwords until the correct one is obtained.

However, there are mainly three limitations of this default mechanism. 

  • There is no user interface for site administrators to configure the allowed number of login attempts and blocking time period.
  • Anyone can abuse this behavior and get a user’s (including admin’s) account blocked on purpose. There should be a way to unblock the users through admin UI (Flood Unblock module can also be used for this purpose) or preventing this abuse by not revealing the error messages to the attacker.
  • There should be some way to alert the site admin or the user whose account is being exploited.

Now, let us explore how we can use Login Security to overcome these limitations.

Downloading and Installing Login Security Module

The only prerequisite of the module is the core Ban module. Once you’ve made sure, it is enabled, you may proceed with installation of the Login Security module using any of the below methods.

$ drush dl login_security && drush en -y login_security


$ drupal module:download login_security && drupal module:install login_security


$ composer require 'drupal/login_security:^1.5'

After downloading the module using composer, enable it from the admin UI available at admin/modules.

Enabling Login Security module using admin UIHow does the Login Security module work?

The module works by implementing hook_validate(), thereby overriding the default login form flow. It maintains its own schema, login_security_track, to keep a track of failed login attempts. It can detect an ongoing attack using the configured threshold value within a set time window and can also alert the site administrator through email or logs.

Login Security Track database table

It offers two types of protection against the attacks – Soft and Hard. The soft protection is similar to the default flood mechanism, that is, it temporarily blocks the user from submitting the login form. The hard protection, however, permanently bans the host IP address and changes the status of the user account to blocked. 

If needed, the site administrator can unban the IP addresses from the admin UI available at admin/config/people/ban and unblock the users from admin/people. Additionally, it can also be configured to display the last access and last login timestamp to the users to further comfort them of their security.

 A Drupal message shows the last access and login timestamp to users after successful LoginConfiguring Login Security

The module provides a configuration form under admin/config/people/login_security. So, navigate to Manage → Configuration → People → Login Security.

You may configure the following options as per your security needs and then hit “Save configuration” to apply the changes.

Configuring the Login Security module


Default Value


Track time


The time window for which the login failures are considered. Soft protections expire after this time



Max. number of login failures after which a user account will be permanently blocked

Soft host


Max. number of login failures after which an IP address will be temporarily blocked from submitting the login form

Hard host


Max. number of login failures after which an IP address will be completely banned using the core ban module

Attack detection


Max. number of login failures after which an ongoing attack is detected and a warning is logged

Disable login failure error message


Display the core login error messages

Notify user about remaining login attempts


Display the number of attempts remaining before the user account will get temporarily blocked

Display last login timestamp


Display a Drupal message with the last login timestamp of the user

Display last access timestamp


Display a Drupal message with the last activity timestamp of the user

Along with these configurations, the text within the Drupal messages on the events (failed login attempt, hard/soft IP address ban, and blocking of the users), and the email fields (address, subject, and body) can also be configured. You may use the provided tokens to send a dynamic data in the alert/message.

Configuring the alert settings of the module


The Login Security module adds another measure of security to a Drupal website. In particular, it allows greater control on dealing with a situation of a brute force attack. At the end of the day, however, ensuring security is not just limited to configuring the modules but also lies in the hands of people who administer and deploy the websites.

In case of any queries or suggestions, feel free to drop down a comment.

blog banner blog image Blog Type Tech Is it a good read ? On
Categories: Drupal

Migrate File Entities to Media Entities

New Drupal Modules - 20 August 2018 - 2:05am

This module allows you to migrate Drupal 8.0 file entities to Drupal 8.5 media entities using the migrate module.

Categories: Drupal

Winter Storm Draco Annotated Source - by Ryan Veeder Blogs - 20 August 2018 - 12:36am
Here's the Inform 7 source text to my 2014 game "Winter Storm Draco," a text adventure about foolishly walking home through a blizzard. I've annotated the code with notes about writing in Inform 7 and my own design process.
Categories: Game Theory & Design

ADAPTIVE GAMEPLAY AESTHETICS (PART 2): A Disruptive Game Design Framework - by Krzysztof Solarski Blogs - 20 August 2018 - 12:35am
This 2-part essay provides a disruptive game design framework based on shape language and traditional composition for heightening physical empathy and the sensory experience of players with a focus on art and narrative-driven games and transmedia.
Categories: Game Theory & Design

Tension Vs. Tedium in Clash Royale: How Long Should Players Wait? - by Christian Karrs Blogs - 20 August 2018 - 12:15am
When does pulse pounding tension drift into yawning tedium? Tactful inactive moments can be powerful tools for game-makers to create anticipation, but it can be difficult balancing to avoid boredom. This post looks at how this arises in Clash Royale.
Categories: Game Theory & Design

Fuzzy Thinking: Firing into Melee

RPGNet - 20 August 2018 - 12:00am
Fuzzy slings and arrows.
Categories: Game Theory & Design

Colorfield: Decoupled Days 2018 documentation

Planet Drupal - 19 August 2018 - 11:39pm
Decoupled Days 2018 documentation christophe Mon, 20/08/2018 - 08:39 A few inspiring links related to the Decoupled Drupal Days, waiting for the session recordings.
Categories: Drupal


New Drupal Modules - 19 August 2018 - 10:10pm

An Integration module for Bank Central Asia.

BCA's documentation can be found here:

Categories: Drupal

Video Game Deep Cuts: A PICO Double Walking Dead

Social/Online Games - Gamasutra - 19 August 2018 - 6:16pm

This week's highlights include articles about new Walking Dead narrative & AR games, a talk on PICO-8's playfulness, and lots more besides. ...

Categories: Game Theory & Design

Video Game Deep Cuts: A PICO Double Walking Dead - by Simon Carless Blogs - 19 August 2018 - 6:07am
This week's highlights include articles about new Walking Dead narrative & AR games, a talk on PICO-8's playfulness, and lots more besides.
Categories: Game Theory & Design

Zeomine Server Monitor: Settings Server

New Drupal Modules - 18 August 2018 - 10:14pm

Zeomine Server Monitor (ZSM) is a Python-based server monitoring program that can be managed either by local YAML files, or via this settings server module. ZSM is primarily a file analysis program aimed at logs and server health as observed in linux's /proc folder, but may be extended with core and custom plugins.

Categories: Drupal

Flag Voting

New Drupal Modules - 18 August 2018 - 6:34am

Same as flag_rating module but based on VotingAPI.

Categories: Drupal

Debug Academy: ReactJS is coming to core. Learn "React for Drupal" at Drupal Europe w/affordable hands-on training!

Planet Drupal - 17 August 2018 - 10:54pm
Author: Shadia Mansour

JavaScript Frameworks have been taking the web by storm for years and ReactJS has become a clear frontrunner. With React, you can implement fast, slick, interactive web components without excessive complexity.

Additionally, ReactJS is the perfect fit for Drupal - the JavaScript initiative team is already working on building a ReactJS app for Drupal Core. Wouldn't it be cool to join their initiative and help them modernize Drupal's administrator UI with React? We can show you how.

Key Benefits of React w/Drupal Include:

  • Faster rendering when responding to user interactions
  • Easier development for more complex apps
  • Friendlier JS syntax (similar to SASS for CSS)
  • Fewer clicks
  • Fewer page reloads
  • and more!

Interested in learning more? At Drupal Europe, Debug Academy will be hosting a training, Elevate your Drupal 8 application with ReactJS, on Monday, September 10th. This training is an updated version of the most popular training which sold out at DrupalCon Nashville 2018, and profit from the training will be used to help support the volunteer-run Drupal Europe!

Attendees who will gain the most from this training are Drupal developers looking to gain hands-on experience with decoupled development and developers looking to learn how to use the popular JS Framework, ReactJS. Must Know JS or PHP to participate. Code & Training formatted to be accessible to developers, not exclusively for JS developers.

The first 8 people who register will receive a significantly discounted registration price of €250.00 + VAT tax (normally €400.00+).

Register for this training at Drupal Europe below!

This training is an updated version of the most popular training at DrupalCon Nashville 2018. It sold out there, so we encourage you to secure your spot soon! The first 8 people who register will receive a significantly discounted registration price of €250.00 + VAT tax (normally €400.00+).

  • Training date: Monday, September 10 from 9AM to 5PM
  • Training location: Drupal Europe in Darmstadt, Germany 

Learning Objectives: 

  • Learn to create a React Web App
  • Learn to set up Headless Drupal using Drupal 8
  • Create a React web app which communicates with a Drupal 8 task management website


  • Learn when & why to use decoupled Drupal 8, and why React is a great choice
  • (initial set up) Install pre-built Drupal 8 website
  • Modify Drupal 8 website to prepare it for headless integration 
  • Note: Website will not be 'fully' decoupled, will only decouple one content type
  • Create React App
  • Integrate React App with Drupal 8 website (displaying data)
  • Post data to Drupal 8 website from React App

Who Will Gain the Most From This Training?: 

  • Drupal developers looking to gain experience with Decoupled development
  • Developers looking to learn how to use the popular JS Framework, ReactJS
  • Note: Must know JS or PHP to participate. Code & Training formatted to be accessible to developers, not exclusively for JS developers.
Categories: Drupal


New Drupal Modules - 17 August 2018 - 3:25pm

Loyalist uses simple, non-invasive techniques to help site administrators identify site "loyalists". By default, a loyalist is defined as a user who visits the site three times or more in one week. The number of visits, duration, and "cooldown" time between visits can be modified via configuration.

Drupal 8 Requirements

No special requirements.

Categories: Drupal

Acquia recognized among Inc 5000 fastest growing companies

Dries Buytaert - 17 August 2018 - 1:09pm

Acquia was once again included the Inc 5000 listing of fast-growing private U.S. companies. It's a nice milestone for us because it is the seventh year in a row that Acquia has been included. We first appeared on the list in 2012, when Acquia was ranked the eighth fastest growing private company in the United States. It's easy to grow fast when you get started, but as you grow, it's increasingly more challenging to sustain high growth rates. While there may be 4,700 companies ahead of us, we have kept a solid track record of growth ever since our debut seven years ago. I continue to be proud of the entire Acquia team who are relentless in making these achievements possible. Kapow!

Categories: Drupal

Event Tickets

New Drupal Modules - 17 August 2018 - 11:33am

The Event Tickets module provides integration with many popular event e-ticketing services directly into your website.

Current e-ticketing services supported include:

  • Eventbrite

I am always open to suggestion for adding other e-ticketing services not on the list above. Create a new issue under the Feature Request category, and I will look into integrating the service.

Categories: Drupal


Subscribe to As If Productions aggregator