Newsfeeds

Give Me the Feels – Emotional Gaming

Gnome Stew - 30 October 2017 - 3:00am

With graceful fins and cruel sharp teeth, I have waited for years for this moment. Finally my revenge is nigh—the woman who sold me to a circus, once my love, is once more within reach of my ill tended tank. I have just cut a deal, sacrificing myself, to ruin her as she ruined me. As she succumbs before me, she asks me why I am doing this. She was here to save me, to bring me back; she couldn’t protect me but the circus could, just for a while, until she could get me back. And at the game table, I, a normal human, stare at the GM of this game (the masterful Kate Bullock), with tears streaming down my face at the cruelty in this world of pretend. After the game, I am so impressed with her for the intensity of the experience. I need a hug, and I can’t stop talking about the game, it was just so darn good. I can’t wait to play like that again.

I remember a time not so very long ago when I would have been horrified by this experience at the table. Expressing that much vulnerability was a scary and uncomfortable experience, and the emotional work involved in quashing it was intense. For that version of my gaming self, this game would have been a disaster, and yet it’s now the experience I can’t forget in the best possible way. So what makes these experiences possible for me?

  • Safety – tears do not necessarily mean stop for me, but some triggers still do.
  • Consent/Buy In – everyone at the table needs to be playing for the same experience.
  • Trust – I need to know everyone will abide by our agreements.
The Safety Dance

There are many tools for safety in gaming, and I know I still haven’t played with all of them. I play with an X card these days even in games where I am not expecting high levels of emotion, simply because it makes me, the GM, feel safer. I have messed up before, and I have messed up even with the card on the table, but it’s at least a basic net. Lines and veils are the next line of defense, and if you know your triggers and want to avoid them in play, then setting them up before the game is key. We all sometimes play in to unexpected situations, though, discovering things that we didn’t know were going to cause feelings in a bad way, and this is where we come to two other schools of thought that play in to emotional gaming: No One Gets Hurt and I Will Not Abandon You.

The theory behind No One Gets Hurt is that if you start dancing around someone’s triggery spaces, they tell you, and you back off and move on, draw the veil, fast forward, whatever is necessary to get out of that space. The theory behind I Will Not Abandon You is that you agree as a table to push at triggers, maybe intentionally, to experience those emotions, but that no matter what happens at the table, you stay for each other and remain emotionally available.

 Being open to the empathetic experience of a character, no matter what the circumstances create might mean telling my fiancé I’m a vampire, or telling my daughter to report her boyfriend to the police, or realizing I’ve sacrificed my immortality for revenge on a woman who did truly love me after all. I have found that my real comfort zone is almost the merging of these two. There are feelings and discussions that honestly belong with my therapist and not at the table, and those triggers for me function as hard limits. I am simultaneously willing to invest very heavily in these games, and be very vulnerable in them; I am playing to push at boundaries and have intense emotions. There is a difference to me between having a strong emotional experience and the terrible panic fear of a real trigger. Being open to the empathetic experience of a character, no matter what the circumstances create might mean telling my fiancé I’m a vampire, or telling my daughter to report her boyfriend to the police, or realizing I’ve sacrificed my immortality for revenge on a woman who did truly love me after all. They are strong feelings, and they’re not feelings that feel good in the moment; anger, fear, social anxiety, regret, guilt, and hate are not things I enjoy experiencing in my day to day life. Experiencing them at the table is intense, and offers the release of feeling them and then allowing them to go again, washed away by the end of the game. These limits, not wanting to feel emotions I usually consider “bad,” are much more soft limits, if you will. It’s these soft limits that I find catharsis in pushing.

Yes Means Yes

Okay, consent is important for pretty much everything, and the gaming table is no different. Consent and buy-in in a game work hand in hand for me—do we all consent to have this experience together? Having consented, are we all buying-in to the same scenario, and type of safety? If you’re playing No One Gets Hurt and I’m playing I will Not Abandon You, someone is going to get hurt. Being on the same page and buying-in to the same experience is key to making these games work for everyone.

Trust me, I’m a Gamer

Now I’m sitting at the table. I know how we’re handling the safety in the game; I know we’re all on the same page. I still have to trust the folks at this table, whether these are my friends or people I’m just happening on at a convention, that they will abide by our group decisions about safety and play, and that they will respect me and my emotional output in the game.

I don’t want to have this experience every time I game, nor do I want it at every table I game with. In the same way that many people enjoy haunted houses, scary movies, or intense TV dramas, I like to take my pretend with a side of catharsis that I can revel in when I, personally, feel safe. It’s akin to the ancient Greeks, watching tragedies to indulge their emotions in the same way they indulged food and drink. I am playing to indulge my emotions, safely. Sometimes it’s all about the tragedy . . . and sometimes, I just go back to wanting a comedy.

Do you play high emotional intensity games? Why or why not? What’s your favorite?

 

Categories: Game Theory & Design

Jacob Rockowitz: Organizing and Presenting Webform Training Materials

Planet Drupal - 30 October 2017 - 2:49am

Now that the post-DrupalCon Vienna events are in full swing and next year's pre-DrupalCon Nashville events are in the works, I’ve started organizing and creating next year’s Webform related presentations. I find presenting at DrupalCamps challenging and rewarding. The challenge is getting up in front of a large group of developers and talking about my work, but the reward is I get to meet people who use my work to build awesome forms.

Attending Drupal Camps & Events

In the past, I’ve managed to attend a bunch of events including DrupalCamp NJ, NYCCamp, DrupalCon Baltimore, Design4Drupal, and Drupal GovCon. My last camp of the year is going to be DrupalCamp Atlanta on November 2-4, 2017. I decided to go to DrupalCamp Atlanta because they are offering me the opportunity to do my first training session called Learn how to build awesome webforms and a keynote panel discussion. Yes, I am uncomfortable with public speaking, however I’ve committed myself to doing it for longer and in front of more people; this conference is pushing me to up my game. The hope is that it will prove to be a good thing for me, and hopefully will, in turn, be a good thing for others too.

Overcoming Challenges

One technique I’ve learned to overcome my weaknesses is to leverage my...Read More

Categories: Drupal

Roy Scholten: UX notes week 44

Planet Drupal - 30 October 2017 - 2:21am
30 Oct 2017 UX notes week 44

A selection of Drupal design topics and issues that are moving or should be :)

Small big win: status report pattern reuse in the migrate UI

A nice success from last week was closing a critical issue for Migrate UI. Particularly pleased that we were able to apply a new “summary” user interface element we recently introduced on the status report page.

Big one: redesign the administrative UI

There was a big interest in this over several meetings and workshops at Drupalcon Vienna and after. Seven theme hasn’t evolved much over the last years and it shows.

The right issues are not yet in place for this but I see and hear multiple people thinking about this. There’s multiple parts to this, of course:

  1. A visual update. What would the next version of this style guide look like?
  2. Improve the information architecture. Lots of solid thinking around this already.
  3. Introduce new interaction patterns. We still mostly rely on tables, select lists and other basic form elements. Experiments with JavaScript frameworks should help here but we should design these starting from user needs.
  4. Modernize the underlying theme architecture.
  5. Update and extend the user interface standards documentation.
Drupal core could use another usability test

The core feature set has grown considerably over the last couple of 8.x releases. On the one hand it would be smart if we found a way to do more smaller tests more often. On the other hand, since it’s been more than 2 years since the last big usability test we could do with one of those as well. Lets figure out what we can do. Check in here if you’re interested in helping with this.

Something to look forward to: Layout builder

The layouts-in-core team has been steadily working towards this. Looks like we are in great shape and on track to really honestly add a visual layout builder to core. There’s a patch going through the last stages of review and refine in https://www.drupal.org/node/2905922. One cool smart detail is that this will also introduce a dynamic way to dynamically generate icons for different types of layouts. Very nice indeed.

Permissions UI

Core and contrib modules often come with their own (set of) permissions. It’s how you can configure which roles get access to do what. This permissions UI is currently an ever growing sea of checkboxes. This does not scale, for user nor machine. The current model of a grid lists all available permissions in rows and all roles in columns needs a thorough rethink. Lets figure out a plan for how to do that.

Also,

& some more pointers to where you can go to find out what’s going on.

Enjoy your week!

Tags drupalplanet
Categories: Drupal

In The Company of Vampires

New RPG Product Reviews - 30 October 2017 - 2:00am
Publisher: Rite Publishing
Rating: 5
An Endzeitgeist.com review

This installment of Rite Publishing’s massive „In the Company…”-series clocks in at a massive 51 pages, 1 page front cover, 1 page editorial, 1 page SRD, 1 page advertisement, 1 page back cover, leaving us with 46 pages of content, so let’s take a look, shall we?


This pdf was moved up in my review-queue as a prioritized review at the request of my patreons.


After a brief foreword, we begin with a letter by Sovereign Evelyn Arlstead – the vampire correspondent and narrator that penned the in-character prose – a lady obviously at least slightly infatuated with Qwilion, which provides a rather amusing subtext throughout the flavorful prose that suffuses the pdf. She is rather adept at trying to “sell” undeath to Qwilion with honeyed words, interlaced with some flirtatious comments. Of course, as such, she does have some serious words for vampire-hunters, zealots, etc. Moroi, just fyi, would be the polite term for the vampiric race depicted herein. Physical description and poise, a predator#s confidence and danger’s subtle allure – the romantic notions associated with vampires have been duplicated in a rather compelling manner here. Fans of e.g. “The Originals” won’t be capable of suppressing a smile when the good lady comments on being “a bit melodramatic when it comes to family.” Similarly amusing: As the lady ges through the respective noble families, her own view color the descriptions. There are also the vampiric middle classes – the respective descriptions are briefer, but the descritions nonetheless are intriguing. As in Vampire: The Masquerade, those with thin blood constitute the lowest rungs of the social ladder.


Moroi are only created from the willingly embraced, but there are some moroi that can indeed generate slaves, a practice obviously condemned by the narrator – though the question of sincerity springing forth from her agenda makes this interesting. As with the revised installment on wights, we do have the modified ability score generation array for undead, Constitution-less races. Vampires retain speed and size of the former humanoid’s subtype, but none of the other traits. As such, they are Small or Medium, have slow or normal speed and ability-score-wise, gain +2 Cha, -2 Wis. Vampires gain darkvision and a natural bite attack (properly codified in type and size) that can also cause Constitution damage versus helpless and/or part of establishing a pin.


Which brings me to blood drinking: The vampire uses up 2 points of Constitution drained worth of blood per 8 hours of activity; blood and how to preserve it is concisely codified. Better yet, the math checks out – I happen to have done the math for the blood of humanoids the other day and the formula scales properly. Failure to satiate the thirst can result in fatigue, exhaustion, etc. – and vampires with a Cruor Pool can use that pool’s points to sate their hunger (more on that later). The way in which blood thirst is codified here is simulation-level precise, interesting and very concise. Excellent job here – frankly the best engine for this type of issue I have seen. As you can glean, this makes travelling potentially a challenging endeavor, though the pdf does provide considerations here. Big plus: At higher levels, the significant magic at the disposal of PCs can make the vampiric condition a trifle – however, there is an optional rule provided, elder’s thirst makes the draining ever more potent and dangerous – and thus harder to manage. Big plus, as far as I’m concerned, and nice way to remedy the trivializing options at higher levels. Now, everyone who played VtM with a serious level of detail will note how hunting can take up a lot of time: This pdf acknowledges that and provides means for vampires to hunt via a skill-check: The smaller the settlement, the more difficult it gets – though expenditure of gold, magic, current hunts, etc. can complicate the matter or make it easier. On a significant failure, the vampire may suffer from one of 10 consequences in a table, which may provide further adventuring potential. This system is not a lame addon – it works smoothly and 3 different feats interact with it. Kudos for the extra support accounting for Blood Pack teamwork hunting, Thralls and Territory (the latter makes hunting MUCH faster and reliable). In a nutshell, this represents the most detailed and elegant vampiric hunting/blood thirst engine I have seen for any d20-based game.


But I digress, back to the race, shall we? Vampires have families: The inspired gain channel resistance +2; Nightcallers gain scent; Nosferatu can demoralize adjacent foes as a move action; Shades increase their darkvision to 120 ft.; Sovereigns gain +2 Bluff and Diplomacy; Vanguards gain a weapon proficiency; Warlocks with Charisma of 11+ gain Bleed and Stabilize 1/day as a SP, governed by character level and Charisma. However, much like in VtM, each of these bloodlines comes with a curse: The Inspired are innately superstitious and have a taboo à la garlic, not entering holy ground, etc. Nightcallers can only rest while touching at least 1 cubic foot of their homeland’s soil; the Nosferatu, surprise, are disfigured and decrease starting attitudes of the living while undisguised. Shades can be blinded by abrupt exposure to light; Sovereigns cast no shadow or reflection and have a hard time approaching reflective surfaces. Vanguards can be paralyzed by wooden piercing weapons (deliberately kept vague) and warlocks can’t act during surprise rounds during the day and is flat-footed for the first round of combat while the sun is up. As with wights, the modified undead traits are listed for your convenience. Similarly, becoming a vampire later in the adventuring career is covered – kudos!


Regarding alternate racial traits, we have options to retain humanoid base racial traits – in two steps. The first renders susceptible to any source of fatigue or exhaustion, the second costs the racial immunity to death effects conveyed by the modified undead traits. Vampires with the elder trait can make Knowledge and Profession skill checks untrained and gain +2 to them, but must drink more blood to sustain them. Mingled lineages yield more than one lineage, but also the corresponding drawbacks and penalties to Charisma-based skill checks when dealing with other vampires. Survivalist nightcallers can sustain themselves via animals – but these must be killed and a HD-caveat prevents the vampire from just subsisting on a diet of kittens. Some vampires can discern information from tasting blood, losing the family’s racial ability benefit(s). Vampires with weak blood, finally, have no benefit or curse and require less blood to sustain themselves. Favored class options for alchemist, barbarian (which lacks a “ft.” after the +1 in a minor hiccup), bard, cavalier, cleric, druid, fighter, gunslinger, inquisitor, monk, oracle, paladin, ranger, rogue, sorcerer, summoner, witch and wizard are covered -alas, no support for the Occult classes, which is somewhat puzzling for me, considering e.g. the mesmerist. Oh well, perhaps in an expansion.


Pretty cool: There is a lite-version of the racial paragon class as a general archetype that can be applied to other classes, with the benefits balanced by the worsening curse. The other archetype included would be the cambion sorcerer. This guy can choose the Knowledge (religion) skill instead of the Bloodline skill. The archetype gains a unique list of bonus spells and may choose vampire bonus feats. The cambion may choose to gain the skills, feats and powers of the chosen family or bloodline, but at the cost of vulnerability to a material or energy type. The archetype gains a cruor pool as an additional bloodline arcana.


Which brings me to the racial feats: 8 feats are included; The cruor pool is ½ character level + Charisma modifier and can be used to store basically blood, with each point equal to 1 point of Constitution drained – this also can be used to power abilities. Extra Cruor increases the pool by 2. Fast Drinker lets you choose to deal 1d4 Constitution damage instead. Merciful Drinker decreases the blood you need to survive and can eliminate the pain caused by the bite. Recovery lets you help the living recover faster from blood loss. Stolen Life lets you expend cruor to heal/gain temporary hit points, the latter with a limit. Unfortunately, this ability fails to specify the activation action. Undead Mind lets you use cruor to turn a failed Will-save versus mind-affecting effects into a success, while Undead Resilience provides the analogue for Fort-saves versus diseases, poisons and energy drains – these btw. properly codify the activation action.


The pdf also contains 5 racial spells: Blood supply temporarily increases the cruor pool; rain of blood can nauseate and frighten the living exposed to it; suppress curse is pretty self-explanatory regarding the context of the race, as is greater vampiric touch; villain’s feast can sustain the undead and vampires and otherwise is basically the undead version of heroes’ feast.


The pdf also includes, obviously, a massive racial paragon class, the blood noble, including favored class options for the dhampir, elf/half-elf, dwarf, gnome, half-orc, halfling and human races. The blood noble gains ¾ BAB-progression, good Fort-, Ref- and Will-saves, d8 HD, 4 + Int skills per level and proficiency with simple weapons and light armor, but not with shields. The class gains the Cruor Pool feat as a bonus feat at 1st level. Also at first level, the noble family chosen upon character creation, with mingled lineage’s effects accounted for properly. Benefits-wise, this provides a number of class skills based on the respective family.


The class also begins play with undead evolution: +2 to saves against diseases, poison and mind-affecting effects. This bonus increases by +2 at 4th and 7th level, culminating in immunity at 10th level. 13th level yield energy drain immunity, 16th immunity to ability score damage and 19th, immunity to ability score drain – however, in a nice caveat, self-inflicted drain is not covered by this immunity. The class gains a bonus feat from a custom list at 3rd level and every 3 levels thereafter.


The development of vampiric abilities is handled via blood talents: The first is gained at 2nd level, with every 3 levels thereafter yielding another talent. And yes, talents based on secondary families are not at full strength.At 6th level and every 6 levels thereafter, the blood noble can choose to get an additional blood talent – but if the noble does gain one of these, the blood noble also worsens the effects of the respective family curse. Each of the curse-progressions further develops what we’d associate with the families – flavorful and sensible. Nice! The capstone makes permanent destruction contingent on a special set of circumstances, once again defined the family of the blood noble. Really cool!


The blood talents come in two big categories: General talents that may be chosen by any blood noble, and those that are exclusives for the respective family. The general talents are reminiscent of the classic vampire tricks – ability-score boosts via cruor, channel resistance, spawn creation, energy drain, fast healing that’s contingent on cruor and sports (thankfully!) a daily cap, DR, supernatural movement forms based on family (thankfully without unlocking flight too soon), natural armor, slam attacks, skill boosts or some energy resistances. All in all, solid selection.


The inspired can gain cultists, channel negative energy via cruor, quench the thirst of other vampires…and from blood oaths t gaining cultists, a domain, etc., the talents are somewhat resembling the Assamites/Setites from VtM, just with a broader, more generally divine focus. The Nightcallers would be the Gangrel equivalents – with animal calling feeding from animals, gaseous form, melding into stone, locating foes – basically the wilderness hunter/survivalist. Nosferatu are the Max Schreck-style, inhuman and ghoulish vampires – like their namesakes in VtM, though less disfigured. They can drink the blood of the fallen, crry diseases and learn to temporarily suppress their unsettling appearance…or exhibit stench. Strigoi nets a tentacle-like, fanged tongue and there is the option to animate the dead or detach body parts to act autonomously – a nice option if you’re looking for a monstrous vampire.


Shades would be the equivalent of the Lassombra – the shadow magic/illusion specialists. Nitpick: The Veil ability lacks its type. Sovereigns would be the representation of the aristocratic Ventrue and as such, are the vampiric leaders, with charming, deathly allure, soothing demeanor, telepathy – basically the option for the potent face/enchanter. Vanguards are the vampiric fighters and as such, are closest to the Brujah clan in VtM, with cruor-based blood memory, granting proficiencies, better CMB/CMD, armor training, weapons that are treated as magical, self-hasteing…you get the idea. Finally, the warlock family would be the representation of the Tremere: These vampires can gain progressively better wizard-list based SP – additional uses beyond the basics are unlocked later and contingent on cruor. Beyond that, blood-based metamagic and homunculi can be found here.


While the vampire families are VERY CLEARLY inspired by VtM’s clans, it should be noted that the blood lineage is a significantly more fluid concept herein.


The pdf also contains a vampire template for the GM to make use of the material herein – kudos! Speaking of which: Lady Evelyn’s post scriptum made for a fun way to end the pdf.


Conclusion:

Editing and formatting are very good on both a formal and rules-language level – I only noticed cosmetic glitches and those are pretty few and far in between and don’t compromise the rules. Layout adheres to Rite Publishing’s two-column full-color standard and the pdf sports nice full-color artworks, all of which I haven’t seen before. The pdf comes fully bookmarked for your convenience.


If you’re one of the unfortunates who didn’t have the chance to check them out back in the day: In the 90s, I consumed World of Darkness books, both roleplaying supplements and novels, religiously. I adored Vampire: The Masquerade. Yes, the rules sucked and yes, it was a nightmare to GM, but I adored the game. Big surprise there, right? Well, that ended when Vampire: The Requiem’s lore-reboot hit (just didn’t click with me, lore-wise) and there was another book that pretty much ended, at least for a time, all desire I had to see vampires in game: That would be the d20-version of the World Of Darkness back in the 3.X days. I love Monte Cook as a designer, I really do, but oh BOY did I LOATHE this book with every fiber of my being.


Where am I going with this tangent? Well, this pdf constitutes, at least in my opinion, the “Play a VtM-story in d20”-toolkit I expected the d20 WoD-book to provide. The rules are deliberate, precise and interesting; balance is retained…in short, Steven T. Helt and Stephen Rowe provide THE single best “Play a Vampire”-option currently available for PFRPG. I love the prose, the clans, äh, pardon “families” – they strike a chord with me and work without needless complexity – If you know how to play PFRPG, you will be capable of using this – the design is very smooth. If there is one thing that could be considered to be a weakness of this book, then that would be the fact that the respective families and their unique ability-arrays and options could have carried a book of easily 4 times the size – the topic of vampires, particularly of vampires indebted to VtM’s aesthetics, can cover at least 200 pages. So yeah, this is a good candidate for an expansion/hardcover with more lore, family traditions, etc. – or, you know, you can dig up your old VtM-books and start adapting their flavor, add more blood talents…


My second, minor complaint, the second reason I’m asking for an expansion, would be the curious absence of occult adventure or horror adventure support: Vampires and madness (the weight of years), occultists and mesmerists…these books seem to be natural fits and the pdf doesn’t offer anything in that regard. Now, let it be known: The bang for buck ratio is excellent here. Similarly, vampires depicted herein will not unbalance campaigns wherein not all PCs are vampires, which is a HUGE plus, as far as I’m concerned – this is very easily usable. Still, this book did leave me wanting more, probably courtesy to my own long-term attachment to VtM’s lore. In the end, my final verdict will hence clock in at 5 stars for this book – and since I am a vampire fanboy, I will also add my seal of approval to this book, in spite of my nagging feeling that there ought to be more. If you do not share my love for VtM, you should mentally take away the seal.

Endzeitgeist out.
Categories: Game Theory & Design

20 Things #19: Kobold Warren (System Neutral Edition)

New RPG Product Reviews - 30 October 2017 - 1:51am
Publisher: Raging Swan Press
Rating: 5
An Endzeitgeist.com review

This installment of Raging Swan Press' system-neutral #20-series clocks in at 12 pages, 1 page front cover, 2 pages of advertisement, 1 page editorial, 1 page SRD, 1 page back cover, leaving us with 5 pages of content, so let's take a look!


We begin the supplement with 10 events to occur in a kobold warren – from furtive scratches to piping that may constitute a warning, these are pretty cool. Then, we get a truly cool table: 10 extra things to say when the PCs fail to find a trap. This table is extremely helpful: The entries generate paranoia and atmosphere. Two thumbs up!


Of course, when failure is an option, there ought to be traps, right? Well, 10 system neutral, description-only traps are provided – and they generally are pretty creative: Embedded bellows, jars containing green slime in the ceiling and so on – so yeah, while we do not get Grimtooth-levels of complexity here, I was still pretty positively surprised by what the humble array provided.


There is a second array with 10 more traps here as well – like cavern orb spider silks, earthen jars with fermented troll excrement etc. – the deadly and twisted playfulness of kobolds comes through rather well – kudos! The pdf also sports 10 entries of kobold warren dressing, ranging from mottled scales to crude drawings or coils of string tied to painted pegs – really neat dressing entries.


The table of 20 things to loot from a kobold warren has been reproduced from the first 20 things-compilation. Finally, we get an “abnormal X”-generator: 10 different appearances for uncommon kobolds, 10 battle tactics and 10 sample treasures to be found on the foes can all be used to customize the kobolds encountered.


Conclusion:

Editing and formatting are top-notch, I noticed no significant glitches. Layout adheres to Raging Swan Press' elegant two-column b/w-standard and the pdf comes fully bookmarked for your convenience. The b/w-artworks are really nice. Additionally, the pdf comes in two versions, one optimized for the printer and one for screen-use - kudos for going the extra mile there! The pdf sports several pieces of nice b/w-artworks.


Aaron Bailey, Creighton Broadhurst and Paul Quarles have created a fun, creative dressing file. Compared to e.g. the goblin installment, it feels a bit more creative in the respective entries and while I would have liked a new table instead of a reprint of the looting material, the pdf is inexpensive and definitely worth checking out. My final verdict will hence clock in at 4.5 stars, rounded up for the purpose of this platform.

Endzeitgeist out.
Categories: Game Theory & Design

Agiledrop.com Blog: AGILEDROP: We are not here to replace your team

Planet Drupal - 30 October 2017 - 1:26am
The history and future There is this digital agency which has specialized itself in Drupal a couple of years ago. Let’s call it Gr8 Solutions. And the business is very good, they signed some fancy contracts with some of the biggest companies in the country over the years and thus built themselves a reputation for being professional and creative. And in the process of acquiring new clients and new projects they were steadily growing. This also resulted in hiring a few new developers, a designer, and a salesperson. Fast forward to very near future, nothing memorable happened in the meantime.… READ MORE
Categories: Drupal

qed42.com: Securing Cookie for 3rd Party Identity Management in Drupal

Planet Drupal - 30 October 2017 - 1:15am
Securing Cookie for 3rd Party Identity Management in Drupal Body

We are in an era where we see a lots of third party integrations being done in projects. In Drupal based projects, cookie management is done via Drupal itself to maintain session, whether it be a pure Drupal project or decoupled Drupal project,.

But what when we have a scenario where user’s information is being managed by a third party service and no user information is being saved on Drupal? And when the authentication is done via some other third party services? How can we manage cookie in this case to run our site session and also keep it secure?

One is way is to set and maintain cookie on our own. In this case, our user’s will be anonymous to Drupal. So, we keep session running based on cookies! The user information will be stored in cookie itself, which then can be validated when a request is made to Drupal.

We have a php function to set cookie called setCookie() , which we can use to create and destroy cookie. So, the flow will be that a user login request which is made to website is verified via a third party service and then we call setCookie function which sets the cookie containing user information. But, securing the cookie is must, so how do we do that?

For this, let’s refer to Bakery module to see how it does it. It contains functions for encrypting cookie, setting it and validating it.

To achieve this in Drupal 8, we will write a helper class let’s say “UserCookie.php” and place it in ‘{modulename}/src/Helper/’. Our cookie helper class will contain static methods for setting cookie and validating cookie. Static methods so that we will be able to call them from anywhere.

We will have to encrypt cookie before setting it so we will use openssl_encrypt() php function in following manner:

/** * Encrypts given cookie data. * * @param string $cookieData * Serialized Cookie data for encryption. * * @return string * Encrypted cookie. */ private static function encryptCookie($cookieData) { // Create a key using a string data. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Create an initialization vector to be used for encryption. $iv = openssl_random_pseudo_bytes(16); // Encrypt cookie data along with initialization vector so that initialization // vector can be used for decryption of this cookie. $encryptedCookie = openssl_encrypt($iv . $cookieData, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); // Add a signature to cookie. $signature = hash_hmac('sha256', $encryptedCookie, $key); // Encode signature and cookie. return base64_encode($signature . $encryptedCookie); }
  1. String parameter in openssl_digest can be replaced with any string you feel like that can be used as key. You can keep simple keyword too.
  2. Key used should be same while decryption of data.
  3. Same initialization vector will be needed while decrypting the data, so to retrieve it back we append this along with cookie data string.
  4. We also add a signature which is generate used the same key used above. We will verify this key while validating cookie.
  5. Finally, we encode both signature and encrypted cookie data together.

For setting cookie:
 

/** * Set cookie using user data. * * @param string $name * Name of cookie to store. * @param mixed $data * Data to store in cookie. */ public static function setCookie($name, $data) { $data = (is_array($data)) ? json_encode($data) : $data; $data = self::encrypt($data); setcookie($name, $cookieData,Settings::get('SOME_DEFAULT_COOKIE_EXPIRE_TIME'), '/'); }

Note: You can keep 'SOME_COOKIE_KEY' and 'SOME_DEFAULT_COOKIE_EXPIRE_TIME' in your settings.php. Settings::get() will fetch that for you.
Tip: You can also append and save expiration time of cookie in encrypted data itself so that you can also verify that at time of decryption. This will stop anyone from extending the session by setting cookie timing manually.

Congrats! We have successfully encrypted the user data and set it into a cookie.

Now let’s see how we can decrypt and validate the same cookie.

To decrypt cookie:

/** * Decrypts the given cookie data. * * @param string $cookieData * Encrypted cookie data. * * @return bool|mixed * False if retrieved signature doesn't matches * or data. */ public static function decryptCookie($cookieData) { // Create a key using a string data used while encryption. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Reverse base64 encryption of $cookieData. $cookieData = base64_decode($cookieData); // Extract signature from cookie data. $signature = substr($cookieData, 0, 64); // Extract data without signature. $encryptedData = substr($cookieData, 64); // Signature should match for verification of data. if ($signature !== hash_hmac('sha256', $encryptedData, $key)) { return FALSE; } // Extract initialization vector from data appended while encryption. $iv = substr($string, 64, 16); // Extract main encrypted string data which contains profile details. $encrypted = substr($string, 80); // Decrypt the data using key and // initialization vector extracted above. return openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); }
  1. We generate the same key using same string parameter given while encryption.
  2. Then we reverse base64 encoding as we need extract signature to verify it.
  3. We generate same signature again as we have used the same key which was used to creating signature while encryption. If doesn’t signatures doesn’t matches, validation fails!
  4. Else, we extract initialization vector from the encrypted data and use to decrypt the data return to be utilized.
/** * Validates cookie. * * @param string $cookie * Name of cookie. * * @return boolean * True or False based on cookie validation. */ public static function validateCookie($cookie) { if (self::decryptCookie($cookieData)) { return TRUE; } return FALSE; }

We can verify cookie on requests made to website to maintain our session. You can implement function for expiring cookie for simulating user logout. We can also use decrypted user data out of cookie for serving user related pages.

navneet.singh Mon, 10/30/2017 - 13:45
Categories: Drupal

How we manage scenes and takes on Angest for GearVR - by Victor Hasselmann

Gamasutra.com Blogs - 29 October 2017 - 11:58pm
This article will cover how we planned to manage both Take & Event Systems to meet the need of having multiple arrangements in the same scene. Also, how these systems made scripting and debugging easier for both GDs and QA team.
Categories: Game Theory & Design

Staying Afloat - Keeping Up Sales in Early Access - by Nicholas Lives

Gamasutra.com Blogs - 29 October 2017 - 11:55pm
You know how to sell and launch your game, but how do you keep up those sales after launch? This was our challenge after launching We Need To Go Deeper into Steam Early Access, and these are our successes and failures in trying to keep the game afloat.
Categories: Game Theory & Design

Beautifier

New Drupal Modules - 29 October 2017 - 11:29pm
Categories: Drupal

Simple Entity Import

New Drupal Modules - 29 October 2017 - 10:46pm

Provides entity importing. Simpler than Feeds. Check examples for users importing.

Categories: Drupal

Video Game Deep Cuts: Mario's Half Million Daily Runs

Social/Online Games - Gamasutra - 29 October 2017 - 8:23pm

Some of this week's article/video highlights include a tech breakdown of Super Mario Odyssey, a very solo Steam dev who's sold half a million copies, and the culture of 'daily runs' for games. ...

Categories: Game Theory & Design

Content Mgr

New Drupal Modules - 29 October 2017 - 7:43pm

Helps Site Administrators, Web and Content Managers by localizing various content structure and content management features into one place. Quicktabs and Bootstrap Quicktabs are dependencies. Planning to make the module more flexible and able to rely on other core functionality to display various forms and interfaces via ajax.

Categories: Drupal

Fixed block content

New Drupal Modules - 29 October 2017 - 9:11am

Provides a way of having permanent custom content blocks without broken instances if the block does not exist. A new fixed block type acts as a wrapper for the content block. If the custom block disappears, this module will re-create it as a new empty block or with a default content stored in config. No more "This block is broken or missing" in your staging.

Categories: Drupal

Video Game Deep Cuts: Mario's Half Million Daily Runs - by Simon Carless

Gamasutra.com Blogs - 29 October 2017 - 7:46am
Some of this week's article/video highlights include a tech breakdown of Super Mario Odyssey, a very solo Steam dev who's sold half a million copies, and the culture of 'daily runs' for games.
Categories: Game Theory & Design

Link Preview Field

New Drupal Modules - 29 October 2017 - 3:40am
Categories: Drupal

Access NASA API

New Drupal Modules - 29 October 2017 - 1:06am

This module access to NASA API in order to get their information and make it usable from Drupal.

Categories: Drupal

Matt Glaman: Using JSON API to query your Search API indexes

Planet Drupal - 28 October 2017 - 8:18pm
Using JSON API to query your Search API indexes mglaman Sat, 10/28/2017 - 22:18 The JSON API module is becoming wildly popular for in Drupal 8 as an out of the box way to provide an API server. Why? Because it implements the {json:api} specification. It’s still a RESTful interface, but the specification just helps bring an open standard for how data should be represented and requests should be constructed. The JSON API module exposes collection routes, which allows retrieving multiple resources in a single request.
Categories: Drupal

Review Roundup

Tabletop Gaming News - 28 October 2017 - 11:00am
It’s the weekend! Wooooo! Partaaaaaaaaaay! And by “Party,” I mean gaming! Working on getting this Review Roundup and then gonna head out to the LGS to play some Guild Ball. Today we’ve got: Tiny Epic Quest, Sagrada, Azul, InBetween, BONK, Stop Thief!, Agility, Cast the Ritual, Fog of Love, H.I.D.E., First Class: All Aboard the […]
Categories: Game Theory & Design

Drupal Content Sync

New Drupal Modules - 28 October 2017 - 6:21am

Drupal Content Sync is a module that provides content synchronization features between multiple Drupal sites using the API Unify Backend of Bright Solutions.
This module does nothing stand alone, it requires a connection to a running instance of Drupal Content Sync and the synchronization engine API Unify (contact me to get a demo or access to the service).

Categories: Drupal

Pages

Subscribe to As If Productions aggregator