28 April, 2011

Passwords, part one of two

In light of the current PSN disaster, and with clear memory of the recent Gawker problems, I want to write about something important, which bothers me a lot.

Do not use the same password in multiple places.

People do not understand why this is such a gigantic problem. They think it is just a matter of convenience (few passwords to remember) versus security, quite alike to how you don't use a different key for every lock in your life. The key that opens your car also starts it, and the key to your apartment complex also opens the door to your flat. But that is very far from the truth. The proper analogy would be to use a single key for all your locks, but at the same time, give a copy of your key to safeguard to every single person that ever enters your home, including the plumber and the boyfriend of your daughter of whom you do not approve.

In more technical terms: If you use the same password for Twitter, Facebook, Gmail, eBay, Gawker, PSN and Flickr, then your chance of losing all accounts in one fell swoop has risen significantly. It does not matter if Gmail and eBay have tight security. If Twitter screws up, your bank account is gone. If Flickr screws up, your bank account is gone. If PSN or Gawker gets hacked, kiss your eBay account goodbye.

It does not actually end here, it gets worse. We all have our major sites which we use daily. But most of us also have accounts at places where we really do not need them often. I play Bloodline Champions (recommended!) which is a tiny game with only a few thousand players, made by a small developer. But I have a forum account for that, which is all but inactive. Still, there is a password involved. And if they get compromised, or a disgruntled employee leaves them, my password could get lost. If it were identical to my others, I would be in trouble.

And it gets worse still. There are quite a few sites out there who want you to register with them, for no reason whatsoever. Some warez downloads lead to files that are password protected, with a text file nearby, telling you to register at their shady site. If you do, not only are you prone to get spam on your e-mail, but even worse, they get a username/password combination from you. They can just try that on google and see if it works. This is the extreme, but do you trust Google? Do you trust Twitter? Do you trust the guy that hosts that discussion forum on politics / porn / kittens you frequent often? Or would he just sell your password? Identity theft is a serious business.

Next up: How to do better.

There is such a thing as "salted hashes", which is a technique to store passwords on a server without allowing people to read it, so as to prevent an employee to sell them. In that case, it is a lot harder to get your real password. But it requires that the people running the service know what they are doing. Most do, but if only one does not and gets compromised, the shit has hit the fan.

22 April, 2011

Portal 2 and Refactoring (alpha 4)

I planned to write a post earlier this week. Then Portal 2 happened and I was forced to play through that once or twice. It's incredibly good and you should definitely go play it now.

In other news, a small (but not insignificant update). I've been doing some refactoring. For the non-technical reader: that means I rewrote parts of the code so it works exactly as before, just better. This also meant that I could clean up some convoluted problems with rewards, which work now much nicer than before. There are two major changes:

Rewards for stats are very much streamlined now. The following example is now valid (though a bit silly).

<stat exp="50" level="10" repeat="Inefficient" tag="Charming" untag="Ugly">Personality</stat>
Essentially, I've merged and nodes, and removed the unintuitive requirements for them to have only a subset of all options available at a time. I still would not recommend to mix @level and @exp, because that will reward experience twice (and possibly influence each other), and of course, you can only have a single @tag and a single @untag node per stat. That's just how XML works for attributes.

I found "Primary" and "Secondary" to be really imprecise and unclear, not to mention rigid and difficult to use correctly. So I threw that out, and instead give you very simple mathematical tools. We now have the option to average values, or to add or subtract some, or parts of them. Example:

<sub mul="0.2">Trauma<sub>

This will take the average of both Reflexes and Lucidity, then subtract 20% of the Trauma value, and add the Muscle value in full. The total is then tested against. Powerful, but very simple. Most actions will probably just use a single node, and be done with it.

I've also added a few more actions to the demo, showing off on how to do shopping. If you read through the XML to see how it is done and come to the conclusion that this takes a lot of effort to do, then you are correct. Inventory management is also not really something that I think RPGs should obsess over so much. The process of buying an item should be more interesting than the item itself. There is also slightly more content at The Coffee Shop. But as said before: I'm not so much a writer as a software engineer.

11 April, 2011

Challenge Pass/Fail in Alpha 3 (r52)

On request, I added the option for challenges to be deterministic: You can declare a certain value, and if the player has the required stats as high or higher, he will automatically pass. If he has less, he will fail. No dice rolled, no random chance, no luck. Obviously, it is simpler to use, since it only requires a single value.

09 April, 2011


What is this thing I am making, exactly?

I comes down to this: An engine to play story-based games in it. Imagine an RPG, but without the (often tedious) combat (and no graphics, I'm not quite rich enough to pay 50 artists for three years). My objective was to write a game which can be extended by fans and which uses some of the ideas that have shaped game design in the last ten years, but without all the typical crap in AAA-titles, such as long and boring combat just to make the game last longer. 

I would hope that people will pick up on the idea of writing their own stories or small storylets, and share them with each other. If possible, it would be nice if everyone would try to write in an action to get from a central transport hub to their respective places in some way (if you want to write your own locations, which I hope), or add to the general fundus. I kindly ask that you do not edit somebody else's work and pass it off as your own (and to be clear: that would be a copyright-infringement), but you are of course free to take their work as inspiration.

The engine runs on flash 10, and will read all .xml files in its program folder. Pictures  are loaded with paths respective to that folder too. Currently, write or administration access is not needed (mostly because one cannot save their game, yet).

I plan to offer a correct XML-schema and validation at some point, but that is really boring to program, so I skipped it for now.

Setting (of the demo)
The setting and basic examples are very loosely based on Eclipse Phase (by Posthuman Studios, free to download and it's worth a read or play in any case), with some stats, ideas and topics taken from there. The rules used are quite different though. 

I have decided on a handful of "official" things. Do not write redundant stats such as Strength or Health, and try to be a bit original.

Stats: Reflexes, Lucidity, Determination, Suaveness, Muscles, Trauma
Items: Character Creation Credits, Yen (though more currencies and exchange actions are an obvious path to take)

Legal crap
This stuff is copyright 2011, Kajetan Abt. I used a few pictures I found on image boards, such as /tg/booru. If you made them and want to be credited or have them taken down, just tell me.

You are free to use everything as long as you don't try to sell it. You may (try to) sell stories you write yourself, of course, since you still own that copyright. I only claim the engine and the storylets I wrote myself.

No restrictions apply on what you can write. If it is good, I would like to read it, and I will possibly link to it.

08 April, 2011

Alpha 2

A decent update, I would call it.


  • Additional Requirement nodes for Location, Time or Date
  • Multiple Rewards work now (mostly used by Rules)
  • XML structure reworked
    • Mostly Rules (those look rather different)
    • Requirements are now more similar to Rewards
    • Bugfixes
The new files can be found here (with updated documentation):

If you look at the XMLs and think they are complex, just open the HowTo.rtf, it should explain enough to get started. If that's not good enough, please leave a comment, I will clarify.

If you need Adobe Air to run it, you can find it here: http://get.adobe.com/air/

Edit: I have added a file "Story_Alpha2_InstalledFiles.zip" which is a zip containing the installed files. If anyone tries to use it without having Air installed, please let me know it that works. I do not want to uninstall Air to test that, because that would mess with my developer environment.

07 April, 2011

Story Engine Alpha 1

Games are a big hobby of mine. Card games, board games, or the thing that made me study Computer Science: Computer games.

I gripe a lot about how computer games are shallow, do not evolve much (apart from the indies which have had a hugely successful year with Minecraft and World of Goo), but mostly: How all, including the vast majority of indie games, are about one thing, and one thing only: Combat.

I do not think I exaggerate when I claim that 99 out of a hundred games are purely about killing, murdering, shooting or slashing enemies. Be they humans, be they zombies, aliens, robots, tanks, ships, spacecraft, military, monsters, dragons, bugs or even abstract shapes. Seriously, why does this hobby come down to killing so much? I can accept that a game without conflict would not work very well, and of course, combat is a form of conflict that we all understand. But on the other hand, is it really necessary? Can't we have conflict without death?

I could rant on and on, and much to my friends annoyance, I frequently do. And "do it yourself then!" is such an annoying argument.

So that is what I did.

I hereby release the absolutely first version of a piece of software that I hope will inspire some people to create something more than just murder simulators.

Downloads: See bar to the right.

How to install:
1. Install the AIR application (you might need AIR from Adobe)
2. Unpack the zip into the application directory, so the xmls are in the same folder as the .swf and the pictures are in a subfolder.