I have been really busy writing code and implementing features I want (or some people have actually requested). The editor works much better and can do nearly everything now (except for Chances). In addition, there is now the possibility of skinning the application during execution. You can just write something like a style-sheet and have that applied like any other event. This has two consequences: One, people can now theme their games. Two, it is even possible to change colours and pictures during play. As a simple example: You can bathe the UI in a green jungle while the player is in the jungle, and then switch to a clean blue/white interface when they enter a space station. I think when used well, this will do wonders for immersion.
Lastly, I have nearly tripled the amount of demo game. The reason is simple: The editor makes writing it so much easier and comfortable, one can just type away without spending a ton of care on the XML-format. The (very significant) time spent on creating the editor seems to pay off. I believe I actually spent more time on the editor than on the engine itself.
Lastly, I fixed how folders behave. No longer do you have to bother with writing in the application directory (a hassle on Windows 7, a near-impossibility on OS-X), instead you can just freely chose your working folder.
Oh, and there is Save/Load functionality.
The download can be found at the usual spot:
http://www.wuala.com/Kdansky/StoryTellingEngine/
10 August, 2011
08 August, 2011
Motivation!
A few people have shown interest in using my work, which has motivated me to spend another few hours polishing and adding features.
The files can be found (as usual) here:
http://www.wuala.com/Kdansky/StoryTellingEngine/
You will require both the alpha7_story.air and also the zip file with the demonstration data. Install the application anywhere you like except at your C:\Programs\ folder, or else the editor won't be able to edit the files, and unpack the zip inside the same folder. There will be a proper data folder at some point.
I also highly recommend looking at the documentation if you want to write your own content. The editor takes care of all the XML, formatting and validating, but it is still very helpful to know how the internals work to figure out how to do something.
Note: Opera seems to muck up .air files because it falsely believes they are .zips. It has been known to do that with .jar files too. The only work-around I know is to use another browser.
As for an incomplete change log:
The files can be found (as usual) here:
http://www.wuala.com/Kdansky/StoryTellingEngine/
You will require both the alpha7_story.air and also the zip file with the demonstration data. Install the application anywhere you like except at your C:\Programs\ folder, or else the editor won't be able to edit the files, and unpack the zip inside the same folder. There will be a proper data folder at some point.
I also highly recommend looking at the documentation if you want to write your own content. The editor takes care of all the XML, formatting and validating, but it is still very helpful to know how the internals work to figure out how to do something.
Note: Opera seems to muck up .air files because it falsely believes they are .zips. It has been known to do that with .jar files too. The only work-around I know is to use another browser.
As for an incomplete change log:
- Save/Load functionality (1 Save slot for now)
- The editor has received a better layout (especially on large screens, go full-screen for maximum effect)
- Some forgotten parameters (chance, pass, crit, botch) have been added to the editor
- Empty textboxes should now always result in the correct behaviour
- As usual, many bugfixes. Apparently, challenge difficulty has been broken in many cases.
06 August, 2011
The Editor
Finally, after a long period of writing a lot of code without being able to share the results, I have a big (actually, gigantic) update for my StoryEngine. It's the in-game editor. While playing, you can just click on the small new Button labeled "edit" and directly enter edit mode. All the complex XML is parsed and shown with a pretty GUI, and you can click buttons to add rewards and such!
Actually, it's rather ugly, but serviceable. Getting everything to show on a limited screen was a big challenge, because Actions can be very complex beasts.
Some things could be more convenient, such as auto-completion of item names, but I had to force myself to write most of the rather boring GUI code, and didn't want to wait until I had all the neat features that I would like to.
The Compile-button will show the XML that is generated from the GUI. This was mostly for me to debug with. When you save, the program will store the data from the GUI directly in the file that the action is from. In case the id was changed, it will create a new action with this id. Note that it will not yet appear during play, because the engine only loads Actions at program launch.
Caveats and known issues and bugs:
Actually, it's rather ugly, but serviceable. Getting everything to show on a limited screen was a big challenge, because Actions can be very complex beasts.
Some things could be more convenient, such as auto-completion of item names, but I had to force myself to write most of the rather boring GUI code, and didn't want to wait until I had all the neat features that I would like to.
The Compile-button will show the XML that is generated from the GUI. This was mostly for me to debug with. When you save, the program will store the data from the GUI directly in the file that the action is from. In case the id was changed, it will create a new action with this id. Note that it will not yet appear during play, because the engine only loads Actions at program launch.
Caveats and known issues and bugs:
- Not all features are yet supported. Some of the more complex (like chance modifiers depending on requirements) are not visible at all.
- It is of questionable visual appeal.
- Only actions can be edited, no locations, stats, items or rules. On the other hand, actions are about 99% of all content, and the other things are so damn simple that the lack of editor should not matter. As an example: locations pretty much come down to a triplet of name, description and picture.
- Stuff is very untested.
- It is not required to know the XML schema to be able to use it, but certainly a big advantage.
- Icons do not load.
Due to issues with my usual download, here are two less practical links:
The v4 XMLs should be pretty much compatible though, I've fixed a few bugs at best.
23 July, 2011
Passwords, part three of two
This post and more specifically, this comment make me want to write a few more sentences on the topic of password selection. First off, the article is a good read, and talks about what kinds of bad passwords people chose.
Now for the frequent objections I get to the method I suggest. They all some some truth to them, but none of them are convincing enough not to use this system.
1. Someone can figure out your password generating rule if they get to look at one of them.
An example: okdufgo3fa. Can you tell that this is a password for Facebook? Could you tell that erdufgo3ga would be the corresponding Gawker password? You probably can, at least if you have two, and if you took a few moments to go through the most obvious ways to do that. There are two issues with this: One: This is a problem where you have to find a pattern. Humans brains are ridiculously good at anything pattern-related. Computer chips on the other hand are incredibly bad at it, especially if you start to use rules which are obvious to humans, but arbitrary to computers, such as "put all vowels in front of the consonants (facebook becomes aeoofcbk). Computers don't even know about vowels.
This directly leads us into our second point: We have CPU power in abundance, but not human eyes. No hacker would bother looking at thousands of leaked passwords personally, trying to figure out the rule for every one of them. And since everyone else has a password like '12345', why should he even bother?
Now for the frequent objections I get to the method I suggest. They all some some truth to them, but none of them are convincing enough not to use this system.
1. Someone can figure out your password generating rule if they get to look at one of them.
An example: okdufgo3fa. Can you tell that this is a password for Facebook? Could you tell that erdufgo3ga would be the corresponding Gawker password? You probably can, at least if you have two, and if you took a few moments to go through the most obvious ways to do that. There are two issues with this: One: This is a problem where you have to find a pattern. Humans brains are ridiculously good at anything pattern-related. Computer chips on the other hand are incredibly bad at it, especially if you start to use rules which are obvious to humans, but arbitrary to computers, such as "put all vowels in front of the consonants (facebook becomes aeoofcbk). Computers don't even know about vowels.
This directly leads us into our second point: We have CPU power in abundance, but not human eyes. No hacker would bother looking at thousands of leaked passwords personally, trying to figure out the rule for every one of them. And since everyone else has a password like '12345', why should he even bother?
Conclusion: Nobody will take the time to break it, and even if, it's not actually as easy as it sounds.
2. What do you do when you have multiple accounts for the same service?
Completely different, yet the same underlying issues. What does it mean to have two accounts at the same service? Well, two user names use the same password. But how is a hacker going to know which two user names match? He cannot even do this via brute-force, because all the people that chose '12345' will crowd the list of duplicates. Again, this comes down to the fact that a hacker won't even bother.
And secondly, how is someone going to use that knowledge, if they do not have your other account name? They cannot infer the rule to generate more passwords (since they only have one example), they cannot break into your e-mail or your bank, and most importantly: When a service gets hacked, you lose both your passwords there to begin with and usually not just one. In the end, this does not make any difference at all.
3. Some services require you to change your password from time to time.
In that case, there is no useful way out of it. Your chosen rule will probably not adhere to anything like this. But compare it to any other system of choosing passwords: You would also have to change your password every few months. In the end, no system can cope with this to begin with, so the best way to handle such an egregious exception is to make it one: You will have to remember a specialized (frequently changing) password for just that service. I would recommend not using the service, because that's just a huge bother.
4. Restrictions on character range or length.
This only really applies if you chose a bad function that does not include one or two digits, and is very short. The easiest way to avoid the issues is by selecting a function which will always result in 9-12 characters, and have exactly two letters in it. I know of no web-service where such a password would not work. Except for my bank account, where only letters work, so I have to write that password down on paper. It figures that my most important password is the one I have to treat the most risky, by writing it down.
Overall conclusion: There are some small issues with the system, but they are less impractical than any other system would have, facing the same problems.
Addendum: Nobody has yet pointed that out except for Randall, but the real issue of passwords is mostly length. 20 lowercase letters are way harder to solve than a combination of letters, capitalisation, punctuation and numbers if they only last for 8 characters. You can just use a very long static string in this system, and you're fine.
In that case, there is no useful way out of it. Your chosen rule will probably not adhere to anything like this. But compare it to any other system of choosing passwords: You would also have to change your password every few months. In the end, no system can cope with this to begin with, so the best way to handle such an egregious exception is to make it one: You will have to remember a specialized (frequently changing) password for just that service. I would recommend not using the service, because that's just a huge bother.
4. Restrictions on character range or length.
This only really applies if you chose a bad function that does not include one or two digits, and is very short. The easiest way to avoid the issues is by selecting a function which will always result in 9-12 characters, and have exactly two letters in it. I know of no web-service where such a password would not work. Except for my bank account, where only letters work, so I have to write that password down on paper. It figures that my most important password is the one I have to treat the most risky, by writing it down.
Overall conclusion: There are some small issues with the system, but they are less impractical than any other system would have, facing the same problems.
Addendum: Nobody has yet pointed that out except for Randall, but the real issue of passwords is mostly length. 20 lowercase letters are way harder to solve than a combination of letters, capitalisation, punctuation and numbers if they only last for 8 characters. You can just use a very long static string in this system, and you're fine.
Synology DNLA transcoding alternative
I am a happy owner of a Synology NAS (a DS411j). The DS offers DNLA support, so I could theoretically just plug my TV into the ethernet, and watch all my accumulated movies and anime easily. Sadly, the TV is too cheap to have any decent codec support. Usually, one would install Serviio or another DNLA server onto the DS, as described here.
But annoyingly, the DS411 only sports a tiny ARM CPU which cannot keep up with transcoding difficult codecs (h.264 to mpeg2). The solution? Do all the transcoding over night, and not while you are watching it. This solves the issue of lack of processing power, and results in a neat directory full of files that actually work. The obvious tradeoff being hard drive space, but then a DS411j has four disk slots and hard drives are dirt cheap.
Follow the directions over there to bootstrap the NAS, install ipkg, wget, ffmpeg and yasm. Also execute these two lines if you get an error message about libraries not found when you try to start ffmpeg:
After that, use a script such as this
to automate the conversion. It will check whether a file was already converted, and if not, automatically start to do so. Note that the parameters for ffmpeg work for my Panasonic Viera, you might have to use a different set of codecs. You can check the Serviio forums for a good selection of transcoding profiles, and then trial and error your way to success.
You can then set up a cron job (more on that later) and make your script run automatically every few hours. If there is nothing to convert, it will immediately terminate.
Open issues:
But annoyingly, the DS411 only sports a tiny ARM CPU which cannot keep up with transcoding difficult codecs (h.264 to mpeg2). The solution? Do all the transcoding over night, and not while you are watching it. This solves the issue of lack of processing power, and results in a neat directory full of files that actually work. The obvious tradeoff being hard drive space, but then a DS411j has four disk slots and hard drives are dirt cheap.
Follow the directions over there to bootstrap the NAS, install ipkg, wget, ffmpeg and yasm. Also execute these two lines if you get an error message about libraries not found when you try to start ffmpeg:
cp /opt/lib/libbz2.so.1.0 /lib cp /opt/lib/libz.so.1 /lib
After that, use a script such as this
#! /bin/sh SOURCE_DIR="/volume1/input" TARGET_DIR="/volume1/video/transcode" for a in "$SOURCE_DIR"/*.mp4 "$SOURCE_DIR"/*.avi "$SOURCE_DIR"/*.mkv do if [ -f "$a" ]; NEW_NAME=$(basename "$a") COMPLETE_NAME="$TARGET_DIR"/"$NEW_NAME".avi echo $COMPLETE_NAME then if [ -e "$COMPLETE_NAME" ] then echo "Already converted: $a" else echo "Converting: $a" ffmpeg -i "$a" -y -vcodec copy -vbsf h264_mp4toannexb -copyts -acodec ac3 -ab 128k -ac 2 -map 0:0 -map 0:1 -sn -f mpegts "$COMPLETE_NAME" fi fi done
to automate the conversion. It will check whether a file was already converted, and if not, automatically start to do so. Note that the parameters for ffmpeg work for my Panasonic Viera, you might have to use a different set of codecs. You can check the Serviio forums for a good selection of transcoding profiles, and then trial and error your way to success.
You can then set up a cron job (more on that later) and make your script run automatically every few hours. If there is nothing to convert, it will immediately terminate.
Open issues:
- If anyone with more .sh-knowledge than me could improve upon this and add recursive folders and some such, I'd very much appreciate it.
- I also cannot get my Synology to find these newly created files very quickly, it takes a long time until the DNLA service finally displays them. Is there a quick way to add them to the index?
- I cannot get .wmv videos to convert, ffmpeg seems to fail to read them. It might be my selection of them, or a general issue, I don't know yet.
23 May, 2011
Passwords, part two of two
We have established why you really do not want to use the same password in more than one place. I have a really old text document in my backups which has a list of all passwords I used ten years ago. I believe it has more than one hundred entries. Online games, discussion forums, redundant companies (amazon.de, amazon.co.uk and amazon.com require their own logins) and generally useful services sum up faster than you think. The issue is:
You cannot ever remember a different password for every service.
It is just impossible to remember hundreds of expressions such as "agclue.jf312kd". Most people use a priority system: Crappy password "plork" for services they do not care about much. Medium password: "Naftalin23" for their Flickrs, Twitter and Gawker. Safe and unique password for e-mail, eBay and Amazon. That leaves you with a dozen passwords or so. It is workable, but for obvious reasons not a good solution. Is there a better one? I present:
The One-Way-Function. ("hashing")
It works like this: You think of a function that only works in one direction efficiently. A typical example is "I see something and it is black." It is very easy for you to decide whether something is black. It is very hard for everyone else to figure out what exactly you are talking about. While I didn't invent the principle, there seem to be miserably few people who create their passwords with this technique. Let me give you a simple example:
Use the first two letters and the last two letters, then write "qelgf.15" behind it.
Google: "goleqelgf.15"
Twitter: "twerqelgf.15"
eBay: "ebayqelgf.15"
Facebook: "faokqelgf.15"
While already very strong, you could easily add capitalized letters to the static expression, that is "qelgf.15", making it "qElgF.15", for example. You might be disppointed that eBay can be recognized. That's an artifact created by our slightly less-than-ideal hash function, but it actually does not matter that much, because it is still incredibly hard to detect without human eyes taking a look at the passwords. And when you are a criminal and out to steal passwords, you don't want to waste hours to guess such functions, when there are thousands of people using "password" or "12345" instead. In conclusion: Just pick any function which you can do quickly in your head which will result in a few letters from a service url, and append something in front or after (or both).
And if you want insane security, you could even do something like writing your full name with birth year (note that this would be one of the least safe things otherwise), and interjecting one letter from the service name backwards. Assume your name is Michael Kennedy, and you're born in 83. Whenever you type your password, you first type out "Michael83Kennedy", then put the cursor at the beginning and move it right once, then type a letter, repeat.
Google: Meilcghoaoegl83Kennedy
Twitter: Mriecthtaweilt83Kennedy
eBay: Myiacbheael83Kennedy
Facebook: Mkiocohbaeecla8f3Kennedy
It isn't very fast, but leads to passwords that couldn't be safer, and it is impossible (and not just unlikely) to have the same password twice, because two services are always named differently to begin with. And before you point it out: For mathematical reasons, the last names looking identical is completely irrelevant. Do me a favour and adopt such a system.
28 April, 2011
Passwords, part one of two
In light of the current PSN disaster, and with clear memory of the recent Gawker problems, I want to write about something important, which bothers me a lot.
Do not use the same password in multiple places.
People do not understand why this is such a gigantic problem. They think it is just a matter of convenience (few passwords to remember) versus security, quite alike to how you don't use a different key for every lock in your life. The key that opens your car also starts it, and the key to your apartment complex also opens the door to your flat. But that is very far from the truth. The proper analogy would be to use a single key for all your locks, but at the same time, give a copy of your key to safeguard to every single person that ever enters your home, including the plumber and the boyfriend of your daughter of whom you do not approve.
In more technical terms: If you use the same password for Twitter, Facebook, Gmail, eBay, Gawker, PSN and Flickr, then your chance of losing all accounts in one fell swoop has risen significantly. It does not matter if Gmail and eBay have tight security. If Twitter screws up, your bank account is gone. If Flickr screws up, your bank account is gone. If PSN or Gawker gets hacked, kiss your eBay account goodbye.
It does not actually end here, it gets worse. We all have our major sites which we use daily. But most of us also have accounts at places where we really do not need them often. I play Bloodline Champions (recommended!) which is a tiny game with only a few thousand players, made by a small developer. But I have a forum account for that, which is all but inactive. Still, there is a password involved. And if they get compromised, or a disgruntled employee leaves them, my password could get lost. If it were identical to my others, I would be in trouble.
And it gets worse still. There are quite a few sites out there who want you to register with them, for no reason whatsoever. Some warez downloads lead to files that are password protected, with a text file nearby, telling you to register at their shady site. If you do, not only are you prone to get spam on your e-mail, but even worse, they get a username/password combination from you. They can just try that on google and see if it works. This is the extreme, but do you trust Google? Do you trust Twitter? Do you trust the guy that hosts that discussion forum on politics / porn / kittens you frequent often? Or would he just sell your password? Identity theft is a serious business.
Next up: How to do better.
Addendum
There is such a thing as "salted hashes", which is a technique to store passwords on a server without allowing people to read it, so as to prevent an employee to sell them. In that case, it is a lot harder to get your real password. But it requires that the people running the service know what they are doing. Most do, but if only one does not and gets compromised, the shit has hit the fan.
Addendum
There is such a thing as "salted hashes", which is a technique to store passwords on a server without allowing people to read it, so as to prevent an employee to sell them. In that case, it is a lot harder to get your real password. But it requires that the people running the service know what they are doing. Most do, but if only one does not and gets compromised, the shit has hit the fan.
22 April, 2011
Portal 2 and Refactoring (alpha 4)
I planned to write a post earlier this week. Then Portal 2 happened and I was forced to play through that once or twice. It's incredibly good and you should definitely go play it now.
In other news, a small (but not insignificant update). I've been doing some refactoring. For the non-technical reader: that means I rewrote parts of the code so it works exactly as before, just better. This also meant that I could clean up some convoluted problems with rewards, which work now much nicer than before. There are two major changes:
Rewards
Rewards for stats are very much streamlined now. The following example is now valid (though a bit silly).
<stat exp="50" level="10" repeat="Inefficient" tag="Charming" untag="Ugly">Personality</stat>
Essentially, I've merged and nodes, and removed the unintuitive requirements for them to have only a subset of all options available at a time. I still would not recommend to mix @level and @exp, because that will reward experience twice (and possibly influence each other), and of course, you can only have a single @tag and a single @untag node per stat. That's just how XML works for attributes.
Challenges
I found "Primary" and "Secondary" to be really imprecise and unclear, not to mention rigid and difficult to use correctly. So I threw that out, and instead give you very simple mathematical tools. We now have the option to average values, or to add or subtract some, or parts of them. Example:
<avg>Reflexes</avg>
<avg>Lucidity</avg>
<sub mul="0.2">Trauma<sub>
<add>Muscles</add>
This will take the average of both Reflexes and Lucidity, then subtract 20% of the Trauma value, and add the Muscle value in full. The total is then tested against. Powerful, but very simple. Most actions will probably just use a single node, and be done with it.
I've also added a few more actions to the demo, showing off on how to do shopping. If you read through the XML to see how it is done and come to the conclusion that this takes a lot of effort to do, then you are correct. Inventory management is also not really something that I think RPGs should obsess over so much. The process of buying an item should be more interesting than the item itself. There is also slightly more content at The Coffee Shop. But as said before: I'm not so much a writer as a software engineer.
In other news, a small (but not insignificant update). I've been doing some refactoring. For the non-technical reader: that means I rewrote parts of the code so it works exactly as before, just better. This also meant that I could clean up some convoluted problems with rewards, which work now much nicer than before. There are two major changes:
Rewards
Rewards for stats are very much streamlined now. The following example is now valid (though a bit silly).
<stat exp="50" level="10" repeat="Inefficient" tag="Charming" untag="Ugly">Personality</stat>
Essentially, I've merged
I found "Primary" and "Secondary" to be really imprecise and unclear, not to mention rigid and difficult to use correctly. So I threw that out, and instead give you very simple mathematical tools. We now have the option to average values, or to add or subtract some, or parts of them. Example:
<avg>Reflexes</avg>
<avg>Lucidity</avg>
<sub mul="0.2">Trauma<sub>
<add>Muscles</add>
This will take the average of both Reflexes and Lucidity, then subtract 20% of the Trauma value, and add the Muscle value in full. The total is then tested against. Powerful, but very simple. Most actions will probably just use a single
11 April, 2011
Challenge Pass/Fail in Alpha 3 (r52)
On request, I added the option for challenges to be deterministic: You can declare a certain value, and if the player has the required stats as high or higher, he will automatically pass. If he has less, he will fail. No dice rolled, no random chance, no luck. Obviously, it is simpler to use, since it only requires a single value.
09 April, 2011
Introduction
What is this thing I am making, exactly?
Vision
I comes down to this: An engine to play story-based games in it. Imagine an RPG, but without the (often tedious) combat (and no graphics, I'm not quite rich enough to pay 50 artists for three years). My objective was to write a game which can be extended by fans and which uses some of the ideas that have shaped game design in the last ten years, but without all the typical crap in AAA-titles, such as long and boring combat just to make the game last longer.
I would hope that people will pick up on the idea of writing their own stories or small storylets, and share them with each other. If possible, it would be nice if everyone would try to write in an action to get from a central transport hub to their respective places in some way (if you want to write your own locations, which I hope), or add to the general fundus. I kindly ask that you do not edit somebody else's work and pass it off as your own (and to be clear: that would be a copyright-infringement), but you are of course free to take their work as inspiration.
Technology
The engine runs on flash 10, and will read all .xml files in its program folder. Pictures are loaded with paths respective to that folder too. Currently, write or administration access is not needed (mostly because one cannot save their game, yet).
I plan to offer a correct XML-schema and validation at some point, but that is really boring to program, so I skipped it for now.
Setting (of the demo)
The setting and basic examples are very loosely based on Eclipse Phase (by Posthuman Studios, free to download and it's worth a read or play in any case), with some stats, ideas and topics taken from there. The rules used are quite different though.
I have decided on a handful of "official" things. Do not write redundant stats such as Strength or Health, and try to be a bit original.
Stats: Reflexes, Lucidity, Determination, Suaveness, Muscles, Trauma
Items: Character Creation Credits, Yen (though more currencies and exchange actions are an obvious path to take)
Legal crap
This stuff is copyright 2011, Kajetan Abt. I used a few pictures I found on image boards, such as /tg/booru. If you made them and want to be credited or have them taken down, just tell me.
You are free to use everything as long as you don't try to sell it. You may (try to) sell stories you write yourself, of course, since you still own that copyright. I only claim the engine and the storylets I wrote myself.
No restrictions apply on what you can write. If it is good, I would like to read it, and I will possibly link to it.
Subscribe to:
Posts (Atom)