Wednesday, June 03, 2015

The Writey Writer's Resource Page


Today I'm giving a workshop at BSides London called The Writey Writer's Guide to Writing Writerly, and this is the temporary landing page for a shortened URL. In the near future, this will serve as a handy resource link for those who attended.

Nothing to see here (yet), but there will be very soon...

Monday, December 29, 2014

My favourite game this year was...Dead State

You need to repair the fence before raiders trash it. A quarter of your group is sick with food poisoning. The one science guy you have needs to make antibiotics for the infected members of your team, but you're low on ammo so he needs to sort that out instead. The car broke down so you're on foot for today, but if you walk to the nearest supermarket to pick up as much food as you can carry you won't be back until after midnight and hit a fatigue penalty. That one racist guy is picking a fight with the kid ready to up and leave and take half your stuff with him. There's a militia at your gate asking for food in return for a safe evac within a month, assuming you can last that long.


This turn-based combat zombie apocalypse sim has gobbled up 90+ hours of my time this year, and I'm surprised to see only one other person on my Steam friends list who owns it (and that was because I bought it for them).

Staggering out of a burning plane, you're asked to choose from a wide range of attributes and in no time at all go full Rick Grimes as you battle to keep a school filled with survivors well fed and safe from the zombies and a variety of increasingly crazy humans. If you want to roll a science buff, you can. If you'd like to talk your way out of an endless stream of tricky scenarios you can do it. Long range sniper survivalist? Baseball bat swinging tough guy? Mechanical genius more suited to the large selection of base upgrades on offer? Be my guest.

Imagine State of Decay, but without the utterly generic placeholder "characters" in your crew who can easily be replaced should they die. That isn't the case here, and losing people with particular sets of skills can hurt you greatly in the long run. Everyone here also has a personality beyond "the guy with the green vest" and "the woman with the brown jacket". Doug is an IT geek. Vic is a backwater cop with a nice moustache. Priscilla likes chickens. Davis might be the best character in a wheelchair in a videogame you'll ever see on account of how well written he is. It's entirely possible to miss picking up additions to your group and that can significantly change up how things pan out inside the school. I think you'd need 2 or 3 playthroughs to see everything it has to offer.

The game takes place inside the fictional city of Splendid, Texas, and the map contains 100+ locations for you to pillage and / or run away from. You may find survivors. You might see traders. There'll be random encounters on the map. The environments all tell a story, and often it's fun to guess what went wrong and allowed all hell to break loose. It might be the car which overturned after ploughing through the barricade at the truck depot. It might be the flimsy fence which shattered and let the hordes in at the residential complex. It could be the looters which tore up an otherwise secure neighbourhood. Does that house have "keep out" painted on the wall with bullet holes peppering the windows? There's a good chance you'll want to steer clear unless you want to run into looters, or aggravate people just trying to survive and incur a morale penalty for killing them all.

Keen observation of the map you just entered can save you from a swift death, without taking a single footstep. Zombie infection can come from a single bite, and if you wander into an aggressive gang stomping ground before you're ready you may as well reach for the reload button now. The worst thing I probably saw was when I took the mother / daughter combo out on a food run, watched the daughter get her throat torn out, rise up as a zombie and have to smash her head in with the mother's sledgehammer immediately afterwards.

That was just wrong.

The writing is focused and well done, and the scenarios that unfold between your varied selection of survivors is both mature and often uneasy to listen to or attempt to resolve (usually pissing off one or the other in the process). Later on you'll become embroiled in group debates and have to make decisions which keep the majority of the survivors - and the all important second in commands - reasonably happy. Just when you solve one problem, another one crops up. It's all to easy to leave something hanging for a day - like specific requests to visit locations or perform certain tasks - then annoy your companions no end and watch them jump ship.

The game does have a number of bugs, but then I believe it contains something like 50,000+ branching lines of dialogue and a complicated set of event triggers which depend on certain events taking - or not taking - place. The devs seem pretty proactive about fixing these, and Dead State continues to receive attention.

Here's some screenshots I've taken while playing and the Steam page is here. I'm still finding new things to do and new ways to play, and haven't completed either of my two playthroughs yet (there are multiple endings, from what I've read). If you can deal with some bugs and the occasional script misfire (and, er, the occasional character returning from the dead in your shelter as if nothing had happened to them) then you should definitely consider giving it a go. The game isn't massively intensive on a laptop and works great even on a mid-range i5 rolling a Geforce 820m. If starting a second playthrough, I'd suggest increasing the animation speed to maximum so you can just get on with things at a faster pace. Everybody will be walking around like they're in a Benny Hill sequence, but that just makes a zombie apocalypse better.

Dead State: my favourite game this year.

Tuesday, September 23, 2014

Some thoughts on the Steam Store Update...

Steam updated the look and feel of the Store page, along with some fairly major revisions to how things work.

Some things to note:

1) A while ago, Steam altered the tabs on the front page. In terms of what was on sale, you used to see the new releases tab before anything else, then could dip into best sellers. At some point, they changed it so you'd see top sellers first. This used to grind my gears for a number of reasons, and it has been covered extensively elsewhere.

The way the tabs function has now changed again, so you default to "POPULAR new releases". To see what are presumably not high selling new games, you have to scroll to the bottom of the game tiles then click the "See all new releases" button. You're then taken to a feature-bare page of games, but at least you'll see new games which aren't AAA blockbuster pre-orders. As a final note, things like daily deals are currently way down the page.

This all seems like a really bad idea from a "Let me browse and purchase new games with zero fuss" point of view.

2) They really want you to see "curator" recommendations. They seem to be on every game page. These are people who post lots of comments about games on Steam pages. At time of writing, they're ranked like so:

"Right now, top curators are listed by the number of followers they have."

People interested in the Steam recommendations prior to the revamp tended to follow those who were known for their humorous "bag throw simulator" type missives, which is fine. However, now that these things are being pushed en masse across the Steam network whether you want them or not, it simply isn't good enough. If you want to add things to pages, you need to convince me that I want to see it on every single page. They do say that listing by number of followers may change at some point in the future, but in my humble opinion it absolutely has to and fast.

The bulk of the Steam recommendations I see right now are one line joke memes, and people trying to be witty. The result is a ton of "recommendations" which add nothing but clutter.

This game is on the frontpage of the site - look at the listed "review". Look at all of their listed reviews. What's the point of that? Other reviews from different curators: "This looks good but I haven't played it yet" and "this was shown at [videogame conference x]".

Do Steam allow people to recommend games they don't own? They sure do:

"Can I recommend games that aren’t in my Steam library?

Yes, you can recommend any game that is available via Steam."

I suppose the most important question here would be: why?

As a side note, you cannot currently disable the visibility of curators.

3) You can no longer see what friends are playing on the frontpage, or what they recently bought. Instead I'm overwhelmed by recommendations from strangers which I find little value in, or bizarre and broken suggestions from Steam as to what I should buy next. You know how if you click on something humorous on an Amazon page and your purchase recommendations go completely left-field? Imagine that but for videogame recommendations.

I'd rather trust visual suggestions of what may be good or bad based on immediate feedback from people I know than complete strangers.

Overall, I can't say I'm a fan of this rejig. I may well find some more things to add to the short list above, but for now let's see what Valve do with the feedback they're sure to be receiving...

Monday, September 22, 2014

Videogames: The Hacking Minigames Edition

Many moons ago I took part in an episode of Gamespot's Reality Check, on the subject of Watch_Dogs and videogame hacking. Out of that came a shorter segment based around good and bad examples of hacking in videogames. Fair warning: it mainly looks at the trend of turning hacking into minigames, instead of titles which are primarily all about hacking like Uplink.

A couple of games not mentioned up above were given a shout-out in a spinoff blog from way back when.

And yes, I really did sit there for an age trying - and failing - to figure out the hacking minigame in Alpha Protocol. Bonus points for mastering this on a PC with mouse and keyboard. The (rather distracting) mouse pointer which controls the right box often ends up moving outside the terminal screen, resulting in two eyeballs trying to track two boxes and an increasingly distant pointer crawling across a sea of flashing green letters and numbers.

The frequent reward for managing to not get a migraine in the first five seconds is the horribly imprecise mouse wobbling off the intended target just as you hit the button.

Last night I fired up an Alpha Protocol save from the first set of Saudi levels, had some fun with the email feature, the intel purchasing, the loadout screen and the comedy beard.

Ten minutes later I was standing in front of a failed hack attempt, flashing lights and guys firing machine guns from ten feet away and missing while I carefully considered which wall to bounce the mouse off for optimum destruction.

Back into the digital box you go...

Sunday, August 10, 2014

10 Years in Infosec: The Obligatory Blogpost

I didn't intend for the face to face meetup I had with the BBC to turn into some sort of  gonzo summing up of the last ten years of my life, but looking at it - with pictures of Batman and giraffes as you scroll down the page alongside tales of Chunkylover and the Nigerian Astronaut it's difficult not to feel that your life is pretty weird.

Ten years in infosec is nothing, really, given many people have done it for that length of time three times over or more. But when you thought you'd be getting paid money to make bad movies or paint pictures riffing on the best aspects of high renaissance art via comic book sensibilities, it feels a lot longer. I'm a "Veteran" now! I'm old! I might grow a beard!

I'm still pretty new to the infosec scene, but I think I earned my blogger Vet stripes thrashing it out with all those incredibly rich Adware companies of old at a time when hardly anyone else was, and in very public fashion I might add. I also managed to find a near endless stream of "really bad things" (TM) and shone a light on lots of terrible people and practices, which can only help people in the long run so I'm happy with that. I tell you what, that was probably more use to people than me making yet another bad film or a painting of some dudes with their weenies out.

I might still do the painting, whatever.

The one thing I have learned, above all else, is that there is no bigger challenge than sitting down and hammering out a non-stop wall of text spread out across ten years. Ten years! I never thought I'd be doing anything for ten years. I actually often feel like I could have written more blogs and entries and talked about more threats, but unfortunately I run out of hours like everybody else.

A moment of silence, please, for all those infosec bloggers down the years who either stopped or (in one sad case) went missing - writer fatigue and burnout is a very real problem, and when you're trying to hammer out new research info in a field where last week's news is as good as something that lumbered out of the Dark Ages, it's quite a problem.

Writing opinion pieces on anything is hard. Finding new threats and scams to write about on a daily basis, and trying to do it differently every time, and attempting to talk about things that others aren't already covering, is hard. When I look how many research pieces I've put together, more often than not based on something I found, analysed and then bashed into something approaching readable words it's quite the eye opener. I'm genuinely surprised how much I've done.

This isn't everything by a long shot, but as a random sample: 105 blog posts in 2007, 254 in 2008, 208 in 2009 via the old Spywareguide blog. Think about how many research posts someone can get out in one week - from what I see, it's usually about 2 or 3. One time I discovered and then wrote about 43 things in one month. Which is, by all accounts, completely insane. At the same time I was cranking out up to 30 or so posts a month - often on different threads of research - on my personal blog, for about six years. That personal blog finally died sometime in 2010 when I realised I was blog typing my way into an early grave with anything up to 50 posts a month. Whoops.

The words still keep coming, as I leave FaceTime and move to Sunbelt / GFI Software / ThreatTrack Security. As the blog kept changing and moving home, it's difficult to work out exactly how many pieces of research I put out but - and this is a rough guesstimate - around 283 blog posts on the Sunbelt / GFI blog between 2010 and 2012, then somewhere in the region of 100 posts for ThreatTrack between March and November of 2013.

In December, I moved over to Malwarebytes and just realised I have hit 100 posts in 9 months. I think that's pretty good!

All those words end up helping lots of people and steering them away from bad things. We also get to shut a lot of those bad things down and hand out digital hi-fives every now and then. That's good too.

The technical process for shaping those words is an ever changing sea of "what next?" Too many sentences and paragraphs, you lose your point. Not enough, people may assume what you're talking about doesn't matter. I have written long blogs, and will continue to do so when absolutely necessary but I do try to avoid where possible. I'm always looking to remove a sentence, a paragraph, will happily write 300 words then delete the lot if it looks like it isn't needed. I don't need to throw out thousands of words on something when I can get a perfectly functional entry out the door in half the time. 84 words! That's like four sentences! Awesome.

Of course, the reader doesn't need to care about the technical junk behind the crafting of the blog - though I will be giving a talk at a University on that very subject in December (oh my God, I am old!) - but it is something to think about.

Me, I'm thinking I'll hand myself a short pat on the back for having bludgeoned my way through 10 years of sleazy Adware vendors and an endless parade of scams, files and other shenanigans and come out the other side mostly intact and get right back to it.

Also that monster nudie painting is totally going on the wall above the TFT.

Thursday, July 31, 2014

Google+ updates policies, is still a fiasco

Hooray! Google have finally dropped their idiotic names policy on G+. Unfortunately it's a massive hack job and fails in almost every way imaginable.

I'd much rather be called "paperghost" than "Christopher Boyd" on G+. With that in mind, it should be a piece of cake to change it, right? The first problem is a total lack of clarity on the part of Google with regards how to change your details, what works and what doesn't.

A quick look at the Google posts on this one [edit - I had links but in keeping with the G+ tone they've fallen off and don't want to stick] and you'll see the first issue: people simply don't know what to click on to change the public facing name.  You'd think this rather basic info would be right there on the Google posts about this brave new world of customisation, but nope...nothing.

First port of call is trying to change the name in the custom url pop up, seeing as it's likely the first name related thing you'll have presented to you. Unfortunately, it doesn't work...All you can do is add letters and numbers to the name already in the system.

I eventually discovered that custom url fields are not the way to do it, and they won't be changing how those things operate for the foreseeable future.

Seriously, this is buried in blog comments.

I then worked out  - completely by accident - that you change the public facing name by clicking on it when on your profile. There's no onscreen indication that this field can be clicked on, there's nothing from Google giving you this info and looking in settings will only confound you. It's like the anti-mystery meat of web design.

Google then keeps warning you that you won't have the best experience if you go changing your details - no kidding!  - then presents you with screw up number 2:

You're still stuck with first name, last name boxes. As you might imagine, this isn't optimal if your pseudonym is one word long. The botch job workaround is to place a "." in the second box. Confusingly, one Google guy says this is a glitch and will be corrected, even though it says to do this on the official help pages. Also it hasn't been fixed yet.

An additional knock on effect is that the craven claws of G+ are so deeply embedded into all of your Google services that should you change it, that change is reflected across them all.

That's right, Google idiotic decision to cram this junk into all of their products means you'll now be receiving emails from "paperghost. " complete with the idiotic full stop at the end of the pseudonym.

Really? Really?

Get out of here.

Monday, July 14, 2014


Here's the blog about the cool thing I did.

Here's the analysis of that game I'd been meaning to write.

Here's the storify of the fifty tweets about that thing which pissed me off.

Here's the photoblog of the funniest taxi names I've seen in the Philippines.

Here's the alt take on the security conference I went to where I fell asleep during the keynote and missed all the talks.

Here's the one where I embed an instagram pic and describe in detail what I was doing that day.

Here's the one where I got back to writing music and posted up a bunch of my stuff for you to listen to.

Here's the post with all the old board games I found in the attic, including Key to the Kingdom, Ghost Castle and a magnetized Popeye chessboard something or other.

Here's the one where fuck this guy.

Here's the one where fuck that guy.

Here's the fad where I do a return to comics and complain about DC for six months.

Here's the post about Sontarans and strawberries.

Here's my movies of 2012....13.....14.....oops

Here's the one where I tell you I fixed all the missing Posterous images (I haven't).

Here's the one where I tell you I changed publishing platforms (I haven't).

Here's the one with the music I'm now listening to because all my bands went away.

Here's another videogame thing.

Here's the rage post about how utterly terrible ISPs in Manila are when it comes to setting up SIM based internet sticks.

Here's the then and now post about Uplay and how it still makes no sense to me whatever.

Here's the one about the woman who keeps singing in a nearby club with a repertoire of six songs, all of them consistently terrible.

Here's the blog about the upcoming trips I'm going on which I shall surely publish.

Here's the one about the awful "report people recording movies on their phone in the cinema for a reward" adverts, complete with stupid slide whistle sound effects.

Here's the one about the gaming laptop juggernaut that lasted six months then took six weeks to repair.

Here's a top ten list of things.

Here's the one where this post is a lot shorter.

I think that's me caught up now. I'll assume we're cool like Fonzy.