Site Move

By Shamus
on Jan 23, 2018
Filed under:
Notices

I’ve been with Hosting Matters for almost 12 years. For all that time, they’ve hosted the site you’re looking at right now. It’s been a good run, but the site is moving. I’ve been feeling like I need to migrate for a while now. With the recent security concerns, now seems like a good time to pack up and move.

What you need to know:

Sometime on Tuesday evening on the East coast, I’m going to take a snapshot of the database. (I’ll post an update to this post just before the move.) Any comments left after that point will get left behind. After that, there will be some unknown time before the transition is done. I have to get my current host to change the DNS record to point to my new host, and companies are notoriously slow about helping people leave their service. When you see a new post at the top of this page, it will either be an announcement of a successful migration or a rant about how it all went So Very Wrong.

If you’re curious, I’m moving to Dreamhost. This is mostly due to peer pressure. Everyone I know (that runs a website) uses Dreamhost.

As part of the migration, I’ve been digging around in the old file directories of the site, seeing what’s junk and what’s worth backing up. I found an old database from a work blog I ran back in 2008, and that’s a pretty interesting read. It’s amazing how little of it I remember. I also found a six-page comic from 2007 that I never published. It’s not very good, but it’s an interesting find. I’ll probably put that up on a rainy day.

With any luck, I hope to have the new site working by Wednesday. And I hope it will be faster. And I hope the forums will return. And I hope the whole thing will be fun and not stressful or frustrating. And I hope to ride a magical unicorn to a world of free candy that doesn’t make you fat but tastes like it does.

So yeah. High hopes. I’m sure nothing can go wrong. This is going to be so much fun.


Comments (4)



Future Series

By Shamus
on Jan 21, 2018
Filed under:
Notices

Last week we wrapped up my Borderlands series, and this coming week will be the start of my series on Wolfenstein: The New Colossus. These things generally take months to write, so it’s time for me to begin work on the next one. I’ve got a few candidates I’ve been batting around, and I thought I’d discuss the pros and cons of writing about each one.

Fallout 4 is obviously a game people never get tired of talking about. I’ve had a few essays on it lingering in Google docs for over a year now. The problem is that it feels a bit like beating a dead horse. There are things wrong with the game, and I think Bethesda knows they’re wrong and I think they don’t care. This series would be less about constructive criticism and more about cathartic bitching and moaning. Also, writing this series means playing through the game without mods, and that’s not a lot of fun for me. So the main thing holding this series back is basic laziness.

It might be interesting to do a deep dive on Grand Theft Auto V. (And do a bit of a retrospective on the series as a whole.) I’m conflicted about this game. It’s probably one of the greatest feats of open-world construction I’ve ever seen and some of it can be really fun, but I can’t stand the game’s snarky Holden Caulfield approach to comedy where the writers just piss all over a strawman caricature of American culture and accuse everyone of being phonies. I enjoy playing this game, but sometimes I want to punch it in the face. So that might make for a worthwhile discussion.

Continue reading »


Comments (157)



Borderlands Part 25: Wrapping Up

By Shamus
on Jan 18, 2018
Filed under:
Borderlands

Earlier in the series I paid lip service to the notion that “the story doesn’t matter”. Hey, it’s just a comedy game, right? This isn’t Mass Effect. We’re not here for the story so it’s okay if it doesn’t work. But now that I’ve made my case against the story, let me do a face-heel turn:

Story matters more than most people think it does.

The post-credits reveal shows the newly-minted Handsome Jack - complete with mask - choking the life out of corporate rival Tassiter. This would have been so much better if Tassiter had been a larger element of the story.

The post-credits reveal shows the newly-minted Handsome Jack - complete with mask - choking the life out of corporate rival Tassiter. This would have been so much better if Tassiter had been a larger element of the story.

It’s true that not every game needs to be Planescape: Torment. I’m not expecting Witcher 3 levels of storytelling from Bulletstorm. Death Road to Canada doesn’t need to tell a story like the Last of Us.

A story doesn’t need to be big, complex, profound, clever, poignant, hilarious, long, incisive, or surprising. But if a writer tries to make a story do those things then it’s worth looking to see if they succeeded. Even if you don’t care about the story in terms of learning what happens next, the story provides the context and tone through which we experience the gameworld. Having a “good” story doesn’t mean having one that’s long, complex, deeply emotional, or philosophically profound. A good story just needs to achieve its goals and remain true to its characters.

Diablo II didn’t have a lot of story. In terms of story-to-gameplay ratio, the player spent many hours clicking on monsters for every minute they spent watching those cutscenes. But even though the vignettes were short and far between, they still accomplished the basic goal of telling you why you were going to these places and clicking on these monsters. They made it clear that this world was dark and desperate, and that even though your character seemed pretty powerful they were still very small in the face of such overwhelming forces. That setup and mood is still there in the back of your mind, even when you’re grinding for rare drops and skipping cutscenes. The Diablo II story accomplishes exactly what it sets out to do, and doesn’t get in the way beyond that.

It’s true that there are lots of fun games with terrible stories. But that doesn’t mean the story doesn’t matter. It means the game would have been even better if the story had delivered on whatever it was trying to do.

Continue reading »


Comments (114)



The Death of Half-Life 3

By Shamus
on Jan 16, 2018
Filed under:
Column

I didn’t get around to mentioning it in my end-of-2017 retrospective, but one of the big stories of the year was that Marc Laidlaw, the lead writer of the Half-Life series, published his own story outline for the game that Could Have Been But Never Was. Laidlaw had been with Valve for 18 years before departed the company back in 2016. The story he published is ostensibly what was planned for Half-Life 3.

Having read the story synopsis, I have to say it felt just right. This feels exactly like the sort of story I’d expect from the series. Outside of Valve everyone had guesses, fan theories, fan fiction, and suggestions for what could / should happen in Half-Life 3, but none of them quite hit the mark the way this did. Like I said during my Mass Effect series:

Sir Terry Pratchett was an amazing talent. But if J. K. Rowling had hired him in 2002 to help her pump out Harry Potter books twice as fast, it would have fundamentally changed the tone of the series. Different creative people come up with different ideas, and this will give the new work a different texture. And even if it’s an improvement – even if you want to argue that Pratchett-Potter books are better than Rowling-Potter books, the new books will still feel ill-fitting and alien to people who fell in love with the originals.

Amazingly enough, it turns out Marc Laidlaw is really good at writing fiction in the style of Marc Laidlaw, so this unofficial ending to the story rings true for me. This takes the edge off of never getting a follow-up to the cliffhanger ending of Half-Life 2: Episode 2. We at least have an answer to the question of “Where was the author going with all of this?”

Of course, this doesn’t ease the annoyance of never getting another Half-Life game.

Continue reading »


Comments (270)



Super Mario Odyssey Is “No Masterpiece”

By Shamus
on Jan 14, 2018
Filed under:
Game Reviews

Like I’ve said in the past, Joseph Anderson is one of my favorite game reviewers. His content usually isn’t directly useful to me because our tastes are so hopelessly divergent that we have very few games in common. Even when we do both play the same game, we come away with very different opinions and seem to want different things out of the games themselves. But while I can’t use his reviews as a guide as to whether I’ll like a game or not, they’re immensely informative in helping me understand what makes these other fandoms tick. If I ever find myself thinking, “How can anyone enjoy X?” then all I need to do is find a Joseph Anderson review of X and I’ll be able to turn the question around and ask, “Dangit, why can’t *I* enjoy X?”

Anyway, here is his two hour(!!) review of Super Mario Odyssey:


Link (YouTube)

This is really interesting because it goes against the grain of what I’ve been hearing from critics. I’m not part of the Mario fandom, so I really only hear about the game from big sites. And according to those kinds of people, Odyssey is an instant masterpiece. But Anderson makes the case that the game is shallow, repetitive, uninspired, and lacking in meaningful challenges.

It’s always a little scary when you stick your neck out and argue with a consensus. I know this because next week I’m going to be starting a series where I do exactly that and I won’t rest easy until I’ve made my case. There’s always the worry you’ll end up arguing with an angry crowd, and that’s no fun.

I know I don’t have a lot of Mario fans here. My audience definitely leans towards PC games in terms of platform, and RPG games in terms of genre. But if you’ve spent time with Odyssey I’d be interested to hear what you thought of it. Are you new to Mario / Nintendo? Did you like Odyssey at first? Did you actually finish it, or did you get bogged down by the busywork repetition?


Comments (185)



Borderlands Part 24: The Rise of Handsome Jack

By Shamus
on Jan 11, 2018
Filed under:
Borderlands

So Lilith, Roland, and Moxxi have conspired to betray Jack and murder him by killing him and everyone else on Helios Station. Moxxi even gloats as she sentences Jack and his vault hunters (and thus the player) to death. Her behavior is exactly how villains are portrayed, and she’s way out of character. Moxxi says, “If you come down from Helios station alive, a lot of innocent people will die.” Again, that’s probably true. But that’s a pretty hardcore approach to justice. “I know you will do evil someday so I must kill you now but I must do so in a way that kills innocent people and also looks kinda cowardly.” This story can’t decide if Moxxi and company are a rogues or paladins.

Wait, Who Is the Bad Guy Again?

Jack, you`re a power-hungry psychopath, so I`ve decided to use the doom laser to murder you and everyone on the station. While laughing. Remember, I`m with the good guys!

Jack, you`re a power-hungry psychopath, so I`ve decided to use the doom laser to murder you and everyone on the station. While laughing. Remember, I`m with the good guys!

We’re supposed to be witnessing Jack’s turn to evil, and instead the story is retconning Moxxi as self-righteous and craven. It also seems to be trying to retroactively justify Jack’s later behavior by showing he had a reason for his vendetta against Lilith and company. But if you justify his later evil deeds, then aren’t you actually making them less evil? This is exactly the opposite of the thing the writer should be doing!

The writer has twisted the characters in knots to get us here, and after all that messing around they still can’t make anyone’s motivations or actions make sense. And there aren’t even any jokes to make this fun. This doesn’t feel like the playful, winking, lampshading, genre-savvy Borderlands 2. This feels like “Boilerplate AAA videogame” with a quirky art style.

After the betrayal, the plot settles down into a race for the vault. The player is trying to reach the vault for Jack, and Lilith and Roland are trying to beat him to it. Earlier in the story Lilith and Roland specifically said they were out of the vault-hunting game. They don’t actually want the vault. They just don’t want him to have it.

Continue reading »


Comments (51)



Broken Stuff and Security Concerns

By Shamus
on Jan 10, 2018
Filed under:
Notices

Yes, the forums are down. Yes, I realize you can’t edit your own comments. Let’s talk about that.

On my Linux-based webserver, there is a user account linked to me. This “shamus” account owns all the files: All the PHP scripts to drive the blog, all the scripts to run the forums, and all the images and other random files that makes the site operate. Under normal circumstances, the entire file structure is designed so that only my user can upload, delete, and modify files.

However, you need to make some exceptions. For example, I run a WordPress plugin that makes weekly database backups. This plugin needs to be able to save these backups, which means that I need to make the backup directory writable for all users, not just the “shamus” userPHP, MySQL, and other processes are owned by the root user.. Otherwise, the backup plugin would run but it wouldn’t be allowed to save the resulting backup to disk.

So I need to make a few spots on the machine where processes not owned by me can put files. This alone isn’t enough to compromise the security of the machine, although it’s often considered something to be avoided if you can help it. The danger is that it may provide an attack vector for potential hackers. If there’s a vulnerability in either WordPress (the software that runs the blog) or PhpBB (the software that runs the forums) then they would be able to write files to these directories.

Here is a ficticious example of how something like this could work: Let’s say the forum offers a feature where users can upload their own profile image. You’re supposed to upload a JPG or PNG image file. These files end up in /forums/profileimages/. In order for this feature to work, I need to set the permissions of /forums/profileimages/ so that anyone can write to that directory. Let’s say the people who wrote the forum software didn’t do their job and the forums don’t make sure that what the user uploaded was actually an image. Like, maybe they uploaded a PHP script. This allows them to put new pages on my site, and those pages can do all sorts of nasty things.

Now, they can’t just put those pages anywhere. Those pages can only end up in /forums/profileimages/, and only the attacker will know about them. Once the upload is done, the attacker can then manually type in the URL like so:

shamusyoung.com/forums/profileimages/badpage.php

This will cause the script to run and do whatever it’s supposed to do. This doesn’t give the attacker full control over the machine. (They can still only put new files in directories I’ve had to leave open.) They can’t re-write the blog or attack visitors directly, but this is still an alarming situation that allows them to see a lot of stuff they shouldn’t.

This is a very simplified explanation. The actual method of attack is a lot more complex and to be honest most of it is beyond me. But this is the idea in broad strokes.

A couple of months ago PeterHe doesn’t comment often so you might not know him, but Peter has been providing technical and hardware support to this site for a long time. and I discovered some files on the site that were not owned by the “shamus” user. Files like this:

lprvpluh.php
pvkmnwoj.php
onrvyxwg.php
ukwwtgwx.php

Always the same pattern: A PHP file with a gibberish eight-character name, probably generated at random. These files contained highly obfuscated PHP code and were not part of the normal file structure of either WordPress or PhpBB. More importantly, they are obviously malicious in nature.


Link (YouTube)

Peter and I have been battling this mess for the last month or so. We deleted all the suspect files, tightened up directory access, and then hoped we’d fixed the problem. Then a few weeks later the mystery files would show up again and we’d have to start over.

Last week the files showed up for the third time, and so we went to maximum paranoia level. We wiped WordPress clean and started over with a fresh install. We uninstalled the forums completely. This machine is now as locked down as we can make it. There are no directories with write access. This would break several of the WordPress plugins I use, but since I haven’t installed any plugins that’s not a problem yet.

If the problem returns, then I’ll need to contact my host and have them wipe the machine clean and start over. I’d hate to do that, since it would result in a ton of downtime. (The blog has about 1.2 gigabytes of images, and I don’t have a very fast upstream connection. That would be a long upload. Not to mention the time required to restore the databases and re-install everything.)

I’ve deliberately left out a lot of details on the off chance that the attacker actually reads the blogThis is unlikely. These kinds of attacks are often done by bots.. So if you’re thinking of asking, “Why don’t you guys just X?”, then keep in mind we probably did X but I’m leaving it out of this explanation.

So that’s why the forums are gone and all of our quality of life plugins are missing from the blog. It’s a known issue. We’re still investigating. If all goes well, then we’ll eventually get back comment editing and all the other little plugins we’re used to.


Comments (51)



Dénouement 2017: The Best Stuff

By Shamus
on Jan 9, 2018
Filed under:
Video Games

Other people have pointed out in the comments that this has been an amazing year for games, but as luck would have it the really stand-out titles came from platforms and genres that I’m just not into. Nintendo had a good year. (Mario, Zelda.) JRPGs had a good year. (Persona, Nier.) Online PvP was doing some interesting things. (PUBG, For Honor.) It wasn’t a bad year for collect-a-thons. (Assassins Creed Origins, Shadow of War.) And we got some genuine oddities that tried new things and succeeded. (Sexy Brutale and Cuphead.) But for various reasons, none of that stuff landed in my wheelhouse.

So while I’m not brimming with enthusiasm for the offerings of 2017, I acknowledge it was still a pretty good year overall. It just wasn’t my year. (Aside from my top pick.) Anyway, let’s finish this chalk outline I’m drawing around 2017 so we can send it off to the morgue…

Continue reading »


Comments (131)



The Best of YouTube: Andrew Huang

By Shamus
on Jan 7, 2018
Filed under:
Random

If you’re on this site, then you probably have some passing knowledge of tabletop roleplaying games. Likely as not, you found me through this webcomic. Which means you know how it works when you create a character: You roll some dice, and the outcome determines your stats. Maybe you roll a 12 for Strength, a 13 for Charisma, a 3 for Wisdom, a 9 for Intelligence, and so on. The numbers fall on a bell curve, with the low and high values (3 and 18) being far less likely than the values in the middle of the range.

I actually experimented with this way back in 2006. The odds of you rolling the dice and getting a magical super-character with all of their stats set to 18 is an astounding 1 in 101 trillion. So if a player showed up to your game with such a character you’d feel pretty safe calling them a cheater, right? I mean, it’s obvious.

Now imagine they do one worse. Imagine they’re not just cheating at a roleplaying game. Imagine they’re blatantly cheating at real life. That’s what Andrew Huang is doing.

Huang runs a Youtube channel where he posts weekly videos about his experiments and adventures in music-making. I don’t know the full list of instruments he plays, but I know it includes keyboards, guitar, drums, and violin.

All by itself, that’s a little suspicious. It’s not unheard of or anything, but when someone has mastered that many instruments they’re clearly way ahead of the curve.

But then on top of that he’s also a composer and lyricist. And a singer with a pretty good range. Still not convinced he’s cheating at life? How about the fact that he’s also a rapper with amazing speed and he has a keen understanding of what makes music compelling.

Okay, I hear you saying this isn’t necessarily cheating. After all, guys like Beck have all these skills while also mastering a dozen instruments. It’s rare, but not impossible.

What if I told you he was also an accomplished sound engineer, producer, and that he is able to work in almost any genre? Is that pushing the limits of credulity for you yet?

Now maybe you’re think this is still possible if someone dedicates their whole life. Like sure, you can accomplish all of this, but by the time you mastered the big stuff you’ll be a dumpy middle-aged person. But Andrew is young.

And fit.

And handsome.

And he’s funny.

And he’s got a talent for making fun YouTube videos, which is another skill set entirely apart from the music stuff. Oh, and let’s not forget the time he did a rap song that incorporated five different languages. I mean come on, man. Did you think we wouldn’t notice?


Link (YouTube)

Anyway. It’s a really cool channel if you don’t mind the flagrant stats inflation.

Envy? What envy? I have no idea what you’re talking about.


Comments (64)



Overhaulout Part 11: The Ugly Factory

By Rutskarn
on Jan 5, 2018
Filed under:
Video Games

The internet quakes with hatred for Little Lamplight, but besides a few dismissive complaints about flashbang logistics I’ve not heard anyone talk about Vault 87. This leads me to a small and admittedly contestable digression about how modern Fallout games are discussed by their fanbases. My survey methodology consists of Reading Too Many Internet Comments, so feel free to rebut with your own and be sure to include an appropriately scornful reaction gif.

By now I think I’ve read an equal amount of straightforwardly fannish discussions of Fallout 3 and New Vegas. I’m excluding here discussions about which one is better, or fun conversations co-opted into a dominance battle by salty New Vegas fans, or even nuanced goods-and-bads critical shakedowns. Basically, I’m just talking about low-key conversations where someone brings up either game and it sets off a chain of people complimenting it. Said positive discussions about Fallout 3 focus around two subjects:

  • The extemporaneous experience of playing the game (“I loved just roaming the Wasteland, dog at my side, gun in my hand, picking my nose, full bowl of cereal, she hadn’t left me yet, exploring ruins…”)
  • A dozen or so “hit” quests, character, or locations (“Remember the Vault with the Garys? Moira? Megaton? Paradise Falls? North Korea, South Korea, Marilyn Monroe?”)

Whereas the New Vegas conversations focus far less on the extemporaneous experience, but cover a much larger area of the written and planned content, to the point where I can’t say confidently that I’ve never read a discussion of almost any quest or character.

Assuming you buy any of my ad hoc sampling salad, you’ve got two faction-coded inferences to choose from: “A lot of Fallout 3‘s content isn’t very interesting” and “Obsidian’s bad at creating an experience that transcends its content.” I’d actually hedge somewhere in the middle, but for obvious reasons that first idea’s more relevant to this project, and I’ll follow it up with this one:

Nobody talks positively about Vault 87 because it’s nowhere near as good or interesting as it should be.

Continue reading »


Comments (89)



Borderlands Part 23: The Big Googly Eye of Helios

By Shamus
on Jan 4, 2018
Filed under:
Borderlands

Once the player is done with the robot “army” thing, the team returns to Helios Station to kick the bad guys out. On one hand, it’s nice to get off the moon and see some fresh scenery. On the other hand, I really miss my low-gravity double-jump ground-pounding. I guess I’m just never happy.

As part of re-taking the station, we have to rescue a bunch of scientists. These aren’t generic nobodies. These are named, voiced characters with unique personality quirks and character models. Which leads us to…

Continue reading »


Comments (30)



Dénouement 2017: The Good Stuff

By Shamus
on Jan 2, 2018
Filed under:
Video Games

A reminder that while I do arrange these best-of lists into numerical order and I do try to push my favorites to the top, you shouldn’t read too much into the placement of individual entries. If you handed me the titles from my 2015 list and told me to put them in order from worst to best, I have only slightly better odds at recreating my 2015 ordering than a random number generator.

Also, I’ve decided that once a game appears on this list, it can’t appear on a later one. I realize that games change significantly from Early Access to release to Major Updates Three Years Later and you could argue that the final form of the game differs from the original far more than any two subsequent Call of Duty sequels. You could make the case that it’s practically a different game now, so maybe it should be eligible to win again. But this would be boring. If games were allowed to win in multiple years, then Minecraft would have dominated from 2010 to 2014. If we go strictly by hours played, then Factorio ought to win again this year.

The No-Show List

The spelling of NIER will never not drive me crazy. Dunno why, but I want to spell it ANY OTHER way.

The spelling of NIER will never not drive me crazy. Dunno why, but I want to spell it ANY OTHER way.

Before I talk about the winners, here are some games I really wanted / intended to play this year but missed out because I procrastinated, forgot, was busy with other games, or didn’t discover them until the end of the year.

Continue reading »


Comments (123)




From the Archives: