NEWER POSTS

Borderlands Part 24: The Rise of Handsome Jack

By Shamus Posted Thursday Jan 11, 2018

Filed under: Borderlands 51 comments
Borderlands Part 23: The Big Googly Eye of HeliosPrevious Post
Next PostBorderlands Part 25: Wrapping Up

So Lilith, Roland, and Moxxi have conspired to betray Jack and murder him by killing him and everyone else on Helios Station. Moxxi even gloats as she sentences Jack and his vault hunters (and thus the player) to death. Her behavior is exactly how villains are portrayed, and she’s way out of character. Moxxi says, “If you come down from Helios station alive, a lot of innocent people will die.” Again, that’s probably true. But that’s a pretty hardcore approach to justice. “I know you will do evil someday so I must kill you now but I must do so in a way that kills innocent people and also looks kinda cowardly.” This story can’t decide if Moxxi and company are a rogues or paladins.

Wait, Who Is the Bad Guy Again?

Jack, you're a power-hungry psychopath, so I've decided to use the doom laser to murder you and everyone on the station. While laughing. Remember, I'm with the good guys!
Jack, you're a power-hungry psychopath, so I've decided to use the doom laser to murder you and everyone on the station. While laughing. Remember, I'm with the good guys!

We’re supposed to be witnessing Jack’s turn to evil, and instead the story is retconning Moxxi as self-righteous and craven. It also seems to be trying to retroactively justify Jack’s later behavior by showing he had a reason for his vendetta against Lilith and company. But if you justify his later evil deeds, then aren’t you actually making them less evil? This is exactly the opposite of the thing the writer should be doing!

The writer has twisted the characters in knots to get us here, and after all that messing around they still can’t make anyone’s motivations or actions make sense. And there aren’t even any jokes to make this fun. This doesn’t feel like the playful, winking, lampshading, genre-savvy Borderlands 2. This feels like “Boilerplate AAA videogame” with a quirky art style.

After the betrayal, the plot settles down into a race for the vault. The player is trying to reach the vault for Jack, and Lilith and Roland are trying to beat him to it. Earlier in the story Lilith and Roland specifically said they were out of the vault-hunting game. They don’t actually want the vault. They just don’t want him to have it.

Continue reading ⟩⟩ “Borderlands Part 24: The Rise of Handsome Jack”

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Borderlands Part 23: The Big Googly Eye of HeliosPrevious Post
Next PostBorderlands Part 25: Wrapping Up

51 comments

 

Broken Stuff and Security Concerns

By Shamus Posted Wednesday Jan 10, 2018

Filed under: Notices 51 comments
Patreon BackpedalPrevious Post
Next PostFuture Series

Yes, the forums are down. Yes, I realize you can’t edit your own comments. Let’s talk about that.

On my Linux-based webserver, there is a user account linked to me. This “shamus” account owns all the files: All the PHP scripts to drive the blog, all the scripts to run the forums, and all the images and other random files that makes the site operate. Under normal circumstances, the entire file structure is designed so that only my user can upload, delete, and modify files.

However, you need to make some exceptions. For example, I run a WordPress plugin that makes weekly database backups. This plugin needs to be able to save these backups, which means that I need to make the backup directory writable for all users, not just the “shamus” userPHP, MySQL, and other processes are owned by the root user.. Otherwise, the backup plugin would run but it wouldn’t be allowed to save the resulting backup to disk.

So I need to make a few spots on the machine where processes not owned by me can put files. This alone isn’t enough to compromise the security of the machine, although it’s often considered something to be avoided if you can help it. The danger is that it may provide an attack vector for potential hackers. If there’s a vulnerability in either WordPress (the software that runs the blog) or PhpBB (the software that runs the forums) then they would be able to write files to these directories.

Here is a ficticious example of how something like this could work: Let’s say the forum offers a feature where users can upload their own profile image. You’re supposed to upload a JPG or PNG image file. These files end up in /forums/profileimages/. In order for this feature to work, I need to set the permissions of /forums/profileimages/ so that anyone can write to that directory. Let’s say the people who wrote the forum software didn’t do their job and the forums don’t make sure that what the user uploaded was actually an image. Like, maybe they uploaded a PHP script. This allows them to put new pages on my site, and those pages can do all sorts of nasty things.

Now, they can’t just put those pages anywhere. Those pages can only end up in /forums/profileimages/, and only the attacker will know about them. Once the upload is done, the attacker can then manually type in the URL like so:

shamusyoung.com/forums/profileimages/badpage.php

This will cause the script to run and do whatever it’s supposed to do. This doesn’t give the attacker full control over the machine. (They can still only put new files in directories I’ve had to leave open.) They can’t re-write the blog or attack visitors directly, but this is still an alarming situation that allows them to see a lot of stuff they shouldn’t.

This is a very simplified explanation. The actual method of attack is a lot more complex and to be honest most of it is beyond me. But this is the idea in broad strokes.

A couple of months ago PeterHe doesn’t comment often so you might not know him, but Peter has been providing technical and hardware support to this site for a long time. and I discovered some files on the site that were not owned by the “shamus” user. Files like this:

lprvpluh.php
pvkmnwoj.php
onrvyxwg.php
ukwwtgwx.php

Always the same pattern: A PHP file with a gibberish eight-character name, probably generated at random. These files contained highly obfuscated PHP code and were not part of the normal file structure of either WordPress or PhpBB. More importantly, they are obviously malicious in nature.


Link (YouTube)

Peter and I have been battling this mess for the last month or so. We deleted all the suspect files, tightened up directory access, and then hoped we’d fixed the problem. Then a few weeks later the mystery files would show up again and we’d have to start over.

Last week the files showed up for the third time, and so we went to maximum paranoia level. We wiped WordPress clean and started over with a fresh install. We uninstalled the forums completely. This machine is now as locked down as we can make it. There are no directories with write access. This would break several of the WordPress plugins I use, but since I haven’t installed any plugins that’s not a problem yet.

If the problem returns, then I’ll need to contact my host and have them wipe the machine clean and start over. I’d hate to do that, since it would result in a ton of downtime. (The blog has about 1.2 gigabytes of images, and I don’t have a very fast upstream connection. That would be a long upload. Not to mention the time required to restore the databases and re-install everything.)

I’ve deliberately left out a lot of details on the off chance that the attacker actually reads the blogThis is unlikely. These kinds of attacks are often done by bots.. So if you’re thinking of asking, “Why don’t you guys just X?”, then keep in mind we probably did X but I’m leaving it out of this explanation.

So that’s why the forums are gone and all of our quality of life plugins are missing from the blog. It’s a known issue. We’re still investigating. If all goes well, then we’ll eventually get back comment editing and all the other little plugins we’re used to.

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Patreon BackpedalPrevious Post
Next PostFuture Series

51 comments

 

Dénouement 2017: The Best Stuff

By Shamus Posted Tuesday Jan 9, 2018

Filed under: Industry Events 132 comments
Dénouement 2017: The Good StuffPrevious Post
Next PostE3 Approaches

Other people have pointed out in the comments that this has been an amazing year for games, but as luck would have it the really stand-out titles came from platforms and genres that I’m just not into. Nintendo had a good year. (Mario, Zelda.) JRPGs had a good year. (Persona, Nier.) Online PvP was doing some interesting things. (PUBG, For Honor.) It wasn’t a bad year for collect-a-thons. (Assassins Creed Origins, Shadow of War.) And we got some genuine oddities that tried new things and succeeded. (Sexy Brutale and Cuphead.) But for various reasons, none of that stuff landed in my wheelhouse.

So while I’m not brimming with enthusiasm for the offerings of 2017, I acknowledge it was still a pretty good year overall. It just wasn’t my year. (Aside from my top pick.) Anyway, let’s finish this chalk outline I’m drawing around 2017 so we can send it off to the morgue…

Continue reading ⟩⟩ “Dénouement 2017: The Best Stuff”

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Dénouement 2017: The Good StuffPrevious Post
Next PostE3 Approaches

132 comments

 

The Best of YouTube: Andrew Huang

By Shamus Posted Sunday Jan 7, 2018

Filed under: Random 64 comments
Oh Hi Mark HamillPrevious Post
Next PostGetting Over It with Bennett Foddy

If you’re on this site, then you probably have some passing knowledge of tabletop roleplaying games. Likely as not, you found me through this webcomic. Which means you know how it works when you create a character: You roll some dice, and the outcome determines your stats. Maybe you roll a 12 for Strength, a 13 for Charisma, a 3 for Wisdom, a 9 for Intelligence, and so on. The numbers fall on a bell curve, with the low and high values (3 and 18) being far less likely than the values in the middle of the range.

I actually experimented with this way back in 2006. The odds of you rolling the dice and getting a magical super-character with all of their stats set to 18 is an astounding 1 in 101 trillion. So if a player showed up to your game with such a character you’d feel pretty safe calling them a cheater, right? I mean, it’s obvious.

Now imagine they do one worse. Imagine they’re not just cheating at a roleplaying game. Imagine they’re blatantly cheating at real life. That’s what Andrew Huang is doing.

Huang runs a Youtube channel where he posts weekly videos about his experiments and adventures in music-making. I don’t know the full list of instruments he plays, but I know it includes keyboards, guitar, drums, and violin.

All by itself, that’s a little suspicious. It’s not unheard of or anything, but when someone has mastered that many instruments they’re clearly way ahead of the curve.

But then on top of that he’s also a composer and lyricist. And a singer with a pretty good range. Still not convinced he’s cheating at life? How about the fact that he’s also a rapper with amazing speed and he has a keen understanding of what makes music compelling.

Okay, I hear you saying this isn’t necessarily cheating. After all, guys like Beck have all these skills while also mastering a dozen instruments. It’s rare, but not impossible.

What if I told you he was also an accomplished sound engineer, producer, and that he is able to work in almost any genre? Is that pushing the limits of credulity for you yet?

Now maybe you’re think this is still possible if someone dedicates their whole life. Like sure, you can accomplish all of this, but by the time you mastered the big stuff you’ll be a dumpy middle-aged person. But Andrew is young.

And fit.

And handsome.

And he’s funny.

And he’s got a talent for making fun YouTube videos, which is another skill set entirely apart from the music stuff. Oh, and let’s not forget the time he did a rap song that incorporated five different languages. I mean come on, man. Did you think we wouldn’t notice?


Link (YouTube)

Anyway. It’s a really cool channel if you don’t mind the flagrant stats inflation.

Envy? What envy? I have no idea what you’re talking about.

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Oh Hi Mark HamillPrevious Post
Next PostGetting Over It with Bennett Foddy

64 comments

 

Overhaulout Part 11: The Ugly Factory

By Rutskarn Posted Friday Jan 5, 2018

Filed under: Video Games 93 comments
Overhaulout Part 10: Bury My Heart at Little LamplightPrevious Post
Next PostThe Witcher 3

The internet quakes with hatred for Little Lamplight, but besides a few dismissive complaints about flashbang logistics I’ve not heard anyone talk about Vault 87. This leads me to a small and admittedly contestable digression about how modern Fallout games are discussed by their fanbases. My survey methodology consists of Reading Too Many Internet Comments, so feel free to rebut with your own and be sure to include an appropriately scornful reaction gif.

By now I think I’ve read an equal amount of straightforwardly fannish discussions of Fallout 3 and New Vegas. I’m excluding here discussions about which one is better, or fun conversations co-opted into a dominance battle by salty New Vegas fans, or even nuanced goods-and-bads critical shakedowns. Basically, I’m just talking about low-key conversations where someone brings up either game and it sets off a chain of people complimenting it. Said positive discussions about Fallout 3 focus around two subjects:

  • The extemporaneous experience of playing the game (“I loved just roaming the Wasteland, dog at my side, gun in my hand, picking my nose, full bowl of cereal, she hadn’t left me yet, exploring ruins…”)
  • A dozen or so “hit” quests, character, or locations (“Remember the Vault with the Garys? Moira? Megaton? Paradise Falls? North Korea, South Korea, Marilyn Monroe?”)

Whereas the New Vegas conversations focus far less on the extemporaneous experience, but cover a much larger area of the written and planned content, to the point where I can’t say confidently that I’ve never read a discussion of almost any quest or character.

Assuming you buy any of my ad hoc sampling salad, you’ve got two faction-coded inferences to choose from: “A lot of Fallout 3‘s content isn’t very interesting” and “Obsidian’s bad at creating an experience that transcends its content.” I’d actually hedge somewhere in the middle, but for obvious reasons that first idea’s more relevant to this project, and I’ll follow it up with this one:

Nobody talks positively about Vault 87 because it’s nowhere near as good or interesting as it should be.

Continue reading ⟩⟩ “Overhaulout Part 11: The Ugly Factory”

 

Rutskarn is a writer, author, wordsmith, text producer, article deviser, prose architect, and accredited language-talker. If you enjoy his contributions to this site you could always back his Patreon.

Overhaulout Part 10: Bury My Heart at Little LamplightPrevious Post
Next PostThe Witcher 3

93 comments

 

Borderlands Part 23: The Big Googly Eye of Helios

By Shamus Posted Thursday Jan 4, 2018

Filed under: Borderlands 30 comments
Borderlands Part 22: Stay Awhile and ListenPrevious Post
Next PostBorderlands Part 24: The Rise of Handsome Jack

Once the player is done with the robot “army” thing, the team returns to Helios Station to kick the bad guys out. On one hand, it’s nice to get off the moon and see some fresh scenery. On the other hand, I really miss my low-gravity double-jump ground-pounding. I guess I’m just never happy.

As part of re-taking the station, we have to rescue a bunch of scientists. These aren’t generic nobodies. These are named, voiced characters with unique personality quirks and character models. Which leads us to…

Continue reading ⟩⟩ “Borderlands Part 23: The Big Googly Eye of Helios”

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Borderlands Part 22: Stay Awhile and ListenPrevious Post
Next PostBorderlands Part 24: The Rise of Handsome Jack

30 comments

 

Dénouement 2017: The Good Stuff

By Shamus Posted Tuesday Jan 2, 2018

Filed under: Industry Events 123 comments
Dénouement 2017: The DisappointmentsPrevious Post
Next PostDénouement 2017: The Best Stuff

A reminder that while I do arrange these best-of lists into numerical order and I do try to push my favorites to the top, you shouldn’t read too much into the placement of individual entries. If you handed me the titles from my 2015 list and told me to put them in order from worst to best, I have only slightly better odds at recreating my 2015 ordering than a random number generator.

Also, I’ve decided that once a game appears on this list, it can’t appear on a later one. I realize that games change significantly from Early Access to release to Major Updates Three Years Later and you could argue that the final form of the game differs from the original far more than any two subsequent Call of Duty sequels. You could make the case that it’s practically a different game now, so maybe it should be eligible to win again. But this would be boring. If games were allowed to win in multiple years, then Minecraft would have dominated from 2010 to 2014. If we go strictly by hours played, then Factorio ought to win again this year.

The No-Show List

The spelling of NIER will never not drive me crazy. Dunno why, but I want to spell it ANY OTHER way.
The spelling of NIER will never not drive me crazy. Dunno why, but I want to spell it ANY OTHER way.

Before I talk about the winners, here are some games I really wanted / intended to play this year but missed out because I procrastinated, forgot, was busy with other games, or didn’t discover them until the end of the year.

Continue reading ⟩⟩ “Dénouement 2017: The Good Stuff”

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Dénouement 2017: The DisappointmentsPrevious Post
Next PostDénouement 2017: The Best Stuff

123 comments

 
OLDER POSTS
From The Archives:

PC Gaming Golden Age

It's not a legend. It was real. There was a time before DLC. Before DRM. Before crappy ports. It was glorious.

 

How to Forum

Dear people of the internet: Please stop doing these horrible idiotic things when you talk to each other.

 

This Game is Too Videogame-y

What's wrong with a game being "too videogameish"?

 

MMO Population Problems

Computers keep getting more powerful. So why do the population caps for massively multiplayer games stay about the same?

 

Project Octant

A programming project where I set out to make a Minecraft-style world so I can experiment with Octree data.

 

Shamus Plays WOW

Ever wondered what's in all those quest boxes you've never bothered to read? Get ready: They're more insane than you might expect.

 

The Loot Lottery

What makes the gameplay of Borderlands so addictive for some, and what does that have to do with slot machines?

 

Marvel's Civil War

Team Cap or Team Iron Man? More importantly, what basis would you use for making that decision?

 

Spider-Man

A game I love. It has a solid main story and a couple of really obnoxious, cringy, incoherent side-plots in it. What happened here?

 

Secret of Good Secrets

Sometimes in-game secrets are fun and sometimes they're lame. Here's why.