Latest Comments

Although this is quite an old article, adding some of my recent experiences (April/May 2017) with 7 Days To Die. I'm playing Alpha 15.2 version.

I have been quite blown-away by the game. In about 3 weeks, I have been excessively playing it (totalling 100+ hours). It is a shame that development has been plodding along fairly slowly for the past 3 years, and it is still considered as Early Access, but despite that the game plays with practically zero crashes (for me).

Quite impressed that the couple of times the game did crash, going back into it took me to the same point in my travels.

So, you might ask, WHY do I think so highly of it?

It is currently a bit of an unpolished diamond. Yes, there are graphical glitches and various minor things could be improved to make it into a more professional product. BUT, its core game play is very good indeed. The game is incredibly immersive and you really feel like you're in this post-apocalyptic setting, doing what you need to do to survive.

You feel like you have lots of choice and freedom to decide how you're going to take things forward.

I started the game not really understanding the controls, not knowing how to begin crafting. I haven't played Rust, Minecraft or similar game. I suppose Dying Light is the closest game I've played to this - But Dying Light doesn't have the base building or resource mining, and there is a lot less strategy, resource, and time management aspects to Dying Light. (However, Dying Light does excel on the other content - fighting mechanics, parkour, 3d graphic models, quests)

You start off with a pretty weak character, and when zombies come shambling over your best bet is to run off. The zombies are the classic shamblers during daytime. So when you're aware of their presence it is easy enough to keep out of their range. But if you aren't watching around yourself, listening for noises, you could miss one and be attacked from behind or even surrounded by a bunch of them. This ties in very well with the scavenging and resource gathering. While you're concentrating on digging for clay (which you need for bricks), and failing to keep an eye around you, then the zombies sneak up and strike (and bam - you're dead). It is one of those immersive aspects of the game.

Similar to the Dying Light game, your character gains ability in particular skills by using those skills. So, running around a lot improves your athletic ability and your stamina and you are able to run around for longer without getting tired. Digging for resources improves your skill in that area, which in turn allows you to mine for resources faster. Your character levels up every so often, and you have a load of possible skills to improve with level-up points. e.g. Improve your archery, your scavenging, your treasure finding ability, your pistol shooting, your crafting speed, your bartering with NPCs. It's a nice progression, and it means that your character gets customised to your play style. Let's say you want to create a cowboy character, then you can aim to develop skills in those directions - i.e. Gun smithing, and pistol and magnum (6-shooter) shooting.

The base building side really comes into play in the evenings in the game world. During evening, the zombies turn from shambling hulks to rather-more-agile awkward runners. They are also a bit better at sensing / smelling you in the evening, which makes it a very deadly time to be out in the woods on your own. So, you aim to build a base during daytime, and hide away in it during the night. While in the base, sorting through your inventory (e.g. putting all your food into this box), crafting items (e.g. making arrows), eating your meagre provisions, planning how you're going to spend the next day (e.g. looking at the map, deciding which way you're going to explore). Also you could be on the battlements of your base, sniping the zombies. All this activity does keep the game very engaging and interesting. Also, the fact that the zombies will sniff you out, and attack the base and break through walls - makes it a very tense and captivating experience.

My very first base was built on the top of a small hill, so I could survey the land around me. It had a locked door in and out, a ladder on the inside leading to the roof. And I could walk around on the roof, with my bow and arrows, out of reach of zombies and somewhere to escape (jump off and keep running!) if they broke the door down. Well, I found out a number of things. The base wasn't up to spec. They broke in. They could climb the ladder and get to the roof. They don't tire, so while you and they run at approx the same speed (at night), they can keep on going where your stamina runs out and you slow down to a crawl.

And that's where the beauty of "7 Days To Die" lies. Once you've been beat, you haven't built a great base, you need to plan how you're going to build a better one. Where are you going to put it. How you're going to fortify it. And doing all this while thinking about all the resources you need to collect, e.g. wood for building, food for nutrition, clean water for safe drinking.

Very immersive. You really feel like you're in the zombie-ridden world, trying to survive, thinking what you're going to do to avoid being killed. Freedom of choice to do things the way you see fit. A big realistic environment - Plains, snow-covered mountains, forests, towns, farms, hot deserts, rivers, lakes. The environment - e.g. Wetness, Cold, Heat - All affect you, so you need to counter those conditions.

Even though it is Early Access, I'm really enjoying it as it is running now. I'm actually surprised at how great this game is. Really addicted by it. Want to play more and more of it.

BUT, one little thing I've noticed now that I've put quite a bit into the game. It gets harder and harder over time, and I'm starting to get frustrated that the threat is too great for me to cope with any more. There are some ways to cheat the game, but I'm not keen to resort to such things. Also, the game is modification rich and there are lots of config settings, so I could probably turn down the threat a bit if I wanted.

View this comment - View article - View full comments

Age of Wonders III for $8 on Steam.

:D

View this comment - View article - View full comments

There is also a bundle on IndieGala with a nice $1 tier and with Pac-Man 256 in the second one ($4.99)
https://www.indiegala.com/littlenightmares

The non-Linux games run ok with Wine (RR with some glitches):

Ridge Racer
Enslaved: Odyssey to the West
Ace Combat: Assault Horizon


Overlord Complete Pack -75%
gamesplanet DE
gamesplanet UK
gamesplanet FR

View this comment - View article - View full comments

Ron seems like a great guy who is honestly still doing game development because he loves his job, the culture, and the art. I'm really glad to see this game getting so much press from all around.

For those interested:

Triangulation #293 with Ron (podcast/video) Really great episode! (Apr. 10, 2017)

The official blog has all the archived developer notes, including original whiteboard drawings, among other details that someone interested in game development might want to look through.

It's nice that he noted how important supporting Linux (and MacOS) is; if I read one more FAQ that says "We're a small team with limited resources, this is a possible for a sequel, version two, etc..." re: "Will there be a Linux release", I think I'll go crazy. I'd rather it not be mentioned -- it's as if they KNOW it's asked frequently enough to mention it, but they can't hit the export button on Unity :|

View this comment - View article - View full comments

I think I will play Police Quest instead. Much better graphics.

View this comment - View article - View full comments

Quoting: nitroflowThis also delivers a story and quests, problem is that only one of the three main quest lines is fully implemented

As of R41 it's now possible to complete both Love and Truth quest lines, however most of the side quests are still missing.

View this comment - View article - View full comments

I would be very weary of S2 games, the maker of Brawl of Ages. They have a very, very bad habit of dropping development of their games out of nowhere. Strife being a really good example of that habit. Honestly, I would either wait for Minion Masters from BetaDwarf to come out on Linux or just play it in wine.

View this comment - View article - View full comments

Picked up the full Humble Very Positive Bundle for myself. I was particularly interested in "The Curious Expedition" but the rest were appealing. "Stephen's Sausage Roll" is lauded as a great game.

Also, this deal is still on:

Duke Grabowski, Mighty Swashbuckler at 72% discount, and includes Steam key and DRM-free download. (It is similar to old-skool Lucas Arts point and click adventures.) I bought it myself a couple of days ago (with the Humble Subscription discount, so even cheaper.)

View this comment - View article - View full comments

"The Unity team note that no passwords were taken"
---
You cant NEVER say "no passwords where taken", only thing you can say "passwords are taken" if you are sure that they where taken; you must act on presumption that they are taken.
---
Everybody who says "no passwords where taken" dont know a shit about security, Unity team claim is wittingly a LIE (because they cant know that for sure), their security enginering skill is only second to their 3D engine enginering skills.

View this comment - View article - View full comments

Quoting: KimyrielleIn the end, my fundamental problem with 2FA that it doesn't really provide any significant additional security for people who use good passwords or service providers that aren't completely inept.

This is, with all due respect but to be totally honest here, not the right attitude. It reminds me a lot of all the companies out there who believes that they are safe from attacks because they got such a modern and secure firewall. Everyone must have mechanics in place that handle an invasion of their network. Just like every user must be prepared to what can happen if their passwords are exposed.

Two layers of security is and will always be better than one. Just think about it: As a service provider you build intricate analysers who scan the traffic for suspect actions, set up tight rules on each layer, from firewall to router to load balancers to application servers, an entire stack of security to stay safe from the wilderness.

And then you leave the main entrance up to the individual users out there, with one tiny little string of characters as the only - ONLY - prevention from someone totally taking over the account on that server, with all privileges that comes with that user. Just one little string, consisting of usually 6-8 characters, often in a clear pattern. One single point of failure. It goes against everything you've ever learnt in computer security.

A temporary token system makes your account safe even if you get a friggin' KEYLOGGER installed on your computer. You are safe(r) from many man-in-the-middle attacks that leaves your password exposed. Or when the service providers database is breached and passwords are not properly protected (this happen ALL the time - it's reality. A scenario where everything is perfect is utopia - you can't use that as a prerequisite). You are safer from a whole stack of attack methods where you - the user - are totally without blame, methods where your personal practise means squat, zero, nill.

Can't you see? It is a layer of security that has other properties than a static password can provide. And that is a Good Thing.

Quoting: KimyrielleBasically 2FA is an attempt to cure stupid.

Yes, that and laziness. Especially laziness.

Quoting: KimyrielleAnd we all know that in the end you can't.

But we have to limit the consequences sa best as we can. We have to, and we do - everywhere.

We have rules for security equipment in dangerous workplaces. Why the hell don't bikers wear a helmet without rules telling them they have to or they will be fined? That's how we cure stupidity there. We cure stupidity absolutely everywhere.

And 2FA is a good cure. one of several cures. The others are done server side. But we have to secure also the client side of things - we can't handle absolutely every scenario server side.

Quoting: KimyrielleFor people who are NOT stupid, it doesn't do anything except making their life more complicated.

Hence, "laziness".

Quoting: KimyrielleBut go ahead and convince me: Tell me how to design a 2FA system that's foolproof regarding people losing their token, WITHOUT compromising its security in the process, that STILL lets people use the system 100% anonymously if they so desire, AND doesn't put any sort of market leverage in the hand of the token provider, despite them having to be a monopoly by definition (we still want to avoid having to deal with more than one token system!)

That is not the topic. The topic is security. Two layers of security are better than one - period.

We can discuss anonymity and the internet another time. Or market leverage or app design.
The topic now is if 2FA provides a more secure regime than one single password. And it does. If you lose your phone or password file or the password to your password file or whatever else, that is a challenge that must be handled. It must be designed a system that can take care of that the best possible way with the least risk involved. Yes, it is a challenge, but as long as we deal with passwords at all, we just need to handle that.

Personally I am against passwords, period, since it's such a pain in the arse either way, and a stupid stupid thing from a security perspective.

I predict that in a decades time we don't have to fool around with these bloody passwords anymore - then there's other systems that's taken over verification.

My password file contains 150 passwords. Count'em: One hundred and fifty unique passwords, and mostly unique usernames too. And many have much more than that. It's complete, plain madness of a archaic system that stems from a time where we all had one account on our LAN. It's one giant ulster of a security challenge that can only be overcome by replacing it with something better.

But until then: Temporary passwords with one usage and then scrapped does negotiate a few of the gaping flaws of static passwords.
That's really all I am hoping to make you, and others, realise. So can we all join in on a complain hymn about the hassle, oh the hassle!, until something better comes along.

View this comment - View article - View full comments

Instant buy for sure. Let's be positive :)

View this comment - View article - View full comments

The target audience appears to be for people with lobotomies.

View this comment - View article - View full comments

yeah they forced a pwd reset. I'm not happy lol...

View this comment - View article - View full comments

I just went and watched chunks of a relatively recent long video of someone playing . . . It looks interesting. One thing I like is that it backs away from the almost ever-present Civ model of "One piece of production or research at a time" and instead lets a planet work on a group of different things simultaneously--I think with different priority levels, or something. And again, lets you research a few things at once if you want. In a way, that's a return to the MOO I approach.
Unfortunately, I dunno if I'm up to rolling my own; I'll have to see whether my distro packages it and if so, how ancient the version is.

View this comment - View article - View full comments

Quoting: BeamboomWell, then criticise that, then.

That's indeed what I do and what I called the "reality check" that 2FA doesn't survive. The entire concept has several really fundamental problems that just aren't solved and probably never will be. Like how to solve the lost token recovery WITHOUT trampling on your privacy (and please don't point me at Facebook or Google...we know for a fact that neither of them gives a flying shit about your privacy). Which is a hilarious circumstance given that the most popular token is a device people are super prone to lose - their smartphone.

In the end, my fundamental problem with 2FA that it doesn't really provide any significant additional security for people who use good passwords or service providers that aren't completely inept. Basically 2FA is an attempt to cure stupid. And we all know that in the end you can't. For people who are NOT stupid, it doesn't do anything except making their life more complicated. And introducing a lot of new problems, like making one lose access to -everything- if they happen to lose the single point of failure in that system - their phone.

But go ahead and convince me: Tell me how to design a 2FA system that's foolproof regarding people losing their token, WITHOUT compromising its security in the process, that STILL lets people use the system 100% anonymously if they so desire, AND doesn't put any sort of market leverage in the hand of the token provider, despite them having to be a monopoly by definition (we still want to avoid having to deal with more than one token system!)

View this comment - View article - View full comments

Quoting: KimyrielleI find it both funny and a little offensive that you're basically suggesting that I don't understand how 2FA works.

No - I don't think you knew how the tokens - the temporary passwords - work. If you thought that it was giving your keys to Google (or whoever) then yeah, it would be stupid. But it's not.

Quoting: KimyrielleI know that you're not -technically- handing your keys to Google. You're still making yourself dependent on them and their service. Which is in the end just as bad.

Oh come on. It's an offline tool - one of many of whom you can freely choose. The algorithm is open and freely available for anyone to implement. You're trying to create an argument that's not there, now.

Quoting: Kimyrielle

QuoteAnd the service providers do of course offer a functionality for the case where you have lost/stolen your phone. Just like if you've lost/forgotten your password.

Yes, that's my point. Most of these recovery procedures are really weak security. As weak as a bad/lost password. "Answer this silly question about you, that every halfway determined person can find out in 5 mins". Yeah, right!

Well, then criticise that, then. But this is the same regardless if there's one of two layers of password security!
And it then becomes a task for the service provider to handle. Look at how Facebook and Google handles it. Their systems are far more compex than a stupid "secret question" request.

But this is a different discussion.

Quoting: Kimyrielle

QuoteAn offline encrypted password file can be hammered forever with no risk - billions of attempts every minute - it's just a matter of a pile of CPU cycles to break that open.

You do realize that brute force attacking a file encrypted using a proper cypher and a -good- password takes multiple lifetimes, yes?

You're cherry picking the quotes now. I stated that this password often is not secure, because it's a password the user have to remember and use often. I can promise you this, the majority of encrypted password files are not using a long, complex password. It's incredibly impractical when one need to open it regularly.

Quoting: KimyrielleCan't cure stupid. But if they can't be bothered using a good password for the most important file they possess, what makes you think they'd want to add a super-inconvenient second authentication layer on top of that? And that 2FA is super inconvenient is just an objective fact, sorry.

If it was up to average joe there would barely be any security at all, they'd disable most of it. 2FA must be enforced. Like the banks do today, for example.

View this comment - View article - View full comments

Quoting: BeamboomBut again - once you understand how this works you'll realise that this system is, in fact, very good.

I find it both funny and a little offensive that you're basically suggesting that I don't understand how 2FA works. But I guess rule #1 for internet debates applies: Whenever you're running out of good arguments, take a stab at the other person's qualifications!

I know that you're not -technically- handing your keys to Google. You're still making yourself dependent on them and their service. Which is in the end just as bad.

QuoteTwo password walls are better than one. And if that second password is valid for only one single minute before it's scrapped, it's even better.

The problems with 2FA I tried to point out isn't related to that. I already said it's a good idea on paper. Unfortunately one that doesn't survive a reality check. See my above postings.

QuoteAnd the service providers do of course offer a functionality for the case where you have lost/stolen your phone. Just like if you've lost/forgotten your password.

Yes, that's my point. Most of these recovery procedures are really weak security. As weak as a bad/lost password. "Answer this silly question about you, that every halfway determined person can find out in 5 mins". Yeah, right!
To me, the recovery question is actually THE central weakness of 2FA as a concept. I can't remotely think of a good solution to that problem that wouldn't completely do away with any notion of privacy/anonymity online. Which is unacceptable.

QuoteAn offline encrypted password file can be hammered forever with no risk - billions of attempts every minute - it's just a matter of a pile of CPU cycles to break that open.

You do realize that brute force attacking a file encrypted using a proper cypher and a -good- password takes multiple lifetimes, yes?

QuoteEspecially since most users use a simple password on that file - since they have to open it quite regularly.[quote]

Can't cure stupid. But if they can't be bothered using a good password for the most important file they possess, what makes you think they'd want to add a super-inconvenient second authentication layer on top of that? And that 2FA is super inconvenient is just an objective fact, sorry.

[quote]So if a hacker gets their hand on that file, you may just as well consider the content exposed. One with know-how will be able to pry it open.

No, they can't. I'd die long before they'd be finished. In contrast to Darth Helmet I don't use 12345 as a password. That being said, I'd still change my passwords if I'd ever lose my phone. Chances are that I am done before they brute forced my password file. *shrug*

View this comment - View article - View full comments

Makes me think of that old game "Chrome".

This also looks exactly like someone just chucked a bunch of plug-in assets together using plug-in code.

View this comment - View article - View full comments

QuoteNow you unlock cards with either Valor (earned by playing) or Gems (purchased with money).

I use to play WOT and AW back in my windows days.
Those games felt you could either progress by having time or by having money.
Hate that style of mechanic in Free to Play so much. Made me waste sooo much money on free to play games in the past.
Will skip this for sure.

View this comment - View article - View full comments

I don't want to be shallow and judge a game just by its trailer , but COME ON
I don't mind old looking graphics , I love older games, but this just looks ugly.
Also no real clue how that vehicular combat is supposed to work based on that.

View this comment - View article - View full comments

Quoting: TheRiddickThey should have released the engine for free, and put some sort of royality on it if you game actually sells anything.

Not sure if leadworks is open-source, but to survive it would need to be!

This trailer looks like a 1998 game.

The lure of that game engine were precisely it's licensing model (that and the promise of having a professional tool native on linux, hah! ) - unlike most other commercial game engines at the time were there was a monthly, yearly or % fee. Here instead it's a onetime sum and your done, make for a more tidy budget which is important when you are an aspiring indie dev that has mouths to feed.

The game might look like a relic from the 90's.. but honestly so does the editor, it had that glorious windows 95 feel to it "will it crash in the next 15 seconds? who knows? will is destroy files at random with no warning while doing so? who knows?"

View this comment - View article - View full comments

Quoting: KimyrielleI find it also hilarious that people use Linux to escape MS's monopoly, but would be willing to handle Google the keys to each and every online service they use. Just sayin'.

No, you don't understand how this works.
The token you are given by the app is based on a private key that is stored locally on your phone. The application (who doesn't have to be Google's, but any that support that same protocol) uses the timestamp as the second key, and calculates the token based on that. That's why a token only last for a minute - and this is why you need to re-tie the account to your phone when you get a new phone.

So the app doesn't (and shouldn't) require network access privilege, nothing whatsoever is sent across any network - it can forever work on an offline phone -it doesn't even need to have a simcard. Just like those RSA "dongles" that some have from their bank to supply temporary 2nd password. Exact same.

There are of course those who do offer a "cloud storage" of your private key, so that it'll always work across devices. But yeah - it's up to you if you trust that provider or not. I'd not do it, that's for too damn sure.

So why is the Google Authenticator so popular? Because it offers a nice interface to your various keys. It's user friendly. That's the simple reason to use that offline app.

But again - once you understand how this works you'll realise that this system is, in fact, very good.

Two password walls are better than one. And if that second password is valid for only one single minute before it's scrapped, it's even better.
And the service providers do of course offer a functionality for the case where you have lost/stolen your phone. Just like if you've lost/forgotten your password.

Bu this is the way forward. By far not all users practise good password policy, but this enforces proper password practise for all users just by its very nature. From the service providers perspective it doesn't really matter anymore of the user uses one single password across the entire internet - it doesn't put your service at risk unless they *also* break into the users phone. One more barrier to break, and let's face it, it's a tough one for online hackers.

An offline encrypted password file can be hammered forever with no risk - billions of attempts every minute - it's just a matter of a pile of CPU cycles to break that open. Especially since most users use a simple password on that file - since they have to open it quite regularly.

So if a hacker gets their hand on that file, you may just as well consider the content exposed. One with know-how will be able to pry it open.

View this comment - View article - View full comments

Quoting: Beamboom

Quoting: Kimyrielle

I totally disagrees with all you say, Kim. A good password is unique to each account. And a collection of unique passwords WILL have to be stored in a password file of some sort, and that file WILL, for most persons who do practise good password policy, be stored on the mobile phone too (typically via cloud). And then you're pretty much back to square one if you do lose your mobile and someone gets past the login of the phone.

To argue against 2FS and for good password policy is pretty much counter-productive. 2fs makes the requirement of good passwords less vital and a system much, much more robust. That's the way to go.

In my opinion, absolutely everything even remotely vital (ergo store important data) should be 2FA - preferably all using the same token technology, but today all but one service that I personally use are using the algorithm used in Google Authenticator (it's an open standard, can't recall the protocol right now).

The vital difference is that if I lose the phone with my encrypted password file (people who put unencrypted password files on phones or cloud servers are stupid anyway), I still have a copy of it in my backup, or on my desktop PC. So, if I lose my phone with my encrypted password file, I can simply recover the copy from my backup and carry on. OTOH, losing a 2FA token is a major disaster, since that's the exact thing you need to authenticate with. Recovering lost 2FA tokens is a completely unsolved security problem, btw. There is no satisfying way to prove that the lost token was actually yours, because the possession of the token IS what the system is using to identify you. A service provider will usually resort to asking you things you know, essentially opening possible social engineering attack routes and eliminating most of 2FA's additional security (authenticating with something you KNOW is what passwords do...)

I find it also hilarious that people use Linux to escape MS's monopoly, but would be willing to handle Google the keys to each and every online service they use. Just sayin'.

View this comment - View article - View full comments

I'm just trying to figure out where the "About the game" story--a botanist managing oxygen production for people in stasis--turns into a vehicle combat game.
The actual trailer seems less like a game and more like one of those vaguely hypnotic pieces of video that are supposed to somehow make sense if you're high.

View this comment - View article - View full comments

trailer indeed looks like 1998 game. Nothing that grabs me and its a gameplay trailer. those CGI Trailers never pump me up so i always what to see gameplay footage but this really looks bad. i thought leadwerks can do better than this but this seriously looks like some dosbox game

View this comment - View article - View full comments

Quoting: Guest

Quoting: slaapliedje

Quoting: Guest

Quoting: Purple Library GuyWhatever happened to that mech game that was like turn-based with small squads of mechs, that there was an article about in GoL some time back? Unfortunately I can't remember the name . . .
Like, I think it maybe was still in beta or something at the time, and I don't remember hearing of it being released . . . but maybe it was actually out and I just forgot to put it in my wishlist . . . urgh, my memory. It's annoying because I can remember it seemed pretty cool and now I don't know how to find it; it's been niggling at me every time a mech game comes up.

Battletech, maybe?

Kickstarter says May 2017... GIMME! Been wanting a hard core battletech video game for a VERY long time. This one looks like it's the first proper one ever (based fully on the board game).

It's been pushed:

QuoteRegarding the final release date for BATTLETECH: As noted during our livestreamed dev Q&As and on our forums, once we unlocked all of our Kickstarter stretch goals, our estimated release date of May was no longer valid. Way back then we said things like "Summer 2017.” Now that we're further along, we're targeting a Late Summer / Fall release of the game - but we won't be announcing a more exact release date until we're much closer in!

Thank you everyone. Yes, looking at a bit of trailer stuff I think that was it. And I guess it not being out yet is why I hadn't heard more. Definitely looking forward to, uh, "Late Summer/Fall". Especially since I'm quite fond of Harebrained Schemes, being a big Shadowrun fan. Their Shadowrun games are both a lot of fun and a better representation of the paper-and-pencil RPG than one would have a right to expect.
. . . Say, the kickstarter video says they're using Unity 5. Zat mean it would use Vulkan?

View this comment - View article - View full comments

They should have released the engine for free, and put some sort of royality on it if you game actually sells anything.

Not sure if leadworks is open-source, but to survive it would need to be!

This trailer looks like a 1998 game.

View this comment - View article - View full comments

It seems interesting. Was on my wishlist until I realized it did not have Linux support. Maybe it will come back when it does indeed come to Linux.

View this comment - View article - View full comments

If trailers are meant to sell a game, this video must not be a trailer.

View this comment - View article - View full comments

It looks a bit like the more recent Valley, which is already available on Linux.

View this comment - View article - View full comments