Rift and hacked accounts

Posted on by Nimgimli

Disclaimer: I am not a security expert.

I’ve been seeing a lot of talk about folks getting their Rift accounts hacked. Most often the #1 question is “How did this happen?” People go crazy examining their systems for key loggers or other malware that might be delivering their credentials to some hacker.

I have my own theory on what’s going on. Part of it is Trion’s fault, part of it is the internet’s fault. I don’t think we’re seeing a massive key logger issue here; at least not one on our home computers. That’s assuming the problem is as extensive as the community seems to think it is.

I think we’re seeing an organized, brute force hacking attempt across a multitude of accounts. If you’ve never read about rainbow hash cracking, now might be a good time to do so. Note the first line in that post: The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password “Fgpyyih804423” in 160 seconds. and the post is from 2007; you can imagine how much faster these cracking software packages work today.

[Update] Glad I put the disclaimer about not being a security expert in there. According to a friend on Twitter (who I won’t credit just so as not to put him in the spotlight) in order to use these rainbow tables, the hackers would first need to have access to Trion’s database of hashed (encrypted) passwords. Or, of course, a dump of any other database of passwords where you used the same password. So I may be off-base in my whole theory. [End Update]

So what can you do? Honestly, not very much. I think Trion stumbled when they limited password length to 16 characters. Coding Horror’s Jeff Atwood promotes the idea of pass phrases. So instead of “!ah84&nah3” as a password (which can be cracked pretty quickly using rainbow tables) your password might be “IreallyLove_Rift_(because)all(!)myhawtfriendsplay!” My understanding is (again, not a security expert) that a password that long is going to be hard to crack even with rainbow tables, because the size of the table it would require would be so freaking huge. There’s a little bit of “When a bear is chasing you, you only need to be faster than your friends” thing going on. A lengthy password takes you out of the “low hanging fruit” demographic.

For me, that long passphrase is also easier to remember and faster to type than !ah84&nah3, but maybe I’m just weird.

Anyway the point is moot since Trion limits us to 16 character passwords.

I’m also not sure about having to use your game login credentials to log into the forums and website. How many people log into the forums from public Wifi at a coffee shop or something? Since the site and forums use https:// to log in, they *should* be secure but I still feel uneasy about that.

Anyway, the good news is… well, there isn’t really any good news, except that if you get hacked don’t pull your hair out examining and re-examining your system looking for key loggers.

The best you can do at this point is using all 16 characters of your password and definitely mix in punctuation. But I suspect that the gold farming companies that are doing all this hacking are using rainbow tables that cover punctuation. Also make sure you’re using a unique password for Rift, not one you use on other sites.

Hopefully the Coin Lock feature will be the first step in putting an end to this outbreak of hacking (but I suspect the hackers will quickly start spoofing IP addresses to get around it), and I’m looking forward to Trion’s future anti-hacking techniques like authorization via emails/sms or smartphone authenticators.

Last thought: If you’re buying gold, you’re part of the problem. Remember that the gold you’re buying most likely originated from a hacked account. By creating demand, you’re encouraging hacking.

Music Unlimited vs Rdio: a Paid Streaming Music Battle

Posted on by Nimgimli

A few weeks ago Sony introduced Music Unlimited and gave PSN members a free month of the service (Music Unlimited appears on the XMB of the PS3, as well as on the web). A week or so later, Rdio & Roku announced a partnership that put a Rdio channel on the Roku. Rdio is also on the web as well as mobile devices.

Over the past few years I’d sort of gotten out of the habit of listening to music but I figured a free trial is a free trial and pretty soon my love of music was reborn. Now in the past I’d generally go to Pandora if I wanted some random tune to flood my ears, but both Rdio and Music Unlimited let you search for a specific song to play. Both cost about $10/month for the whole enchilada (and both offer a slightly crippled service for about half that).

I paid for a month of Rdio to test it, and I’m still on my free month of Music Unlimited. There’s no way I’ll subscribe to both services but I’m pretty sure I’ll do one or the other. And I’m having a hard time deciding which to go with.

Music Unlimited offers Channels which are pretty nice, if a bit similar to Pandora. So you can listen to a channel based on era (50s, 60s, 70s, etc) or mood (Energetic, Dance, Morning, etc) or Genre (Jazz, Rock, R&B, etc) or choose a Premium Station (not available on the $5/month plan). Premium channels are things like Hot Songs, Global Top 100 and so forth. I tend to stick to Era or Genre. The Top 100 lists are filled with songs I don’t like…

You can also create playlists or, as mentioned, search for a particular artist/song. If you search for an artist you can pick an album or a song to listen to.

You can Like/Dislike songs, or add them to your collection. It’s not clear to me what this accomplishes, if anything. On the home page there’s a “You might like” recommendation engine but it shows songs that I’ve Disliked, and the selections change infrequently. I wish this bit was a lot better because I’m open to finding new artists.

Rdio, on the other hand, is heavily social. The idea is that you Follow people and then Rdio composes a play list based on “heavy rotation” of your songs, your network’s songs, or all of Rdio’s songs. This is awesome in theory but in practice…I don’t have anyone to follow with musical tastes similar to mine. I know lots of folk on Twitter but generally speaking they’re from a different generation, assuming any of them are on Rdio (only 1 or 2 are).

Rdio doesn’t have any pre-generated play lists other than the heavy rotation stuff, so if I’m busy I can’t just click a button and start listening to music; I need to stop and think about what I want to hear. (Hmm, I just found a button to create a ‘radio station’ based on an artist. Will have to check that out.)

Rdio also offers artist or song search with the added benefit of offering you some data about the artist or a review of an album or something along those lines. Album liner notes for the internet, I guess.

But Rdio works on my Droid, and in fact you can download songs to your phone (Android and iPhone, at the least, are supported…maybe others too) so you can save on bandwidth. There’s also an Air desktop application that’ll run on Windows or Mac, and as mentioned Rdio plays through the Roku.

There doesn’t seem to be a way to explicitly Like or Dislike a song on Rdio.

Cost of the two services is a wash, music libraries seem about the same. Both do play lists, both will read your existing desktop music collection to jumpstart your streaming collection (neither uploads songs, they just pluck titles out of their overall collection and add them to your personal collection).

What I really want is a service that will allow me to Like or Dislike songs and create recommendations based loosely on what I listen to, tempered by my explicit Likes and Dislikes. Which sounds suspiciously like Pandora, doesn’t it? But I also want to say, like I just did, “I want to listen to The Best of Herman’s Hermits” [wow were songs short back then!] and have just HH play, not songs similar in tonality or however Pandora does it.

Having the service on mobile devices is nice but not something I’d use very often. In the car I listen to podcasts, not music, and when I’m walking around I tend not to listen to anything. 99% of my music listeningis done in front of a computer or on the home stereo, so Music Unlimited on the PS3 or Rdio on the Roku are both really nice options.

Anyway…would welcome input. I know there are a lot of other services out there: is there something better/cheaper than these two?

Is 38 Studios going Free to Play?

Posted on by Nimgimli

I thought for sure someone was going to run with this but I haven’t seen anything yet so wanted to throw this out there.

Note: I’m using the common phrase “Free to Play” but we all know these games aren’t really free. Non-subscription based is more accurate but less catchy.

At PAX last weekend we went to MMORPG.com’s “The Future of Online Gaming” panel. Great session, by the way.

One of the questions asked was about the trend towards Free to Play. Turbine’s Craig Alexander was the obvious person to answer the question and he spoke positively about how well DDO Online and LOTRO have been doing since going Free to Play. 38 Studios’ Curt Schilling was also on the panel, sitting right next to Alexander, and he was nodding along and enthusiastically supporting Alexander in sharing the benefits of a Free to Play model.

I wasn’t there as a blogger, just a gamer, so I wasn’t taking notes or anything, and so I can’t provide quotes, but coming out of the show Jeremy (@_JWGoodson) speculated that Schilling’s comments were telling and that they may have tipped us off to 38 Studios’ plans to forgo the subscription model and going straight to a Free to Play model when Copernicus finally launches.

Sheer speculation at this point, but I thought it was interesting enough to share, but too long for tweeting. 🙂

Sci-fi art imitates life

Posted on by Nimgimli

This post includes spoilers for the new V series, in particular the episode that aired on March 8th in the US.

So in-between walks around the PAX show floor this weekend, and into yesterday evening, I’ve been watching the situation going on with Japan’s nuclear plants in the wake of the earthquakes, and hearing politicians start to call for an immediate halt to work on any and all nuclear plants currently being built.

Last night we watched Fringe from last week (it aired a few days before the quake hit). In it, the Visitors are building bases on earth. They’re disguised as buildings to benefit mankind, but the resistance (the Fifth Column) realizes they’re landing platforms for hidden motherships. The problems for ‘The Fifth Column’ is how to take out hundreds of installations around the world to prevent the motherships from landing.

Their solution is to destabilize the “blue energy” power source in the local construction site. The idea is to cause an accident which in turn will cause people to worry about how safe blue energy is and thus create a popular sentiment to halt progress on all the blue energy sites being built around the world.

I tell you, it was pretty eerie watching that episode after seeing the same thing happening in real life, substituting nuclear power for blue energy…

Note: This isn’t a political blog and I’m not meaning to comment on nuclear power, either for or against. I just found the timing of this particular episode kind of interesting. Art imitates life and all that.

PAX East 2011, Day 3

Posted on by Nimgimli

Ah PAX 2011, I hardly knew ye and now you are gone… so sad.

We had a pretty short PAX day today, to be honest. The only panel we were really interested in was at 3 PM, but we had to be back home in time to pick up Lola from the Puppy Hotel by 6 and I was worried about cutting it so close (one good traffic snarl and she’d be stuck there for another night).

So we just wandered around the exhibit hall one last time. Angela made it a game to snag as much swag as possible today, so that was fun. I finally found Guild Wars 2 and watched some of that being played.

Overall seeing the “big games” at PAX wasn’t a huge deal for me. These games get so much coverage online, and I know I’m going to wind up playing them all anyway, so it’s nice to see them, get an idea of what they’re like, but I don’t hover much (plus those booths are always mega crowded).

I enjoy looking at all the rest. For instance I’m a huge hack & slash action-rpg fan so I’m stoked about LOTR: War in the North (developed by Snowblind Studios who are great at this kind of game, and published by WB) and Hunted: The Demon’s Forge by Brian Fargo’s inXile Entertainment (published by Bethesda).

FireFall still looks awesome but it’s a team-based shooter and sadly I don’t really do those. Unless they add bots. 🙂

Orcs Must Die from Robot Entertainment…think I mentioned this already…is a day 1 purchase. Oh and both Child of Eden and The Michael Jackson Experience may threaten us with actually using the Kinect. (CoE for both of us, MJE for Angela).

Anyway, we were pretty tired (hey PAX, next year don’t have the show on Daylight Savings Time weekend!) and anxious to get home so we left early. By the time I was unloading the car I was kinda wishing we were still there. 🙂 Now I have post-PAX melancholy. It didn’t help that I opened the mailbox to find claim forms for my mother’s life insurance policy and emails in my inbox from family members about how we’re going to settle her estate.

Yeah, back to real life. In my head I was anxious to leave so I could come home and play games, but in practice I just came back to catching up. Oh well.

I did, in a moment of temporary insanity, buy a $250 set of headphones for my PS3. Set those up and wow do they sound great but..what was I thinking? They’re wireless RF for audio and bluetooth for voice, very comfortable and all that. But I tell you, a few days living in a conference environment and money starts to lose it’s value. (Two nights in the Westin Hotel, at their $179/night rate, managed to cost just about $500 once they added parking, internet, and a skillion taxes, and there’s nowhere near the center with cheap food, really.)

Oh well it’s once a year and now the “Pax credit card” goes in a drawer until next year, though I’ll be paying off the hotel and those silly headphones well into the summer!!

I’m already looking forward to next year, but between now and then I’m really looking forward to keeping in contact with all the folks I met via twitter and hopefully in-game.

PAX East 2011 gets a big thumbs up from us!

PAX East 2011, Day 2

Posted on by Nimgimli

The sun came out in Boston this morning, both literally and figuratively.

All of my frustrations from yesterday kind of melted away. I found out that the lines I was bitching about yesterday were only really bad for 1 particular theater, and that was because the people running the convention center wouldn’t let the line stretch where the event planners had intended it (along an elevated section of hallway). So they had to really cram people in to make up for the lost space.

Other lines were long, but more relaxed. A good thing, though in the end I only went to one panel but it was a good one; a Q&A with a group of MMO big-wigs. At 1:30 in the morning I’m not even going to try to remember everyone’s name, but 38 Studios, Turbine, Trion, Bioware, ArenaNet and other MMO dev companies were represented. Most of the panel was Q&A and there were some pretty good questions and lots of good discussion among the panelists.

The show floor was *packed* today but having got over our travel-induced grumpiness, Angela (@g33kg0dd3ss) and I dove right in. We saw a lot of interesting games; I’m now looking forward to Dungeons from Calypso, Swarm from Hothead Games, Smuggler Truck (??) an iPhone game, Orcs Must Die from Robot Entertainment, DragonNest from Nexon, Faxion (the last two being free-to-play MMOs) and Slam Bolt Scrappers from Firehose Games.

Yeah, there were a lot of “big name” games there too but their booths were still a bit too crowded for me to deal with. Specifically I didn’t play SW:TOR or Guild Wars 2. But in the end that didn’t matter.

In the evening was our Tweet-up, Jazz (@girl_vs_mmo) was there. She’d had the chance to play Guild Wars 2 and had gone to a panel on it as well. I’m not a fan of Guild Wars and have been turning my nose up at Guild Wars 2… but after hearing all about it, now I want to play! Ditto SW:TOR… @MMOGC had a chance to play that one, and now I’m excited about it, too. I think it might be more fun to listen to friends talk about a game than it is to test it your self.

We left PAX at 6, freshened up a bit then went out for a quick meal which took forever… really the eateries around the convention center were over-whelmed this weekend. We got back to the Tweet-up location right at 9 to find the bar we’d planned to have it in packed. We had to improvise and I was fretting about how lame the whole thing was turning out, but then everyone pitched in, we grabbed tables and scoured the lobby for chairs and pretty soon there we sat, a dozen gamers, most of whom only knew each other previously from twitter or reading blogs, having a few drinks and yammering on about the show and games and Star Wars and Star Trek and Munchkin and on and on… I had a great time (and remember, I can’t stand people) and I hope others did as well.

List of attendees of our first PAX East tweet-up: @Scopique, @adarel, @sera_brennan, @kylehorner, @girl_vs_mmo, @MMOGC, @Hawkinsa1, @_jwgoodson & of course @g33kg0dd3ss, plus some spouses/relatives/friends who aren’t on twitter. Thanks again to all of you for making the effort to fit this little sojourn into your packed PAX schedules!!

OK the clock just sprang forward an hour… I better get to bed. We’ve still got another day to get through!

PAX East 2011, Day 1

Posted on by Nimgimli

So I guess day 1 of PAX is over for me. I’m back in our hotel room, rolling around the idea of prowling the halls to see what late night PAX is like, but while the mind is willing the flesh is weak and the idea of putting my shoes back on…not appealing. 🙂

We didn’t get to do a lot today. We started late because we were watching coverage of the horrific earthquake and tsunami in Japan. Then it took longer than expected to get Lola into her DoggieHotel, and then we hit traffic on the way into Boston. We arrived about noon, just when the first panel I wanted to go to was starting (38 Studios showing off their new RPG).

Since it was too late to catch that, we grabbed some lunch at the temporary food court and then headed off to our next panel on dialog in gaming. The panel itself was ok, but I was disappointed that Emily Short didn’t make it. But I was more disappointed with the experience of the panel. The lines were awful last year but the show is in a much bigger venue this year. But it seems a much larger number of people came, and the lines, or at least that line, was awful once again. It isn’t the duration of them that bugs me, it’s the way they cram you together while you wait. They want the lines as compact as possible so they’re constantly urging you to move forward, and they stack the lines side by side. So I’m standing there with my nose in the hair of the person in front of me, and if the guy behind me gets an erection he’s going to have to buy me dinner, and I’m rubbing shoulders with the people on either side. It’s hot and claustrophobic and terribly uncomfortable and you’re gonna be standing like that for 30-60 minutes.

Last year, before they got the system dialed in, they’d just let you stand in line. People would just sit on the floor and play cards or video games or chat and it was fine. Towards the end of PAX East 10 they got the cramming system perfected and they rolled it out on day 1 of PAX East 11. Boo! I say!

We’d planned to go to another couple of panels today but I just couldn’t face that experience again. Instead we finished checking in (the hotel had stored our bags until 3 pm check in time) and got the laptops and stuff set up (internet: $12.95/day for the slow package) and then went for an early dinner in one of the pubs in the hotel (hamburger: $14)

Then we kicked around the exhibit hall for a while. I watched a lot of SW:TOR being played, peered over someone’s shoulders as they messed with a 3DS, snooped around Bethesda’s booth looking for new Skyrim info (nope, but lots of workstations running Brink and Hunted) and loitered around a few smaller or indie dev booths. Orcs Must Die looks real fun, and Slam Bolt Scrappers is pretty as hell but still confuses me.

I didn’t actually play anything. Waiting in line for half an hour to play a game demo for 15 minutes just isn’t me, really. I like to savor my first moments with a game and would rather just watch now and play when I have time to explore at my own speed.

PAX East 2011 Day 1 was feeling a bit melancholy. And then we hit the Rift party that Trion was throwing. Great shindig. Open bar, free buffet, hot apps being passed around by friendly waitstaff. And then we started meeting people. People we’ve only known from twitter & people we didn’t previously know and really should have. And we started talking about the show and the game and this and that and finally it clicked.

PAX isn’t about games. PAX is about gamers.

Now I can’t wait for tomorrow night’s TweetUp. Currently the plan is to meet at 9 pm at The City Bar which is right in the lobby of the Westin Waterfront. The City Bar itself is pretty small but essentially the entire Westin lobby is a bar of sorts, or at least it is this weekend. I don’t think we’ll have any trouble finding a spot to gather, have some drinks and put faces to names. We’re using the hash tag #paxeasttweetup11 or you can just follow me (@pasmith) or @Scopique and we’ll guide you to us.

If you’re at PAX East and have some time tomorrow evening, I hope you can stop by.

Rift: Relax people, they don’t stay dead

Posted on by Nimgimli

Just a quickie before I hit the sack before PAX.

So some Defiant ?? types were in Argent Glade tonight, nuking the NPCs. The locals (myself included) were spread too thin and too low level to do too much about that. So I just ignored them. Yeah, it was slightly annoying when they killed the tradeskill vendor that I need to buy supplies from, I’ll admit.

But a few people *seemed* to be really upset (and full disclosure they may have been RPing but if they were I can’t use my catchy title so I’ll assume they were genuinely mad). Like I said, they killed the tradeskill guy I needed to talk to but by the time I’d typed a scathing remark into chat, and before I could hit Return, he popped back into being. So I sheepishly erased my scathe and went back to tradeskilling.

So things I learned:

  • Townie NPCs repop really quickly.
  • You can chat between factions. I assumed that would be impossible based on games like DAoC and WoW. My bad.
  • If these guys had wanted to, they could’ve made a real nuisance of themselves by standing there and chain killing NPCs

I think they were just gathering up server firsts… they got one for each NPC they killed. Which tells me Trion approves of their behavior. And I do too. I’m looking forward to more open world PvP as I ‘grow up’ in Rift.

And I’m hoping Trion was clever enough to put in balance systems. Like if these guys had chain-killed NPCs and never were attacked by players, I’d love to see some high level guards spawn to run them off eventually. (I just worry about days when low level zones are pretty deserted and some player is trying to work on tradeskills and enemy players chain kill the only vendor that low level player can utilize, and he can’t find high level player characters to help.)

For the record I did try to spawn a Flare but I guess you can only do those on enemy wardstones. Damn!

Rift: Zone-wide invasions and rewards

Posted on by Nimgimli

So back in beta (I know, bring on the hate) those zone-wide invasions — y’know, the ones that pop a quest into your log — used to give quest rewards. Then they were taken out because, really, the system was kind of borked. You had to do very little to ‘complete’ the quest and you’d get the same rewards as someone who’d fought constantly to drive back the Rifties.

I was working up a good rant about these invasions… how winning them got you nothing and losing them cost you nothing and so they seemed pretty pointless to worry about unless you were in an RP mood. (Hold your hate and corrections for just another moment, please.)

Then the other day I was bashing around with a new character; a cleric. I fly in the face of logic with my characters…this dude is (for now) Shaman/Cabalist/Warden and at low levels he’s a total hoot to play. So I’d just gotten into the real world (Guardian side) and was doing that first quest hub (putting out fires, fighting wanton destroyers and those ember dudes). I was level 7 or 8. And one of those zone-wide events started up.

Then I heard Rudi’s Wagon was under attack. “Poor old Rudi!” I says to myself, “He needs help!” So I jumped on my turtle and took my lowbie self into the fray.

And OMG what a fun fight that was! We had 3 invasions hit at once. I was healing (OMG #2….me healing. I’ve been playing MMOs since there’ve been MMOs and I never heal) which worked pretty well considering both our raid and all the invasions were level 8 or so. And we prevailed! Rudi’s Wagon was saved, and my Rift goody bag was overflowing with knick knacks and planerite. I collected it all, disbanded and went back to questing (at my level there was no sense trying to help the rest of the zone). Just a few minutes later the call went out that the Guardians had prevailed. Huzzah!

And I noticed my Rift goody bag was lit up again. I opened it to find a blue sourcestone item; a reward for taking part in the event.

Call me a nub, but I’d never put 2+2 together like this before, because generally when one of these events happens I either jump in for the duration or ignore it completely, so I’d thought whatever rewards I was getting was for the “local action” that I was taking part in, not the greater event (since I’d be fighting when the event completed). This is the first time I’d seriously fought through part of the event and then disengaged and been able to notice the reward for completing the event. I don’t know what the threshold is for you to get it, but (for my level) I was chain-healing (plus tossing out the odd nuke) for probably a solid 5 minutes of chaos. It felt more like an hour. So (again for my level) I’d contributed a significant amount to that particular battle.

Anyway this was news to me and I figure somewhere out there is someone else who didn’t realize there were zone-quest rewards. So I figured I’d share.

While I have your attention, I also wanted to belated point out a good Rift post at Massively. Karen Bryan offers some good tips on buffing Wardstones and public groups. I always buff Wardstones…I think there should be an achievement with a title for doing it enough times.

Anyway one tip I wanted to add, sort of related to public groups. People talk about forming groups to take on a named mob so that players don’t have to queue up to wait for respawns. I’ve found that as often as not you can get credit even if you don’t form a group. Just attacking the mob during the fight is often enough. Also lots of times the quest isn’t to kill the mob but to do something heinous to its still-warm corpse, and again you seem to be able to do that even if you weren’t the one to kill the mob. So check it out. It doesn’t always work, but it often seems to, at least at low levels.