Rhymes with Orange

This blog has been moved to www.humor4fun.net for general content.

I put this list together after attending AppSec USA 2016 here in DC this October, but had to wait to send it out until I was able to get links to the videos of the talks (OWASP took their sweet time on this).

Key trends noted at the conference from people, vendors, talks and topics in general

   DevOps - next evolution in the sdlc; refer to the Rugged Manifesto; DevOps/CICD focuses on automating everything and applying people to perform analytics to improve the tasks in the pipeline; AppSec activities can and should be automated as much as possible, we have tons of activities that we do repeatedly (or should be doing repeatedly) that can be done by a machine. Tools exist now to take over most of these things, we just need to orchestrate that pipeline of activities.

   Software Supply Chain - Also referred to as Open Source testing. We need to know what goes into our products. The libraries that our developers use, the tools that our vendors use, and the libraries those tools include all are potential weak points. These libraries and software have licenses that must be respected, but we also must be able to track what we are using so that application of fixes for CVEs can be pushed quickly and directly to software that is vulnerable.

   REST APIs - Nothing new here, we know what these are but we need to recognize that more and more teams are building RESTful APIs for their systems to use. AppSec needs to test these, but how can we possibly do that when there is no interface and (almost always) little to no documentation? AppSec needs to push developers to write REST APIs in a more mature way (read: with good documentation). APIs produce an excellent format for fully automated testing; can we supply development teams with good test cases and test tools that can be integrated into their build/test process so that we don't need to be engaged?

Vendors that we should network with to run tech demos or proof of concept testing:

   OpenSource Library Scanning - BlackDuck, CodeDx, Sonatype, Palamida

   WAF-ish Protection - Signal Sciences, Shape

   Recruiting - Identify

   JS Self-Protection - JScrambler

   Static Analysis - Checkmarx

Tools that AppSec/GRC should look into hosting/using:

   Vuln Mgmt / Tracking / Merging - Threadfix, Norad (Cisco), Bag of Holding, Defect Dojo, Scumblr

   Testing Tools - FuzzAPI, JJEncode, OWASP WTE, Arachni, vuls, lynis, nikto, serverspec, sslyze

   Input Validation - Language-Theoretic Security (LangSec)

   Orchestration - SlackCat, botkit

Talks that everyone should take some time to watch, some are about tools, some are just interesting / great speakers:

   SPArring with the Security of Single Page Applications - Dan Kuykendall

   LANGSEC 101: Taking the Theory Mainstream - Kunal Anand (or the other one)

   Using language-theoretics and runtime visibility to align AppSec with DevOps - Kunal Anand

   Cleaning your Applications' Dirty Laundry With Scumblr - Scott Behrens, Andrew Hoernecke

   HTTPS & TLS in 2016: Security practices from the front lines - Eric Mill, Kenneth White

   The Less Hacked Path - Samy Kamkar

   Where bits & bytes meet flesh & blood: Devops, Cybersafety, and the internet of things - Joshua Corman (or the other one)

   Continuous Security: DevOps and Ongoing Authorization - Joshua Corman

   Automating API Penetration Testing using fuzzapi - Abhijeth Dugginapeddi, Srinivas Kotipalli

who spends so much time caring about others that she is constantly stressed about not having enough time to take care of herself.

Then I came across an article “Am I an Introvert or Just Rude” and it got me thinking about this girl. (I mentioned her before, weren’t you paying attention?) The article talks about being introverted as a form of selfishness, but if you read it from the contrapositive different mindset, selflessness as a form of extroversion, (as a good member of society), you get something wildly different out of the article, which is logically equivalent (read: exactly the same).

Crash course on logic statements: First we need to define some basic logic facts. If you have two things, p and q and each can exist in two states (in logic we use True and False, but below the two states will be different, which works, so long as the two states are opposites). 

Here’s another view of this chart, which shows the translation between statements. This is the diagram that I always remember, note that the matching colors show logical equivalence.

Then let’s throw in some explanation of what the P and Q  and --> stuff means.

So now we can build a phrase based on these logical states, but before we get to the interesting one, here’s a tried and true example I found on Google Images search:

Now we can apply the logic we learned to the article about being rude or introverted.

Let,      p = introversion   q = selfishness Such that,   ~p = extroversion (not p, the inverse of p)   ~q = selflessness (not q, the inverse of q) so the statement:     introversion is a form of selfishness ( p --> q) and the contrapositive:    selflessness is a form of extroversion ( ~q --> ~p) are logically equivalent

So you think you have what it takes to launch a card, dice, miniatures, or board game on kickstarter? Here’s a bunch of questions that you may not have thought of, do yourself a favor and spend the week coming up with answers and materials for your project page. Backers want to know this information and the more you transparently share up front, the less they will feel neglected for missing details that they need to pester you for later on after you have their money. You’ll thank me for it later.

How does it play? 

Gameplay video is good, but some of us enjoy reading. Videos just feel like an easy out

You don’t have to publish the rulebook, but you should give a description of the goal and general turn play.

What are some of the cards/dice/miniatures/board?

Put up some art that will be used for printing.

Show a few different types of the each piece that are included.

Maybe show the art print and then the thing it gets printed on so we can see how the art translates to the materials.

BACKERS LIKE TO SEE REAL PHYSICAL THINGS!!!! I cannot stress that enough. If you have pre-prod prints/models SHOW THEM.

What is in the box?

How many cards in the deck?

Tokens of each type, Boards, Dice, Miniatures, etc

List out the contents of the box. This also provides backers a ‘packing list’ to go back to once they receive the product so they can verify that everything was included properly. 

Also, when you begin shipping products, make sure you update this list and send it out as an update. Sort of like “Got your box? Check the contents!” and include the list of contents and a method for backers to contact you for missing parts.

What about the extra stuff you think you will unlock during the campaign?

Stretch goals that add more cards, dice, minis, etc take up space.

Backers will ALWAYS want to put that in the same box as the base game.

Some, like myself, want to have an inventory (maybe even separate compartments) so that we can return the game to “base contents” when teaching new players and then add additional bits as skill and experience increases.

Show some details about how these things will look and function.

Thinking about Expansions for your game? 

Great! Backers love that! It’s a great way to add funding to the campaign. 

Have these pre-planned, possibly even pre-built just like the game. Expansions usually cause delays because of balancing, missing art, extra production costs. Think about all of that BEFORE offering for expansions.

Make sure it can fit in the original box! Just like the stretch goals, Backers like to have everything fit IN the box. 

Just like the main campaign, show pictures, artwork, details, descriptions, etc etc.

Can expansions be added as add-ons above the pledge?

Will you package up all the unlocked bonuses and sell those as an expansion? 

How does someone get an extra copy of the game?

Do these copies come with all the extras unlocked for the main campaign? or are they just the vanilla game?

How big are the bits?

Cards, minis, dice, playmat, etc

Think about thickness and weight too.

What materials/quality are the cards, box and other bits?

How big is the box? Physical dimensions...make it big enough for all the things.

What size cards will you have? Backers like to know so they can order Card Sleeves. 

Can sleeved cards fit in the box? You would be best to make sure that works well.

How are you going to get the rules reviewed?

Will you release the game in other languages?

Do you have thoughts about a Print-and-Play files?

Give it out to backers for free at a certain level.

When will it be sent out?

PnP files are a GREAT way to get balance/readability/grammar check feedback from backers BEFORE you go to production and printing. Make sure you factor that into the production timeline. I’d suggest 3-5 months for this, it takes backers time to produce the game themselves and then play with it enough to provide actual feedback.

If you are serious about collecting feedback, consider building a survey form or website, or forum that allows players to discuss the game and changes they want to see.

Also, I suggest that about 6 months after the campaign is over, send out an updated PnP rulebook that has all the revisions that people have submitted since they got the product. Some backers will print it and love it, some will just ignore it, but it will take only a few days effort on your part and go a long way to produce good favor.

How many players?

Different number of players takes different amounts of time.

How long does it take to play a game?

How long does it take to LEARN the game?

Do you have age recommendations?

Explain your reasoning for this rating. Families like to make their own decision on this front, but if you provide rationale it can really help parents or gift-givers.

Are there different play modes?

Co-op, Solo, 2v2, 1v3, Free-for-all

If you have different play modes, then think about sectioning the rules discussion for each type to provide details on how they are different and why someone should think that co-op might be fun instead of FFA.

Why do you think you can run the KS, Produce and Ship rewards in under X months?

From my experience as a backer, I can almost guarantee that your estimate is WRONG. You are short by about 6 months. Oh you think you know better? Probably not. I have a closet with over 100 games from Kickstarter, and another hundred gadgets, art, and toys. It will take longer than you think. 

Did you know that China takes off the entire month of February? Did you also know that in January and March they are so backed up from taking Feb off that any orders placed in November-March probably won’t get finished until mid-late spring? 

Get your order in BEFORE Thanksgiving or you will certainly not see any result before March. 

Get it in before Columbus Day and you MIGHT get the product back before Christmas.

Shipping is a whole other beast. Plan to order at least 10% extra parts (I’d suggest 20%) because parts get damaged in shipping or boxes are packed incorrectly by the production factory.

If you are using a company for fulfillment/shipping, that’s expensive, so go get quotes for that beforehand.

What voodoo god have you sacrificed to that enables you to sell the game for such a low price?

I’m happy to abuse your poor judgement, and I’m not saying you should overvalue your product, but be reasonable!

Did you factor in shipping costs? What about the 10% that Kickstarter will take off the top, and the other 10% that Amazon Payments system will take off the top? Right there, you’ve lost ~20% of the funding you raised. 

Missing parts from shipped products will need to be replaced, that costs you money for the parts but also for shipping. Backers will NOT be happy to send you extra money for you to mail them the missing 17 cards that weren’t in their box.

If you are a project creator and thought this was helpful, consider joining BackerClub.co using my referral link for projects: I’ll get a small kickback for the referral and it is a great way to get serious backer feedback pre-launch as well as build a good base to join your campaign on day1 (the most important day!). Also, consider going back to one of my older posts about how I pick games to back on Kickstarter. You may find more insights in there. This is for all projects from ‘not-yet-started’ to the ‘only-one-day-left’ stretch.

If you are a project creator and your project has already completed or just finished the funding period, consider using BackerClub.co as a place to sell your product.

If you are a Backer who loves backing, consider joining BackerClub.co using my referral link for backers: it’s a great place to get daily updates on new projects launching and the project creators who come to us genuinely listen to our feedback on their campaigns.

If you have more questions, feel free to send them to me and perhaps I’ll do more writeups about what I’ve learned from my years as a Kickstarter Superbacker.

My Kickstarter Profile

Great headphones for an even better price.

These things have a fantastic sound. The detachable standard 3.5mm jack in the headset is a huge plus, and the box includes a short-ish thin cable and a much longer thicker cable as well as a 3.5mm -> 1/4in adapter. My box showed up looking like someone kicked a hole in it, and the headphones box themselves was even damaged, but somehow the headset themselves were fine.  Again, the sound these produce is amazing. They've got a great passive noise cancelling (sound isolation) capability as well, though the ear cups start to press over time and the  headband squeezes my head so I have to keep it pretty loose in order to prevent that pain from sneaking in. I can last about 4 hours in these before needing to take them off, compared to my Philips/O'Neill TR 55LX model that I can listen to for 6-8 hours before needing a break.

Definitely recommend these at a $50 price tag, but at $17 its simply a no brainier. Even if you end up not liking them, it wasn't that much of an investment to find out. You'll spend more at dinner in an hour than listening to these for a week.

If you are interested, follow the link below to get your own pair.

Discussion of these headers popped up recently, so I thought maybe I’d share my recommendations with folks.

X-XSS-Protection enable everywhere

Description: This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if that version honored this header.

Reasoning: So long as the web application and browser being used by the client do not re-implement the X-XSS-Protection RFC improperly, or use this header for a separate set of functionality, this is purely a preventative measure that affects only the client's browser. It may cause intermediary systems (such as outbound WAF) to alert on the presence of keyword 'XSS' but this can be tuned out. This can be applied across the board to every web server and should have no negative impacts.

X-Frame-Options do not set everywhere

Description: Provides Clickjacking protection. Values: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from: DOMAIN - allow rendering if framed by frame loaded from DOMAIN.

Reasoning:  This setting should be evaluated on a case-by-case basis. Settings will vary from site to site and there is not a general recommendation that can be applied blindly. Doing so would likely cause many web properties to be unusable on various pages throughout the internet. We recommend as strict a setting as possible, but this, again, must be determined for each site individually. X-Content-Type-Options do not set everywhere

Description: The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files.

    I recently finished playing Saints Row: Gat Out of Hell Following my pattern of playing only one SR game every 18 months to make sure to spread out the fun in my life.  Since Deep Silver Volition took over development (after the downfall of THQ, rights changed hands and publisher Deep Silver brought development studio Volition in house) the game has seriously changed the style and pace of production. I played Saints Row: The Third when it was released and caught up with Saints Row IV shortly after release as well but took my time getting to Gat Out of Hell because it just looked too absurd. The first two games never caught my eye because I wasn’t really into the open world style game at the time aside from a sprinkling of GTA here a bit of Red Dead Redemption there, but my library was really only full of Rockstar games.

The Games I Played

Notice: Apologies for any spoilers, but these games have been out long enough that any spoilers I drop shouldn’t be bothersome or, to be honest, surprising from watching the game trailers. 

Saints Row: The Third     The fourth-wall-breaking comedy style shown in SR3 was amusing enough to me in trailers that I cracked and bought the game. So many hours did I spend leveling up, perfecting the activities, upgrading weapons and abilities and collecting thousands of widgets scattered all over town- including cars. The story was interesting enough to keep me going and it filled up enough background for me to be partially interested in the characters, some far more than others. Character development was done quite well and while the voice acting left a bit to be desired, it was clear that the developers spent their money well enough on acting and far better on city/level design and asset development.     This game was incredibly fun to play. That’s it. It was fun to play. The farther you get into the game the more crazy overpowered you feel, but that is the whole point of the game: GTA but feeling like a superhuman- unless I’m missing the point.

Saints Row IV     SR3 was so fun that as soon as SR4 was announced and available for pre-order, I was first in the digital line to drop my dollars. That was quite a long wait from announcement to delivery because of the THQ decline and IP selloff that occurred. RIP THQ, we all loved you and your games. So SR4 was delayed in getting to my desktop for download. On to the game itself. Do you remember watching Dragonball on TV? Then Dragonball Z came out and everyone was like 100x more powerful just because they screamed louder and harder and worked out a bit. That’s kind of how SR4 relates to SR3. The same city with some new skins in some areas, some destruction here and there, missing bits occasionally, but all the systems are turned up to 13.     Your character starts off at about a 400% power rating compared to SR3, then you drop down to 90% and have to work your way back up to 1000%. That might seem like I’m exaggerating, but if you actually play the game you’ll see that I’m not. Its because the whole thing takes place in the matrix. It is cool though. I liked it. The story was good, though not as good as SR3 in my opinion. In a lot of respects they are two different styles of game, SR3 being an open world gang takeover and SR4 being an action/adventure open world power trip. Actually I was reminded of The Incredible Hulk game for the Wii back in the day: you can just run around the city and destroy stuff and get in fights that you really only lose if you stop paying attention. Great game, just a different style than SR3.     What I also found interesting was the re-use of EVERY character from SR3. They are all reset and now your friends after having united them at the end of SR3 against a common enemy. The activities were also all insane, being set inside the matrix, they are constantly breaking the fourth wall and as an entity outside of but playing within the matrix you can probably not even imagine some of the crazy things they think of.

Saints Row: Gat Out of Hell     So you remember that Dragonball power analogy? Same thing applies here except replace SR3 with SR4 and SR4 with SRgoh. This game is significantly shorter than SR4 was, but it was also designed as a DLC pack that turned out to be slightly large enough to get it’s own release instead of only being a DLC pack. The story is weak at best, the characters are lame, but the gameplay is the same as you got in SR4. It is another power trip but instead of the Tech skin, this time they have a Hell skin. The city is in shambles and it is decently decorated. It took me around 20 hours to complete all the content (story, characters, collectables, etc) compared to probably near 60 hours for SR4 before I gave up trying to get all the collectables.     This game feels fast, well, because you are fast. Powers upgrade quickly and you can reach max power without much effort. That makes the chaos you can wreak pretty enormous which is fun, though those battles get repetitive quite quickly as a result. There doesn’t feel to be much variety in things. As if the Devs knew that, they didn’t re-create the entire game of SR4 in hell. SRgoh has maybe a quarter or less of the activities and collectibles to do and see. Just about the time you get bored of doing the same kind of thing, you are done with all of them.     The difficulty level seems childish. I played on Normal because I didn’t want to be frustrated by endlessly dying and this is supposed to be a power trip anyway, but all told, I think I died only 2 or 3 times. Not because a mission was difficult, but because I didn’t turn the camera to see what was attacking me and deal with it. Of the three, this one is skippable if you aren’t completely in love with the series or didn’t enjoy SR4’s gameplay very much.

Series Development Highlights

These games are fun. Once you have an understanding for how quickly the story and ability progression will occur, you can temper your expectations for time investment but let’s be real, these games are FUN.

Play it with a controller. I’m an xbox 360 controller guy (though I may be switching to an xbone controller soon). These games are designed for consoles, but they play amazingly well on PC so long as you use a controller. Both the Menu system and gameplay are better with a controller.

Play it on a PC. Yes they were seemingly designed for consoles, but the games simply look better on PCs. There isn’t a ton in the way of visual improvement from console to PC, but I noticed a smoother framerate overall (comparing an xbox360 to my GTX 675MX laptop). These games don’t take much power from a PC to max the settings and look amazing. I was easily able to run them on a gaming laptop I put together in 2012.

Skippable DLC. These guys do DLC well. Let me clarify that. They do DLC the way I want it to be done, or at least one way I like it to be done. The other great example that covers both ways is the Borderlands series. DLC for the SR games is just additional weapons or completely cosmetic changes (new characters, outfits, skins, vehicles, etc). These do not produce a “pay to win” feeling, even when you buy a superpowered weapon, you still need to learn how to use it in the game and more often than not, the weapon is somehow balanced to not be so far above the power curve that it just breaks your game progression because you bought it. Everything else is cosmetic and has little to zero effect on the game besides changing how something looks. The other thing I like to see is additional Zones. Like if the devs created a new city sector/neighborhood that was added as a separate island. I’d pay another 5 or 10$ for that (assuming it was similar size and quality as the current content). The game felt complete when I bought it and I didn’t feel the need to buy any DLC in order to ‘finish’ the content that was produced.

Co-Op done right. You can play co-op in these games. One person hosts, the other just drops in or out. There’s even multiple slots in some of them. The only way this gets better is if I can have a drop-in/out co-op on my local machine. Like if I’m playing and a friend comes over, they can hop into the game with me for a bit of chaos, then drop out and let me continue playing alone. Local co-op is largely skipped with the current generation (past 5-7 years) of games. We miss that and want more of it.

TAKE MY MONEY

I’m interested to see where Volition take the series since it will certainly need some sort of cannon reset or big plot-fixer. The world has been destroyed, all the people are dead, even the enemies are dead, leaving just our heroes floating alone in a spaceship. Time travel back to the days when the world existed? I’m not sure. I’m not a plot-writer, but I hope they keep these games coming. I like my President of the United States that I played with Jason Statham’s voice.

Imagine this scene, I dare you, and try to not laugh and feel bad at the same time. It is funny, sad, and scary all at the same time.

One of my neighbors, a woman with large breasts (mostly hanging out of her blue blouse during this observation) in her mid-to-late 30s, has her second story window open and is mostly hanging out of her window herself. Shouting at the cop in the street (who doesn't seem particularly bothered) but also apparently shouting at someone inside, I didn’t gather what she was shouting about, but it was some typical mad-raving-lunatic nonsense. While she is shouting she is moving inside the house and dragging things to chuck out her window onto the driveway: a glass vase, plates, a bookshelf, couch pillows, an xbox, a few books, TV table, etc. Shouting, throwing, shouting, throwing then cursing violently when she slammed her boob against the side window frame at the same time her head hit the top during an attempted (failed) throw at the officer.

Then I noticed that the neighbors she shares walls with are both peeking ever so carefully out of their windows. One had her Juliet balcony door open and was peeping out to see the rubble and hear the noise, the other had their windows cracked just a tad to let the sound in. One officer in the street is watching things, and just as a glass hits the street (crazy-woman seriously lobbed that one) two more police cars arrive and officers are stepping out. That’s when I drove away.

Sterling Archer: Wow. Ton of stuff just started to make sense to me.

Over the past 7 months that I’ve lived there, at least twice a month, usually more frequently (of 8 possible trash pickups), there is a pile of stuff in front of their house. Almost all of it was in some sort of disarray: drawers tossed upside down outside of the shelving unit they belong to, a mattress with a tear showing the fluff and springs falling out, a TV stand that has the top shelf broken in half. You get the idea?

I came up with stories to explain the odd arrangements of furniture and such that covered their trash piles: That they were moving and getting rid of a bunch of things they didn’t want to bring in preparation; Their children had grown up and gone to college, so al the kids’ stuff could to be tossed; Someone just got a promotion or bonus, or it was simply that time when a couple decides to buy nicer things; They were going to donate the stuff but halfway down the stairs they said ‘screw it’ and just dropped the furniture the rest of the way; A divorce was happening, and as part of the settlement, the couple was separating their things, but most of their belongings were worthless so they could just be tossed.

During these last six weeks I’ve noticed officers standing in the street outside this house more than once. This occasion just marked the most explanatory. I feel bad for the neighbors who have to hear the nonsense though their walls (however soundproof they actually are), fear that their cars might have a bookshelf dropped on them, run into the crazy woman as then enter or leave their home, or have their children or pets witness the insanity in any capacity. 

But I also feel bad for the crazy woman. I don’t know the story. Her neighbors probably don’t even know the full story. There may be a perfectly reasonable explanation for why she is acting the way she is, but the fact of the matter is that she lives in a middle unit in a row of townhouses. YOU CAN’T ACT LIKE AN INSANE BITCH WHEN THERE ARE DECENT PEOPLE AROUND. Pull yourself together, get in your car, drive to the wilderness and murder a squirrel. Then spend some time thinking about what changes you need to make in your life so that this sort of thing never happens again. 

When you put innocent bystanders at risk of harm, or in fear of danger YOU are truly the one at fault and should be punished as such. 

How many times have I come home from a long day at work and just wanted to sit on the couch and play video games? But then I have to pick a game, hope that it is installed, updated and ready to play. Will it stream from my desktop using the Shield TV or do I need to hoop up my laptop and run Steam Big Picture to play it from the laptop or steam in-home streaming. Then the controller needs batteries, I need to get the xbox wireless dongle connected to the right gizmo, get the receiver set to the proper input and then hope the game I picked actually even supports Controller gameplay. By this point I’m pissed and not interested in playing and just want to fall asleep and skip dinner because my technology doesn’t work. Supposing it does, What if I’m streaming a game (shield or steam) and the stream cuts out: failure. Shield streaming cuts out WAY more frequently than it should. Steam Streaming barely works as is.

Which game to play? Well, I can start to solve this one piece at a time. First up is to simplify the question. I used to have a whole bunch of games in progress at one time. No more. Going forward I’ll only have one game in each of these categories. First thing to do (obviously) is finish up the other currently in-progress games (italicized). I went through my entire Steam library the other day and pulled out three lists: Stuff I am currently playing, Stuff I already pegged as wanting to play, and Stuff I want to play that didn’t get added to the list previously. That still leaves somewhere around....2,000 games in my library untouched, but whatever, most of that is crap anyway and will only get a few minutes before I decide I’m done with it. New games (unreleased) will just have to be added to my Wishlist, which I completely emptied prior to this exercise. Games on the Wishlist will only be things that I’ll buy because I want to play them. I’ll buy them once they are on some sort of decent enough sale, or I run out of things in my Play List for their category. 

Right then, Categories. I came up with a few that I like to play, so I’ll only have around 5-7 games in progress at once (once I finish up some of the current batch). That makes it SO much easier to pick a game to play: Shooter, Story, Puzzle, Couch fun, RPG, or Action/Adventure. That’s it. I’ve also got a Misc category, but that will just be things I expect to spend < 4 hours on, meaning I install it, play it once maybe twice, then decide I’m done with it.

Where do I play? Make sure each of the “In Progress” games is installed on both my desktop (kbm) or laptop (controller). When one game is completed, immediately install the next. I’ve invested a lot of money in my gaming hardware over the years, but to be totally honest, I just want it to straight up work when I try to play games. If that means lower quality settings, I’ll bite that bullet because things just work. If that means I need to play at the desk instead of the couch, I’ll do it, though sometimes I may pick a different category to play from if I really want to sit on the couch. So when I decide it is game time, I just need to pick where I want to play, and that will narrow my selection of what to play by 50% or more dropping me down to only 1-3 options.

Who do I play with? Nobody. I hate people. Go away, leave me alone. MMOs are good, and I’ll never stop playing Guild Wars or the occasional CS:GO match when the mood strikes. but I’m not looking for multiplayer games right now. If a multiplayer opportunity arises, I’m sure someone else will have a game selected to go with. I do want to get my girlfriend into the Couch Fun category of games with me though. Be honest with me, who doesn’t like the Lego games? If you raised your hand I’m calling you a liar. 

When do I play? Whenever I feel like! Get off my case. I keep my life in order and I’ll do whatever I feel like. Instead of spending time watching TV shows, I’m going to start playing more games, at least until I catch up a good bit from my current Play List. I’d estimate there is somewhere around 1500 hours of content for me to get through in my list as it stands. I might find some of the games don’t warrant playing the sequel, or I quit them early if they suck, but I’ve got a lot of gaming to catch up on from the last 7 years before I even get to 2015 stuff.

The List

Here it is. Comment if you want, I probably won’t listen to you. I’ve also opened up my Steam account list if you want to tell me I should add something from my account to my list of stuff to play. Keep in mind I may have already played some things. http://steamcommunity.com/id/humor4fun

Couch Fun LEGO Star Wars: The Complete Saga Battleblock Theater LEGO Indiana Jones: The Original Adventures Never alone LEGO Batman: The Video Game LEGO Harry Potter: Years 1-4 Lara Croft and the Guardian of Light LEGO The Lord of the Rings The Lego Movie Videogame LEGO Indiana Jones 2: The Adventure Continues LEGO Harry Potter: Years 5-7 Lara Croft and the Temple of Osiris LEGO Batman 2: DC Super Heroes LEGO Pirates of the Caribbean: The Video Game LEGO The Hobbit LEGO Marvel Super Heroes LEGO Star Wars III: The Clone Wars LEGO Marvel's Avengers LEGO Batman 3: Beyond Gotham LEGO Jurassic World LEGO Star Wars: The Force Awakens

Action/Adventure Batman: Arkham Origins Alice: Madness Returns Saints Row: Gat out of Hell Woolfe Tomb Raider Darksiders II Enslaved: Odyssey to the West Ryse: Son of Rome Split/Second Mars: War Logs Teenage Mutant Ninja Turtles: Out of the Shadows Murdered: Soul Suspect DARK Deadlight Of Orcs and Men Styx: Master of Shadows Blades of Time Jurassic Park: The Game The Incredible Adventures of Van Helsing Mafia II Alan Wake

Story Driven/Puzzle The Dream Machine Shelter 2 The Beginner’s Guide The Walking Dead (telltale) Slender: The Arrival Her Story Tales from the Borderlands (telltale) The Walking Dead: Season Two (telltale) The Talos Principle Sang-Froid - Tales of Werewolves The Novelist Minecraft: Story Mode (telltale) Life is Strange Game Of Thrones (Telltale) DeadCore Dream

Shooter Duke Nukem Forever Resident Evil 6 Serious Sam 3 Painkiller Hell & Damnation Wolfenstein: The Old Blood Tom Clancy’s Splinter Cell Blacklist Medal of Honor Lichdom: Battlemage Hard Reset Warhammer 40,000 Space Marine Hatred NecroVisioN FEAR Lost Planet: Extreme Condition Dead Space Sniper Elite 3 Legendary The Bureau: XCOM Declassified Drunken Robot Pornography RAGE FEAR 2 XCOM Enemy Unknown Lost Planet 2 NecroVision: Lost Company Resident Evil: Operation Racoon City Dead Space 2 Max Payne 3 Dishonored Hydrophobia: Prophecy Black Mesa Judge Dredd; Dredd vs Death Lost Planet 3 Resident Evil Revelations FEAR 3

RPG/Deep Gameplay Dying Light Borderlands 2 Torchlight II War for the Overworld Middle-Earth: Shadow of Mordor Game of Thrones The Walking Dead: Survival Instinct Ziggurat Pillars of Eternity Dead Rising 3 Two Worlds II State of Decay: Year-One

Misc Xotic Faerie Solitaire Burnout Paradise: The Ultimate Box Pixel Boy and the Ever Expanding Dungeon Mountain Defense Grid 2 Flatout 3 A Farewell to Dragons Prison Architect Goat Simulator LocoCycle Trine 3

As I was cleaning out some old files from my iphone so I can wipe it, I found this speech written down in a note. I wrote this about 10 minutes before delivering the speech at Cigital Inc.’s 2014 (summer) Tech Fair in Sterling Virginia. This was given after my team led the entire company in an exercise that demonstrated how the CAC functioned as a modern assembly line in an attempt to showcase just how much work we were doing and provide some tips to everyone selling the work so they could work with us better.

Hi everyone, I'm Chris holt. Many of you have seen me or my name pop up here and there for various reasons, but today I wanted to give you a little rundown of our tools and technology strategy within the CAC. Yesterday, John talked about developing managed services and Sammy talked about ways we can help our clients mature enough to buy more of our services. And to bring it together We've just given you a taste of what life is like in bloomington for us. The "system" that we have (run books, service offerings, high profit margins) only works because we color inside the lines.As you saw with this event, each role within the CAC is important, and each person is constantly asked to over achieve. But when that system of roles flows together, we end up with a client that is not only satisfied with the results, but exuberant. They come back to is for more work, more types of work, and more intelligent questions. That can be directly seen with some of our larger clients like Bank of America, Liberty mutual and jp Morgan chase. The teams we work with within our clients have come to rely on the "Cigital brand" and trust our people for their technical skill, experience and knowledge. In order for us to scale this W H O L E thing up, we've had to leverage a lot of technologies, which john has mentioned a few and alluded to others. So I wanted to just keep mentioning a few more of these that we rely upon every day for our process. Lam has developed the CAC portal - to track assessments and the metadata we need to get work done. Patrick Gallen and others have worked on Gather which we rely fully on to serve as a knowledge and document repository for our process and training materials. (How many times have you asked someone in the CAC a question and the answer was "read this gather page" and they have you a URL)Sherman has been a key resource in developing CART. The Cigital automated reporting tool. Which stands as a platform for all of our "vulnerability generation" tools to dump data into and then it spits out a very well formatted report which pulls all sorts of data from Glen's CVD project. Finding the vulns is one set of skills, but being able to write about them all is another, and CVD has been crucial in our tool belt as a way to produce reports that always look the same. No doubt you've heard about Tim's tool Triaged, which we are in the early phases of adoption to help reduce the time it takes to sort through the info/low/medium vulns coming out of AppScan standard.Larry trowel translated sslscan for me, from posix sockets to winsock so that we could use the latest code base to expand our testing suite into the ssl configuration space, which has seen a resurgence in interest since the heart bleed incident. Zach Pritchard, one of our bloomington interns, has been constantly going above and beyond any of our acs or consultants to create tools that assist our roles, not always his role. He's written a wrapper for sslscan that produces vuln files that CART can process, management utils for helping with virtual machine allocation, word macros to automate report auditing and helped keep our jpmc report sending macro up to date, while still finding time to hit his billability bonus for client work, and that's all within the past month. Randy, we need to give him a full offer the moment he figures out his graduation date. 

Anyway. To wrap it up I just want to reiterate: we do a few offerings in the CAC, we do them very well and very fast thanks to these people and others building the process  and these tools for our offerings. Continue to do that! Refine your service offerings and move them to the CAC. Our people WANT more TYPES of work to do. We can help you with defining your offerings that you want to move to us, but please please please, when you are selling CAC work to clients: make sure you are selling what we offer, and only what we offer. Every little snowflake that you introduce can be and often is "the straw the broke the camel's back"

Thank you.

I can’t get this song out of my head. Its just so beautiful, positive, forward looking, joyous, hopeful, upbeat while having just a tiny drop of sadness. Just like salt on dark chocolate, that makes the whole thing so much better.

Well I would bring your morning coffee Then I'd wrap you up in me I'd kiss your belly and your shoulders, Cover blankets on our feet ..... So keep your eyes set on the horizon, On the line where blue meets blue And I bet that silver lining, Well I know it'd find you soon ..... But I'll be here waiting, I'll always be the same If you'd let me in again Da-da-da-da-da ..... So keep your eyes set on the horizon, On the line where blue meets blue And I bet that silver lining, Well I know it'll find you soon

Keep your eyes set on the horizon, On the line where blue meets blue And I bet that silver lining, Well I know it'll find you soon 'Cause I have sailed a 1000 ships to you, But my messages don't seem to make it through

Have you ever needed to load 1,967,384 URIs into Burp Suite so you can then run a scan for a certain vulnerability? I did. This little script helped automate the process. Pair it up with memory and CPU beefy VM, and you should be good to go, just let it run and have someone keep an eye on the web server to make sure it doesn’t die.

#!/bin/bash # cURLers.sh # by Chris Holt 2016-01-13

# Purpose: #  Use cURL to load a list of URLs into Burp. Issues a GET request to each one in sequence. Shows line numbers for stop/restart purposes # Usage: ##   $> ./curlers.sh inputList proxyIP port lineNum # lineNum is an optional parameter

list=$1 proxy=$2 port=$3 line=$4

echo "Starting from line $line" { for ((i=$line;i--;)) ;do read done while read url ;do echo "Current line: $line" command="curl -# --proxy $proxy:$port $url" echo `$command` line=$((line +1)); done } < $list echo "Completed Task."

Some extra notes that may be helpful upon revisiting this script...

If URL list does not contain domains, use this:

$> awk '{print "http://domain.com" $0}' input > output

Join multiple files:

$> cat file1 file2 > output

Run the script and push output to console and log file

$> ./curlers.sh input ip port 2>&1 | tee log 

We’ve all seen the “Unicorn Zone” video right? You know, the one where this guy who usually talks about guns explains how “all women are at least a ‘4′ crazy.” Here’s a link if you haven’t seen it.

One of the things he suggest that you do as an experiment on your woman, is to take a copy of the chart and plot data points throughout a period of time. After a while, you will begin to see the points cluster and that will tell you where you perceive this woman to be; which zone she is in.

Well I had some time to kill so I thought about this a bit, it seems to be an interesting experiment. Thing is though, you really want to have the map laid out and then plot your data points on top of that, but to reduce the scoring bias it is best to separate the data points from the map. Ok, so I’m thinking I’ll get a sheet of tracing paper. draw an axis and plot data points on it as I go, then print out a copy of the Zone chart and compare it every now and then. That would work. I’m a technologist though, I use technology to solve my problems. This got me thinking about a program that can graph data sets, which so many programs do. 

So I opened up a Google Sheet, jotted down some data points, and turned it into a scatter plot with just a handful of clicks. Cool.  Now I’ve got a visualization of the data. (That line, by the way, is the linear average. Just something I like to add to my scatter plots.)

What about comparing that to the Zone chart though? This is where it gets pretty tricky. Sheets doesn’t actually let you use real transparency so you can’t just put the image as an underlay. My solution was to snap together a quick HTML page and use CSS to overlay the Data and Zone charts. Open up your options for the chart and click “publish” making sure to select it as an image. That gave me a bit of iframe HTML nonsense, all I really want from it is the resource URI. Open up your favorite HTML editor and create a new file, drop that URI into an <img> tag for safe keeping and then let’s go look for a Zone chart.

<img src= "https://docs.google.com/spreadsheets/d/<your_doc_id_here>/pubchart?oid=1574162655&format=image"            style=" opacity:0.7;                z-index:1;                position:fixed;                width: 600px; left:5px;                height:371px; top: 10px;                "/>

I grabbed one from google, and transformed it a bit here and there before uploading it to Imgur. The Zone chart is actually a raw image now, and the Data chart kind of is, but Google exports it in a fantastically static, non-malleable way. So in my new HTML document, I load up the Data chart, set it to be transparent, and in the front z-layer, giving it a default set of sizes and then put in the Zone chart, opaque, and set it to the back z-layer. (feel free to use my Imgur upload, or do your own.)

<img src="http://i.imgur.com/ZxvDb08.png"            style=" z-index:0;                position:fixed;                left:70px;                top: 65px;                transform: scale(0.92,0.94);                "/>

From there its just a few minutes of trial and error to get the locations lined up. I also needed to do a bit more scaling on the Zone chart to get the axes to line up exactly. Put it all together and you’ve got yourself a nifty little HTML widget that will live update with new data points as you add them to your spreadsheet; Google takes about 5-30 seconds to publish changes (which can be done from a mobile phone, immediately after your date ;). 

For simplicity sake, mine looks like this:

DISCLAIMER: These data points are fake and do not represent any woman I know. I used this information as an example to show the function of my implementation.

Here’s the full HTML if you want to be lazy and just copy my work.

<!DOCTYPE html> <html> <!-- Created by Humor4Fun -->    <body>            <img src="https://docs.google.com/spreadsheets/d/<your_doc_id_here>/pubchart?oid=<another_id>&format=image"            style="                opacity:0.7;                z-index:1;                position:fixed;                width: 600px; left:5px;                height:371px; top: 10px;                "/>

A few months ago someone asked me how I find games on Kickstarter. Well, I just went through the process again today to look for projects to back and here's what it looked like.

I look at Design, Technology and Games categories. Tech toys come from Technology, along with smart home stuff and other gadgets. Games encompases card, dice, board, tabletop, video games, mobile games and all sorts of game-related stuff. Design is the worst name ever, you can everything from a cool new phone, or jeans, blankets, bikes, watches, and even luggage (the VenQ stuff came from here). So it's a good one to check out.

Start with the Kickstarter home page, click "Discover", select a category (Games), then change how stuff is sorted.

'Games' sorted by 'Most Funded' (either most funded or end date, doesn't really matter there are currently only 400 ish projects to look through)Then click "Refine Search" -> Show me 'Games' projects on 'Earth' sorted by 'Most Funded'Click "Advanced", click the "All Projects" drop down and select "Live Projects" (that drops out anything that is already either failed or successful, so you only see stuff that can actually be backed).

Now we can start looking at projects that have been sorted out. The UI isn't great, it is an infinite scrolling page, so I tend to scroll through and open new tabs for the projects that look interesting enough. It's really hard to pin down the criteria for the first cut, but here are a few things I look for:

1. Ignore anything that is a video game (key words: mobile, mmorpg, Steam, PS4, Xbox, Wii, Android): These projects RARELY are able to deliver  what they promise. 99.99% of people have no clue what it takes to build a game worth playing so they end up seriously underestimating cost and time requirements.

2. Ignore decks of cards and dice projects: probably 1/50 of these are interesting, so they can pretty easily be ignored. 

3. Look for stuff tagged for 'Family' gameplay: these tend to be on the corny/hilarious side of things but can usually be easy to learn the gameplay.

4. Ignore "storytelling" or "RPG Supplement" stuff: this is usually a D&D-type sourcebook, or a card game where you create a story with cards, neither of which is really that interesting. If they have a good idea, it can be easily self-published on Amazon, no need to go through kickstarter.

5. I typically ignore "deck building" games, but these can sometimes be pretty cool. it's a toss up, I just find that most ideas in this category aren't that fun. (Magic: The Gathering, Pokemon, Dominion are all "deck building" games)

6. You can probably ignore "tabletop rpg" type games. I've got a couple of these and they have TONS and TONS of content. if and when i get a group that wants to play this stuff, i'm already loaded with things to do and am not looking for new ones.

7. Don't worry about the % funded, $ pledged or days to go numbers: if a game is interesting, pledge money towards it regardless of if it will succeed. Part of the game on KS is that the more people to pledge, the higher the project floats in the "magic" sorting so it is more likely to be seen and get more pledges. There have been projects that went from 1% to 500% in the last few days, and projects who have gone from 30% to 100% in a few hours. 

8. Things that say "expansion" or "reprint" or something like that are usually a safe bet. That means they probably were successful in the first round and you can probably pick up the first round rewards as add-ons in the current campaign. Plus, it's a good idea to go find that first campaign and read the updates and comments a bit to see if the backers thought it was run well, or if the project creators did a piss-poor job managing everything and delivered late.

9. Read the name of the project, don't just look at the picture. Some of the coolest projects have a terrible image, or a terrible name. but usually at least one of them is decent. I also read the short description to see if it is worth clicking on.

10. Once I get down to a few rows that have 0% funded && $0 pledged, I mostly just look at the pictures. There's a lot of garbage out there and its not worth your time because the odds of them getting funded are so low.

Of the (484) projects that I looked at:

Show me 'live' projects in 'Games' on 'earth' sorted by 'most funded'

Here are the ones that I flagged as worth a look (23):

https://www.kickstarter.com/projects/gamecraftsmen/heroes-rising?ref=humor4fun

https://www.kickstarter.com/projects/1923120194/an-epically-fun-party-game?ref=humor4fun

https://www.kickstarter.com/projects/741189840/the-game-doctors-board-game-inserts?ref=humor4fun

https://www.kickstarter.com/projects/studiocavalier/get-laid-the-hilarious-game-about-the-game?ref=humor4fun

https://www.kickstarter.com/projects/894630359/make-me-a-god?ref=humor4fun

https://www.kickstarter.com/projects/pulpogames/the-last-shore?ref=humor4fun

https://www.kickstarter.com/projects/1451347526/cup-of-kings-the-party-game-that-actually-starts-a?ref=humor4fun

https://www.kickstarter.com/projects/shem/cibola-and-woodlands-2nd-editions?ref=humor4fun

https://www.kickstarter.com/projects/1656496370/jewels?ref=humor4fun

https://www.kickstarter.com/projects/123011644/jail-break-a-game-for-2-6-inmates?ref=humor4fun

https://www.kickstarter.com/projects/cherrypickedgames/drink-a-house-party-drinking-game?ref=humor4fun

https://www.kickstarter.com/projects/zeven81/no-hope-city-a-co-op-survival-card-game-1-8-player?ref=humor4fun

https://www.kickstarter.com/projects/1142085862/game-over-remix-0?ref=humor4fun

https://www.kickstarter.com/projects/1581450659/palaces?ref=humor4fun

https://www.kickstarter.com/projects/405678366/breaker-blocks?ref=humor4fun

https://www.kickstarter.com/projects/stienf9/even-rougher-rough-the-card-game-expansion?ref=humor4fun

https://www.kickstarter.com/projects/1748909909/vinum-the-blind-tasting-wine-card-game?ref=humor4fun

https://www.kickstarter.com/projects/1584761552/bazaar?ref=humor4fun

https://www.kickstarter.com/projects/273403520/mighty-heroic-minis-fight-time-card-game?ref=humor4fun

https://www.kickstarter.com/projects/524589066/theres-a-monster-under-my-bed-0?ref=humor4fun

https://www.kickstarter.com/projects/1857201114/the-family-game-an-educational-board-game-for-kids?ref=humor4fun

https://www.kickstarter.com/projects/1152516291/roll-player-the-dice-game-that-builds-character?ref=humor4fun

https://www.kickstarter.com/projects/1258558654/brilliants-relaunch?ref= humor4fun

Then I'll look for things like answers to some of these questions:

Watch the video, is it still interesting? Not many groups are good at making videos. Don't let the quality of the video deter you. There are plenty of scam artists who made a great video and a terrible product. There are also plenty of people with a terrible "filmed it from my friend's borrowed smart phone" video and an amazing product.

What is the expected delivery timeframe? <12 months is ideal

How much does it cost to buy a copy of the game? Are they charging a reasonable price compared to what you'd find it for at Toys'R'Us, Wal-Mart or a specialty gaming boutique store? this one can be hard to judge, but once you've shopped around a bit you'll have a better internal meter.

Can they speak/write English properly? If not, then the rules are probably going to be difficult to understand.

Do they have a bunch of stretch goals? If so, are they anywhere near achieving them? Having a bunch of SGs without being close to getting to any of them means the campaign was poorly planned out, there's not enough interest in the game, or people just don't like the project creator for some reason. Not a good sign.

Are there Early Bird pledge levels? If so, are they sold out? That's a good sign. If it is nearing sold out, it is probably a good time to jump in, you can always bail out later before the campaign ends and no money gets charged to your card.

Do they let you pledge extra for Add Ons?

Are they begging you to share with twitter, facebook, your whole contacts list? This is a fine line, asking to share is ok, but take it too far and that's a red flag for me.

Are they on a site like BackerClub.co? This is an 'elite' group of backers (of which I am a member) that gets extra perks for backing projects (typically 10% discount). It doesn't take much to get a project listed on this type of site, but it shows the creator is working hard to get their name out there.

Do they have a project timeline? Assume that every measurement is off by 20-50%, then you will be pleasantly surprised when they deliver early.

Do they explain the cost breakdown of where every dollar will be going? This is rare, but when they try that is usually a good sign that the creator will be relatively open if/when challenges come up after the campaign ends.

Lots of pictures of "here's us playing the game and having fun". This is pretty unprofessional in my opinion, and acts as a deterrent from me backing the project.

Is there a sense of realism and humor in the writing style? Its up to you how to interpret this, but I find that it is humanizing. These are people doing this, not large corporations (like mattel/hasbro), I like to see them admit that.

So now I've narrowed it down to these projects that I'd consider backing.

https://www.kickstarter.com/projects/894630359/make-me-a-god?ref=humor4fun ($30)

https://www.kickstarter.com/projects/1451347526/cup-of-kings-the-party-game-that-actually-starts-a?ref=humor4fun ($35 = both decks)

https://www.kickstarter.com/projects/shem/cibola-and-woodlands-2nd-editions?ref=humor4fun ($32 = both games)

https://www.kickstarter.com/projects/1656496370/jewels?ref= humor4fun ($26)

https://www.kickstarter.com/projects/123011644/jail-break-a-game-for-2-6-inmates?ref=humor4fun ($25)

https://www.kickstarter.com/projects/1142085862/game-over-remix-0/description?ref=humor4fun ($22)

https://www.kickstarter.com/projects/1581450659/palaces?ref=humor4fun ($25)

https://www.kickstarter.com/projects/stienf9/even-rougher-rough-the-card-game-expansion ($50 = core+expansion)

https://www.kickstarter.com/projects/273403520/mighty-heroic-minis-fight-time-card-game?ref=humor4fun($30)

https://www.kickstarter.com/projects/1152516291/roll-player-the-dice-game-that-builds-character?ref=humor4fun($45)

https://www.kickstarter.com/projects/1258558654/brilliants-relaunch?ref= humor4fun ($37)

Note: Based on how many projects I flagged it would take me a bunch more hours to actually go through all of them with a more refined eye. In this case I didn't actually watch any of the videos. I looked for the rules and the price (is the price worth the interest in the game). Then I flagged the projects to review them at a later point in time (the Remind Me tool will send you an email 48 hours before the campaign ends). For the $20-30 price range, even if the game is completely terrible, it's probably not a terrible go. If I go out to the movies, I'll end up spending $15 on a ticket, $1-2 on gas to get there, and maybe a few dollars on snacks, assuming I go alone. Am I able to get 2-3 hours of play out of a $20-30 game? If so, then it was worth it to me.

I tend not to watch actual videos of gameplay, or read rulebooks beyond a basic "inside flap summary" kind of thing (like the inside flap of a book has a better summary than the back, but far less than a wikipedia summary) to see if it is interesting enough. Part of this for me is discovery and trying new things. Yea it's a risk, but that's part of it.

Pro tips:

Don't let KS save your credit card info. If you can, use a bogus card and let it store that. I have a card on file with them that is expired so I can use it as an extra stop-gap to determine if I really want the game. If I'm 1000% interested, I'll put in valid card info when I back the project. If I'm interested but not completely convinced, I'll use the bogus card. When the campaign ends, re-evaluate. If you are in, give it valid info, if not, let the pledge expire and you won't be charged because they have bad card info. This method of letting it expire can look bad on your account if you do it too much, so be very careful. I'd suggest re-visiting the project BEFORE the campaign ends and bow out then.

Check the creator's account info. Did they create other projects? Were those successful? Did people respond well to them? Do they tend to deliver on time? (Queen Games, for example tends to be 6-18 months late, always).

Every little bit matters. If you are interested in a project but don't believe in it SO much that you want to drop the $50-300 they are asking for, pledge $1 with "No Reward". It still helps them move up in the "sorted by magic" listing, and it costs less than a coffee.

Projects like to add "Kickstarter Exclusive" rewards. This is 100% a gimmick. Don't get me wrong, it works on me sometimes, but I am getting better at resisting. Some of them are pretty cool but for the most part its a way to get you back the campaign instead of just waiting for the game to hit Amazon or your local game boutique after production.

2014 and 2015 were all about "dungeon board games" and "dice games"; late 2015 and 2016 are going to be about card games and probably more token-based games. Something we saw was that projects would get really expensive really quickly when a group is trying to produce plastic or resin mini figures, and nice quality cardboard tiles. Cards are far cheaper to make so games are cheaper to buy, meaning more successful campaigns will occur. This is a good thing, so long as the Board games aren't totally dead. Designers/publishers need to find a balance in the middle.

Custom dice or meeples will add 4-5 months to the production timeline; Custom plastic miniatures will add 9-15 months to the production timeline. These are minimums based on the projects I've backed.

China takes 4-6 weeks off from all production in February every year. November-December is also extremely busy. Anything that says they will be starting or finishing during these times should buffer by adding 3-4 months to their timeline. Anything expecting production to continue during these months should expect a 1-2 month delay.

Links:

Amazon Launchpad - This is where a lot of crowd funded projects go for sale after they were successful

BackerClub - An elite group of backers and a way for project creators to spread their projects to serious backers. Usually slightly vetted, so there is a base level of trust going in.

I really wanted this 3.0 to take the Skylanders approach with complete backwards compatibility of the characters and items. I probably would sink hundreds of dollars into this game to buy all the characters and playsets if that were the case. It would be so easy with Steam too, each character could be an item in your inventory (non-marketable, non-trade-able to prevent second-hand market if they are that worried about it), so you can launch Disney 1.0 or 2.0 or 3.0 and the characters/playsets that work with that game would auto-load from your inventory.

Come to think of it, Skylanders could do the same thing with PC as well...Use the toys as a physical sale item, but include an unlock code in the package (like they already do) that logs that character/item/set piece/trap/etc to your online account and have a digital inventory of them. 

DI3.0 has apparently been plagued with some pretty bad bugs from what I read on the Steam forums. Couple that with terribly weak Co-Op play options (lack of it at all, no split-screen play, no multiplayer) and this “toybox” game drops in value to the point that it’s not even worth the “free to play” marketed tagline.

For years I’ve been a big proponent of Synology NAS devices. I’ve owned two different models so far (4-bay and 8-bay) and enjoyed the use of many different features of these systems most prominently featuring their ease of use. There is a potentially endless amount of tinkering one could do to their Synology system after it is initially set up, but anyone playing the role of a System Administrator would tell you the same of any system.

Two years ago I moved from a 4-bay model up to an 8-bay model with the option for 5-bay expansion units. I used to buy cheap desktop-class Seagate, Hitachi and Samsung drives (four of the five drives that have ever failed me were Western Digital Red (2) or Black (2), so I refuse to buy their products), but when I made the switch I opted for NAS-class Seagate drives to ensure higher quality and reduce the expectation of drive failure. In the 24 months that this system has been online, I am happy to report zero drive failures, zero data loss, zero issues whatsoever (aside from occasional power hiccups that drop the whole system offline).

It came time for me to add an expansion unit so I started searching for additional 4 TB NAS-class Seagate drives as well as the expansion unit. As a Prime customer, of course I spent a fair bit of time pricing these bits on Amazon. I ended up buying the expansion unit from Newegg for price and enterprise-class drives from Amazon Marketplace because I found an epic deal. Storage tends to get really really cheap around this time of year. I can only assume that the Amazon buyer-data-crunching-brain system saw that I ordered only drives even though I had been viewing the expansion unit. Three days after my order of drives shipped, Amazon sent me the following email (image below).

What’s interesting here is that they specifically identify the product I purchased from their marketplace, not sold by Amazon, and decided to offer me an absolutely awesome service that would potentially tie me to using Amazon Cloud Drive for the future. This is a brilliant marketing move, even if it is a bit creepy. What Amazon should know, is that I intend to use their “unlimited storage” functionality to its limits. I am fortunate enough to have a Verizon FiOS connection at home with a sick amount of upload speed. I’ll be setting up my Synology system to run weekly backups of the entire Hybrid Raid array to their systems. I appreciate what Amazon was trying to do here, but don’t you think it would make more sense to peg me as a potential customer and send me this offer BEFORE I laid down my money on a solution to my problem of not enough space?

What did they hope to achieve by sending me the offer once I’ve already solved my space problem? I’m not going to abandon the solution that I already built and paid for. Is this a successful campaign for other people? Do they expect me to cancel my order and send back the parts I ordered? Will Amazon back out of their offer for “unlimited cloud storage” like Microsoft has recently done? We know Amazon is the future of all server hosting and cloud storage: they’ve made everything there SO SO unbelievably cheap. If I hadn’t already invested in my own storage solution this would be a good option, but there remains the problem of knowing that it is still off-premises. The point of my system is that it is an on-prem solution.

Anyway...

Dear Amazon,

Thanks for the offer. I’ll be using it as an off-prem backup solution for my on-prem system for the duration of your free-trial. If you had gotten this offer to me BEFORE I shelled out money for my system I may have actually bought into the plan.

Sincerely,

Chris