Security Specialist, Abolitionist, Anabaptist
1675 stories
·
37 followers

Kill Your Cliffhangers

1 Share

cliffhangerThe Invisible Sun kickstarter has me thinking a lot about how to handle gameplay in a world of erratic schedules and spotty attendance. I think there are a lot of techniques for dealing with this that I either take for granted or don’t think about very much, and I would like to really unpack them into something useful.

The rub is that there are two different categories of issues here, one that stems from an excess of time, one that stems from a shortage. There are a lot of great techniques for dealing with an excess of time – flashbacks, one off scenes, bluebooking, parallel play and so on. These are great ways for players to participate in the game outside of the time at the table, and these contributions can be pulled into play. This is fun, and I’ll totally get back to it at another time, but my real problem is at the other end of the spectrum.

What can you do when there’s not enough time to play and scheduling is a problem? As folks get older and there start being things like kids and more demanding careers, this is a real concern. This is certainly the space I’m in, and I’ve put no small amount of work into finding tricks for dealing with this.

The first and most critical change has entailed a change to the underlying structure of the games I run. This takes a number of different forms, but their shared purpose is to make it logical for players to come and go with some frequency.

The most straightforward solution to this is to support these comings and goings in game. This isn’t hard if the game has some underlying weirdness – there can be some in-setting reason for people to become dimensionally untethered, slip out of time or fall back to the waking world at inopportune moments (and re-appear just as easily). I infer that Invisible Sun does this through The Shadow, and it’s a good trick.

This trick can be used in a lot of places, but not everywhere. Sometimes it’s just a poor match for the setting, and you need to figure out another approach. The solution I’be found works best is a combination of fixed locations, episodic play and an ensemble cast.

Fixed location games are those that take place in one general location, such as a city or a space station. The nature of the place is such that adventure and adventure opportunities come to the location, and the heroes only rarely need to venture outside of it. Examples include Babylon 5, Deep Space Nine, and any number of fantasy cities, with the best examples probably found in shared fiction, like Sanctuary or Liavek.

One element of this location is that characters need to have a role within its context. This might be a position of importance (head of security) or just proximity (it’s the port they call home) but whatever form it takes, it serves as the thing the character is doing when not in play. This is not just for color – it is the thing that provides the explanation for why they’re not available. Even if it would be great to have Security Officer Rimbaldi along on this bug hunt, he’s got a matter to deal with over in the diplomat wing, and he can’t get free.

This idea of a role creates a problem for using starship crews or magical academies as the heart of a fixed location. It’s not impossible, but you need to take steps to explicitly address why some people are only available some of the time.

Even without the role, the fixed location makes it very easy for the group to reconnect whenever necessary. If the game is on the move, you not only need to justify a departure, but also figure out how people get back together, and that can be even more of a bear.

Episodic Play is one of those ideas that seems like it should be simple, but fights against a lot of habit. As the name suggests, a session of play is more like an episode of a television show than a part of a serial. There are a lot of implications to this, but the biggest one flies in the face of decades of GM advice, some of which I have authored myself – it means you need to retire the cliffhanger.

Yes, the cliffhanger is a time-honored tradition, one very strongly baked into our lore. When you see a good depiction of gaming in the media, it almost always ends with the GM introducing something terrible then announcing “and we’ll see you all next week!”, to the collected groans of the table.

So this is hard advice to give, but if you have uneven attendance, cliffhangers are going to make you’re life harder. Not only may you lose players between cliffhanger and resolution, you also need to deal with players who missed the cliffhanger coming in for the resolution, and there is not a lot that takes the air out of a cliffhanger like needing to re-explain it.

In the absence of cliffhangers, the goal becomes to wrap up a complete arc within one session, which requires a lot of attention to pacing. Thankfully there are a few tricks to simplify things, both in prep and in play.

In prep, take a little bit of extra time to think about the exit ramps from your scenario, sort of like inverted hooks. The iconic example of this is the dungeon – a 5 room dungeon might make for a night’s entertainment, but a 50 room labyrinth is going to leave you ending mid-dungeon. That may sound anemic, but look around online – there are a lot of very good small dungeon scenarios out there, and they’re worth a look. Owen K.C. Stephens in particular has a knack for them.

In play, be more aggressive in your use of the “camera” as GM. When it comes time to frame a scene, do it aggressively and generously. By aggressively, I mean start the action close to the action, and by generously I mean do it in a way that assumes the characters have been smart and competent. Using scene framing to screw players is a great way to destroy trust, but doing it generously is a great way to get their buy in.

By the same token, know when to tie things off and move onto the next scene. You don’t always need to do this – sometimes players want to sit around and chew the fat. But if they’re doing that 2 hours into a 4 hour session, then keep things moving. But if you can get this sense of timing down, then short scenes become a viable option. That may seem a small thing, but if your table is comfortable resolving some things quickly, then a lot more can be happening in your world without it needing to be all epic all the time.

Short scenes also mean that if your game comes to a conclusion at the 3 hour mark in a 4 hour session, you have things to do with that last hour. That relieves a lot of the stress to time things out just so.

I’ve mentioned time twice so far, but it bears mention a third time. Once you start looking to get in a full session in the window you have available, it helps to watch the clock. This one is hard for me – it feels counterintuitive. I want to get into the flow of the moment and time will take care of itself. But that’s a selfish instinct. I don’t need to be a slave to the map, but I should be aware of it.

We’re just skimming the surface here, but this is one of those areas where it’s worth studying what makes for good television. You don’t need to go full Prime Time Adventures, but it’s worth seeing what makes the episodic TV you like exciting to you and seeing how to translate that to the table.

The Ensemble Cast is another idea easily traced to television where the idea is that the entire cast is larger than you’ll see in any given episode. Star Trek provides numerous examples of this – the crew of any given ship is usually larger than the number of people with actual lines in an episode. There are not a lot of techniques associated with this idea, but it’s an important concept to bear in mind. Not only does it make the shifting cast (based on attendance) seem more appropriate, it impacts prep and gives the GM explicitly permission to narrow the scope of what to prepare.

What this means may depend on the GM. On the practical side, it may mean not throwing a stealth mission in when all the thieves are out on spring break. On the narrative side, it may mean you have a little bit more leeway bringing in characters personal issues because you know the scope is narrower.

***

There is one more option that I explicitly have not mentioned here: Friendly Mechanics.

Many games have rules that make flexible scheduling easier. Often, these loosen the 1:1 relationship between character and player. This may be as lightweight was a system that allows or encourages players to play NPCs in scenes that their main character is not involved in, or it could be as structured as Ars Magica’s system of creating several different characters and then choosing who to play situationally.

There’s a lot of good stuff in this space, but I do not consider it essential for one simple reason – it’s not to everyone’s taste. I can do fixed locations, episodic play and an ensemble cast with almost any game out there, shaped to the tastes of the players of that game. But once I start changing the rules, that’s a whole other ball of wax.

It’s a ball of wax I’m happy to tackle, but it’s a topic for another time.

Read the whole story
toddgrotenhuis
2 days ago
reply
Indianapolis
Share this story
Delete

Comic for August 20, 2016

2 Shares
Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.
Read the whole story
toddgrotenhuis
2 days ago
reply
Indianapolis
Share this story
Delete

The NSA Leak Is Real, Snowden Documents Confirm

1 Share

On Monday, a hackinggroup calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.

The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, with some observers blaming the Russians and others hypothesizing unilateral action by a disgruntled NSA staffer,  one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency.

The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.”That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.

SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA’s offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don’t always have the last word when it comes to computer exploitation.

But malicious software of this sophistication doesn’t just pose a threat to foreign governments, Johns Hopkins University cryptographer Matthew Green told The Intercept:

The danger of these exploits is that they can be used to target anyone who is using a vulnerable router. This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It’s worse, in fact, because many of these exploits are not available through any other means, so they’re just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable.

So the risk is twofold: first, that the person or persons who stole this information might have used them against us. If this is indeed Russia, then one assumes that they probably have their own exploits, but there’s no need to give them any more. And now that the exploits have been released, we run the risk that ordinary criminals will use them against corporate targets.

The NSA did not respond to questions concerning ShadowBrokers, the Snowden documents, or its malware.

A Memorable SECONDDATE

The offensive tools released by ShadowBrokers are organized under a litany of code names such as POLARSNEEZE and ELIGIBLE BOMBSHELL, and their exact purpose is still being assessed. But we do know more about one of the weapons: SECONDDATE.

SECONDDATE is a tool designed to intercept web requests and redirect browsers on target computers to an NSA web server. That server, in turn, is designed to infect them with malware. SECONDDATE’s existence was first reported byThe Intercept in 2014, as part of a look at a global computer exploitation effort code-named TURBINE. The malware server, known as FOXACID, has also been described in previously released Snowden documents.

Other documents released by The Intercept today not only tie SECONDDATE to the ShadowBrokers leak but also provide new detail on how it fits into the NSA’s broader surveillance and infection network. They also show how SECONDDATE has been used, including to spy on Pakistan and a computer system in Lebanon.

The top-secret manual that authenticates the SECONDDATE found in the wild as the same one used within the NSA is a 31-page document titled “FOXACID SOP for Operational Management” and marked as a draft. It dates to no earlier than 2010. A section within the manual describes administrative tools for tracking how victims are funneled into FOXACID, including a set of tags used to catalogue servers. When such a tag is created in relation to a SECONDDATE-related infection, the document says, a certain distinctive identifier must be used:

The same SECONDDATE MSGID string appears in 14 different files throughout the ShadowBrokers leak, including in a file titled SecondDate-3021.exe. Viewed through a code-editing program (screenshot below), the NSA’s secret number can be found hiding in plain sight:

All told, throughout many of the folders contained in the ShadowBrokers’ package (screenshot below), there are 47 files with SECONDDATE-related names, including different versions of the raw code required to execute a SECONDDATE attack, instructions for how to use it, and other related files.

.

After viewing the code, Green told The Intercept the MSGID string’s occurrence in both an NSA training document and this week’s leak is “unlikely to be a coincidence.” Computer security researcher Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies, who has been particularly vocal in his analysis of the ShadowBrokers this week, told The Intercept “there is no way” the MSGID string’s appearance in both places is a coincidence.”

Where SECONDDATE Fits In

This overview jibes with previously unpublished classified files provided by Snowden that illustrate how SECONDDATE is a component of BADDECISION, a broader NSA infiltration tool. SECONDDATE helps the NSA pull off a “man in the middle” attack against users on a wireless network, tricking them into thinking they’re talking to a safe website when in reality they’ve been sent a malicious payload from an NSA server.

According to one December 2010 PowerPoint presentation titled “Introduction to BADDECISION,” that tool is also designed to send users of a wireless network, sometimes referred to as an 802.11 network, to FOXACID malware servers. Or, as the presentation puts it, BADDECISION is an “802.11 CNE [computer network exploitation] tool that uses a true man-in-the-middle attack and a frame injection technique to redirect a target client to a FOXACID server.” As another top-secret slide puts it, the attack homes in on “the greatest vulnerability to your computer: your web browser.”

One slide points out that the attack works on users with an encrypted wireless connection to the internet.

That trick, it seems, often involves BADDECISION and SECONDDATE, with the latter described as a “component” for the former. A series of diagrams in the “Introduction to BADDECISION” presentation show how an NSA operator “uses SECONDDATE to inject a redirection payload at [a] Target Client,” invisibly hijacking a user’s web browser as the user attempts to visit a benign website (in the example given, it’s CNN.com). Executed correctly, the file explains, a “Target Client continues normal webpage browsing, completely unaware,” lands on a malware-filled NSA server, and becomes infected with as much of that malware as possible — or as the presentation puts it, the user will be left “WHACKED!” In the other top-secret presentations, it’s put plainly: “How do we redirect the target to the FOXACID server without being noticed”? Simple: “Use NIGHTSTAND or BADDECISION.”

The sheer number of interlocking tools available to crack a computer is dizzying. In the FOXACID manual, government hackers are told an NSA hacker ought to be familiar with using SECONDDATE along with similar man-in-the-middle wi-fi attacks code-named MAGIC SQUIRREL and MAGICBEAN. A top-secret presentation on FOXACID lists further ways to redirect targets to the malware server system.

To position themselves within range of a vulnerable wireless network, NSA operators can use a mobile antenna system running software code-named BLINDDATE, depicted in the field in what appears to be Kabul. The software can even be attached to a drone. BLINDDATE in turn can run BADDECISION, which allows for a SECONDDATE attack:

Elsewhere in these files, there are at least two documented cases case of SECONDDATE being used to successfully infect computers overseas: An April 2013 presentation boasts of successful attacks against computer systems in both Pakistan and Lebanon. In the first, NSA hackers used SECONDDATE to breach “targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division,” which contained documents pertaining to “the backbone of Pakistan’s Green Line communications network” used by “civilian and military leadership.”

In the latter, the NSA used SECONDDATE to pull off a man-in-the-middle attack in Lebanon “for the first time ever,” infecting a Lebanese ISP to extract “100+ MB of Hizballah Unit 1800 data,” a special subset of the terrorist group dedicated to aidingPalestinian militants.

SECONDDATE is just one method that the NSA uses to get its target’s browser pointed at a FOXACID server. Other methods include sending spam that attempts to exploit bugs in popular web-based email providers or entices targets to click on malicious links that lead to a FOXACID server. One document, a newsletter for the NSA’s Special Source Operations division, describes how NSA software other than SECONDDATE was used to repeatedly direct targets in Pakistan to FOXACID malware web servers, eventually infecting the targets’ computers.

A Potentially Mundane Hack

Snowden, who worked for NSA contractors Dell and Booz Allen Hamilton, has offered some context and a relatively mundane possible explanation for the leak: that the NSA headquarters was not hacked, but rather one of the computers the agency uses to plan and execute attacks was compromised. In a series of tweets, he pointed out that the NSA often lurks on systems that are supposed to be controlled by others, and it’s possible someone at the agency took control of a server and failed to clean up after themselves. A regime, hacker group, or intelligence agency could have seized the files and the opportunity to embarrass the agency.

Sign up for The Intercept Newsletter here.

The post The NSA Leak Is Real, Was Hacked, Snowden Documents Confirm appeared first on The Intercept.









Read the whole story
toddgrotenhuis
5 days ago
reply
Indianapolis
Share this story
Delete

The Justice Department Is Done With Private Prisons. Will ICE Drop Them Too?

1 Share

The Justice Department’s announcement on Thursday that it would seek to end the use of private contractors to run its federal prisons was a monumental one that quickly sent private prison stocks plunging and drew praise from dozens of human and civil rights groups that for years had been denouncing abuse and neglect in private facilities.

In a memo explaining the decision, Deputy Attorney General Sally Yates wrote that private prisons “simply do not provide the same level of correctional services, programs, and resources,” “do not save substantially on costs,” and “do not maintain the same level of safety and security” as facilities operated by the Bureau of Prisons.

But as the criminal justice community began to take stock of the news, many also expressed hopes that the DOJ would not be the only government agency to cut ties with the private companies, which also operate state prisons and immigration detention centers.

In particular, advocates directly called on the Department of Homeland Security’s Immigration and Customs Enforcement — which is responsible for holding a growing number of detainees with pending immigration cases or awaiting deportation — to end its multimillion-dollar relationship with the private corrections industry.

A spokesperson for ICE did not specifically comment on the impact of the Justice Department’s announcement on its own relationship with private prison companies but said companies, noting that “ICE detainees are housed in a variety of facilities across the United States, including but not limited to ICE-owned-and-operated facilities; local, county, or state facilities contracted through Intergovernmental Service Agreements; and contractor-owned-and-operated facilities.”The spokesperson added that the agency “remains committed to providing a safe and humane environment for all those in its custody” and “provides several levels of oversight in order to ensure that detainees in ICE custody reside in safe, secure, and humane environments and under appropriate conditions of confinement.”

ADELANTO, CA - NOVEMBER 15: An immigrant waits in a processing cell at the Adelanto Detention Facility on November 15, 2013 in Adelanto, California. The center, the largest and newest Immigration and Customs Enforcement (ICE), detention facility in California, houses an average of 1,100 immigrants in custody pending a decision in their immigration cases or awaiting deportation. The facility is managed by the private GEO Group. ICE detains an average of 33,000 undocumented immigrants in more than 400 facilities nationwide. (Photo by John Moore/Getty Images)

A man waits in a processing cell at the GEO Group-operated Adelanto Detention Facility, the largest immigration detention facility in California, on Nov. 15, 2013.

Photo: John Moore/Getty Images

While the Justice Department’s decision is set to impact 13 privately run federal prisons and some 22,660 prisoners, the potential impact of a similar decision by ICE would be considerably more significant for the agency.  The ICE spokesperson said that 46 of the agency’s facilities are operated by private contractors. While ICE did not provide the number of detainees it oversees, but while the immigration detention population fluctuates, private contractors oversee a daily average of 24,567 detainees — out of the average 33,676 held in ICE detention each day. As of 2014, the immigration detention population had jumped 47 percent fluctuates and is hard to pin down, it had jumped to over 32,000 people in 2014, a 47 percent increase over the prior decade. Immigration advocates say that growth is both unjustified by public safety needs and sets the stage for neglect and abuse.

“As of today, the Bureau of Prisons’ two-decades experiment with private prisons is finally beginning to come to an end,” David Fathi, director of the American Civil Liberties Union National Prison Project, told The Intercept, calling the decision “historic.” “We hope that ICE and the states will follow the lead of the Justice Department.”

Grace Meng, a Human Rights Watch senior researcher focusing on immigration issues, called the DOJ’s announcement “incredibly exciting news.” “This should prompt Immigration and Customs Enforcement to stop their use of private immigration detention facilities, run by the same companies,” she added, while also noting that “focus on private companies shouldn’t remove scrutiny from county jails and other ICE facilities that are also rife with problems.”

States have traditionally taken the federal Bureau of Prisons as a model for best practices, but for ICE, severing ties would be a logistical feat of immense proportions. ICE’s contracts with private companies can be difficult to track as they are often executed through local county government The exact percentage of immigrants in private detention centers isn’t easy to calculate because ICE technically contracts with local governments for many of them, and those counties then contract with the private companies — a decentralized approach to the privatization of detention that has also made these facilities harder to monitor.

But according to ICE’s numbers, more than 70 percent of its detainees, on average, more than half, and by some estimates, as many as 62 percent of ICE detainees are living in privately run facilities, where unsafe and abusive conditions have been amply documented. By comparison, the federal prison population in privately run facilities never exceeded 16 percent and the state prison population in such facilities is around 6 percent.

“In terms of percentage, ICE is the agency that has the biggest share of its prisoners and detainees in private prisons,” said Fathi, also noting that while the federal prison population has decreased quite significantly in recent years, “the same is not true of the ICE detainee population.”

“It’s definitely going to be harder for them,” he said.

Hard or not, corrections operators are obligated under obligation to guarantee a number of protections, regardless of law enforcement needs, Meng noted.

“The assumption that ICE can’t do this is completely false, because the fact that the detention system is as large as it is now has not been historically true,” she said. “There’s an inflated sense of how many people actually need to be in detention at any given time. What we have seen is there is a huge number of people who should not be there at all: children, families, people who are not a current threat to public safety, who have really strong claims to release.”

Details on the exact cost of privately run immigration detention are also opaque, but as immigration detention spending as a whole skyrocketed from $700 million in 2005 to more than $2 billion today, so did revenues for the GEO Group and Corrections Corporation of America, by far the two largest private companies operating immigration detention facilities.

According to a report released last year by the Center for American Progress, federal contracts, including those from the Bureau of Prisons and ICE, jumped from 39 percent of CCA’s total revenues in 2005 to 44 percent — $724.2 million — in 2014. That year, ICE contracts alone made up 13 percent of CCA’s revenue — $221 million. Similarly, federal contracts rose from 27 percent of the GEO Group’s revenues in 2005 2005, to 42 percent in 2014, with ICE accounting for 15.6 percent of the pie.

Just days ago, details emerged about about a  ICE signed a new four-year, $1 billion contract ICE awarded to  with CCA to house Central American asylum seekers in Texas.

Jonathan Burns, a spokesperson for CCA, wrote in a statement to The Intercept that federal prisons make up only 7 percent of the company’s business, adding that the DOJ’s report had “significant flaws.”

“The findings simply don’t match up to the numerous independent studies that show our facilities to be equal or better with regard to safety and quality, or the excellent feedback we get from our partners at all levels of government,” he wrote. “We value our partners, and we will continue to work with them, both through the types of management solutions we’ve provided for more than three decades, as well as new, innovative opportunities we’ve been exploring in recent years in a proactive effort to meet their evolving needs.”

In a statement to The Intercept, a spokesperson for the GEO Group wrote, “While our company was disappointed by today’s DOJ announcement, The GEO Group and CCA did not immediately respond to questions about the impact of this decision on GEO is not imminent.”

“Notwithstanding today’s announcement, we will continue to work with the BOP, as well as all of our government partners, in order to ensure safe and secure operations at all of our facilities.”

the DOJ’s decision on their other government contracts.

But as they are slated to lose millions and wield significant lobbying power, it’s unlikely that private prison companies will  they’ll go without a fight.

“Their stock is dropping like a stone. I’m sure they’re not happy and I’m sure they’ll complain they’re being unfairly treated, but the fact is, there is abundant evidence that private prisons are not as safe and not as secure and the services they provide to prisoners are inferior,” Fathi said. “Certainly the government has every right to decide that their services are no longer needed.”

Update: Aug. 18, 2016
This story has been updated to include statements from ICE, CCA, and the GEO Group provided after publication.

Correction: Aug. 18, 2016
An earlier version of this story misstated the timing of an ICE detention contract awarded to CCA; the story has been updated to correct the error.

Sign up for The Intercept Newsletter here.

The post The Justice Department Is Done With Private Prisons. Will ICE Drop Them Too? appeared first on The Intercept.

Read the whole story
toddgrotenhuis
5 days ago
reply
Indianapolis
Share this story
Delete

Life: Heartwarming: This Town Built A Returning Veteran His Very Own Bus Shelter

1 Share
Read the whole story
toddgrotenhuis
5 days ago
reply
Indianapolis
Share this story
Delete

Tarnished Iron and Debt

1 Share

Women with a glowing metal gauntlet raised and ready to kick some ass.Conversation on twitter with @robweiland and @hippywizard lead to me spending my lunch writing the house rules I would use to address that grumpiness about dracheneisen in 7th Sea.  And thus, I share. 

In first edition 7th Sea, one of the most delightful things about the Eisen was that their signature was punching evil in the face with a dracheneisen gauntlet. In 2nd edition, this has been replaced with creepy magic, and it feels like an unfair tradeoff. Dracheneisen still exists in the setting, but it’s explicitly put out of the reach of starting characters.

I don’t like this much. The easy solution is to just say it’s purchaseable as a more expensive signature item. Technically, the rules suggest that a dracheneisen item would be worth 10 points, but considering what 5 points gets you, that seems extreme. So if you want the quick fix, add the following:

NEW ADVANTAGE: Heir to Iron (5 points, Eisen Only)

You own a dracheneisen artifact, either a heavy melee weapon, a piece of armor or a panzerhand. Describe it in detail, bearing in mind that it should have a storied history.

  • It is indestructible by any normal means
  • It has all the benefits of a signature item (see the advantage of that name).
  • It glows when within 30′ of a monster
  • If brandished before a monster, monstrous abilities which cost 1 danger point cost 2. If the item leaves the scene, the benefit is lost
  • If it is a weapon, it causes one extra wound when striking a character with a Sorcery Advantage or Monster Quality.
  • If it is a piece of armor, once per scene you may spend a hero point to avoid the automatic dramatic wound from a firearm
  • If it is a Panzerhand, and you are fighting in the Eisenfaust style, it acts as both armor and weapon.

NEW BACKGROUND: Iron Heir (Eisen Only)

You are the heir to a proud tradition, embodied by the dracheneisen weapon handed down to you. You must live up to it, or die trying.

Quirk: Earn a hero Point when you opt not use your Dracheneisen artifact in a situation where it would be helpful because the foe or task is unworthy.

Advantages: Heir to Iron

Skills: Athletics, Intimidate, Scholarship, Warfare, Weaponry


However, if you want to buy into the idea that dracheneisen should be rare and is really worth 10 steps of a story, then consider the following:

NEW ADVANTAGE: Tarnished Dracheneisen (4 points, Eisen only)

Dracheneisen cannot be destroyed, but it can become tarnished. No one is entirely sure how this happens – the Eisen say that it can happen when the weapon is shamed by its wielder, but alchemists are skeptical, expecting that the process is more mundane. Whatever the explanation, it can be cleaned, but not easily. The Eisen say that only the blood of monsters can clean Dracheneisen, and that is not terribly far from he truth.

You own a dracheneisen artifact, either a heavy melee weapon, a piece of armor or a panzerhand. Describe it in detail, bearing in mind that it should have a storied history.

  • It is indestructible by any normal means
  • It has all the benefits of a signature item (see the advantage of that name).

It is possible to “unlock” the other attributes of the item through stories. There are three levels of purification, each of which requires a 2 step story (usually 1. Find a rare monster, 2. Kill the hell out of it).

  • After the first story, It glows when within 30′ of a monster
  • After the second story, If brandished before a monster, monstrous abilities which cost 1 danger point cost 2. If the item leaves the scene, the benefit is lost
  • After the third and final story, it gains a benefit based on its form:
    • If it is a weapon, it causes one extra wound when striking a character with a Sorcery Advantage or Monster Quality.
    • If it is a piece of armor, once per scene you may spend a hero point to avoid the automatic dramatic wound from a firearm
    • If it is a Panzerhand, and you are fighting in the Eisenfaust style, it acts as both armor and weapon.

NEW BACKGROUND: Trubeneisen

Your name is a storied one, but it has been shamed. You carry an artifact that is marked by that shame. It will be made clean again. So you swear.

Quirk: Gain a hero point when you take a risk to protect your good name.

Advantages: Survivalist, Tarnished Dracheneisen

Skills: Athletics, Intimidate, Scholarship, Warfare, Weaponry


OPTIONAL RULE: Debt

Sometimes circumstances result in a character getting an advantage that they haven’t paid for. If this is just a momentary circumstance, then all is well – fate giveth and fate taketh away. However, sometimes it’s a real change to the character that has not been “paid for” in points to story.

In those circumstances, the player has accrued a debt equal to the number of story steps they would have needed to gain the advantage in question. Debt can be “paid off” with a story equal to the size of the debt. If a character somehow accrues more than one debt, track them separately, and remove them separately (that is, if Gaston has a debt of 3 and a debt of 2, they can be removed with a 3 step story and a 2 step story. it need not be a 5 step story, though that would work too).

At the beginning of a session, when the GM collects danger points, she gains one extra danger point for every point of debt among the characters present. a

Read the whole story
toddgrotenhuis
7 days ago
reply
Indianapolis
Share this story
Delete
Next Page of Stories