ydal

First off: I’m not say­ing that two-factor authen­ti­ca­tion (2-FA) is bad. It’s a rather good method. But people should be aware of what their authen­ti­ca­tion fac­tors really are, and not pre­sume pro­per­ties that they do not have.

Let me explain.

We all know about the qua­lity of the easy “some­thing you know” fac­tor: it’s a password/-phrase/-poem or simi­lar, stuff that you can easily memo­rize and thus do not need to carry around outs­ide of your head. Let me repeat: it’s a memo­riz­able quan­tum of infor­ma­tion. Thus, the only safe sto­rage for this — logi­cally — is your head, as this infor­ma­tion can be extrac­ted ter­ri­bly easy by humans if it’s any­where else. That means rea­ding it off a post-it, fin­ding the file con­tai­ning the pass­word — or even gues­sing it, because, let’s face it, many people use mne­mo­nic passwords.

As the name of 2-FA implies, there’s also a second fac­tor, often descri­bed be the phra­ses “some­thing you have” or “some­thing you are”. What these mne­mo­nics insi­nuate is that there is not­hing that you “know” about these fac­tors, which — alt­hough in most cases mostly true — isn’t accurate.

When using com­mon second fac­tors like cryp­to­gra­phic tokens, keys, bio­me­tric data or simi­lar, you shouldn’t for­get that you’re still dea­ling with sim­ple infor­ma­tion. It’s just that this par­ti­cu­lar piece of infor­ma­tion, usually, is not memo­riz­able in the usual terms. A key’s beard can be easily map­ped into infor­ma­tion descri­bing where the pits are, how deep they are, etc. A human’s DNA can be rep­re­sen­ted in a pretty long string. A key ring authen­ti­ca­tion fob is usually little more than a secret “seed” plus an algo­rithm applied to it.

So it’s not that it’s impos­si­ble to gain access to the second fac­tor wit­hout pos­ses­sing it, it’s just way less tri­vial than a sim­ple effort of memo­riza­tion. Key fobs don’t allow you to view the seed, for example, but if you can eaves­drop on a syn­chro­niza­tion, you’re game — and don’t even need the key. Depen­ding on the com­ple­xity of a phy­si­cal key, a sim­ple pho­to­graph is enough to fake it. And these are all methods where you wouldn’t even know your secret infor­ma­tion was lea­ked, if done right.

Thus, always remem­ber: two-factor authen­ti­ca­tion isn’t inher­ently secure. You need to pro­tect all the fac­tors equally well, and do not trust a fac­tor to be “safe”. After all, you are sus­cep­ti­ble to rubber-hose cryp­t­ana­ly­sis.

For a quick popu­lar cul­ture example of authen­ti­ca­tion fac­tor secrecy, the movie “Incep­tion” is an unex­pec­ted but wel­come can­di­date. (Spoi­lers.) In it, each cha­rac­ter that del­ves into dreams is urged to fashion a “totem” with spe­ci­fic pro­per­ties that only they know, so that they can check they’re not in someone else’s dream. It’s vital for them not to let anyone else see their totem, as it would give them the power to fool the other into belie­ving in an inva­lid authentication.

Here, the infor­ma­tion is phy­si­cal, but due to the spe­cial nature, also memo­riz­able. You might argue this redu­ces it into a “what you know” cate­gory, but it is a phy­si­cal fac­tor that allows you to verify that the cur­rent rea­lity is the same as the one you crea­ted your totem in. Just due to the fact that the rele­vant sys­tem isn’t a com­pu­ter but the real world shows how fee­ble the idea of a phy­si­cal token actually is.

Two-factor authentication still means you're dealing with merely two disparate sets of information. Bonus points for Inception pop reference.

If you’re a bit of a gamer and have a bit of loose change, you’ll pro­bably have the ten­dency to acquire Steam games during sales.

This will inva­ria­bly lead to you having a pretty big Steam game port­fo­lio over time. Accor­ding to steamcalculator.com, my account is worth about 2000 USD right now. That’s the cur­rent pri­ces for the games, which is way more than what I put into the games — after all, I bought most of them during sale actions.

On the other hand, I’ve also put quite a few hours of my time into Steam games, and even with mini­mum wage I’d pro­bably get a couple thousand more. Hell, I’ve played Fall­out: New Vegas for “only” 70 hours, and that’s actually not pretty much.

The thing is that you’ll inva­ria­bly build up a back­log. Even with the mixed «bles­sing» of rather short sin­gle player por­ti­ons of games these days, you’ll have a hell of a time catching up with each game that you bought, espe­cially if you want to milk them for their money’s worth.

Which is pretty inte­res­ting, since in the end, you could spend up spen­ding more money for the fun of having variety than the pro­fes­sed goal of get­ting the most worth out of sin­gle games.

And what actually hap­pens is that you’ll pro­bably end up not play­ing some games at all.

There’s a mul­ti­tude of rea­sons for it. For example, you might just not have the time to actually play a game. More com­monly, though, you will pro­bably not have time to pur­sue a game. You might play it for a bit, but then you’ll start ine­vi­ta­bly filing it under “have to play this more during downtime”.

Except you’ll never use that down­time for that game, since there’s pro­bably some­thing else that actually tick­les your cur­rent fancy. Often enough, there’s no real chance to get bored “enough” for you to go back to your gaming back­log except if you make a con­scious effort.

So the back­log grows, and grows, and grows.

In my case, there’s still some Hum­ble Bundle games that are lying around, which isn’t that much of a loss since I mainly bought it for the other games.

But then, there’s quite a lot more: The King’s Bounty series, pro­bably about at least 100 hours of gaming. Cthulhu saves the world, a char­ming little adven­ture. The Pen­um­bra and Amne­sia games, sup­po­sedly very great. The very cute Braid. Darksi­ders. Ano­maly: War­zone Earth. Atom Zom­bie Smas­her. Fro­zen Syn­apse. Far Cry 2. Machi­na­rium. Magi­cka. Indigo Pro­phecy. Osmos. Nation Red. Recet­tear. Saira. Space­Chem. Trine.

All very good games and I don’t feel bad for having bought them. (As oppo­sed to Dead Rising 2. Blech.)

There’s just no way I’ll have the kind of casual down­time that allows me to click off with one of these for half an hour. I’d rather hit up Bor­der­lands and finish up some DLC, for example.

Thus, in con­clu­sion, I have to liken this to some­thing inter­net nerds ever­y­where have a cer­tain con­nec­tion with. There’s other things which you some­ti­mes really need to get around to, but never seem to be able to finish.

Two dre­a­ded words: “inbox zero”.

That time when you actually manage to have zero unread mails — or rather, zero mails that still need your atten­tion, if you don’t use read state to indi­cate that.

Using that nomen­cla­ture, it seems I’ll never be able to one day post a sta­tus update con­tai­ning the sim­ple words “Steam zero”.

If you're a bit of a gamer and have a bit of loose change, you'll probably have the tendency to acquire Steam games during sales. This will invariably lead to you having a pretty big Steam game portfolio over time. According to steamcalculator.com, my account is worth about 2000 USD right now. That's the current ...

[An English ver­sion might fol­low later, if I can be bug­ge­red to cough up a working multi-language solution.]

Nicht gerade wenige wer­den sich noch an ihre Kind­heit zurück­er­in­nern kön­nen. Ins­be­son­dere an das, womit man sich so damals die Zeit ver­trie­ben hat, klein und unschul­dig wie man war.

Und bei vie­len der Leu­ten, die sich dran erin­nern, wird hof­fent­lich das Wort “Lego” sofort Asso­zia­tio­nen wecken. Nicht nur im Kon­text von “Din­ger, auf die man drauf­tram­pelt” son­dern auch “etwas, womit ich frü­her gespielt habe”.

Sollte jemand das nicht sagen kön­nen, dann muss er viel­leicht gar nicht weiterlesen.

Wie der Titel schon sagt: Es geht um Mine­craft. Und Mine­craft ist sowas wie das Lego von heute. Zwar digi­tal, am Com­pu­ter, und nicht wirk­lich zum anfas­sen und eigent­lich sogar sehr beschränkt — doch kit­zelt es genau die sel­ben Ner­ven wie unser belieb­tes Lego früher.

Mine­craft ist gerade recht hoch ange­sagt, zumin­dest in gewis­sen Krei­sen, und viele wer­den heut­zu­tage nicht drum­herum kom­men, von die­sem komi­schen Spiel zumin­dest mal gehört zu haben.

Die Prä­misse ist ein­fach: Man ist, und man kann machen. Mehr Story braucht’s nicht. Das Spiel (in sei­ner aktu­el­len Fas­sung) wirft einen ein­fach vor voll­en­dete Tat­sa­chen, mit einer mini­ma­len Anlei­tung in Form einer ein­stell­ba­ren Tas­ten­be­le­gung. Sprich wie Lego ohne Bauanleitung.

Ent­we­der erschließt man es sich müh­sam selbst, oder man guckt im Inter­net nach, oder (wie die meis­ten) hat’s mal irgendwo gese­hen: man kann diese komi­schen Blö­cke, aus denen die Welt besteht, kaputt­schla­gen, und dann kann man meist die Blö­cke sel­ber auf­neh­men. Und dann wie­der wo hin­set­zen. Wenn man etwas wei­ter nach­schlägt, fin­det man her­aus, daß man zum Bei­spiel Holz zu einer Werk­bank zusam­men­set­zen kann, mit der man dann tol­lere Sachen in einem 3x3-Raster zusam­menkli­cken kann.

Bis­her ist das alles noch nicht viel, aber da oben in der Ecke steht ja auch noch “alpha”.

Und was ist jetzt so “toll” dran, daß alle davon schwärmen?

Ganz ein­fach: das Spiel ist Sand­kas­ten pur.

Ohne ein Ziel gibt es nichts, was einem vor­schreibt, wie man Han­deln muss. Man kann in dem Spiel ster­ben, aber das ist nicht das tra­gischste Ereig­nis aller Zei­ten — man ver­liert nur sein gesam­mel­tes Hab und Gut, wel­ches man mit sich führte.

Man kann erkun­den gehen, und merkt, daß man immer wei­ter erkun­den kann. Es gibt also keine bestimmte Land­schaft zu erkun­den, son­dern das Spiel macht ein­fach immer wei­ter Land­schaft, wenn man von der bis­her Bekann­ten weg­geht. Also auch hier kein Ziel — selbst wenn der Weg Spaß macht.

Also bleibt einem eigent­lich nur eines: den eige­nen Drang zu erfül­len, sich sel­ber für etwas auf die Schul­ter klop­fen zu kön­nen. Und so fängt man an mit Bauen. Man sta­pelt Blö­cke auf­ein­an­der — meis­tens erst­mal in einer Art Haus oder Höhle. Man fin­det her­aus, daß böse Vie­cher einem Böses wol­len, und gestal­tet dann die eigene Hei­mat so, daß sie es nicht mehr kön­nen. Und stakst über­all Fackeln hin.

Und so geht das wei­ter. Das Haus wächst, man baut in den nächst­ge­le­ge­nen Berg oder Hügel rein, hölt ihn aus, oder fin­det even­tu­ell ein Höh­len­sys­tem. Man sucht es nach Res­sour­cen ab, fin­det wel­che, und macht sich bes­sere Werk­zeuge. So ein klei­nes biss­chen wie Leben halt.

Aber auch da stellt sich nach der Weile ein “wofür” ein. Ein­fach nur immer wei­ter Hor­ten und Sam­meln führt zu nichts. Dann hat man nach­her ganz viele volle Kis­ten, und das war’s.

Nun — will­kom­men in der mensch­li­chen Natur: jetzt wird erschaf­fen. Man baut nicht nur Häu­ser, son­dern man baut inter­es­sante Kon­struk­tio­nen (die momen­tan lei­der eher nicht “wag­hal­sig” sein kön­nen, aber das ändert sich wahr­schein­lich noch). Man steckt Auf­wand und Lie­bes­mühe her­ein, um etwas zu basteln.

Zum Bei­spiel hat man dann irgend­wann über Seen und Flüsse erkun­det und fin­det das ganze Stap­fen durch die Pampa müh­se­lig. Und dann fängt man wie der Autor an, sich eine eigene Weg­ter­asse zu errichten.

Baby steps

So muss man dann nicht mehr müh­se­lig durch die Land­schaft stap­fen, und hat auch noch was schö­nes gemacht dabei, da es bei Nacht so schön leuchtet.

Ande­ren Leu­ten wie­derum ist sowas nicht genug, und sie set­zen da noch Schie­nen drauf, und erstel­len einen fast kolos­sa­les Bahn-Projekt.

Und das ist der Punkt, wo es anfängt: der kleine Größenwahn.

Frü­her als Kind hatte man nur eine begrenzte Anzahl Lego­steine, mit denen man irgend­was bas­teln könnte. Wenn man einem Kind aber einen unend­li­chen Vor­rat an Lego­stei­nen geben würde und es eine Weile allein lässt — dann sollte man sich nicht wun­dert, wenn man einen Wol­ken­krat­zer im Gar­ten hat.

Das Spiel setzt genau da an, wo nicht wenige Men­schen anfäl­lig sind: der Bas­tel­trieb. Man erschafft etwas, und sieht das Resul­tat vor sich ent­ste­hen, und irgend­was in einem wird ruhig, gelas­sen, und glück­lich. Und man macht wei­ter, und merkt gar nicht, wie man sich dadrin ver­liert. Das kleine OCD für Jedermann.

Und alles wächst. Ehe man sich ver­sieht, hat man impo­sante Groß­pro­jekte geschaf­fen. Andere machen Trai­ler, die einen quasi mit dem Sucht­po­ten­tial des Spie­les locken. Grup­pen von Nut­zern bauen mal eben die ganze Welt von Bio­s­hock mög­lichst detail­ge­treu nach.

Man sucht wei­ter herum, auf YouTube, bei Google, in irgend­wel­chen Foren und auf ein­mal auch in der Twit­ter­ti­me­line bei Leu­ten, wo man es nie erwar­tet hätte. Und alle bas­teln irgend­was. Viele auch am Spiel sel­ber. Es hat ein biss­chen was von der Maker­be­we­gung, nur, daß statt hand­fes­ten Objek­ten Pixel­werke geschaf­fen werden.

Ist dies schlech­ter? Nein. Macht es Spaß? Hell yeah.

Versuch’s selbst.

Minecraft. Lego für Erwachsene.

tl;dr ver­sion: If you can’t use Apps2SD, do adb shell, pm setInstallLocation 2, move any app to SD (igno­ring pos­si­ble “fai­led” errors at first try).

Our beloved Fro­zen Yoghurt came with many new fea­tures wel­come to the com­mu­nity at large, and one fea­ture which had a mixed recep­tion: “Apps on exter­nal sto­rage”, which allows the user to install app­li­ca­ti­ons to its phone’s exter­nal sto­rage — mostly in order to free up inter­nal disk space.

Many custom ROM dis­tri­bu­ti­ons for Android alre­ady had this fea­ture built in, going by the moni­ker “Apps to SD” (or “Apps2SD” or just “A2SD”).

The typi­cal imple­men­ta­tion of A2SD works by using an ext2/ext3 par­ti­tion on the SD card of your device — and usually only works when it’s exactly the second par­ti­tion. For the sake of argu­ment, one such custom imple­men­ta­tion of A2SD will be inclu­ded at the end of this post.

What it then does is just com­ple­tely move all the app­li­ca­ti­ons to the SD par­ti­tion, lea­ving only the /data par­ti­tion behind, and uses a bind mount to fool the sys­tem into belie­ving that the files are still on the same file sys­tem. So, in essence, the a2sd patch “cheats” and pre­tends that not­hing actually has hap­pened while quietly sipho­n­ing the apps to the SD card.

This, of course, only works when you actually have root access to your device and are allo­wed to play around with all the inte­res­ting sys­tem data its­elf. If you’re working on an unrooted/stock hand­set and firm­ware, you don’t have the option of using this fea­ture; and also if you’re too lazy or unkno­wing or prissy to set up an ext[23] par­ti­tion on your SD card.

Thus the «offi­cial» Apps to SD comes into play — if your device is run­ning Android 2.2, that is.

An import­ant thing to note about under­stan­ding the offi­cial imple­men­ta­tion is that it assu­mes that the user has no direct access to the /system par­ti­tion. Espe­cially: the user is not able to access any instal­led Android app­li­ca­tion package in any way that allows copy­ing files.

What Froyo does when instal­ling an app­li­ca­tion to SD is pretty sim­ple: it crea­tes a file on the SD card and uses this as a con­tai­ner to store the app­li­ca­tion in. Said con­tai­ner is used with a cryp­ted loop mount, that is the actual data on the SD card is encryp­ted, and will be decryp­ted at load time when acces­sing the application.

The idea behind this see­min­gly con­vo­lu­ted setup is sim­ple: if you have paid for an app­li­ca­tion, you could just store it on SD and then copy it if it is not encryp­ted. If it is encryp­ted, you can­not access the app­li­ca­tion in a “sim­ple” way to copy (i.e. pirate) it.

Addi­tio­nally, the app­li­ca­tion (with the default set­tings) needs to allow Android to move it to the SD card — other­wise the sys­tem does not enable the func­tio­na­lity, pro­bably to ensure that app­li­ca­ti­ons aren’t “bro­ken” by SD storage.

Of course this is easily man­hand­led by using the USB debug­ging inter­face with adb shell: just issue pm setInstallLocation 2. This tells he package mana­ger (hence «pm») to use the exter­nal sto­rage as a default install loca­tion, which inci­den­tally lifts the block that does not allow an app­li­ca­tion to be stored on exter­nal sto­rage, too.

The down­side:
/dev/block/dm-41 on /mnt/asec/de.hafas.android.db-1 type vfat [...]

And yes, that’s 41 device map­per crypto loops. At least they don’t pro­duce that much over­head as to noti­ce­ably slow down the system.

One of the boons of the Froyo imple­men­ta­tion is that with above com­mand, it can easily be used even with an unroo­ted phone and wit­hout repar­ti­tio­ning your SD drive. The disad­van­ta­ges are that Android requi­res a fair bit of time after boo­ting to mount all the crypto loop devices, which will result in your app­li­ca­ti­ons being acces­si­ble rather late after boo­ting. Also, you will not be able to use wid­gets of any app that is on SD.

Here come the advan­ta­ges of the cust­o­mi­zed A2SD approach: you can still access wid­gets and app­li­ca­ti­ons on your SD card even when it is moun­ted to your com­pu­ter — because Android will only mount away the root par­ti­tion (the FAT one), and not your ext par­ti­tion. And you’ll have less over­head due to the crypto business.

And, as pro­mi­sed, the code that enab­les A2SD on most cur­rent ROMs:

#!/system/bin/sh
#
# Apps2SD using symlinks and bind mounts
# Originally by cyanogen (shade@chemlab.org)
# Modified to use a cleaner /sd-ext implementation by IEF (ief@shadowchild.nl)

# execute any postinstall script then kill it
if [ -e /dev/block/mmcblk0p2 ];
then

    # mount and set perms
    busybox mkdir /sd-ext
    busybox mount -o noatime,nodiratime -t auto /dev/block/mmcblk0p2 /sd-ext;
    busybox chown 1000:1000 /sd-ext;
    busybox chmod 771 /sd-ext;

    # clean up any old symlinks, create data directories
    for i in data;
        do
                if [ -h /data/$i ];
                then
                        rm /data/$i;
                fi;
                if [ ! -d /data/$i ];
                then
                        mkdir /data/$i;
                        busybox chown 1000:1000 /data/$i;
                        busybox chmod 771 /data/$i;
                fi;
        done;

    # don't allow /data/data on sd because of upgrade issues - move it if possible
    if [ -d /sd-ext/data ];
    then
        busybox cp -a /sd-ext/data/* /data/data/;
        busybox rm -rf /sd-ext/data;
    fi;

    # move apps from internal memory to sdcard
    for i in app app-private dalvik-cache;
    do
        if [ ! -d /sd-ext/$i ];
        then
            mkdir /sd-ext/$i;
        fi

        busybox chown 1000:1000 /sd-ext/$i;
        busybox chmod 771 /sd-ext/$i

        if [ -d /data/$i ] && [ ! -h /data/$i ];
        then
            busybox cp -a /data/$i/* /sd-ext/$i/;
            busybox rm -f /data/$i/*;
        fi;
    done;

    # symlink app dirs - they must be on the same filesystem
    for i in app app-private dalvik-cache;
    do
        if [ -d /data/$i ] && [ ! -h /data/$i ];
        then
            busybox rm -rf /data/$i;
            busybox ln -s /sd-ext/$i /data/$i;
        fi;
    done;

    # clean up old whiteouts
    for i in local misc property system tombstones data;
    do
        if [ -h /sd-ext/$i ]; then rm -f /sd-ext/$i; fi
    done;

    # please don't put odex files in the app directory people!
    # it causes dexopt to crash when switching builds!
    busybox rm -f /sd-ext/app/*.odex

    setprop shadow.apps2sd.active 1;

    echo "+++ Apps-to-SD successfully enabled";

else

    # replace symlinks with directories so we can boot without sd
    for i in app app-private dalvik-cache;
    do
       if [ -h /data/$i ];
       then
            rm -f /data/$i;
            mkdir /data/$i;
            busybox chown 1000:1000 /data/$i;
            busybox chmod 771 /data/$i;
        fi;
    done;

    setprop shadow.apps2sd.active 0;
fi;
sync;

This is run as an init script.

A cursory glance at how different «Apps to SD» implementations work on Android.

A sud­den jolt woke Paul from his slum­ber. He start­led and sat up pro­perly, unsure what really woke him, but couldn’t find anything that should have unsett­led him; and he was quite sure that not­hing phy­si­cally shook him.

The train was rum­bling along bet­ween cities in the Rhein/Ruhr-Megaplex. The whole Ruhr­ge­biet had always felt like a par­ti­cu­larly big city, but since those reforms a couple of years ago after the hou­sing expan­sion, the whole area has been offi­ci­ally mer­ged into one big municipality.

Buil­dings were fla­shing past the win­dows, too fast for the eye to dis­cern any more than flee­ting details. Paul dug in his pockets for his mobile phone, which told him that he was some­where bet­ween Düs­sel­dorf and Duis­burg. Nobody new could have boar­ded since he was awake when they stop­ped in Düs­sel­dorf itself.

Yet he couldn’t shake the fee­ling that someone was loo­king for him, and he could’t just pre­tend this was any kind of nor­mal paranoia.

After all, there’s no such thing as ran­dom para­noia when you know that there really were people out to get you.

All of this could only mean one thing: this pro­bably is a ste­alth grab, and they’re going to get Paul before the train arri­ves in Duisburg.

Again he che­cked the crowd, almost too casually, with an eye open for anyone who might alre­ady be eye­bal­ling him. But there wasn’t even one remo­tely sus­pi­cious per­son around.

But then again, that would make it way too easy, wouldn’t it.

He briefly con­side­red that this was just a see­king ent­an­g­le­ment pro­du­ced by an espe­cially vigo­rous con­duc­tor star­ting his round of che­cking the traveler’s tickets, but no — this felt way too spe­ci­fic for that and this wasn’t like any of the other ticket checks he’d been in. [In gene­ral, most ticket checks were way more intense than air­port secu­rity checks, too — even the employees didn’t seem to think very much of those.]

Besi­des, he had a valid ticket. Luckily for him, these weren’t per­so­na­li­zed yet, or else he’d be in all kinds of shit by now.

Paul came to a deci­sion. It star­ted with stan­ding up.

Shuf­fling side­ways to the aisle came next, and hea­ding down to the toi­let fol­lo­wed suite.

And there the pro­blems began. Paul had to dodge a pair of reti­rees which were sud­denly stan­ding up wit­hout loo­king around or bothe­ring to check if they’ll bump into anyone, as they usually do, and almost kno­cked him over. Next was a pile of bag­gage that he could have sworn was not there before and which requi­red some ela­bo­rate clim­bing to cross. Clam­be­ring down, he barely mana­ged to dodge a stream of puke sud­denly erupt­ing from a child next to him, which had been noti­ce­ably happy and obnoxiously un-sick just a few moments ago.

So. Now he could defi­ni­tely tell someone was on to him, and they weren’t mes­sing with their obstruc­tion field — else going down the aisle to the toi­let, of all pla­ces, wouldn’t have trig­ge­red such a strong reaction.

The toi­let its­elf was stuck — of course — but mer­ci­fully, it wasn’t occu­p­ied. Then again, this might just be the field’s ploy to lock him inside and leave Paul as a nice package for his pur­su­ers, but he had to take that risk.

With a bit of man­hand­ling, he got the door open and locked him­self inside. The almost tran­quil calm of the mostly sound-proof toi­let was­hed over him, and Paul tried his best to relax. Then he opened his sen­ses to the world.

In the first rush, he con­tem­pla­ted the fact that they were put­ting up such an effort to cap­ture him. With such a bla­tantly strong alte­ra­tion active, it meant that they were eit­her very cocky — or very effec­tive. Pos­si­bly both, but let’s not explore that ave­nue. At least they were con­fi­dent enough to assume that they’d catch him before the train arri­ved in Duis­burg and didn’t assume that there’s a need to hide from their prey.

He then chose to actually per­ceive with his heigh­te­ned sen­ses, opening his con­scious­ness to the per­cep­tion. He was floo­ded by impres­si­ons of all kind, with images being the stron­gest due to the fact that he was suf­fe­ring from some­thing cal­led being human. Other thing that were swam­ping his mind inclu­ded that he could feel the thoughts of the people around him, hear their brea­t­hing and their heart bea­ting, smell their move­ment (which was some­thing where he couldn’t even remo­tely figure out how those two are rela­ted) and taste their emotions.

All in all, Paul was hand­ling more infor­ma­tion that any nor­mal human brain could have any hope of hand­ling. The key word in that sen­tence is the “nor­mal”, though.

And wit­hout a doubt, he could also feel the gravity-like pull of the rea­lity alte­ra­ti­ons his pur­su­ers were employ­ing. He still couldn’t believe that nor­mal people weren’t able to feel this.

A mayor pre­cau­tion against being now was to prac­tice emis­sion con­trol. Paul clam­ped down hard on any “signals” he gave off to the environ­ment which would imme­dia­tely regis­ter as irre­gu­lar. There was always a kind of back­ground sta­tic pro­du­ced by him not fit­ting quite into the “nor­mal” rea­lity of the world, but its effects were all but unde­tec­ta­ble from a few metres away.

At the moment, Paul and his pur­su­ers were enga­ging in some­thing which could clo­sely be descri­bed as some­thing like a World War II sub­ma­rine fight, with Paul being a lone sub­ma­rine and the others the cir­cling des­troy­ers above him, hun­ting for any sign of their quarry.

Which means that as long as he wasn’t being obvious, the enemies nee­ded to use some kind of sen­sor to find them, and that sen­sor also gives them away. In his­to­ri­cal cases, this role was fil­led by sonar scan­ners, which worked by sen­ding out sound waves through water and then mea­su­ring where the signals came back ear­lier than expected.

But also, when it hit the sub­ma­rine the sonar was try­ing to find, it regis­te­red with a cha­rac­te­ristic “ping” sound heard in all kinds of submarine-themed movies. And if you heard that sound, you knew that your situa­tion just went from bad to worse, but at least you’d know about it.

And could initiate counter-measures like hug­ging the ground, run­ning silent and simi­lar methods.

Kno­wing that he was being hun­ted kind of stream­lined his opti­ons down to two cour­ses of action. The dra­ma­tic option would be to hide whatever’s giving you away by mas­king your­self with your sur­roun­dings and hoping you won’t be noti­ced. In your run of the mill movie, this is the point where ever­y­thing is tur­ned off, and the hus­hed crew just cowers inside their still water­tight metal tube, wait­ing for the depth char­ges to go off around them — hoping that there won’t be the lucky charge that hits them.

Luckily for Paul, there was no such thing as an ana­lo­gue to depth char­ges that threa­tened him. Unluckily, there was also no kind of depth to hide in.

Option two, of course, is to bolt away as soon as you know someone’s fol­lo­wing you. Against supe­rior num­bers, this is actually the best course of action, since you want to be the one that deci­des where the show’s going to be, not have the choice forced on you. But most of these sce­na­rios do not involve being stuck on a moving train, a fact which is known to exces­si­vely hin­der esca­ping from said scenario.

And if you think about it, that’s pro­bably the rea­son why they didn’t board the train alre­ady scan­ning — he could have just slip­ped out in Düs­sel­dorf and lost them at the train station.

Well, there’s still option three, but from their per­cei­ved level of arro­gance, fight­ing them right out was pro­bably just a crea­tive way of com­mit­ting sui­cide. That and the fact that Paul didn’t like odds along the lines of “there’s quite a lot of them, and I’m alone”.

There might be a few select cir­cum­stan­ces where he could over­whelm then, but if the pur­su­ers are worth their money, they’re pro­bably run­ning a opti­mistic deri­vate gene­ra­tor, which would make it all but impos­si­ble for him to have the necessary kind of luck.

Back to option two, then. And he can alre­ady feel the pull of the searcher’s need get­ting stron­ger, which means he’s get­ting closer.

He sur­veyed the lay­out of the train and then dia­led down his per­cep­tion to a level slightly above aver­age — which still gave him an advan­tage over almost ever­yone he would encoun­ter. Paul got into a slight moment of panic as the toi­let door wouldn’t open, but then it sud­denly bud­ged and he could get out.

Hea­ding back to his seat again, Paul again had to struggle, but mostly with lug­gage this time; no ani­mate objects actively blo­cking him, and even the kid was loo­king healthy again. (That, and ever­y­body seems to have for­got­ten that he just puked all over the place.)

Paul was just lea­ning over to pick up his back­pack as a voice behind him clea­red its throat — sur­rep­ti­tiously, yet unmistaka­bly direc­ted at him.

He froze, and only when he slowly tur­ned around he noti­ced that that con­duc­tor was smi­ling at him. “Guten Tag, die Fahr­aus­weise bitte!” Ticket check.

At pre­ci­sely that moment, the pull hit him full force, and he knew that it came from the conductor.

Slightly flab­ber­gas­ted, he pro­du­ced his ticket from some­where inside his back­pack and showed it to the con­duc­tor, and as soon as she nod­ded and than­ked him, the pres­sure went away.

Why did he just think people were out to get him? Was he actually get­ting para­noid? Why was he being so over­sen­si­tive? He was con­vin­ced the Inqui­si­tion was about to get him, but it was just a bloody ticket check.

Paul rela­xed and sat back down, let­ting his head sink back into his neck and rest against the chair.

“Nächs­ter Halt: Duis­burg Haupt­bahn­hof. Aus­stieg links” the announ­ce­ment robot said, indi­ca­ting that they were close to stop­ping at Duisburg.

He stop­ped sta­ring at the cei­ling, and deci­ded he needs to get out at Duis­burg any­way. The train would drive him crazy if he stayed on any lon­ger. Paul looked ahead, in the direc­tion of the doors.

There were two men stan­ding there. He was still using his heigh­te­ned sen­ses, and he noti­ced that they weren’t just your regu­lar blo­kes wait­ing to get off. They were ten­sed and ready to move at a moment’s notice. And they were carrying.

Paul glan­ced back, in the gene­ral direc­tion of the conductor.

She was hol­ding a fin­ger to her ear, which, he now noti­ced, held a small headset.

And with a sud­den thun­der clash, men star­ted run­ning in his direction.

Their pull became stron­ger than back­ground level and almost tore him apart. They had mana­ged to keep it sup­p­res­sed. They were good.

Paul went into auto­ma­tic mode. He pul­led hard at the iso­la­tion seal of the win­dow next to him, rip­ping it clean off, and with ano­ther decisive shove, the win­dow sprang out of the frame and cras­hed on the track bed.

He grab­bed his back­pack and swung him­self outs­ide. His pur­su­ers were still strugg­ling their way to him, shouting and pul­ling wea­pons. Their obstruc­tion field fai­led to over­power his need for survival.

Paul drew on his powers and enhan­ced him­self — no use being sub­tle now. He grab­bed onto the train and clim­bed up the side with a couple of strong pulls which sent him fly­ing upward.

He looked around and found no-one atop the train. Silly bug­gers were trai­ned good, but not good enough.

Loo­king for­ward, he saw the train slo­wing as it ente­red the station.

Paul broke out into a sprint and with one giant leap jum­ped over onto a small buil­ding next to the track, lan­ding with a roll and lea­ving a dent in the ground. His pur­su­ers took a few potshots at him, but they went wide.

He sig­hed a breath of relief. They had good men, but their tac­tician had sucked balls. Else he wouldn’t have got­ten out of the toi­let alive. Thank crea­tion for small gifts.

Paul jum­ped down from the buil­ding and star­ted run­ning away. The adre­na­lin rush doesn’t float him any lon­ger than it does any nor­mal human, so bet­ter use it now before he cras­hes and starts sobbing.

He had stop­ped coun­ting how often his days ended like this.

In a sense, it never got old.

A sudden jolt woke Paul from his slumber. He startled and sat up properly, unsure what really woke him, but couldn't find anything that should have unsettled him; and he was quite sure that nothing physically shook him. The train was rumbling along between cities in the Rhein/Ruhr-Megaplex. The whole Ruhrgebiet had always felt like ...

Cypher­punks ever­y­where know that using two-factor authen­ti­ca­tion, when done right, is inher­ently more secure.

Not­hing can be said against the secu­rity of wisely-used one-factor authen­ti­ca­tion, but care must be taken to ensure the ongo­ing secu­rity of that fac­tor. If you use a pass­word, you need to choose a secure one — and if you don’t change it regu­larly, it logi­cally gets wea­ker, too.

I know of at least one WoW player who is posi­tively para­noid about expo­sing their pass­words to someone, even though they don’t exhi­bit that beha­viour elsewhere.

And then, of course, there’s the people who com­plain about having their accounts hacked, even though they used a secure pass­word like their birth­day. Or abcde.

A miti­ga­ting fac­tor against people being too stu­pid to use pass­words secu­rely, then, is nee­ded. And that’s where two-factor authen­ti­ca­tion comes along.

Two-factor authen­ti­ca­tion, in essence, means that there you need to prove your own iden­tity by two dif­fe­rent means. This isn’t like using two dif­fe­rent pass­words. The com­mon exam­ples for fac­tors include “things the user knows” — like a pass­word, PIN, etc, “things the user has”, like some form of phy­si­cal secu­rity token, and “things the user is”, i.e. bio­me­tric veri­fi­ca­tion methods.

Bio­me­tric veri­fi­ca­tion is more “com­for­ta­ble” to use, but does have two major drawbacks:

1. it requi­res spe­cia­li­zed equip­ment (in most cases)
2. it is vul­nera­ble to replay attacks

So, mainly for rea­sons of prac­tica­lity, owning an authen­ti­ca­tion token is the best method of get­ting a second fac­tor into the mix.

But why would a com­pany like Bliz­zard, for example, cough up the effort to actually enable some­thing like authen­ti­ca­tors — not only via device, but by mobile phone, too — and then go ahead and reward play­ers (in the form of an in-game pet, but nevert­he­l­ess) for using an authen­ti­ca­tor — merely to save people from their own stupidity?

Sim­ple enough: to help battle against “eco­no­mic” abuse, and to help pro­tect their own inte­rests by having to deal with less “hacked account” cases.

Even though the lat­ter rea­son might just be enough to imple­ment it, the for­mer is actually the most import­ant one. Gold far­ming is a serious pro­blem for online gaming com­pa­nies, and even under­de­ve­l­o­ped eco­no­mies like that of WoW can suf­fer greatly from such manipulation.

If you want to read a fic­tio­nal example of a near-future vision on the import­ance and con­cepts of gold far­ming, you should read up on Cory Doctorow’s “For The Win”. Even though it’s a bit over the top com­pa­red to the cur­rent state of the game, it might very well be simi­lar in the years to come.

Of course, the battle.net authen­ti­ca­tion token Bliz­zard dis­tri­bu­tes does seem to have relia­bi­lity pro­blems, the mobile authen­ti­ca­tor — a Java app­li­ca­tion — seems to work fairly well, and, com­pa­red to the DIGI­PASS Go 6 authen­ti­ca­tors used by Bliz­zard, actually has a reverse-engineered spec avail­able.

Even though the DIGI­PASS algo­rithm was, to the author’s know­ledge, not bro­ken so far, the fact that the deve­lo­ping com­pany does not dis­close the DIGI­PASS source code to non-customers, along with a rather cheeky atti­tude, should serve as suf­fi­ci­ent indi­ca­tors to avoid their products.

A short explanation of two-factor authentication used in MMOs.

grub2 is hai­led as the all new, super modu­lar cure-all remedy for all boo­ting pro­blem you’ve had, have and will have. At least that’s the way the deve­l­o­pers and some enthu­si­asts see it, whe­reas most blo­kes who’ve actually had to use it with more than arrow keys and enter will paint a slightly dif­fe­rent picture.

The thing with grub2 is that even though in theory it sounds like the end of all things boo­ting, it’s about as well-documented as the ques­tion for life, the uni­verse, and everything.

And as I today had to try to fight my way through goog­ling for necessary infor­ma­tion again, I’d thought I’d create a quick step-by-step refe­rence with all the most inte­res­ting bits you’ll ever need alre­ady there.

Thusly, the ingre­dients nee­ded to resur­rect your com­pu­ter with grub2. The gist is that you have the goal of boo­ting one spe­ci­fic ope­ra­ting sys­tem on your com­pu­ter, from wher­ein which you’ll use wha­te­ver methods you deem necessary to update your grub in the “right way” — usually a down­grade to an older ver­sion and wait­ing for the dust to blow over.

1. A boo­ting grub2. If your grub2 alre­ady fails to boot because of some ran­dom error, you need to get a grub in smel­ling dis­tance of your BIOS. One of the most pro­ven methods is to
   1. Down­load a USB res­cue image like grml (usually from Your Other Com­pu­ter or that of some­body else)
   2. Put it on an USB stick (dd if=grml-variant_version.iso of=/dev/sdx in most cases, with appro­pria­tely cho­sen variables)
   3. (Re)boot, even­tually adjus­ting the prio­rity for your USB HDD/USB key

   And that’s it, you’re in a grub. Also note that it’s recom­men­da­ble to have an USB stick with a res­cue image lying around for the times when you can’t just easily down­load it.

2. Enter the com­mand line/shell mode by pres­sing ‘c’.
3. Do an ‘ls’, which will give you a lis­ting of reco­gnized devices. Doing an ‘ls device’, e.g. ls (hd0,1) will give you more infor­ma­tion about that device.
4. If the infor­ma­tion by your ls isn’t com­plete, you will have to load some modu­les (by using insmod modulename). Here’s a checklist:
   1. If you do not see any other devices which look like your hard drive(s), e.g. you only have an (hd0) device from your USB medium, then load a device dri­ver. They will allow you to find the actual devices. Exam­ples include:
      • bios­disk
      • scsi
      • fs_uuid
      • pci
      • raid
      • mdraid
      • dm_nv
   2. If you have devices, but no par­ti­ti­ons, you’ll need a par­ti­tion dri­ver. It seems the default grub con­fig does not load any par­ti­tion dri­ver, and debug­ging this is just a bit annoy­ing. But there’s two easy choices for most people:
      • Load the module “part_msdos”.
      • If this doesn’t help, try “part_gpt”.

      These are the two most com­mon par­ti­tion tables (at least for next to ever­yone rea­ding this guide in need) and should help your grub find its par­ti­ti­ons again.

   3. Even­tually, you will also have to load your file­sys­tem dri­vers. I pre­sume you alre­ady know which those are, but for the sake of completion:
      • Almost all Linux use ext2
      • Most cur­rent Win­dows will use ntfs, but fat is also an option.
      • Mac users will use hfsplus for newer sys­tems, hfs for older ones.

   The next step depends on exactly what you want to do. There’s a fork in the road — if you just want to load your pre­viously unboo­ta­ble grub, you will try to load its con­fi­gu­ra­tion file, else you’ll try to boot your ope­ra­ting sys­tem kernel.

   4. To search for a file, you use the search -f filename com­mand, which will give you results on where files of that name are stored. Use root device to set the resul­tant device as the root device for your fur­ther ope­ra­ti­ons. If you only want to load your old grub con­fig, type in configfile filename, whe­reas filename will usually be some­thing like /grub/grub.cfg or /boot/grub/grub.cfg.
   5. Should this fail to resolve your pro­blem, or not be what you’re aiming for, you’ll need to find the ope­ra­ting sys­tem. For most Linu­xens, you’ll pro­bably have a file cal­led /vmlinuz or /boot/vmlinuz to search for. For Win­dows ope­ra­ting sys­tems, look for /Windows/win.ini. For Mac: no clue. When found, set your root device (with root device).
   6. Now methods will become diver­gent, as ope­ra­ting sys­tems dif­fer in the way of boo­ting them.

      Linux

      1. kernel kernel_filename
      2. initrd initrd_filename [most cur­rent ker­nels come with an “initial ram­disk” hol­ding modu­les etc.]
      3. boot — if all goes well, you’re set.

      Win­dows

      1. chainloader +1
      2. boot

      MacOS

      Pro­bably the same as Win­dows, using the chainloader.

   And that’s it. It should cover most cases you’d need to res­tore your capa­bi­lity of boo­ting your ope­ra­ting sys­tem. You’ll pro­bably want to fix/install your boot­loa­der after this, though.

   A hel­pful tool for debug­ging your cur­rent grub state is probe, which will allow you to check what dri­vers are assi­gned to devices.

   How to use grub2 to boot operating systems.

I recently stum­bled upon the rather neat vimium exten­sion for Chrom(e|ium), which does much the same as the vim­pe­ra­tor exten­sion for Fire­fox. The pro­blem, though, as with vim­pe­ra­tor and vim its­elf, is that the default key­board map­pings are a bit of a pain in the arse for Dvorak users, as hjkl isn’t on the home row any­more, much less next to each other.

The­re­fore, it needs some remap­ping to get in a half­way fami­liar and Dvorak-compatible lay­out, which would look like this:

unmapAll

map r reload
map e removeTab
map u restoreTab
map h scrollDown
map t scrollUp
map d scrollLeft
map n scrollRight
map <c-h> scrollPageDown
map <c-t> scrollPageUp
map <c-u> scrollFullPageDown
map D goBack
map N goForward
map T nextTab
map H previousTab
map <c-y> createTab
map gg scrollToTop
map G scrollToBottom
map gf toggleViewSource
map zi zoomIn
map zo zoomOut
map yy copyCurrentUrl
map i enterInsertMode
map f activateLinkHintsMode
map F activateLinkHintsModeToOpenInNewTab
map / enterFindMode
map . performFind
map , performBackwardsFind

Just paste it in the remap field of the extension’s “advan­ced opti­ons” menu.

Dvorak keyboard mappings for the vimium extension.

I was recently rea­ding up on the ste­alth and cover mecha­nics, and even though I was fairly cer­tain about what is and what is not pos­si­ble, I found out that one edge case isn’t par­ti­cu­larly well-documented.

The rules, to be exact the Ste­alth rules cor­rec­tion from Player’s Hand­book 2, state:

Beco­m­ing Hid­den: You can make a Ste­alth check against an enemy only if you have supe­rior cover or total con­ceal­ment against the enemy or if you’re outs­ide the enemy’s line of sight. Outs­ide com­bat, the DM can allow you to make a Ste­alth check against a dis­trac­ted enemy, even if you don’t have supe­rior cover or total con­ceal­ment and aren’t outs­ide the enemy’s line of sight. The dis­trac­ted enemy might be focu­sed on some­thing in a dif­fe­rent direc­tion, allo­wing you to sneak up.

So, what it espe­cially says is that “supe­rior cover” works as a basis to get hid­den behind. Accor­ding to the Dun­geon Master’s Guide on deter­mi­ning cover for ran­ged attacks:

Choose a Cor­ner: The atta­cker choo­ses one cor­ner of a square he occu­p­ies, and draws ima­gi­nary lines from that cor­ner to every cor­ner of any one square the defen­der occu­p­ies. If none of those lines are blo­cked by a solid object or an enemy crea­ture, the atta­cker has a clear shot. The defen­der doesn’t have cover. (A line that runs par­al­lel right along a wall isn’t blo­cked.)
Supe­rior Cover: The defen­der has supe­rior cover if no mat­ter which cor­ner in your space you choose and no mat­ter which square of the target’s space you choose, three or four lines are blo­cked. If four lines are blo­cked from every cor­ner, you can’t tar­get the defender.

So, in theory, if you’d have a situa­tion where you’d have supe­rior cover from an enemy, e.g.

you’d be able to ste­alth your­self and gain com­bat advantage.

The only thing that really denies this pos­si­bi­lity are, again, the Ste­alth updates from Player’s Hand­book 2, this time the “Remai­ning Hid­den” sec­tion [empha­sis mine]:

Keep Out of Sight: If you no lon­ger have any cover or con­ceal­ment against an enemy, you don’t remain hid­den from that enemy. You don’t need supe­rior cover, total con­ceal­ment, or to stay outs­ide line of sight, but you do need some degree of cover or con­ceal­ment to remain hid­den. You can’t use ano­ther crea­ture as cover to remain hid­den.

Many thanks to @Milambus for loo­king up that pas­sage. [And making me feel stu­pid for not having found it mys­elf, by the way.]

And that’s the only pro­blem. So, you could gain ste­alth moving behind enemies, but imme­dia­tely lose ste­alth sta­tus again by being only behind a creature.

In a sense, this is balan­ced, since your rogue strikers could then just con­ti­nue to camp behind your own figh­ters and shoot sneak attacks at enemies from just behind their bud­dies (since they don’t block for the player), which would make com­bat encoun­ters quick enough, but also a bit boring.

Then again, as my player rogue poin­ted out, when there’s two huge dra­gon­born war­ri­ors poun­ding away at an enemy, how are they not sup­po­sed to be able to hide behind them? They aren’t 5′ wide, surely, but cer­tainly big­ger than a half-elf in every other dimension.

I just think that with a fur­ther update (yuck), we might be able to get a bit of cla­ri­fi­ca­tion on the fact how allies grant cover, but can­not grant supe­rior cover.

On why rogues can't really hide behind other players.

As a bit of a side occupa­tion, I like to engage in some cha­rac­ter design for role-playing games, as it just comes as a natu­ral exten­sion of being a hobby-ish wri­ter person.

Thus, I pre­sent: Shamorn Fal­len­he­art, a tief­ling bard from High Imaskar.

Birth — and over misgivings

Shamorn was born in Gheld­an­eth, the fading Mula­nian metro­po­lis of High Imas­kar, and his par­ents belie­ved in the pro­phe­cies sta­ting Shamorn to bring forth bet­ter times for the tief­ling folk of the Gheld­an­eth slums. Being rai­sed in a com­mu­nity of hired hands to accom­pany adven­tu­rers on dan­ge­rous tre­a­sure hunts through the depths of the sun­ken city, hopes were laid on him, and him alone, to libe­rate them from this life of unof­fi­cial slavery.

Early life

Our young tief­ling was always a bit pam­pe­red. The male role models of the com­mu­nity were often too busy get­ting kil­led on a foolish quest, as was Shamorn’s own father — shortly before his fourth birth­day. As it were, there was none of the usual goading and tes­ting a tief­ling endu­res as part of gro­wing up. The con­se­quen­ces of this, as well as the pam­pe­ring he recei­ved by his mother and other “faith­fuls”, would be dire indeed.

Thus Shamorn grew to be a young adult, hel­ping out ever­y­where in the com­mu­nity, wit­hout ever taking up a real job. He had many on and off teachers, ver­sing him in skills as @skills and the heri­tage of the tief­ling race, trai­ning him in the use of wea­pons and tel­ling sto­ries of heroic deeds throug­hout time.

Con­stantly sur­roun­ded by an app­re­cia­tion for life, for hero­ism, the history and cul­ture of his people and a will to bring good to them, it came as a great sur­prise to many that Shamorn Fal­len­he­art, Pro­phe­sied Saviour of the Gheld­an­eth Tief­lings, came to start trai­ning to be…

… a bard.

There was a wan­de­ring Elven Bard in Gheld­an­eth at the time, and Shamorn choose to app­ren­tice him­self to him, belie­ving that beco­m­ing a bard, a herald of their people, would be worth much more than sim­ply slaugh­te­ring any would-be opp­res­sors or being a lea­der to guide the people to their Pro­mi­sed Land.

As was to be expec­ted, his deci­sion did not sit well with some, if not most, of his elders. His mother came just short of disin­heri­t­ing him, and he was fore­ver bran­ded as a wimp by most others. Still, there were some people who still belie­ved in him, and he mana­ged to stay in the com­mu­nity, even though ever­yone tried to for­get about any kind of pro­phesy laid upon him.

The turning point

His app­ren­ti­ce­ship was going well, all things con­side­red. But his teacher, unbe­kno­west to him, was a bit of a brag­gart and igno­rant, that is to say: not a very good bard. Still, Shamorn mana­ged to mas­ter his natu­ral graps of the Arcane under his tutor­ship, even though the social values might have been slightly distorted.

Sadly, this dis­tor­tion and the infu­sion of heroic tales led to an unfor­t­u­nate inci­dent. A rough band of tre­a­sure hun­ters, with a fierce repu­ta­tion for their harsh effec­tiv­en­ess and rumours of a bru­tal and unrelen­ting man­ner towards oppo­si­tion, sought out their enclave to hire some of their men for help. So, after a few minu­tes of shouting, waving of wea­pons and dragging people out of their hovels, Shamorn thought it was time to act.

Bra­vely step­ping for­ward, he con­fron­ted the lea­der of the sca­ven­gers, deman­ding of him to cease these des­pica­ble acts and appealing to his good sense, as a man, to respect his people’s wishes.

The screams as the leader’s mini­ons star­ted slaugh­te­ring the women and child­ren are still stuck in Shamorn’s head. He still only has vague memo­ries of that moment, but there is one thing he is quite con­fi­dent of:

As his mother’s life­l­ess body was thrown in front of him, crump­led up in a heap, he snap­ped. Shamorn went into a rage, slamming into the mini­ons and fight­ing them fier­cely. It see­med the demon in him had taken con­trol, for he was full of laugh­ter at the slaugh­ter he was cau­sing, taun­ting his enemies as he smas­hed their faces in with his $wea­pon or embed­ded his dag­gers into their hearts, even just rip­ping into them with his claws and bit­ing as he went along.

It did not take long for him to cut through the mini­ons, emer­ging bathed in blood, eldritch powers abound and fla­mes crack­ling around his body. His Elven mas­ter bard was asto­nis­hed at the dis­play, and reco­gnized the poten­tial of a war­lock in him should he have even been trai­ned thusly. As it was, the teacher pre­fer­red to cower in fear and observe what hap­pened next.

Shamorn con­fron­ted the lea­der of the sca­ven­gers who was just stan­ding there, sho­cked to his core.

“This is what hap­pens when you try to com­pel my folk, human!” the bard sta­ted in an almost neu­tral voice, only a hint of a burning dark­fire notica­ble in the voice. And with that, he slew the lea­der of the group that brought death to his kin.

And as if by mira­cle, Shamorn imme­dia­tely cal­med down to his usual, naive self. The only hint at his mons­tro­sity was the fact that he sur­veyed the slaugh­ter he had cau­sed wit­hout fear, shame or dis­gust. Loo­king around him, he found few people left alive. Some were cower­ing inside their hovels, eit­her hiding their faces or sta­ring out at him with fear. Others seem to have run a way, and it was eerily silent.

Shamorn clea­red his throat. “My mas­ter, I will be lea­ving now. Do you wish to accom­pany me?”

His mas­ter, still shaking slightly, replied “No, my app­ren­tice. I do not think that you need me any fur­ther. Con­sider your trai­ning complete.”

And with these short words, the recently orpha­ned Shamorn Fal­len­he­art set out into the Realms, ven­tu­ring forth to herald his people — and to leave this bligh­ted home which has been cur­sed by his deeds.

The cha­rac­ter sta­tistics will fol­low as soon as I have access to the rele­vant docu­ments again. I might also write a short story or two detailing the back­ground or later adventures.

D&D4e character description Shamorn Fallenheart, tiefling bard of High Imaskar in the Forgotten Realms.