Archive for the 'Computers' Category

Android, Updates and Backups

Sunday, February 27th, 2011

I’ve got a n LG GW620. I chose this because it a) runs android and not some more stupid operating system b) it has a keyboard and c) it’s supported by an open project, namely OpenEtna, which among other things provides an updated operating system with a bash and a root-shell.

Now, I’m not the guy who stores anything on “The Cloud”. If there is anything out there that I deliberately store data on, it’s my own server, my own cloud.

So before upgrading I naturally decided to do a Backup, and of course I decided to use the software which advertised to Backup Everything. As it turned out, it doesn’t.

First off, the upgrade didn’t go very smoothly. After not having wiped cache and userdata, the Phone refused to continue at the “Welcome to GW620” screen. After wiping and flashing again, this worked.

Of course, all the settings were lost, and all the apps. So clearly, just put the backup-software onto the phone, and restore them. Turns out, the settings for going to the Android Market are lost as well, AND the friggin idiots only let you download the App from the Market! Thank you very much, you stupid twits. So make a backup of the apk-file onto your SD-card or harddisk before relying on it…

After having found some old version of “Backup Everything” which was thankfully downloadable with something other than the phone itself, I was able to restore “something” or “a bit”. SMS-archive, caller logs, access points, all there. Applications, Contacts, WLAN-credentials missing. It tried to reinstall some applications, but that mostly failed. At least it has a list of applications which you then can click on individually which opens a search on the Marketplace and install them.

The contacts I had to restore from an adressbook vcf from my harddisk (kaddressbook can export the addresses you choose to a vcf), but doubtless, some are missing. I only realized afterward that the android provides an “export contacts to SD-card” option by itself. But then, I didn’t expect “Backup Everything” not to backup everything.

I’m pretty sure some configuration-options of android itself, and also of applications are still wrong or missing. We’ll see.

eeePC: Debian Upgrade to Squeeze

Thursday, December 30th, 2010

Some lessons learnt by upgrading an eeePC’s operating system from Lenny to Squeeze.

If there is no /dev/sda (and no other block devices in /dev), this is actually due to /sys/classes/block not existing (only /sys/block exists), so udev can’t find it (and the transition from hal to udev is one of the things that happens when upgrading from lenny to squeeze). This comes from having deprecated sysfs compatibility options set in the kernel. So these here may NOT be in the kernel .config:

CONFIG_SYSFS_DEPRECATED=y
CONFIG_SYSFS_DEPRECATED_V2=y

The funny thing is, the system runs without /dev/sda* available, but you’ll have all kinds of strange effects. Things like cryptsetup, fdisk and update-grub which directly access /dev/sda of course do not work. But also, NetworkManager does not start or configure anything.

X does not start with the Intel driver if modesetting is not enabled. This is what happens:

(EE) intel(0): No kernel modesetting driver detected.
(II) UnloadModule: “intel”
(EE) Screen(s) found, but none have a usable configuration.

It can be fixed presumably by appending “i915.modeset=1” to the kernel parameters in grub.cfg, or, that’s what I did, by setting it in the kernel to enabled by default:

CONFIG_DRM_I915_KMS=y

The Keyboard does not work, if X does not understand the variant:

Option “XkbVariant” “eeepc”

This needed commenting out.

Now, with the intel-driver and KMS, the screen was flickering madly. Supposedly this i KDE polling Xrandr on screens that do not exist. So I added this to xorg.conf to stop it:

Section “Monitor”
Identifier “TV1”
option “ignore” “true”
EndSection

Section “Monitor”
Identifier “VGA1”
option “ignore” “true”
EndSection

Note that these section-names were taken from the Xorg.0.log:

(II) intel(0): Output LVDS1 using monitor section Monitor1
(II) intel(0): Output VGA1 has no monitor section
(II) intel(0): Output TV1 has no monitor section

OpenType-Fonts in Texlive/Xetex

Tuesday, October 19th, 2010

This is a follow-up to my rant TrueType- and Type1-Fonts in Texlive/Xetex.

As it turns out, XeLaTeX is not only the solution to displaying TrueType and Type1-Fonts, but most of all, the solution to display (and print, of course) OpenType. And not just with basic support, but with everything only OpenType makes possible. Like decent handling of ligatures.


\documentclass{article}
\usepackage{fontspec,xunicode,xltxtra}
\setmainfont{Baskerville}
\begin{document}
\section{Font Tests}
\fontspec[Ligatures={Common, Rare}]{Baskerville}
\fontsize{18pt}{24pt}\selectfont Baskerville \\
Umlauts: ÀöÌ \\
Ligatures: ct st fi fj fl ff ffi ffl fs ft ij \AE \ae \OE \oe\\
\fontspec{Baskerville}Numerals: 1234567890\\
\fontspec[Numbers={OldStyle}]{Baskerville}Numerals Old: 1234567890\\
\\
\end{document}

“Baskerville” in that example is any OpenType-font which provides ligatures (liga) old numerals (onum), required ligatures (rlig) and so on..

A (Patent-)Law to promote the welfare of Lawyers

Saturday, May 22nd, 2010

I already wrote about it, on how Patents kill Innovation. If you’re looking for more background on some of the assertions in this text, they’re explained there.

Right now the german Bundesgerichtshof decided that it would be a good idea to allow software Patents, even if the European Patent Treaty says in Article 52 “The following in particular shall not be regarded as inventions … mathematical methods … programs for computers”. How did the BGH get the idea to rule on such a case in the first place, and not dismiss the whole affair as illegal and contempt of justice?

Either this is, according to Henlons Razor, an act of incredible stupidity, or there were some serious interests in the background lobbying. And in fact, those interests very much exist, and they’re very much part of the judical system itself.

As it happens, apart from Pharmacy, nobody will make money from Patents he applies for. Yes, this sounds like a very bold statement, but keep in mind that this applies to all of the patents of a field taken together; there might be financially successful patents among them, but this is eaten up by all the other patents which just cost money. No where does this money go to? Legal costs of course. So in all fields of enterprise except pharmacy, patents only fill the coffers of Lawyers, Attorneys, Judges and the Patent Office. It has been estimated that those costs make up to 20% of the final product price, making the patent system in the end just a tax-system which funels a tax of 20% to the legal system.

Obviously, those on the receiving end have a strong inventive to keep it this way, and won’t allow anyone to interfere with their rent. And most probably this is what happend with the BGH. As people in the legal system they are bound to know a lot of people also in the legal system, and those Lawyers and Attorneys will have biased views which they probably have communicated to the BGH. By now, the BGH is probably firmly convinced that patents are necessary for innovations to happen (or any suchlike hogwash).

Are you curious about that “Pharmacy exemption”? Well, the patent system works there (with its main effect) as intended, with some severe side effects. Patents are granted, the patents licensed to third parties, and the license-fees not only cover the legal costs but are high enough to make a decent profit. Not anticipated was that the big players in that field lobbied succesively “patents on prducts” and “patents on genome-sequences” into the law, plus that they wreck havoc on smaller players and on the general public, most noteably on the public in third world countries.

So even if patents on pharmacy work as expected when viewed from within the system, the idea of patents as such is inherently flawed in regard of innovation, development, economy and ecology. And if you’re a proponent of free markets, patents as “government granted monopolies” are an abomination anyway. Patents are an inherently mercantilistic idea (especially due to the fact that a patent does not allow you to produce any product, but allows you to forbid your competion to produce it), along the lines of such illuminaires as tariffs, subsidies and protective duties.

Zu doof für Ligaturen

Thursday, April 8th, 2010

Die Geschichte ist nicht neu, aber seit Jahrzehnten herrscht in Deutschland ein riesiges misverständnis über eine Ligatur. Auslöser dass ich nun darüber schreiben muss sind folgende Zeilen aus dem Buch “Generation Doof”:

Durch Mund-zu-Mund-Propaganda haben sich zwei weitere großartige Missverständnisse festgesetzt: ß wird grundsätzlich zu ss, und Kommata kann ich so setzen, wie ich lustig bin. Damit gelingt es auch dem Letzten, seinen Satz so zu verhunzen, dass man, Jahre, braucht, um zu, entschlüsseln, was, gemeint ist.

Es geht um dieses “Beta”, allenthalben auch als “scharfes-s” oder “sz” bekannt, was es natürlich alles nicht ist. Es ist nämlich überhaupt kein Zeichen, sondern im Rahmen des Schriftsatzes allenfalls eine Glyphe, es ist nämlich eine Ligatur für “ss”.

Da wir es nun früher mit zwei verschiedenen “s” zu tun hatten, nämlich dem langen, das welches aussieht wie ein “f” (na fast: “ſ”) und innerhalb des Wortes benutzt wurde, und dem kurzen, welches tatsächlich wie ein “s” aussieht und am Wortanfang oder -ende steht, ergibt sich durch den Zusammenzug von “ſs” eben dieses beta-ähnliche Konstrukt ß.

Selbstverständlich ist es komplett unlogisch und inkonsequent sämtliche Ligaturen zu ignorieren aber diese eine behalten zu wollen, und das ganze auch noch in irgendwelchen Gremien durchzuwürgen so dass es tatsächlich in verschiedene Zeichensätze aufgenommen wurde, oder gar auf Tastaturen auftaucht. Wo bitte ist etwa das st? Und alle anderen Ligaturen: Æ, æ, Œ, œ, IJ, ij, ᵫ, ff, fi, fl, ffi, ffl, ſt? Weshalb sollen die nicht mehr geschrieben werden, aber ein “ss” muss als Ligatur geschrieben werden? Und vorallem, wo ist das “ſ”?

Übrigens läuft nicht der gesamte deutsche Sprachraum diesem Blödsinn nach. In der Schweiz wird diese Ligatur tatsächlich offiziellerweise niemals verwendet, ausser man würde in einem Text auch alle anderen Ligaturen verwenden. Das hat natürlich in der deutschsprachigen Wikipedia auch zu einem halben Krieg geführt, als man herausgefunden hat dass da Schweizer nicht in Baskerville oder Caslon schreiben und ergo auch keine Ligaturen verwenden…

Ich persönlich liebe ja Ligaturen (und Baskerville und Caslon) aber entweder man schreibt konsequent mit Ligaturen, oder man lässt es sein. Aber die Generation Doof hat offensichtlich immer noch nicht mitgekriegt dass ß eine Ligatur ist und wird dessen unzeitgemässe Verwendung vermutlich bis aufs Blut verteidigen. Vorher werden sämtliche Kommaregeln abgeschafft.

Security as Service

Friday, March 5th, 2010

I’ve been sceptical about offerings of Security as Service. It’s sounds an awful lot like “Outsourcing Security”, and security is a process which involves every aspect of business or life.

However, I’m working now in a company which does just that, selling Security as Service. And I think it can work. As opposed to any other company which sells you a product, or some other services, if you’re selling security, you’ve got an interest in your customers security not being breached. Because you will loose that customer.

If you’re a Bank, you sell banking services. As long as the cost of one of your clients accounts being misused is not really your cost, the security of your clients is a total non-issue. The same goes for vendors of security-appliances. The client bought it, and already paid it, so if somebody hacks it, it’s not really your problem, unless you get bad publicity out of it.

And we’ve seen with the whole “full-disclosure”-debate, that bad publicity is a very weak instrument, and some companies can take hideous amounts of it before they improve security. Microsoft is the classical example; it took them aeons to do something about security, and the security of its products is still very weak.

On the other hand, if you get paid by subscription, you have a very real interest in keeping the customer. That means you have an interest of providing the services you are being paid for. If it’s not security the client pays for, this also means that security is probably not your concern (as seen with banks and credit card companies).

Of course, security embedded in you company will be much more capable and resilient. You can design every process with security in mind. You can choose specific products with a good security track-record. You can have system administrators with a very intimate knowledge of your network and IT-landscape, who can provide for a very fine-grained incident-response and emergency management.

But most smaller companies can’t have that. Because they don’t have the expertise, the money to hire specialists, and most of all, an IT-landscape that is not modeled by security-considerations but by habit. And habit is of course the biggest foe of security. It could be his friend too, but old habits die hard, and most people today grew up in a world where not everything was networked, and where systems of a company which gave a damn about networks and security were, and still are, prevalent. So the people in these companies don’t have the slightest clue about security, e-mail their passwords around, get their negotiations eavesdropped on mobile phones, infect their computers with viruses and get their e-banking accounts phished.

And this is where Security as Service can help. It can’t make you into a company where everything is secure. But it can mitigate some of the effects the security-unconscious acts of your employees cause. It can filter out malicious emails before someone can click on it, or some stupid mail client executes the malware-payload on its own. It can encrypt the emails at least between hosts. It can keep the botnets at bay that try to penetrate your servers. And it can provide incident-response if something goes wrong.

And finally, Security as Service is the fundamental better idea than Security as Product. Because Security is a Process, it never ends; and because with any product you bought, the sale is done, and the supplier is only interested in selling you another product, but not in making the already sold product better. Furthermore, if you lack the expertise, will you even be able to manage the product correctly?

There are those who can, with in-house security expertise, where it would be stupid to outsource it. But for the rest of us, there’s at least a certain measure of security available with Security as Service.

Credit Suisse: Security-Idioten im E-Banking

Sunday, February 28th, 2010

Die Credit Suisse will auf ein neues SMS-Sicherheitsverfahren umstellen. Benutzbar mit a) Einem Handy b) welches eine Schweizer Landesvorwahl hat c) eine Vorwahl von 076, 077, 078 oder 079 hat.

Sobald man auf der DirectNet-E-Banking-Seite einzuloggen versucht wird einem mitgeteilt dass die bisherige SecurID-Authentifikation noch 7 Tage lang gültig sei.

Was haben die Sicherheitspezialisten der Credit Suisse geraucht? Oder sind die aus einer Anstalt entflohen?

Wer auch nur die geringste Ahnung von “Sicherheit” hat, dem fallen sofort einige ganz gravierende Probleme (abgesehen von “Usability”-Problemen, für Leute im Ausland z.b.) mit diesem “SMS-Sicherheitsverfahren auf:

  • SMS sind abhörbar. In Real-Time. Das wurde am Chaos Computer Club Congress 2009 bewiesen (und sämtlicher SMS-Traffic auf dem Kongress gleich live auf einem Beamer angezeigt).
  • Smartphones werden immer mehr als Ziel für Malware interessant, je mehr sie Funktionen übernehmen für die früher ein ausgewachsener Computer benötigt wurde.
  • Das “Token” (das Mobiltelefon nämlich) an das die Authentifikation gebunden ist, ist DER Gegenstand weltweit der am meisten verloren und gestohlen wird.
  • Es ist eine enorme Datenschutzverletzung. Nun ist jedes Konto mit einer Telefonnummer gekoppelt. Gleichzeitig ist es auch noch möglich den Standort von Mobiltelefonen zu Triangulieren.

Und das ist nur das was mir sofort eingefallen ist.

Der einzige Vorteil der ersichtlich wäre, ist dass die Authentifizierung Out-Of-Band erfolgen könnte, was für Benutzer mit kompromittierten Windows-Kisten einen Vorteil darstellen kann. Der ist aber sofort wieder weg wenn man a) dasselbe Smartphone gleich fürs E-Banking benutzt b) sich Malware auf den Telefonen verbreitet. Aber vorallem c) muss der Code den man per SMS erhält so wie es jetzt implementiert ist trotzdem per Browser zurück übermittelt werden. Was die ganze Übung hinfällig macht.

Es gäbe schon ideen wie man sowas wirklich sicher machen könnte, aber die involvieren dann Karten mit Keypads und Methoden zur Out-Of-Band Übermittlung. Und nicht dasselbe wie vorher, bloss neu nun auf einem Gerät welches abgehört, gestohlen und verloren wird.

Es handelt sich hier um eine offensichtlich reine Geschäftsentscheidung. Für die CS ist die Frage einzig und allein die: Was kostet das System, was sind die zu erwarteten Aufwände für den Token-Verlust und schlussendlich, was sind die Aufwände wenn es von Dritten misbraucht wird. Mit dem SecurID-System bestehen die Aufwände in der Ausgabe der SecurID, und den Auswechseln derselben bei Verlust. Mit dem SMS-System ist es im Betrieb das senden der SMS, der Aufwand bei Verlust ist für die CS geringer da der Hauptaufwand da vom Benutzer getragen wird. Bei den Aufwänden durch Misbrauch seitens Dritten dürfte die CS erwarten dass die in etwa dieselben bleiben, da das neue System etwa die selben Schwachstellen hat wie das alte (respektive die Kosten für neue Schwachstellen nicht von der CS getragen werden müssen, z.b. in Form von Privatsphäreverlust) und Entwicklungen wie Smartphones die das ganz Ad-Absurdum führen könnten hat man vermutlich ignoriert, da bisher noch keine entsprechenden Misbrauchsfälle aufgetreten sind. Man hat sich wohl gegen eine wirkliche Out-Of-Band-Authentifizierung entschieden, da das vermutlich wesentlich teurer würde, und sich die momentanen Aufwände bei Misbrauch offenbar in Grenzen bewegen.

Die Sicherheit für den Endbenutzer war für die CS nie das Thema. Solange sich die Kosten der CS für misbrauchte Konten im Rahmen bewegen, und sie nicht übermässig schlechte Publicity wegen mangelnder Sicherheit bekommen, hat die CS nicht das geringste Interesse daran E-Banking sicherer zu machen. Nur billiger.

Ganz schlimm ist auch dass man den Kunden offensichtlich nicht die Wahl lassen will, die für sie meist sicherere SecurID weiterzubenutzen. Wenn die nicht von Fall zu Fall einlenken (in meinem nämlich ganz bestimmt), dann werde ich das tun was man in einer Marktwirtschaft in so einem Fall tut: Mit den Stiefeln wählen gehen.

Addendum: Ich habe angerufen, und scheinbar haben sie nun die Laufzeit für meine SecurID verlängert. Mir wurde aber mitgeteilt dass sobald eine andere Lösung für nicht-schweizer Mobiltelefone etc. exisitert, das SecurID-System abgeschaltet würde.

Addendum Zwei: Seit ich das im April 2010 geschrieben habe, haben endlich auch andere bemerkt dass das eine schleichte Idee ist: Telcos declare SMS ‘unsafe’ for bank transactions Selbstverständlich wird es auch schon misbraucht Präventionshinweis für Onlinebanking im mTAN-Verfahren

hostapd with psk-file

Tuesday, January 26th, 2010

I tried to make hostapd use a separate psk-file, with a different PSK per MAC-address. On Debian the file is called /etc/hostapd/wpa_psk and according to /etc/hostapd/hostapd.conf:

# Optionally, WPA PSKs can be read from a separate text file (containing list
# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.

This is fucking WRONG. The file-format is not documented anywhere else, and the above is utter bogus. The file has to look like this:
00:00:00:00:00:00 somepskstring

The 00:00:00:00:00:00 of course would have to be replaced by a real MAC-address. The MAC-address all zeroed out might signify a wildcard, but then, this isn’t documented either.

By the way, if you do not want it bloody bridged, you need to set up the interface just like normal in /etc/network/interfaces, and take care that it’s served by dhcp and has appropriate firewall-rules.

TrueType- and Type1-Fonts in Texlive/Xetex

Tuesday, November 10th, 2009

Font-Management in TeX is a huge mess. It’s such a mess that there is not even one coherent tutorial on how to install fonts exists, and nobody ever automated it. Imagine: You put your TrueType or Type1 fonts somewhere into /usr/share/fonts, your system regenerates its font-cache, and they not only are available for KDE, Gnome, Mozilla and OpenOffice, but also for TeX? You wish. Instead you’re expected to produce custom font-encoding files by hand, extract font-metric-files (tfm) out of TrueType-files, invent 6-letter font-shortcut-names, and edit some other files in order that TeX can find them with these shortcut-names. In other words, the whole thing should be burned at the stake, shredded, buried and shot into outer space.

The only thing that actually works out of the Box is XeTeX/XeLaTeX:

apt-get install texlive-xetex

Now you need to know the correct name of the font you want to use, as reported by fc-list:

$ fc-list | grep Bastarda
MA Bastarda1 15th:style=Normal

And you can use this in TeX-documents:

\documentclass{article}
\usepackage{fontspec,xunicode,xltxtra}
\setmainfont{MA Bastarda1 15th}
\begin{document}
Test. Umlauts need to be UTF-8 encoded: ÀöÌ
\end{document}

If your TeX-document happens to use utf8mb4 instead of utf8, recode will help:

recode utf8mb4..utf8 whetever.tex

Now you need to use xelatex instead of texi2pdf or pdflatex to produce a pdf-file:

$ xelatex whatever.tex

That’s it, and that’s how it should bloody work everywhere, with every TeX-util of the day you might want to use.

Some critique on Computer RPGs

Thursday, October 8th, 2009

Purely from a technical/historical point of view, some critique on a few computer roleplaying games (CRPGs) I recently played.

I realize that most of those aren’t exactly about “role”-playing, but more about tactical small unit combat, with plot and puzzles thrown in, or more like action-games with stats (and plot and puzzles). Whatever, I enjoy them nevertheless, even tough they’re in fact a big waste of time.

Drakensang

What I like

  • Armour. A system where you can selectively wear armour on different body parts. And your avatars reflect that. Certain kinds can be worn over each other.
  • Towns. They really look like 17th century towns (yes, I suppose they had meant them to be medieval, but they are not). Beautiful.

What I don’t like

  • Partitioned world. Go to another part of the town, you go to another level. Enter a building, you enter another level.
  • Artificial limits. You can’t just climb a mountain, cross a stream or jump onto a rooftop
  • Props. Things that just stand there and are of no use. You can’t grab the spoon on the table.

Oblivion

What I like

  • No artificial limits. There are no boundaries in the world where you cannot go logically. You can jump on roofs or climb mountains
  • Armour. A system where you can selectively wear armour on different body parts. And your avatars reflect that. And the standard steel plate-armour looks right
  • Horizon and View. You can climb a mountain and look down on towns kilometres away.
  • No Props. You can grab just about everything, from spoons on the table to vases. They’re mostly not of great value, and you’ll soon stop doing it. But you can.
  • Climbing skill. The better you get, the steeper the mountains you can climb.
  • Horses. You can ride them
  • Map. You can explore everything and it appears on the small-scale map.

What I don’t like

  • Partitioned world. Go to another part of the town, you go to another level. Enter a building, you enter another level.
  • Armour. Your body parts are just replaced by the armour-part, and not overlaid with it. Furthermore, all the special armour is made from extremly unlikely materials and looks completely unuseable.
  • Lockpicking. It’s a modern lock, and picking locks with barbed keys is far easier than that.
  • Rain. It rains below cover.
  • Some towns. They look like everything was razed to the ground and built up from scratch
  • Mountains. They lack horizontal and overhanging sections. And are not rocky enough.
  • Horses. You can’t fight from horseback, and you can’t equip different saddles and horse armour
  • Map. the small scale-map of some level can’t be accessed when in another level.

Gothic 3

What I like

  • The seamless world. The world is just one big piece of world, with no artificial borders when entering some building or dungeon.
  • No artificial limits. There are no boundaries in the world where you cannot go logically. You can jump on roofs or climb mountains
  • Lockpicking. It’s not perfect, especially with that 1-3 level-system, but at least its fast and not some stupid game around modern locks
  • Rain. It doesn’t rain indoors.
  • Solve quests at any time. It doesn’t matter if someone told you to kill some orc-raiders, if you killed them, you solved the quest. You might get a bounty if you ever met the NPC who would have handed out the quest.

What I don’t like

  • Armour. They only come in one piece for the whole body. Plus Helmets, which are much too rare and look crappy.
  • Weapons. Would anyone care to explain why some Conan-esque monstrosity is more efficient than a sleek long sword? And why all those smaller weapons should be more deadly than a halberd (which is just about the most effective weapon in single combat, even more than a two-handed sword)
  • Doors. Well, there are nearly none. Indoors staircases are mostly missing too.
  • Horizon and View. You can’t see mountains which are some kilometres off, instead they tend to pop up or are shrouded in mist.
  • Props. Things that just stand there and are of no use. You can’t grab the spoon on the table.
  • Map. There is only a big one. A small-scale map on which you could see everything where you’ve already been would be nice.

Dragon Age: Origins

What I like

  • The story and the characters. Both are very strong. It’s even possible to enter romantic relations. With both sexes.
  • Magic and Faith: The monotheistic faith in the “Maker” with its “chant” gives it a much more medieval flair than those pantheons in most other RPGs. Also, the relationship of the church (Chantry) with its templars and the mages is an inherently believable one.
  • Lockpicking. It’s not some tedious and unrealistic minigame.
  • Armour: The stamina-deduction is exactly what armour does. It tires you faster.

What I don’t like

  • Partitioned world. Heavy partitioned. Every house is a new level. And it’s slow to load too.
  • Limits. Tons of them. There are lots of maps where it’s totally unclear why you can’t go somewhere, there’s nothing that would block you in-game, no wall, no crevasse, but only an artificial limit
  • No weather, no time. Every map has it’s own specific daytime, and that’s it.
  • Props. A lot of things are just there for show, and not useable. Including doors.
  • Way too little things, and enemies don’t even drop weapons they wielded or armour they’re obviously wearing.
  • Armour. Too big pieces to choose from, and some is very weird looking. And wearing armour does NOT need some huge strength, otherwise I wouldn’t be able to wear my gothic plate armour.
  • Levels and level-caps. It’s entirely possible to have some skill-based system not reliant on levels, and if you’re using levels, don’t cap them arbitrarily.
  • Sex vs Violence. The game is very bloody (I don’t care), but the sex-scenes are, umm, US-american. With clothes on; and I can’t stand sex with clothes on. Fucking puritan hypocrites.

Closing Comments

Armour. Everyone gets this wrong. It’s not like all armour will protect you generally from part of the damage, but some will protect you totally. You just can’t pierce a good late medieval breastplate with an arrow or a sword. no way. This “subtract armour-value from damage-value” comes of course from the not too realistic pen&paper-RPGs. The second thing most games get wrong, is how armour works, how its fastened to the body, and what can be worn above what. Plus, instead of offering different qualities of armour (plus magically enhanced) made from a very fixed assortment of raw materials, some games tend to offer armour made from absurd materials. In fact, apart from modern composite materials there is no better material to make armour than steel (and I would add the legendary “Mithril” too, but for chainmail only. Cannot be worked into big plates or something – Titan has the same problems btw.). Steel comes in many qualities and can be hardened (or not).

Lockpicking I pride myself to be able to pick most old locks requiring a barbed key within seconds. And the system should reflect that possibility. Also, lockpicks usually don’t break. Most crucial for lockpicking will be the tools. So why not offer different qualities of picks in the game? Thus you would gladly accept quests in order to get better picks. Just as you would to get better arms or armour. And while you probably could open any lock with a tiny bit of talent and good tools, a lot of Skill would be required to make your own very good lockpicks.

Arms. Arms are made against a specifically armed and equipped opponent. A flail for instance works wonders against people with shields (because you can reach your opponent behind the shield), but is otherwise quite ineffective. And the damage they do and their armour-piercing capabilities differ greatly. A warhammer (think icepick, not sledgehammer – those sledgehammer-things are not weapons that were ever used in war) can pierce chainmail easily, and some not-so-good plate-armour as well, but the damage won’t be as devastating as if hit with a sword somewhere un-armoured.

Transport is mostly lacking. Sometimes horses are available, but carriages and boats are not. And in fact, carriages and boats could work either very much alike horses, or be driven by dialogue to the boatsman or coachman, thus providing a platform to look at the scenery and do drive-by-shooting ;)

Continuity of equipment Most fantasy-worlds feature a mish-mash of equipment, weapons and armour not used in any historical period at the same time. This leads to some very illogical set-ups of some arms used against armour against which they are no use at all (flails or bows against late-medieval plate armour) or where they would be so effective (Rapier against Chainmail) that everyone would use them, thus reducing that mish-mash in every culture in that world in a few years time to that what is most effective (actually, with black-powder weapons in most fantasy-worlds not existent, to plate armour, heavy crossbows and halberds.). So, more care should be taken to not mix too much; 100-200 years difference is already a lot, even in the middle ages. Rather vary quality of available swords than add the huge two-handed swords (the small ones appear in the late middle ages, sometimes known as one-and-a-half-handed swords or “bastard-swords”; but they’re actually two-handed swords, not to be used with a shield) from the renaissance.

Money Everything is much too expensive, and the money consists mostly of gold. Why not adapt a more medieval system like 12 silver pennies (one penny equals a beer or a loaf of bread on the market; 4-6 pennies a chicken) equal one shilling, 20 silver shillings would make one pound silver, but since nobody wants to carry around a pound silver, this is substituted by the guilder, a golden coin of the same value. A sword should cost 1-2 pound, a horse 1-4 pound. A cow is cheaper, costs only about 5 shilling. Most of all, if you really get a gold coin, you’d be quite wealthy, and you wouldn’t have to carry around ludicrous amounts of gold..

Black Powder Just to have this noted, the first black-powder weapons, cannons and handguns, appear before ANY plate armour in the late middle ages. Thus plate armour is probably a reaction against it. There is also no reason to not have early Firearms in your setting, as they are slow (45-60 seconds to reload), inaccurate (20 metres to be able hit a head) and don’t work when it rains. The shooter also carries a smoldering lint along, which game will smell, no hunting with these. I’d incorporate them if I would incorporate plate armour, along with 4-5 metre long pikes, and let the players find out themselves that both these are only useful in disciplined units in mass combat.

World A seamless world with no artificial limits (except the boundaries of the world itself — which can be worked around in making the world “round”, meaning if you leave the world-map to the east, you’ll enter it again from the west) is incredibly cool to play in. However, house interiors should still be elaborate, and above all, there still should be doors, which one should be able to close as well as open. Maybe even able to lock them again (could also be used by guards to get alarmed if a door isn’t locked again).