efinn.net

Author: efinn

  • Ideas of Nonviolent Dungeon Crawls

    Musings and beginnings of plans about how to make crawl-style RPGs that don’t produce narratives of violence.

    Intro

    In a lot of media, exploration and combat go hand-in-hand, and for good reasons. Violence provides an extremely legible and intuitive threat to characters, our cultural media landscape has plenty of different modes and archetypes of violence to draw upon to provide variety in settings and characters, and violent interactions have a certain finality to them: a slain villain or monster generally doesn’t wake back up tomorrow and keep causing problems. In terms of games, we have many traditions of creating satisfying mechanics for simulating (or at least representing) violence of varying levels of realism. However, I’ve found that the ease of accessing violence, whether as a setting or story element or as a focus of character customization and mechanics, makes non-violent scenarios, characters, and mechanics hard to imagine.

    So, as an exercise in practicing my creativity, I started thinking of how one could implement a dungeon crawl which did not feature violence. In my mind, the first step of this exercise is figuring out what makes a dungeon crawl effective as a framing device for both a narrative scenario and a set of mechanics. In my mind, it comes down to:

    1. Exploration of an unknown space
    2. Risks to the characters
    3. Rewards to justify taking the risks
    4. Ability to make meaningful decisions about how (or whether) to tackle risks

    In a traditional dungeon crawl, you have adventurers exploring an unfamiliar location, facing traps and monsters, and looking for loot (or working their way towards some narrative goal). They might have a variety of abilities to use in tactical combat and exploration, giving plenty of options for actions to take moment-to-moment. They will also have access to other, more strategic decisions, like determining which of multiple routes to take; when and where to rest; and whether to retreat or push on when the going gets tough. Depending on the game, the fail state may be as minor as losing a disposable character and pulling out a backup sheet to continue the module, or as severe as ending a hundred-hour playthrough of a roguelike.

    The challenge I’ve given myself, then, is identifying potential alternatives that could support a similar range of game mechanics, a similar set of considerations to present players with, and a similar tension between the players’ positive and negative desires.

    Concept A: Rescue

    Fortunately, around the time I first started thinking about this, Tom Scott’s England series was getting started. Episode 4, “These people walk towards mining disasters.” (YouTube / Nebula) made me realize that rescue operations could be a very strong fit. Tom’s descriptions of how disorienting dark and smoky tight spaces can be are very evocative, and even in the simplified training exercise the team was doing, they still had a good deal of different tasks to do, with different people focusing on different aspects of the situations they were in.

    In a similar vein, I’ve played a decent amount of Flash Point: Fire Rescue, and believe that game’s mechanics would be a fantastic starting point for fleshing out something more focused on longer-term campaign play; there are already a good variety of specializations which either provide unique abilities or improve the efficiency of a common ability, and the set of common abilities give a decent variety of ways to interact with the game world, at least for the purpose of dealing with a structure fire and rescue.

    So, imagine you’re running a mine fire rescue operation as a tabletop RPG. Maybe you give the players a simplified map of what the location should theoretically look like, but between potential cave-ins and the smoke and dust obscuring passageways in the dark (or just out-of-date documents), it could still be easy (or at least possible) to get lost and disoriented by missing a turn. As the PCs navigate the tunnels, they need to be ensuring the safety of the area, checking and shoring up supports, ensuring power is cut in areas with gas leaks, and regularly checking their own equipment. Meanwhile, any victims along the way may need to be treated and evacuated. There’s a set of standard operating procedures in real life here, but in a game you could set up situations where this is a decision point: does your whole team stop and evacuate a victim you meet along the way, do you leave the victim in place to evacuate on your way out while your team moves ahead, do you split up? What are you risking, and what opportunities are you passing up?

    In the partially collapsed chamber with a victim pinned under a fallen support beam, what are your players’ priorities? If they follow SOP and shore up the ceiling before treating the victim, will they have enough time to save his life? Can they even shore up the ceiling before it collapses? Maybe there’s a fire spreading towards some unsecured explosives; can they hold it off long enough to retreat? Can they pull the victim to safety? Does somebody get left behind?

    And of course, a modern realistic setting is not the only possibility here; what dangers might be lurking in the mana crystal mines? Or in the construction site for the underground dwarven highway?

    Second Idea: Hacking

    One criticism I vaguely remember reading of Shadowrun is that if the party has a decker, that means the GM has to run two RPGs at once. While of course that critique is understandable, it does hint that perhaps the hacking sub-game could be its own distinct game.

    Now, I don’t have much personal experience with Shadowrun (outside the fantastic Harebrained Schemes CRPGs), but I poked at the Shadowrun 4e book for its hacking rules, and they seemed to have a decent amount of depth, with at least some space for specializing within those mechanics. I am a little more familiar with the Cyberpunk setting and books, and I feel like for this concept, the hacking mechanics from Cyberpunk 2020 have more to offer. Particularly relevant to this thought exercise, target systems are already essentially constructed as dungeons on a grid map. With some additional complexity, I think the concepts there could be fleshed out into something geared towards a whole party.

    The example of a Subgrid Map from the Cyberpunk 2020 core rulebook, p. 159.

    In general, a simulacrum of hacking ought to involve a handful of different categories of tasks:

    1. Casing/Observation/Exploration. Preliminary research to map out networks, traffic patterns, and find potential vulnerabilities. (Though in the event of pretty serious misconfiguration, you might just be done at this step; that realism would probably would be anticlimactic in an RPG though)
    2. Exploitation. Take what you learned from observation and use that to get more access than you’re supposed to have. Maybe this means using known vulnerabilities in outdated software, maybe this means actually using some stolen credentials (and possibly doing some more observation with the elevated access).
    3. Modification. Make changes to the system you’re in; install malware or keyloggers, destroy files, impersonate somebody to send messages, leave a ransom note, change public-facing sites to brag about how you owned the company, mess with industrial systems. There’s a whole lot to potentially do here.
    4. Exfiltration. Just obtaining access to data isn’t enough, if you want to use it later you need to copy it outside of the system that wants to keep it secret. Actually moving large amounts of information outside of a protected system without alerting automated systems designed to detect data exfiltration is its own challenge.
    5. Obfuscation. You need to avoid alerting the operators of the target system for at least the time it takes to accomplish your goals. And ideally, even if/when they figure out what happened and start tracing back to who compromised their systems, they won’t connect it all the way back to you. Although even getting caught and booted out once isn’t necessarily the end of the action; one avenue of attack may get closed off, but there could be more vulnerabilities to exploit.

    Now, it doesn’t necessarily make sense for these five categories to map 1:1 onto character specializations; exploration and obfuscation are somewhat continuous actions that everybody can be engaged in. Exploitation can cover a wide range of activities; maybe one character is good at applying existing exploits for known vulnerabilities, another is good at the longer-term work of identifying unknown vulnerabilities and developing new exploits, and a third is good at convincing people to send them their passwords.

    Possibility III: Long Distance Travel

    Hey. Have you heard of Oregon Trail? Yeah, the old point-crawl party-based permadeath RPG.

    Screenshot courtesy of mobygames.com.

    This gets a bit away from my original thinking, as long distance travel isn’t exactly what you’d call a dungeon crawl due to the lack of a dungeon. But otherwise it does tick the same boxes, and hey, Caves of Qud and Elin get to be called “Traditional Roguelikes” despite a lot of the game taking place on the overworld map.

    Of course, there’s been a great deal of attention paid to travel in RPGs already. But that’s a similar situation as to how hacking mechanics in RPGs tend to be bundled with games that spend a lot of word count on simulating physical violence. What would your random travel event tables look like if monsters, bandits, and other combat enemies are absent? How does a party of traveling adventurers who aren’t planning on getting into fights prepare for a long journey? What character abilities and constraints make sense for a system that’s more focused on wilderness survival, navigation, and long-term resource management? How do you differentiate characters while giving multiple players something interesting to do in any given scene?

    This concept is the one I feel the least confident about, in part because it gets so close to the design space of more traditional combat-focused RPGs which I’m familiar with that I keep veering off towards combat concepts, like a wheel getting stuck in a rut on the road. I feel like Oregon Trail proves that the concept has legs for a single player game, but I’m not sure how one might add enough mechanical variety to give multiple players something to do besides debate navigation decisions.

    Of course, part of that is, I think, “long distance travel” is actually incredibly broad. How far is “long distance”? What technologies do the characters have access to? How typical is it in the characters’ cultures to undertake such journeys? For what purpose are they traveling? Medieval peasants walking together across England for a pilgrimage, truckers trying to cross the state line before getting caught by the sheriff, runaway kids hitchhiking, Austornesian-speaking peoples sailing great distances for trade or exploration, Silk Road merchants trying to make a profitable trip, and people departing a failing city-state in search of a spot of land to settle down on are all very different stories that I think ought to be treated very differently.

    Conclusion

    While I’m certainly not opposed to violence in fiction (I am, after all, a USAmerican, so that’s basically inescapable), violence is pretty clearly over-represented in our media, including RPGs. I think that by taking inspiration from the interesting, difficult, and extreme things people are doing today, have done in the past, and do in fiction, there’s a lot of opportunity for engaging roleplaying games that produce different narratives than we’re used to seeing. And furthermore, developing mechanics doesn’t have to be done fully from scratch; there are plenty of board games and video games to draw ideas and inspiration from.

  • Password Managers

    Just last week, I changed my personal password manager. It wasn’t a significant change in terms of workflow or effort of migration (KeePass to KeePassXC), but it was significant in that I’ve been sticking with one password manager for nearly 20 years, and finally decided to start using a new one.

    What’s a password manager?

    A password manager is a program (or browser plugin or built-in feature, or some other piece of software) which stores your passwords for you in an encrypted form so that they’re (hopefully) impossible to see without the right credentials.

    In the bad old days before good password managers, people were expected either to simply remember their passwords, or they’d write them down on some piece of paper or in an unencrypted digital document; all of these solutions leave much to be desired for a number of reasons, generally boiling down to a lack of security.

    Local vs Cloud Password Managers

    Now why would I stick with KeePass for those nearly 20 years? Sure, it’s been actively developed and updated over that time, but there also have been other password managers which achieved great popularity over that same time span. For instance, I’ve used LastPass at a previous job, and currently use Bitwarden for my work password manager. The main reason is that I prefer KeePass’s security model.

    Many other password managers also handle synchronizing your data between devices. KeePass, however, just stores your password database as a file. While the former behavior is more convenient, it also requires more trust than the latter. If one product is handling both encryption and synchronization, I need to be sure that I trust that they are keeping the data encrypted in a secure fashion in transit and on their machines. With a password manager that doesn’t handle synchronization, I simply need to trust that whatever is saved to disk is encrypted; even if I don’t trust whatever service I’m using to synchronize the file between devices, I can still feel fairly secure even if I believe that service to be actively hostile.

    This might seem overly paranoid, but LastPass recently suffered a breach in which hackers managed to extract data that was stored in vaults. They didn’t get the passwords themselves (since they were encrypted separately), but they did get URLs and notes, which a user could, and I’d argue should, reasonably expect to have the same level of security as the passwords. In some cases, these notes can be just as sensitive as a password (or are practically an extension of the password), so they should have the same level of protection.

    In my view, the best way to guarantee that you’re not using a service where an employee can be tricked or enticed to give your private data to somebody hostile to you is to make use of the technology at your disposal to ensure that no such employee could theoretically obtain the private data in the first place.

    KeePass vs KeePassXC

    A year or so ago, I got a new laptop which came with Windows 11. I very quickly discovered that it was extremely pushy about getting me to tie a Microsoft web account to that computer. I managed to get the computer set up without doing so, but it required both driving out of range of my home’s WiFi (since I had made the mistake of trusting Windows 11 enough to allow it to connect to the Internet during setup) and looking up an unintuitive and undiscoverable process to avoid this anti-feature.

    In the time since, I’ve heard plenty more bad news about Windows 11. And with end of life for Windows 10 coming up, I’m preparing to switch away from the Microsoft ecosystem for my personal computers. For a while now, I’ve mostly been using Mac or Linux OSs for work, and have gotten more comfortable in that ecosystem (Mac isn’t Linux, but if you’re on the command line there’s a lot of similarity). And with Valve’s Proton building on top of Wine, my main barrier to the Windows to Linux migration is crumbling.

    Unfortunately, KeePass is a Windows-first application; it’s built on the .NET Framework and can be run under Linux via Mono, but I wanted to at least try out an alternative that specifically targets Linux in addition to Windows. KeePassXC works pretty much the same as KeePass, even working with the same file format, but there are a few things that I like about it more than KeePass.

    First, it has a dark mode UI by default. This might seem like a small thing, but when basically everything else on my screen is dark, having a large white rectangle is jarring and, at times, painful.

    Second, it has its own browser integration. With KeePass, you would have to install a third-party plugin to let the database communicate with a browser, and a third party browser add-on (which, incidentally, recently started offering its own paid service). Just installing the KeePassXC-Browser add-on, changing an easy-to-find setting in the application, and linking the two together was pretty easy, comparatively speaking.

    My Recommendations

    Overall, I’m loving KeePassXC. KeePass is also very solid, and if it suits your needs I still wholeheartedly recommend it. With either of these, any sort of file syncing service will do fine; DropBox, Google Drive, or Microsoft OneDrive, for instance.

    If you do want a solution that handles both password storage and syncing, I’d recommend BitWarden; they have applications for every platform, promise end-to-end encryption, and have opened their source code for inspection, which is generally a good sign for security software. This isn’t a recommendation against other services, but I don’t know enough about those to speak on them.

  • Introducing Mimir (the Cat)

    In 2023, I came back from a vacation to a wonderful new housemate; a cat who had been found in a parking lot by a friend who discovered that his owners were unable to keep him. My friend had called him Mimir after the figure from Norse mythology because he had responded well to them making “mimimimi” sounds.

    A grey kitten standing on a hardwood floor.
    Mimir a few days after he came into my life.

    He’s still rather skittish, often startling himself when he accidentally knocks something over. Though he is remarkably well-behaved for a cat; he’s never stolen any of our food, he’s very good about not going onto surfaces he’s not allowed on, he doesn’t try to bolt out when we open doors, and he’s generally very careful about not knocking over items on surfaces he’s allowed on.

    A photo of Mimir (the cat), lying on his back. He's looking at the camera, mouth open, and his head is blurry, suggesting a sudden movement.
    Mimir (the cat) lying on top of a printer, his head very close to the camera.
    Mimir spends a good deal of time on top of my printer, since it’s a good spot from which to watch me while I’m on the computer.

    When he’s not taking one of his many naps, he can pretty reliably be found either next to one of his humans or staring out a window. If somebody’s moving around, he’ll often follow along, tail happily raised with a curved tip. And he’ll generally find a nice spot to lounge wherever he can hang out with one of us, whether that’s on my printer, on the arm of a couch, or on a spare chair.

    Mimir lying on a chair, paws on a windowsill, looking out over a snowy yard.
    He really enjoys getting to watch the outdoors.

    He’s surprisingly easy to train, polite, and considerate. The one difficulty has been trimming his claws, but I’ve been working on getting him more accustomed to having his paws handled, so I’m hoping the claw trimmings will be less of an ordeal over time.

    Overall, he’s been an absolute delight, and I don’t think I could have hoped for a better cat.