[19:01] <+ChadDubya> Hi Gang! My name is Chad Walker.
[19:01] <+ChadDubya> First things first: BIG THANKS to Dan for running #RPGNETQ&A, and thank you all for being here (or reading the logs later on). I’m super stoked to be here.
[19:02] <+ChadDubya> Second: I’ve been getting blue screen of death since installing a new SSD, so if I drop… at least I’ll be back in like 20 seconds.
[19:02] <+ChadDubya> Third: I might be cutting and pasting from various places… including text straight from my game if necessary.
[19:02] <+ChadDubya> Ok, let’s do this.
[19:02] <+ChadDubya> So I’m an IT security professional by day (technically, a “malware/threat hunter”), but a raging tabletop gamer nerd at virtually all other hours. I’m getting ready to release my game “Cryptomancer: A fantasy role-playing game about hacking” in August 2016, on DriveThruRPG, PDF or Hardcover/PDF bundle.
[19:03] <+ChadDubya> Contact info dump! : Here’s the game’s current website: (Link: http://cryptorpg.com)http://cryptorpg.com You can find my on the Twitters: @Papa_Shell
[19:03] <+ChadDubya> I’m also on the Facebooks: (Link: https://www.facebook.com/cryptorpg)https://www.facebook.com/cryptorpg …
[19:03] <+ChadDubya> ANYWAYS, CRYPTOMANCER…
[19:03] <+ChadDubya> In gamer parlance, think of Cryptomancer as “Shadowrun-in-Reverse”… instead of Tolkien tropes hurled into a William Gibson cyberpunk future, Cryptomancer takes modern conceptions of cybersecurity, physical security, and national security tradecraft and throws them into a medieval fantasy setting.
[19:04] <+ChadDubya> Player characters are on the run from an evil organization which is basically the NSA meets the Spanish Inquisition meets…. Mordor? Or something. The party is offered protection by a patron who assigns them tasks in exchange for protection. Those tasks typically include “hack my rival,” “surveil my rival,” “steal these plans,” “infiltrate that party,” “kill a
[19:04] <+ChadDubya> -kill all the orcs”, “recruit a dragon,” etc.
[19:05] <+ChadDubya> So yeah… hacking, espionage, mass surveillance, and anonymous resistance communities… in a classic fantasy setting akin to Middle Earth or Forgotten Realms.
[19:05] *** DaneAsmund has joined #rpgnet
[19:05] *** ChanServ sets mode +v DaneAsmund
[19:05] <+ChadDubya> Except with a magical internet called The Shardscape, where actors use “shards” or special crystals to communicate their thoughts instantly, silently, and at great distances, to other actors who possess shards. Sort of like a modern mobile device… think of it as your modern dungeon crawling party having iPhones.
[19:05] <~Dan> (Howdy, DaneAsmund!)
[19:06] <+ChadDubya> I already know what you’re all thinking… “Sigh… hacking… hacking in RPGs sucks.” In most games, IT security is basically “I use my sweet VIRUS SPELL to attack the FIREWALL until I get to steal the DATAZ!” That ain’t hacking. That’s “Hollywood hacking.”
[19:06] <+DaneAsmund> (hey! Looks like I walked in on dungeon iphones haha)
[19:06] <+ChadDubya> Cryptomancer is built around a fantasy abstraction of modern IT concepts, principally networking and cryptography. Like, REAL LIFE networking and cryptography. But no one at the table needs to be a mathematician or an engineer to understand or enjoy the game.
[19:06] <+ChadDubya> The game teaches infosec basics to a non-technical audience. It just happens to be dynamic enough where if you ARE technical, you’ll probably be doing some insane stuff right out the gate.
[19:07] <+ChadDubya> Turns out things like PGP, SSL, authentication schemes, security technologies (e.g. firewalls and web proxies), distributed denial of service attacks, and certificate authorities are easily grokked if you just explain them in the context of elves and dwarves fighting orcs. Who’da thunk?
[19:07] <+ChadDubya> (Side note… one of the reasons I wrote Cryptomancer was to teach crypto/networking/privacy literacy to gamers… the game is “for hackers, by hackers” for sure, but it was designed to turn everybody into allies regarding the crypto/privacy/surveillance/4th Amendment battles taking place in politics every day. BUT NO MORE POLITICS!!!)
[19:07] <+ChadDubya> I could rant all day….
[19:07] <+ChadDubya> but.
[19:08] <+ChadDubya> (done) Let’s talk!
[19:08] <~Dan> Thanks, ChadDubya!
[19:08] <~Dan> The floor is open to questions!
[19:08] <+SirGene> Actually I like politics and I think games should be relevant to our lives.
[19:08] <+PaladinElliott> I have a question good sir
[19:08] * +xyphoid wakes up on hey an infosec inspired game?
[19:08] <+ChadDubya> big time
[19:08] <~Dan> Howdy, xyphoid!
[19:08] <~Dan> PaladinElliott: Fire away!
[19:09] *** rpgresearch has joined #rpgnet
[19:09] *** ChanServ sets mode +v rpgresearch
[19:09] <+PaladinElliott> how specifically would you describe the learning curve? for what ages?
[19:09] <~Dan> Howdy, rpgresearch! ChadDubya was hoping you’d show up! 🙂
[19:09] <+PaladinElliott> if those are relevant
[19:09] <+ChadDubya> Ages 12+… learning curve? TBD… but, some context…
[19:09] <+rpgresearch> Hi there Dan
[19:09] <+ChadDubya> Some of my playtesters had zero infosec or cyber background
[19:09] <+ChadDubya> and they were totally devious with the concepts
[19:09] <+PaladinElliott> so you are encouraging many ages then?
[19:09] <+rpgresearch> I just received the email from Chad regarding the RPG. I just sent him an email reply.
[19:10] <~Dan> Cool. 🙂
[19:10] <~Dan> Good timing!
[19:10] <+ChadDubya> Thanks rpgresearch… I’m stoked to finally connect with you!
[19:10] <+rpgresearch> ditto!
[19:10] <+ChadDubya> Paladin… the game goes very slow in introducing basic networking and crypto… with pictures and such
[19:10] <+PaladinElliott> excellent
[19:10] <~Dan> For those of you who don’t know, rpgresearch uses RPGs to help disadvantaged and disabled children.
[19:10] <+xyphoid> so this game is written and releasing so we can just buy it? no KS?
[19:10] <+xyphoid> (gaso)
[19:10] <+xyphoid> (gasp)
[19:11] <+ChadDubya> Also, it’s a simplified abstraction of those concepts… not super technical at all… more about use case.
[19:11] <+PaladinElliott> thank you rpgresearch
[19:11] <+SirGene> Good job RPGResearch
[19:11] <+ChadDubya> Yes xyphoid! Self funded and ready to drop in August. Fully illustrated and professional and all that.
[19:12] <+DaneAsmund> Self funded?? : 0
[19:12] <+ChadDubya> Yeah bro! I’ve been saving up for years.
[19:12] <+DaneAsmund> (probably helps to have a job that actually pays money haha)
[19:12] * ~Dan chuckles
[19:12] <+DaneAsmund> So explain to me the typical goal of a game
[19:12] <+DaneAsmund> Is it super open
[19:12] <+DaneAsmund> Or are there ideas for how it unfolds?
[19:13] <+ChadDubya> Sure thing! So the game comes with a 30 page or so campaign starter
[19:13] <~Dan> (Oh, quick side introduction: PaladinElliott, DaneAsmund, a recent Q&A guest himself. DaneAsmund, PaladinElliott, new arrival and RPG blogger.)
[19:13] <+ChadDubya> In the campaign, players are thrust into a city-state in the middle of an important election
[19:13] <+DaneAsmund> (Hey : )!)
[19:13] <+PaladinElliott> (nods with hello)
[19:13] <+ChadDubya> their patron, one of the candiates, is on the losing side, and asks the party to investigate why an allied House suddenly turned against his house
[19:14] <+ChadDubya> Because the patron protects the party from the “Risk Eaters” (that NSA / Spanish Inquisition group), they sort of have to oblige.
[19:14] <+ChadDubya> The adventure includes a lot of scenes of spycraft, social engineering, research, recon, etc.
[19:14] <+rpgresearch> no one expects the NSA Spanish Inquisition! 😛
[19:14] * ~Dan chuckles
[19:14] <+ChadDubya> Finally climaxing in a scene of infiltrating a castle…
[19:15] <+DaneAsmund> Okay, so more political/social/research
[19:15] <+ChadDubya> BUT… the castle has considerable security protocols and shards protocols….
[19:15] <+Zond> How does your setting reconcile the… timelessness (can’t think of a better word) of Tolkien style fantasy tropes with the massive information revolution that the Shardscape represents? For example you talk about killing orcs and slaying dragons. With an increased access to information, new cultures and differing points of view that the Shardscape provides,?
[19:15] <~Dan> Nice question, Zond!
[19:15] <+ChadDubya> For example, players need to authenticate to a shardnet to be permitted to the castle… but they need valid credentials… they can try to social enginner creds from a valid visitor, or try to capture them by snooping on the castle’s network
[19:16] <+ChadDubya> Zond, that question is awesome…
[19:16] <+Zond> (Cut my own question off, clearly not suited for internet based rpgs XD)
[19:16] <+ChadDubya> And takes a lot of doing…. so before I talk too much, I’m gonna point to a link:
[19:16] <+ChadDubya> (Link: http://cryptorpg.com/setting/)http://cryptorpg.com/setting/
[19:16] <+ChadDubya> read that later…
[19:17] <+DaneAsmund> So your core suggested campaign sounds very non-combat-y, but you talk about fighting orcs and dragons. What’s the combat like/does it utilize the tech components in the combat? (a question for after youre done with Zond’s) : )
[19:17] <+ChadDubya> But here’s the gist… the classic fantasy races and dilemmas are *slightly* remixed to explore what dwarves, elves, and medieval humans would look like if they suddenly entered the information age
[19:17] <+ChadDubya> (I’ll get to that DaneAsmund, soon)
[19:17] <~Dan> (Question pause after DaneAsmund’s question.)
[19:18] <+ChadDubya> So the elves, for example, exploit and harvest the forest, building massive supply chains to harvest a commodity called soma
[19:18] <+ChadDubya> they use Shardnets/Shardscape to command and control vast swaths of territory that their limited numbers can’t physically cover
[19:19] <+ChadDubya> So yeah.. you got bow-shooting elves in the forest… but they are also industrial expansionists protecting a modern supply chain of goods, using networks to manage hub-shaped villages
[19:19] <~Dan> Huh.
[19:19] <+ChadDubya> That’s one example. The human example is more complicated… if you take medieval modes of thinking, and suddenly given them a forum to speak anonymously about power and abuse, it gets crazy
[19:20] <+ChadDubya> So humans reconcile medieval modes of thinking with the power of the interwebs… and the powers that be exploit Shardnets and the Shardscape for the purposes of surveillance and control
[19:20] <+ChadDubya> Whew, ok, on to Asmund’s question… COMBAT AND STUFFS…
[19:20] <~Dan> “Big Brother Watcheth Thee”
[19:21] <+ChadDubya> Mmkay, where to begin…
[19:21] <+ChadDubya> So combat is pretty traditional… there are things like initiative (but whoever says “I attack” wins initiative)
[19:21] *** Silaninil has joined #rpgnet
[19:21] *** ChanServ sets mode +v Silaninil
[19:21] <+ChadDubya> There are small HP pools and wounds of varying degrees, with things like armor ignoring certain wound levels outright, etc.
[19:22] <+ChadDubya> There are classic spells like chucking fireballs, but yes, there are a number of places where Shards/tech interface with combat
[19:22] <~Dan> (Howdy, Silaninil!)
[19:22] <+ChadDubya> For example, there is a spell that let’s a character transport through a Shardnet if they are able to decrypt a message sent from that origin…
[19:23] <+ChadDubya> So basically, teleport to your enemies data center, kill their admin, and issue a “surrender” command to the opposing army
[19:23] <+ChadDubya> Also, think about a medieval army that had iPhones
[19:23] <+ChadDubya> there tactics are totally different
[19:23] <~Dan> I would think so.
[19:24] <+ChadDubya> Think about guards in a castle in most games… now think about those same medieval guards connected via a Shardnet, calling in suspicious activity, requesting reinforcements, and sharing intelligence.
[19:24] <+ChadDubya> They would act more like modern police forces…
[19:24] <+ChadDubya> You can’t just “dispatch” sentries… because the admin will be doing welfare checks with challenge questions
[19:24] <+ChadDubya> Also, if you don’t know what keys the guards are using to encrypt their communications, you can’t pretend to be that guard you just dispatched
[19:25] <+ChadDubya> So in all things combat, and all things violent, there is always a security/cyber/tradecraft component.
[19:25] <+ChadDubya> As far as Dragons go? Man, this gets fun…
[19:25] <+ChadDubya> Dragons are horrible 60 ton monsters of legend, right? Like… Godzilla…
[19:25] <+ChadDubya> But brilliant and old.
[19:26] <+ChadDubya> So they hang out on the Shardscape and pretend to be human
[19:26] <+ChadDubya> Pretend to be a farmer, etc.
[19:26] <+ChadDubya> Basically, the Shardscape’s anonymity allow a dragon to interact with mortal races in a way that a 60 ton mythical beat couldn’t…
[19:27] <+ChadDubya> The game’s dragons are 1 part Godzilla, and 1 part “Wintermute” from Gibson’s Neuromancer… a bodyless consciousness on the net just looking for friends.
[19:27] <~Dan> That’s… pretty darn cool.
[19:27] <+ChadDubya> Of course, if you hurt it’s feelings, or its friends, or troll it on the interwebs, it might just raid your city and belch hellfire at everyone.
[19:28] <~Dan> Do Trolls troll in the setting? 🙂
[19:28] <+ChadDubya> One last part about tech/crypto and combat…
[19:28] <+ChadDubya> There are crypto spells in the game that work in the physical space, not just the Shardscape.
[19:29] <+ChadDubya> A character can encrypt a physical portal (like a door or a window) with a key, and only those who know that key can pass through or even see that space…
[19:29] <+ChadDubya> So in one playtest campaign, a player casted Maze to encrypt a corridor, which blocked a horde of orcs from barrelling down a tunnel to kill them.
[19:30] <+ChadDubya> Now, if you know the key, it doesn’t work… so another player cast a spell that makes local insects chirp super loud, drowning out the keyphrase that the Maze caster used…
[19:30] <+ChadDubya> So the orcs couldn’t hear what key was used during the casting
[19:30] <&GKG_Alan> ChadDubya, what’s the dice/mechanic system like?
[19:30] <+ChadDubya> (Dan… no trolls in the game… yet)
[19:30] <+rpgresearch> As for the expression of technology itself. It sounds closer in technicality to Stoll’s Cuckoo’s Egg, and further away from something like Stephenson’s Cryptonomicon? If I wanted to run a group of sys admins through, lets say adaptations of David Kahn’s The Codebreakers from various periods of history to help them learn more about encoding, encryption, etc. in an RPG setting (with your fantasy-sci-fi-modern-mix setting), doe
[19:30] <+rpgresearch> s the system work well with a more “techie” approach, or is that going to be mostly on the GM and Player’s role-play side of things? (You probably saw on my site I like to use RPGs to teach specific subjects).
[19:31] <+ChadDubya> Cool, I’ll get to rpgresearch question after GKG_Alan’s question
[19:31] <~Dan> Oh, and before you answer GKG_Alan’s question, do you have a character sheet we can see?
[19:31] <+ChadDubya> Character sheet is here… might have to zoom in…
[19:32] <+ChadDubya> (Link: http://cryptorpg.com/mechanics/)http://cryptorpg.com/mechanics/
[19:32] *** Ampersand has joined #rpgnet
[19:32] *** ChanServ sets mode +v Ampersand
[19:32] <+ChadDubya> Also GKG_Alan, some of the mechanics are discussed there… but simplified.
[19:32] <+ChadDubya> A more elaborate discussion on the game’s mechanics is here: (Link: https://forum.rpg.net/showthread.php?781271-Cryptomancer-A-fantasy-role-playing-game-about-hacking)https://forum.rpg.net/showthread.php?781271-Cryptomancer-A-fantasy-role-playing-game-about-hacking
[19:32] <~Dan> (Howdy, Ampersand!)
[19:33] <+xyphoid> So how hard is this game going to be to run for people without an infosec feel
[19:33] <+xyphoid> er, without an infosec background
[19:33] <+ChadDubya> Basically, it’s dice pool with a finite set of possibilities… you roll 5 dice every time there is a contest or a skill check… WHICH dice you roll, however, depends on your stats.
[19:33] <&GKG_Alan> oh related question: Safehouses. Tell me about that? I love property/domain management rules.
[19:33] <+rpgresearch> From what you describe, sans the fantasy side, it reminds me of UpLink a little… Any “link”? 😛
[19:33] <+ChadDubya> GKG_Alan … look at the same rpgnet link… there is the Party Sheet and a discussion of the safehouse rules.
[19:33] <+xyphoid> like, let’s say you have sec-savvy players and not-so-much a GM
[19:33] <&GKG_Alan> hah ok
[19:34] <~Dan> (Question pause after xyphoid’s question.)
[19:34] <+ChadDubya> Ping me if you have more questions, but now onto rpgresearch’s question
[19:34] <+ChadDubya> OK, rpgresearch
[19:34] *** MonkofLords has joined #rpgnet
[19:34] *** ChanServ sets mode +v MonkofLords
[19:35] <~Dan> (Howdy, MonkofLords!)
[19:35] <+SirGene> I’m gonna be nice to Chad. I don’t want his minions hacking me!
[19:35] <+ChadDubya> First off, I actually started my “marketing” of the game by presenting the game’s IT abstraction to local security groups
[19:35] <+ChadDubya> including a local Defcon affilitation, but also a professional infosec org
[19:35] <+ChadDubya> Basically, people WAY smarter than me.
[19:36] <+ChadDubya> The presentation walked through the game’s abstraction of symmetric and asymmetric encryption on small shardnets
[19:36] <+ChadDubya> But then advanced to bridged shardnets (private networks) with actors of varying levels of trust
[19:36] <+ChadDubya> Then examples of sharing keys across hostile networks using public/private key crypto
[19:37] <+ChadDubya> Next, I introduced the Shardscape… which is the internet… a massive and dangerous shardnet to bridge with…
[19:37] <+ChadDubya> Which led to golems… In cryptomancer, golems are basically the marriage of a firewall and a web proxy
[19:37] <+ChadDubya> More details about golems at (Link: https://forum.rpg.net/showthread.php?781271-Cryptomancer-A-fantasy-role-playing-game-about-hacking)https://forum.rpg.net/showthread.php?781271-Cryptomancer-A-fantasy-role-playing-game-about-hacking
[19:38] <+ChadDubya> Look for the picture of the giant steam powered squid
[19:38] <+ChadDubya> Golem management gets pretty advanced
[19:38] <+ChadDubya> because players need to issue orders to golems to do things like open ports (or rather, listen for specific keyphrases on the Shardscape and report those back to the player’s private shardnet)
[19:38] <+ChadDubya> FINALLY… I got into attacks
[19:39] *** Silverlion has joined #rpgnet
[19:39] *** ChanServ sets mode +v Silverlion
[19:39] *** ChanServ sets mode +ao Silverlion Silverlion
[19:39] <~Dan> (Howdy, Silverlion!)
[19:39] <+ChadDubya> from basic eavesdropping, to brute force attacks on weak keyphrases, to reflected distributed denial of services attacks, to SEO attacks, and everything in between
[19:39] *** Monochrome_Tide has quit IRC: Ping timeout: 481 seconds
[19:39] *** WineDarkSea has quit IRC: Disintegrated: AndroIRC – Android IRC Client ( (Link: http://www.androirc.com)http://www.androirc.com )
[19:39] <+ChadDubya> Basically, all these techie guys and gals loved it
[19:40] *** Monochrome_Tide has joined #rpgnet
[19:40] <~Dan> That’s awesome. 🙂
[19:40] *** ChanServ sets mode +v Monochrome_Tide
[19:40] <~Dan> (Howdy, Monochrome_Tide!)
[19:40] <+ChadDubya> Because it was all based on real attacks and defences. DDoS for example, involves an actor knowing a golem’s true name… putting a provactive statement on the Shardnet (I’ll give you a million dollars if you reply), but tell everyone to reply using the golem’s true name
[19:41] <+ChadDubya> Now the golem is getting slammed by people falling for a 419 scam
[19:41] <+ChadDubya> But it’s basically a reflected DDoS over UDP, like if you saw a bunch of IoT devices or compromised routers slamming a website
[19:41] <+ChadDubya> SO
[19:42] <+ChadDubya> I know I didn’t answer your question directly, but I thought I’d give you a survey of how deep the tech / risk / cyber stuff goes
[19:42] <+ChadDubya> I hope that *sort of* suffices for an answer…
[19:42] <+ChadDubya> OK, I know I missed another question
[19:43] <+ChadDubya> xyphoid
[19:43] <+rpgresearch> fyi, I’m juggling running a group right now, so will be catching up to here in spurts.
[19:43] <+ChadDubya> “How hard is the game for non-security people”
[19:43] *** Monochrome_Tide has quit IRC: Ping timeout: 180 seconds
[19:43] *** Monochrome_Tide has joined #rpgnet
[19:43] *** ChanServ sets mode +v Monochrome_Tide
[19:44] <+ChadDubya> It’s not hard at all! Some players will see their shard as their personal hacking engine… their own Kali Linux distro with all their hacking tools on it… others will see their shard as an iPhone… both are totally valid.
[19:44] <~Dan> Some will just use their shard to look at kitty pictures.
[19:44] <+ChadDubya> The game meticulously works through the ideas of security, risk management, defense in depth, and traditional physical security concepts.
[19:45] <+ChadDubya> So even if someone is not into the hacking aspects of the game, there is still plenty to do, plenty to contribute to. In fact, all the hacking stuff merely reinforces traditional RPG adventures
[19:46] <+ChadDubya> But like I said earlier, I had non-IT non-security people just doing totally devious stuff in my playtesting
[19:46] <~Dan> You mentioned the steam-powered squid… Aside from the Shardscape, how advanced is technology, magical or otherwise?
[19:46] <+ChadDubya> Also, I made the game to *teach* cryptography and privacy literacy to non-IT people, so it was super important that I took things slow in introducing concepts.
[19:47] <+ChadDubya> Dan, the game is on par with most fantasy games. It’s all medieval, no gun powder or electricity, but the dwarves have built steam powered thingies
[19:47] <+ChadDubya> There are industrial control systems though… machines managed through cryptogears (gears with shards imbedded that take orders over a shardnet)
[19:48] <+ChadDubya> So think of a castle where the admin can open/shut any door from his/her data center
[19:48] <+ChadDubya> Or scry through shards like they were IP cameras, and watch what’s happening
[19:48] <+ChadDubya> Or a railroad switching network, where an engineer can direct trains by issueing different commands over the shardnet
[19:48] <+ChadDubya> Of course, all these systems can be owned too! 🙂
[19:50] <&GKG_Alan> sounds awesome. What does your price point look like?
[19:50] <~Dan> In a lot of game settings with hackers and an Internet analog, things get pretty boring for the non-hackers when the hacker is doing his thing. Do you have a way of avoiding that situation?
[19:51] <+rpgresearch> Thanks for the answer on the tech level stuff ChadDubya. I will just have to check it the system out myself to see how well it maps to an educational setting then. Sounds very promising. 🙂
[19:52] <+ChadDubya> GKG_Alan, Right now, 10$ for PDF, 35$ for Hardcover/PDF combo. That price is low because this is basically my own form of activism and crypto/privacy advocacy. Its a 430 page fully illustrated book, with a professional artist…
[19:52] <&GKG_Alan> Wow
[19:52] <+ChadDubya> SPeaking of which, can I talk about my artist for a second! I’ll get to questions…
[19:52] <&GKG_Alan> well sign me up. Is there a preorder?
[19:52] <+ChadDubya> No preorder… but I’ll spam everyone when it comes out! 🙂
[19:52] <+ChadDubya> MY ARTIST:
[19:52] <~Dan> Sure, re: your artist!
[19:52] <+ChadDubya> Philipp Kruse
[19:52] <+Zond> A few more background questions. What is the twist on your orcs in the setting? How prolific is the shardnet, does everyone have access or are there haves and have nots, or people who live off grid?
[19:53] <+ChadDubya> The cover and 100% of my interior art, with the exception of some diagrams and teaching sections, was done by Philipp Kruse, a freelance illustrator from Hamburg, Germany. Philipp is insanely talented. I’ll point out two of his ArtStation works, *not related to Cryptomancer,* but demonstrative of his skill.
[19:53] <+ChadDubya> (Link: https://www.artstation.com/artwork/w0nzV)https://www.artstation.com/artwork/w0nzV
[19:53] <+ChadDubya> (Link: https://www.artstation.com/artwork/ybLPK)https://www.artstation.com/artwork/ybLPK
[19:53] <+rpgresearch> I think I might have to do a new episode of “Tech Talk With Hawke” on this game when it is released. Will hard copies be available (sorry if I missed that question already)? Or only PDF?
[19:53] <+ChadDubya> THAT ART IS NOT CRYPTOMANCER ART… it’s just to show how good he is
[19:53] *** SirGene has quit IRC: Disintegrated: (Link: http://www.mibbit.com)http://www.mibbit.com ajax IRC Client
[19:53] <+ChadDubya> Some is NSFW, you’ve been warned
[19:53] <+ChadDubya> I connected with him because he is clearly comfortable with both fantasy and sci-fi… the right mentality for this game. Now because this is an indy project and I’m not independently wealthy, Philipp and I negotiated a retro gray-scale sketch art style, reminiscent of early 90’s RPGs.
[19:54] <+ChadDubya> I’ve only shown small, early, and incomplete sketches of his work on my website. The final project will have at least 21 full page pieces by him.
[19:54] <+rpgresearch> ah, now I see that answer to the hard copy (still catching up)
[19:54] <+ChadDubya> Dan to your question next…
[19:54] <+ChadDubya> Hacking SUCKS in most games… let’s face it…
[19:55] <+ChadDubya> In this game, there is no “hacker” class, and no “hacking” skill…
[19:55] <+ChadDubya> Every character starts with a shard, connected to the party’s private shardnet
[19:55] <+ChadDubya> They will all use it just like a phone (except it’s instant and silent)
[19:55] <+ChadDubya> To interact with an enemies shard, you need to get physical possession of it
[19:56] <+ChadDubya> But then you can access it, or, even better, bridge it to your party’s private shardnet… now ALL the party can access it
[19:56] <+ChadDubya> So there is no “Wait while I resolve this hacking scene with this one player”
[19:57] <+ChadDubya> All the actions int he shardscape are instant… you either know or don’t know the keyphrases the enemy used to encrypt… you don’t roll for it
[19:57] <+rpgresearch> so a bit like “freenet” for friend-to-friend inter-shard access?
[19:57] <+rpgresearch> (darknet type)
[19:58] <~Dan> There’s no matrix-like VR landscape in the Shardnet?
[19:58] <+ChadDubya> absolutely… except it’s all in cleartext if you don’t take a second to inject a keyphrase and encrypt. Which means if an enemy picks up your shard, they can review the contents of all your plans…
[19:58] <+ChadDubya> No matrix like VR
[19:58] * ~Dan nods
[19:58] <+ChadDubya> It’s more like WWII naval radio communications
[19:58] <&Silverlion> What’s up?
[19:58] <~Dan> Ah, I see.
[19:58] <+ChadDubya> Next… Zond…
[19:59] <~Dan> Silverlion: (Link: http://cryptorpg.com/)http://cryptorpg.com/
[19:59] <+ChadDubya> “What is the twist on your orcs in the setting? How prolific is the shardnet, does everyone have access or are there haves and have nots, or people who live off grid?”
[19:59] <+rpgresearch> blech on no encrypt. So over time the game teaches them to encrypt their shards and network so that stops compromising them?
[19:59] <+ChadDubya> (rpgresearch… yup, basically. But it gets complicated… I had playtesters resuse a keyphrase they didn’t know was compromised…)
[20:00] <+ChadDubya> Twist on orcs…
[20:00] <+rpgresearch> heh heh
[20:00] <+ChadDubya> None! Classssssic orcs.
[20:00] <+ChadDubya> They show up, and they never… stop… coming…
[20:00] <+ChadDubya> Basically, the game’s bestiary tells the GM how to run monsters
[20:00] <+rpgresearch> A la Nazi Enigma
[20:00] <~Dan> Do orcs use shards?
[20:01] <+ChadDubya> For orcs, they are super super easy to kill but they simply never stop coming ever… the PCs must retreat, or do a stopping action (blow a bridge, collapse a tunnel, run away). You straight up can’t win a toe-to-toe with orcs.
[20:01] <~Dan> They sound like zombies.
[20:01] <+ChadDubya> Orcs *probably* can use the shardscape, but it’s not discussed in the rules. They are are a physical menace and a natural disaster… they do have language, so theoretically, they could use shards
[20:02] <+ChadDubya> Yup! Though the game has zombies too! Of course.
[20:02] <~Dan> Of course. 🙂
[20:02] <+rpgresearch> darn hard to kill those zombie processes sometimes. 😛
[20:02] <+ChadDubya> lol
[20:02] <~Dan> Mind if we go back to the system for a moment?
[20:02] <&Silverlion> I like the idea of the game, but I’m not quite sure how the internet thing works because I got here late (sorta)
[20:02] <+ChadDubya> Zond… shardnet proliferation.
[20:02] <+ChadDubya> Rich people (like the party’s patron) have private shardnets
[20:03] <+ChadDubya> Everyone else uses the Shardscape… the public interwebs…
[20:03] *** GKG_Alan is now known as GKG_Away
[20:03] <+ChadDubya> Shardscape shards are HUGE and basically work like a phonebooth
[20:03] <+ChadDubya> the public has to stand in line and wait their turn
[20:03] <+ChadDubya> But the public also has the town board
[20:03] <+ChadDubya> Encrypt a scroll with a keyphrase only your recipient knows, and post it on the town board
[20:04] <+ChadDubya> It’s in the clear light of day, but only your recipient can read it
[20:04] <+ChadDubya> assuming you chose a strong keyphrase
[20:04] <+ChadDubya> there are couriers that move scrolls from townboard to townboard in different towns, like a postal service
[20:04] <+ChadDubya> Many people use the slow moving town board system because they think the Risk Eaters can compromised the Shardscape
[20:04] <+ChadDubya> (they haven’t… well….. sort of… )
[20:05] <+ChadDubya> Who’s next… Dan or Silverlion?
[20:06] <+ChadDubya> Dan it is… Silverlion can catch up later
[20:06] <+ChadDubya> Dan question about system?
[20:06] <~Dan> Yes, I’m still not clear on the core mechanic.
[20:06] <~Dan> Can you give us an example of, say, jumping over a chasm?
[20:07] <+ChadDubya> Yeah, let me steal some language from the book
[20:07] <+ChadDubya> Or a forum post
[20:07] <+ChadDubya> or something
[20:07] <+ChadDubya> Every character has a set of core statistics and attribute statistics. In the picture below, the four large core statistics (Wits, Resolve, Speed, and Power) represent one’s ability to resist the world (avoid being tricked, resist fear, get out of the way of an attack, or resist the effects of poisons).
[20:07] <+ChadDubya> *nevermind the part about picture… look at the character sheet maybe?*
[20:07] <+ChadDubya> or the core stats, they are ranked either 4, 6, or 8, which translates into Trivial, Challenging, or Tough. GMs pick one of these descriptors to assign difficulty to a task that a player wants to perform.
[20:07] * ~Dan nods
[20:07] <&Silverlion> Link to PC sheet?
[20:08] <+ChadDubya> whoops
[20:08] *** Geek2theRight has joined #rpgnet
[20:08] *** ChanServ sets mode +v Geek2theRight
[20:08] <~Dan> (Link: http://cryptorpg.com/mechanics/)http://cryptorpg.com/mechanics/
[20:08] <~Dan> (Howdy, Geek2theRight!)
[20:08] <+ChadDubya> For the core stats, they are ranked either 4, 6, or 8, which translates into Trivial, Challenging, or Tough. GMs pick one of these descriptors to assign difficulty to a task that a player wants to perform. In the case where a player wants to perform a task against another character, the targeted character’s core rank determines the difficulty of that task (re
[20:08] <+ChadDubya> SO
[20:08] <+ChadDubya> Great, so it’s easy to determine the difficulty of a task, and task resolution uses the same mechanic whether it is an opposed roll, unopposed roll, a roll made against groups, etc. So what dice are thrown and how do you resolve that roll?
[20:09] <+rpgresearch> love the open bulletin board approach integrated, lol, ah the 80s. 🙂
[20:09] <+ChadDubya> When you always throw 5 dice, no matter what. It’s just that the makeup of the dice are determined by an actor’s attribute statistics (remember, they measure a character’s ability to influence the world). Basically, you throw a D10 for each rank of an attribute you have, and you fill in the rest with D6’s, until you have 5 dice.
[20:10] <+ChadDubya> If your Attribute of Agility is 3, you roll 3D10 plus 2D6. That is, 3 attribute/skill dice… and 2 Fate dice.
[20:10] <+ChadDubya> If your Attribute of Agility is 5, you roll 5D10 and no D6s.
[20:10] <~Dan> What’s the relationship between attributes and skills?
[20:10] <+ChadDubya> On each dice, you are trying to get 4+, or 6+, or 8+ depending on the difficulty of the task.
[20:11] <+ChadDubya> Each Attribute manages a domain of 4 skills. Those 4 skills ALL use the Attribute they are tied to, for the purposes of resolution.
[20:11] *** Anise has quit IRC: Disintegrated:
[20:12] <+ChadDubya> There are Talents (Perks) that give bonuses or special rules to certain skills, but generally, just the Attribute determines what dice you roll.
[20:12] *** SilverBolt has joined #rpgnet
[20:12] *** ChanServ sets mode +v SilverBolt
[20:12] <~Dan> (Howdy, SilverBolt!)
[20:12] <+ChadDubya> Sorry if this is cobbled, I’d refer to this link again: (Link: https://forum.rpg.net/showthread.php?781271-Cryptomancer-A-fantasy-role-playing-game-about-hacking)https://forum.rpg.net/showthread.php?781271-Cryptomancer-A-fantasy-role-playing-game-about-hacking
[20:12] <+rpgresearch> are players able to pool resources through their shards for combined efforts?
[20:12] <~Dan> So the skill simply lets you apply the attribute?
[20:12] <+ChadDubya> It discusses task/skill resolution, but with pictures and diagrams
[20:13] <+ChadDubya> Sort of. All characters technically get all skills. You don’t choose skills.
[20:13] <+ChadDubya> Talents, however, make some people extra special at some skills.
[20:13] *** Ampersand has quit IRC: Ping timeout: 185 seconds
[20:13] <+ChadDubya> Book example of Acrobatics (or jumping over chasm):
[20:14] <+ChadDubya> Acrobatics This skill determines a character’s ability to jump, tumble, flip, and perform other balance-stressing acrobatic feats.
[20:14] <+ChadDubya> To avoid a torrent of lava flooding the dwarven crypt, Thrace attempts to jump up into the rafters. Thrace has an Agility rank of 3. The GM determines this is a challenging task (6+). Thrace’s player rolls 3 attribute dice and 2 fate dice, hoping to get at least 1 success.
[20:14] <+ChadDubya> Evading injury, achieving a tactical advantage, or traversing an obstacle are good ways to resolve success. Losing equipment, injuring oneself, or accidentally destroying objects are good ways to resolve failure.
[20:14] <+ChadDubya> end book example
[20:15] <~Dan> Okay, follow-up question.
[20:15] <~Dan> If dice max out at 5, how do you handle superhuman attribute levels?
[20:15] <~Dan> Like, say the Strength of one of those kaiju-like dragons you mentioned.
[20:16] <+ChadDubya> I don’t! Players are mortal, period. 5 is really good, but you can still critically fail with 5. It’s just unlikely (in the very low single percentile odds)
[20:16] <+ChadDubya> Because 1’s are botches on skill dice
[20:16] <+ChadDubya> BTW, 1’s AND 2’s are botches on fate dice (d6’s)
[20:17] <+ChadDubya> For superhuman things like dragons…
[20:17] <+ChadDubya> It’s more about special or narrative rules
[20:17] <+ChadDubya> In my dragon section, it’s more about how many NPCs or allies die per turn
[20:17] <+ChadDubya> Sort of like most Cthulhu books
[20:18] <~Dan> What about a less extreme example, like an ogre (or the equivalent)?
[20:19] <+ChadDubya> OK. So all “threats” in the game… monsters, adversaries, etc. Are basically categorized as Trivial, Challenging, or Tough…
[20:19] *** DebraHP has joined #rpgnet
[20:19] *** ChanServ sets mode +v DebraHP
[20:19] <+ChadDubya> Meaning they have a stock set of stats depending on that category.
[20:19] <~Dan> (Howdy, DebraHP!)
[20:19] <+DebraHP> (Hey, Dan)
[20:19] <~Dan> (DebraHP: Tonight’s topic: (Link: http://cryptorpg.com/)http://cryptorpg.com/ )
[20:19] <+ChadDubya> Something that is Tough basically has very high Core ranks (all 8… meaning you need to roll an 8+ to hurt that thing) and 4 for all Attributes.
[20:20] <+ChadDubya> So an ogre or something large would probably be given a category of tough, and mechanically, the GM would run them just like another Tough threat, like a Risk Eater
[20:21] <+ChadDubya> However, like I mentioned earlier, the bestiary section advises the GM *how* to run that thing
[20:21] <+DebraHP> (thanks, Dan)
[20:21] <+ChadDubya> So if you are fighting a Gnoll (which, in Cryptomancer, is basically a fantasy version of the sci-fi monster Predator), you play it like a hit and run bogey man
[20:22] <+ChadDubya> The Gnoll is a master of psychological warfare, so it’s going to use its high Attribute rolls to sneak, to bellow loudly and scare people, to lie to people (I’ll let you go if you give me your weakness to eat), and eventually, do physical harm
[20:23] <+ChadDubya> So there is no stat blocks for creatures, other than their Trivial/Challenging/Tough category… but TONS of GM advise in how to set the scene for a threat
[20:23] <+Geek2theRight> Weakness . . . to eat?
[20:23] <+Zond> You mentioned at the start that your goal was to teach and inform fools like myself on infosec, and also to make the current questions of privacy and security in our society more accessible. Without getting too political, what position (if any) are the PCs assumed to take in the society?
[20:24] <~Dan> (I assume he meant “weakest”.)
[20:24] <+ChadDubya> weakest… yup
[20:24] <+ChadDubya> “Just let me eat that person and I’ll totally let the rest of you live”
[20:24] <+ChadDubya> Zond The players don’t have a choice. The Risk Eaters hate them and they are on the run.
[20:25] <+ChadDubya> The Risk Eaters… again… the NSA meets the Spanish Inquistion meets Mordor… take their orders from dwarven prediction machines
[20:25] <+ChadDubya> the Machines tell them that the party are future despots, tyrants, terrorists, disruptive cult leaders, or proliferators of WMDs
[20:25] <+ChadDubya> the Risk Eaters TRULY BELIEVE the party is evil, so they need to find and destroy them
[20:26] <~Dan> Sounds a bit like Minority Report.
[20:26] <&Silverlion> A friend of mine who is very very computer saavy has been pointed at this now…
[20:26] <&Silverlion> 😀
[20:26] <+ChadDubya> Frankly, the game does have a ton of thinly veiled commentary about the national security community and things like privacy and surveillance… backdooring protocols and golem’s through coercion, etc.
[20:27] <+ChadDubya> So in short, the “bad guys” in the game are actually heroic and good… and maybe the dwarven prediction engines are wrong about the players…
[20:27] <+ChadDubya> But it doesn’t matter. The players are enemies of the state and nothing can undo that.
[20:27] <+ChadDubya> Thanks Silverlion
[20:28] <+Zond> Sounds less like classic fantasy with a twist and more like a nightmare dystopia. Or possibly something more like a dark Pratchett setting.
[20:28] <&Silverlion> I mean,its a really different take on fantasy.
[20:29] <+ChadDubya> On the topic of politics… there is a Cryptomancer short story here… it’s called “The Father of Space and Time”
[20:29] <+ChadDubya> (Link: https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-official-and-unofficial-contests/creative-writing-defcon-short-story-contest-ab/223422-people-s-choice-part-two)https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-official-and-unofficial-contests/creative-writing-defcon-short-story-contest-ab/223422-people-s-choice-part-two
[20:29] <+PaladinElliott> i haven’t seen anything on the core leveling, complete a mission get xp, level cap, all pretty standard?
[20:29] <+ChadDubya> It is a thinly veiled Edward Snowden allegory about a dwarf who gets enlisted with the Risk Eaters
[20:30] <+ChadDubya> Mmkay PaladinElliot… here goes.
[20:30] <+ChadDubya> Leveling is slow. Every character gets 1 talent point (to buy perks and spells, ranging from 1 to 3 points each) at the end of each session.
[20:30] <+ChadDubya> If the characters truly wow their GM by hacking something (a system, a person, a business process, etc.), they get an extra one.
[20:31] <+ChadDubya> Players gain 1 Attribute point at the end of a campaign (ranging from 4-6 sessions).
[20:31] <+ChadDubya> That’s it.
[20:31] <+PaladinElliott> i like it
[20:31] <+PaladinElliott> steady, have to earn it
[20:31] <+ChadDubya> And honestly, most characters won’t make it that far…
[20:31] <+ChadDubya> The game includes something akin to a Doom Tracker
[20:31] <+ChadDubya> called “Risk”
[20:31] <+ChadDubya> It’s on the party sheet…
[20:31] <+PaladinElliott> roger
[20:32] <+ChadDubya> Basically, bad operational security and worse rolls generate Risk
[20:32] <+ChadDubya> Risk determines when the Risk Eaters attack
[20:32] <+ChadDubya> And you really don’t want to fight Risk Eaters
[20:32] <+ChadDubya> Players can actually buy successes on rolls, but that generates risk
[20:32] <+ChadDubya> so there are these tradeoffs between succeeding at an important roll now, but imperilling the campaign
[20:33] <+PaladinElliott> a risk and reward system as well
[20:33] <+ChadDubya> In one playtest, the Risk Eaters attacked at the very very last scene of the game, after they survived an epic battle and were barely recovering from injuries
[20:33] <~Dan> Ouch.
[20:33] <+ChadDubya> It is because they generated so much risk winning that battle (buying successes to get crits)
[20:34] <+ChadDubya> Then, during a medical stabilization roll, someone rolled a critical failure… which kicks off another roll based on the level of Risk the party has
[20:34] <+ChadDubya> Failing that second roll, Risk Eater assassins burst onto the scene. The party was too injured to flee or stand a chance.
[20:34] <+ChadDubya> But the players knew the risks when they were buying all those successes.
[20:35] <+ChadDubya> In short, players can actually buy their way to epic successes all the time and be truly heroic on a whim… but at what cost?
[20:36] <+ChadDubya> Zond … yes, this setting is actually extremely dark, but not in an obvious or evil way…
[20:36] <~Dan> Can you describe how combat works?
[20:37] <+ChadDubya> Sure. It’s basically skill rolls, but the difficulty (Trivial 4, Challenging 6, Tough 8) is based on your target’s core ranks.
[20:37] <+ChadDubya> The defender also chooses which core rank to use to defend.
[20:37] <+ChadDubya> If I want to parry with a sword or a shield, I use my Power core rank.
[20:37] <+ChadDubya> If i want to dodge something, I use my Speed core rank.
[20:37] <+ChadDubya> If I want to resist a spell, I use my Resolve core rank.
[20:38] <+ChadDubya> Now, certain attacks can only be defend with certain core ranks, so it’s not as easy as choosing your best core rank.
[20:38] <+ChadDubya> For example, you can only parry an arrow if you have a shield.
[20:38] <+ChadDubya> Dodge (using Speed) is more versatile, can defend against anything, but actually adds damage if the attack hits you.
[20:38] <+ChadDubya> Etc.
[20:38] *** MonkofLords has quit IRC: Disintegrated: ~ Trillian – (Link: http://www.trillian.im)www.trillian.im ~
[20:39] <+ChadDubya> So in short, an attacker declares an attack, and the defend chooses her defence (which determines the attackers dice roll difficutly).
[20:39] <+ChadDubya> The attacker makes the roll, and you resolve it.
[20:39] <+ChadDubya> Weapons do a number of HP damage equal to the number of successes rolled plus or minus a small number.
[20:39] <+ChadDubya> HP pools for starting characters range from 6 to 10.
[20:40] *** GKG_Away_ has joined #rpgnet
[20:40] *** ChanServ sets mode +ao GKG_Away_ GKG_Away_
[20:40] *** jeffszusz has joined #rpgnet
[20:40] *** ChanServ sets mode +v jeffszusz
[20:40] <+ChadDubya> 3 points of damage is a critical wound, meaning you bleed 1 HP if you both move and act during your turn.
[20:40] *** GKG_Away has quit IRC: Ping timeout: 485 seconds
[20:40] <+ChadDubya> 4+ points of damage is a mortal wound, meaning you 1 HP per turn regardless.
[20:41] <+ChadDubya> Pretty lethal in playtesting. Both PCs and NPCs dropped like wet bags of poo.
[20:41] <~Dan> Sounds like it.
[20:41] <~Dan> How does armor work?
[20:42] <+ChadDubya> Couple ways to answer that. Mechanically and thematically. Mechanically first…
[20:42] <+ChadDubya> Armor typically ignores wounds of a certain damage level. For example, very light armor might ignore any attack that does 1 point of HP damage, but otherwise does nothing.
[20:42] <+ChadDubya> So if you are hit for 2 HP damage, you suffer 2 HP damage.
[20:43] <+ChadDubya> Very heavy armor might actually do 1 damage reduction.
[20:43] <+ChadDubya> So if you are hit for 2 HP, you suffer 1 HP.
[20:43] <+ChadDubya> Basically, light armor nullifies light attacks of 1 or 2 HP, but does nothing against strong attacks.
[20:44] <+ChadDubya> Thematically… this is a fun part… and it’s the same for both weapons and armor
[20:44] <+ChadDubya> During character creation… players pick their trademark weapon and trademark outfit, which they build like “mini-characters,” complete with their own stats and narrative qualities (for fun storytelling appeal).
[20:45] <+ChadDubya> You know how Dungeon World has these descriptive qualities that you can pick from a list to quickly add some interesting narrative flair to your character?
[20:45] <+ChadDubya> Cryptomancer has that too, but also for your trademark weapon and armor.
[20:46] <+ChadDubya> (done)
[20:48] <~Dan> Is magic specialized to work with the Shardscape, or can someone who can use magic affect both the physical world and the Shardscape?
[20:48] <+ChadDubya> There are about 40 spells. Maybe 6 of them for the Shardscape, the rest for the meatspace.
[20:48] <+ChadDubya> Most of them emphasize stealth, tradecraft, problem solving, etc.
[20:49] <+ChadDubya> e.g. psychometry… to read impressions or memories from an object.
[20:49] <+ChadDubya> e.g. mindwrite… to inject a memory or Manchurian killswitch command in someone’s mind
[20:49] *** Zond has quit IRC: Disintegrated: (Link: http://www.mibbit.com)http://www.mibbit.com ajax IRC Client
[20:49] <+ChadDubya> e.g. glamour… to change the appear of one’s age, gender, size, race (elf/dwarf/human), etc.
[20:50] <+ChadDubya> e.g. terraform … mend trees and flora to create structures, bridges, obstacles, cages, etc.
[20:50] <+ChadDubya> But also stuff like fireballs, magical shields to protect the party, etc.
[20:51] <~Dan> In what remains of regular time, is there anything we haven’t covered that you’d like to bring up?
[20:51] <+ChadDubya> Regarding shards… there are spells to geolocate shards, encrypt mindbombs that erupt in the brain of anyone who decrypts them, warp through shards, scry through shards like they were IP cameras, etc.
[20:51] <~Dan> (And please know that you’re more than welcome to hang out with us and field questions as long as you like.)
[20:52] <+ChadDubya> I think I developed carpal tunnel tonight
[20:52] <+ChadDubya> and it was worth it!
[20:52] *** Skullz has quit IRC: Disintegrated: (Link: http://www.mibbit.com)http://www.mibbit.com ajax IRC Client
[20:52] <~Dan> 🙂
[20:53] <+rpgresearch> ChadDubya, definitely put me on your announcement email list. 🙂
[20:53] <~Dan> A quick reminder to our readers that my tip jar is here: (Link: https://gmshoe.wordpress.com/the-gmshoes-tip-jar/)https://gmshoe.wordpress.com/the-gmshoes-tip-jar/ 🙂
[20:53] <+ChadDubya> you got it man, and i’ll be checking my email soon
[20:53] <+ChadDubya> and thanks again to Dan
[20:53] <+PaladinElliott> i have a lot to cover from all the links
[20:54] <~Dan> Absolutely, ChadDubya!
[20:54] <+PaladinElliott> thank you!
[20:54] <~Dan> If you’ll give me just a moment, I’ll get the chat logged and link you.
[20:54] <+ChadDubya> Totally. And Dan posts the logs, so no need to grab it all now
[20:54] <+rpgresearch> Thanks for doing this Dan and ChadDubya !
[20:54] <+PaladinElliott> hear hear!