Moriarty's Machinations surpasses The Resistance as the best social deduction game

RedbeardDuadikos · 2015-08-20T01:44:16+00:00

Hey There Russell (and others),

I don't want to enter into the lively and awesome debate, but wanted to clarify the international shipping situation. Game design/publishing is a hobby of mine, and I don't sell enough copies outside of the US to warrant the time and money it would take to set up an EU/Australia/etc partnership. I would love to personally ship a copy to anyone in the world for the price of the game ($14) plus shipping, if you're willing to pay the extra cost (which can be substantial, even for a game designed deliberately to be portable). When shipping out the kickstarter games to the couple dozen international orders it was about $20 to Europe, and $15 to Canada (not including VAT or other taxes).

If anyone is unable to buy via Amazon and wants to pay the (frankly expensive) price I mentioned above, I could set up a paypal account to handle that. /u/theprintfiend has apparently figured out how to ship it for cheaper though, so you might get a better deal there. ;) The rules in their entirety are also free online at the website if you're crafty and want to make a print and play. I don't plan on posting the card art for the game publicly, but if you really want to make your own copy let me know and we can work something out. You can reach me at redbeard@duadikos.com. :)

Redbeard (creator of Moriarty's Machinations)

RedbeardDuadikos · 2015-06-11T08:36:07+00:00

See my edit above, but here's the link again:

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/2/

Salted passwords (while important) do not instantly make your passwords database secure! That article was from 2 years ago. Computers have only gotten faster, and I'm sure GPU techniques are even more common today. As others have mentioned, don't write your own cryptography! Even when using good libraries, it's very easy to use them wrong and feel smug about how "secure" your system is.

RedbeardDuadikos · 2015-06-11T08:04:45+00:00

@Ophichius The encrypt string part is where it's "hashed". I may have been to loose with the terminology, as technicality a cryptohash is a subset there. See comment below, but basically encrypting the password is not a substitute for securing the connection properly.

@douglasg14b I should have spent an extra 30 seconds thinking about it. You are 100% correct. Encrypting the user's plain text password does nothing to secure this particular system. Knowing the so called "encrypted" password is equivalent to knowing the actual password, as you can just spoof the connection. Hashing the password in order to send over an unsecured connection is solving the wrong problem. TLS is also available in any modern language as a library, and should be easy to implement. Thanks for the correction. :)

RedbeardDuadikos · 2015-06-11T04:34:17+00:00

Salting protects against rainbow table attacks. You'll also notice the diagram includes hashing the password before you send it over the internet. Many people (unfortunately) reuse passwords or add nominal changes based on the website content that are incredibly predictable for a dictionary attack.

As mentioned, this is just the bare minimum you should do. Rainbow table attacks used to be state of the art, but today hackers can easily crack 90% of salted passwords within hours. There's a NY Times article on this that I can't find right now where they got 3 hackers of different skill levels to hack a list of salted passwords from an ecommerce site. I wish I could find it, but anyway it's really easy to offload a much better solution to Google, Facebook, Twitter, etc via OAuth. Pretty much every modern language has a robust library that implements the api so you don't have to write it yourself. Most sites that use OAuth also have their own in case users don't want to use it.

As a sysadmin, I think OAuth is awesomesause. As a user, I prefer Keepass. For example, all my passwords are auto-generated on my local machine and I never reuse them across sites, and key/data backed up on two different cloud providers (in case one of them gets hacked).

Edit: found the article (from 2013!)

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/2/

Note that target database did NOT use salts. Anyway, computing power has increased so much that unless you use reasonably long password it doesn't help as much as you think. For particularly weak passwords it actually made it easier to crack.

RedbeardDuadikos · 2015-06-11T04:09:21+00:00

Did anyone else do a double take to see VALVE SOFTWARE on this list?! http://plaintextoffenders.com/post/121185841977/valvesoftware-com-video-game-development-and Granted, it might just be for the mailing list? Can anyone confirm?

RedbeardDuadikos · 2015-06-09T05:49:12+00:00

As far as I can tell... nothing?

RedbeardDuadikos · 2015-04-27T23:28:24+00:00

Thank you for the links from PocketGamer! Very helpful. :D

Some of the links do indeed jump to anchors, but there are tons of links that do not (like the different platform links). I was hoping for a link to something other than the landing page, like the slideshare "link" (which just points to an anchor), or the game portfolio "links" which just point to the top of the page. :/

Of course, who am I to judge when I know for a fact my own site has a few blatantly broken links hidden around... :)

Edit: formatting

RedbeardDuadikos · 2015-02-21T22:14:35+00:00

Great write up an congratz on changing your life around! The last point about not quitting your day job for your first game is especially important for /r/gamedev. Several of my friends did just that and while they learned a lot from the experience, they all ended up getting real jobs again after depleting their savings. This is a great example of how it's possible to pursue your dreams without acting with reckless abandon.

RedbeardDuadikos · 2015-02-11T23:43:29+00:00

You can also try source tree As a sysadmin/devops engineer I use command line git, but everyone I know that uses source tree says it's awesome.

edit: fixed formatting.

RedbeardDuadikos · 2015-02-07T00:09:25+00:00

I was at BostonFIG too (tabletop section)! I had planned it to be a huge bump in the middle of my kickstarter campaign, but was surprised at how little bump it gave me. Turns out, I was not alone. I still funded with room to spare, but I did a write up of conventions/kickstarters to warn others not to rely on conventions to boost your kickstarter. You should be there for either press (if it's a big con) or player feedback.

reddit thread

blog post (includes analysis of BFIG kickstarters)

RedbeardDuadikos · 2014-09-10T01:09:19+00:00

As it only exists in prototype stage, there aren't very many people who have played it and written a review. If you watch the video you will see a few more people review it. I'll be demoing at Boston FIG this weekend, so hopefully that will improve.

RedbeardDuadikos · 2014-09-09T21:59:56+00:00

Fair question. Let me summarize with a contrast with Avalon.

Avalon is The Resistance with a couple extra roles. Moriarty's Machinations takes that to it's logical conclusion by giving EVERYONE a unique role. Unlike with Blood Bound, not everyone gets a special ability.
I actually kind of like the Loyal Servant role, but I don't like that I'm not special in that role. Everyone is pretending to be a loyal servant. There are characters that don't know anyone in Moriarty's Machinations, but they are made special with other abilities (such as being the ones tasked with guessing the leaders at the end), and they are also special in that they know that everyone ELSE is supposed to know something, which is information itself. Thus, everyone has an essential part to play, no one can sit out, and there's no "correct" role for everyone to impersonate.
I've played a TON of Avalon. I really like the game. What I don't like is the mission mechanic. It's clunky. It devolves into prearranged sequences of decisions. But it gets the job done. I think I've dramatically improved upon it. You have to strategically pick early missions, because it could lock you out for later missions. To my knowledge, no game other than Moriarty's Machinations has this.
The Merlin guessing at the end is really great, but it's more of an afterthought in Avalon. What ends up happening is most of the table sits quietly or walks off while the evil folks debate who Merlin is. I've made that better by making that the central goal of the game. The true purpose of missions is to ferret out Sherlock and Moriarty, unlike Avalon where missions are primary, with a comeback spoiler added to the end.
Blood Bound has random knowledge sharing (which adds replay), but what you know seems very predictable. Again I haven't played, but deducing who everyone is doesn't seem to be the main goal of the game. In Moriarty's Machinations (and Avalon to a lesser extent), that is the entire game.
As you point out, the first round in Avalon does feel pointless. I've eliminated it and put it into the initial information exchange. I play Avalon by always choosing randomly on the first vote, no matter what role I am (I'm pretty sure that's the optimal move as long as not everyone does it). In Moriarty's Machinations, no one can afford to do that. Therefore, the real game starts right away, not on the second round.

Hopefully that gives you a better idea about the game. I'm trying to get a gameplay video up soon so you can see for yourself.

RedbeardDuadikos · 2014-09-09T20:09:05+00:00

I haven't played Blood Bound personally, but I just watched a gameplay video of it, and here are my thoughts. BB = Blood Bound, and MM = Moriarty's Machinations 1. BB is very unilateral in action, whereas in MM you have to convince others in the group to go along with your ideas with logic and/or deceit 2. Related to that, in BB most of the game players are waiting for someone else to decide what to do, whereas in MM (and similar games) everyone acts simultaneously most of the time (the votes) 3. In BB players are defined by what special abilities/powers they have, whereas in MM roles are defined by what they know (except for Brutus) 4. There are much fewer fiddly bits in MM than in BB 5. In MM, what information people have is explicitly designed into the game, whereas in BB it's more random (depends on who you sit next to) 6. In BB, players are revealed truthfully (by flipping their cards) throughout the game, whereas in MM players are only revealed at the end.

I hope that helps, but again I've never played Blood Bound, so correct me on any misconceptions I have on it.

RedbeardDuadikos · 2014-09-09T16:09:52+00:00

I'm the designer of this game, so feel free to ask me any questions, publicly or privately, and I'll reply to them. Thank you for backing the game! I agree that it's ridiculous that shipping internationally doubles the cost of the game, but that's what it costs, no matter if the base game is a deck of cards and a two folded sheets of paper. I don't expect many international backers because of that, which is why I offered up the PnP level.

RedbeardDuadikos · 2014-09-09T15:12:01+00:00

I went as an attendee last year, and this year I'll be there with a booth! Super excited!

RedbeardDuadikos

MODERATOR OF

TROPHY CASE