Oct 20 2009

Matter of Factors


One thing that Blizzard has not done a particularly good job of explaining two people is the Authenticator. I’d  like to be able to point you toward the stuff they’ve written about it, but I’m writing from behind the bars of a corporate proxy and firewall, blocked from most of the net (which means they have not found this site yet). In fact I am writing from inside a meeting that I really don’t want to pay much attention to.

The Authenticator is axiomatically a Very Good Thing, for both Blizzard and for the player. It’s obvious that Blizzard spends a fair amount of time and effort dealing with hacked accounts, and it’s obvious that the victim of a hacked account (and possibly their guild) feels even more pain. Very loosely speaking there are two ways that accounts get hacked: either a trojan keylogger is installed on the victim’s computer which captures the user name and password and passes it over to the EvilDoers, or the EvilDoers tricks the user into revealing them.

The Authenticator has two forms at the moment: a program that runs on the iPhone/iPod, and a physical dongle that can hang off your keychain. In either case the Authenticator creates a long number derived from a mathematically complicated calculation unique to that instance of the Authenticator (more or less). This number is used in conjunction with the user name and password – in other words it’s a form of two factor authentication. And it’s very secure.

Technically, theoretically, even two factor authentication schemes can be subverted. But in practice for WoW the effort and complexity of subverting the Authenticator is decidedly non-trivial. A trojan keylogger could easily capture the user name, password, and magic number, but that number becomes useless after 10 seconds. The EvilDoer would need to use those factors within 10 seconds to login to your account. Which is unlikely. In theory a trojan could be used to enable a man-in-the-middle attack… but really, it’s easier to farm gold than create this sort of hack.

The bottom line: use the Authenticator, it makes you much less likely to be hacked. It won’t protect you absolutely… Belmann says “always practice safe hex”.

Oct 17 2009

Needy and Greedy


One thing that Blizzard has been able to bring to the world of MMOs is the experience with and knowledge of just how nasty players can be to each other. They’ve put a lot of thought, and design, into how to mitigate against griefers and plain old jerks. A really good example of this is the loot system, which is not only extensive and flexible, it encourages and promotes interesting player mediated loot protocols that can be described in the Australian vernacular as A Fair Go.

Now that they have provided a facility for whoever received loot in an instance  or raid to send it on to another participant in the instance or raid, there is little chance of a well-meaning player accidentally getting stuff they can’t use, and there is almost no way for a greedy or malicious player unfairly gaining loot. (As an aside, the WoWWiki article linked above lists only one way to ninja items. Another way is for the instance or raid leader to set themselves to master looter, then not give out any of the looted items).

So in that space, what’s my own protocol for loot? Pretty simple really. For greens, I greed. Either Belmann will DE stuff, or my various alts will sell them – gold is always a Very Good Thing. The same generally goes for blues, but only in what I would think of as a low-level instance – 5 mans and low-level raids from Vanilla WoW and BC. Purples I only need if I need them, otherwise I pass. Why? Because I hope that everyone else will do the same. In my mind, this is the fairest way that I can approach loot. Like a variation on the prisoner’s dilemma, altruism and generosity might pay off in loot, but will almost certainly  pay off in reputation.

And that’s where the genius of Blizzard’s design of the loot system is revealed. Ultimately, the controlling factor is human mitigated. Jerks are generally punished, or ostracised, and team players (for whatever your definition of team is) are generally promoted.

Oct 7 2009

Raise a mug


Three cheers! Yet another WoW blog is launched onto the sea of, well, wetness. Nautical metaphors fall down fairly quickly (sink?) when applied to this online world.

Anyway! Hello!

Head over to the About page for the history, the why, the who, the what. I won’t repeat it here. Belmann needs to level cooking, tailoring and enchanting, and time is a-wasting.