A tale of seven suppliers

So, I've been doing a bit of shopping of late, because... reasons, to follow in another post (or actually, probably podcast!). Various items, from seven different suppliers depending on availability, price and a few other criteria, from (literally) A to Z, though I'm not going to name names, although you should be able to work a few out. So. In alphabetical order...

#1

A box-shifter, it would appear. Cheapest for a couple of items, but I foolishly failed to notice one item was on backorder. They will not split orders, even when it's glaringly obvious that one of the items is out of stock and in fact out of print everywhere. Support desk, and I quote verbatim, "Inline with our shipping policy page and backorder policy page sir we do not split orders". Just flat out unhelpful. Order now cancelled: had they been more helpful about it I would have re-ordered as two orders, but I'm a little concerned that they actually don't give a toss, and my backorder would have hung around for ever. Either way, it cost them over £100 in sales. Reordered with #7, watching for the credit card refund like a hawk.

#2 

Probably the world's biggest. Own delivery chain. Two deliveries, both turned up next day as promised, rang doorbell, parcel in my hot and sweaty hands. No problems.

#3

Small 3D print seller on eBay - still waiting but they say 5-10 days so not stressed.

#4

EBay seller doing custom decals (I'd do my own but I can't print white). Shipped the next day (in fact, today), should be here Tuesday via Royal Mail.

#5

Well-known box shifter up in the NW. Both orders next day by Royal Mail. No complaints, have used them several times before and always been helpful.

#6

A doorbell. It even
says RING on it.

Another fairly well-known box shifter with an eBay presence, based in Notts. Everything ships as promised. However? They use Evri (Hermes as was), which means that if your local Evri driver happens to be a clueless muppet who can't spot a doorbell when it's under their nose, your parcel gets left outside the back door on the ground because I'm in the outside office, not where I can hear them knock.

#7

Odd site as their URL doesn't match their trading name. Second cheapest for most stuff (often cheapest if you cash in reward points or take advantage of their discounts), actually deliver when promised via Royal Mail. No complaints except that I spend more by looking for that 'one more item' to pass the discount price break :D

Figure scale vs. ground scale and related matters

This question cropped up again recently - in fact, three times this past week - and I figure it's time for a longer rant on the subject than last time,

The question gets asked so often it's definitely a FAQ: "Will these rules work with X scale figures and will I have to change anything?"

There are four things you need to consider here. Figure scale, ground scale, basing standards (if any) and the intent of the designer.

Let's start with the first two, because they go together. It's pretty simple, really: if your figure scale exceeds your ground scale, then you're fine. If it exceeds your ground scale by a LOT, then you might want to consider some adjustments. If your figure scale is less than your ground scale, you're probably going to want to consider some adjustments.

What do I mean by figure scale vs ground scale? OK, here are some examples:

Figure Scale (mm)	Equivalent Ground Scale (12" = X yards)
6	100
10	60
15	40
20	30
28	21
54	11

So...

For an example, Chain of Command's ground scale is 12" - 40 yards. Which is pretty much spot on the real scale for 15mm figures, and is why a LOT of people play it in 15mm. Scale compression, though, is a wargaming fact of life, because ranges are generally long, especially in more modern warfare, so there's no real problem playing it in 28mm, where ranges are effectively half what they should be.

Similarly, IABSM's ground scale is 12" = 100 yards, which is spot on for 6mm (and if you want to see just how awesome it looks in 6mm, check out Mark Luther's stunning gaming tables). But 15mm is decent enough - it effectively halves the ground scale which is still plenty. But I wouldn't play it in 28mm without some adjustments, for a number of reasons:

It's not to say you couldn't - but IABSM relies on moving by sections, and a 10 figure section takes up quite a bit of space in 28mm, which is where we come on to basing standards. Actually, IABSM doesn't have any (though quite a few folk use Flames of War style bases), but the point is that when compared to the ground scale, a 10 man section in 28mm is going to take up about 50 scale yards on the tabletop even ranked two deep. This, to my mind, is a bit much, and if I *were* mad enough to play IABSM in 28mm, I'd be looking at a much bigger table and probably doubling all ranges and movement, so that figures take up a sensible amount of space and ranges aren't stupidly short. Or, I guess, you could plonk 3-4 figures on a base and call it a section, but to my mind that's rather missing the point - see below.

Equally, I wouldn't play CoC in 6mm without some serious adjustment, since the ground scale is now bigger than the figure scale, and that's just flat out wrong. In fact, it's 2.5 times the figure scale, so one approach would be to try changing inches for cm on all measurements (which usefully reduces ranges and scales down to almost exactly 12" = 100 yards, the same as the figure scale), and move to a 3'x2' table.

There are some Napoleonic rule sets where a musket-armed line can only fire at targets directly ahead, If you change the ground scale, you will have to change the base width for a line to match, otherwise you'll break the intent of the rule designer. Pretty much any ruleset with a mandated basing size will fall into this category, because there will be some aspect of the rules where movement rate, range and unit frontage will interact, and you can't change just some of those.

The Society of Ancients' 54mm Bosworth Field game
from Campaign 2013

Which brings us to point 4 - the designer's intent. CoC is intended to be a skirmish game (admittedly on the large side, but it is clearly platoon+ level skirmish) - you're looking at individual figures, not serried ranks of troops. While you can do this in 6mm, and I'm sure if you had next to no space you perhaps might have to, it again rather misses the point, in my opinion. By the same token, while you could replace every figure in Sharp Practice with a block of 6mm's, or a section in IABSM with 3 28mms, it wouldn't be the same. It wouldn't feel right. (That said, I have seen Bosworth Field done in DBM with 54mm figures, and for what it was trying to do, it worked.)

With that all said, here are a few key rules to consider when you start tweaking things:

- don't change movement and ranges separately: change the ground scale - i.e. change ALL measurements equally
- consider whether unit basing is important when changing ground scale,
- figure scale less than ground scale is almost invariably a bad idea

There you have it. I feel better now :D

Kickstarters: a small rant

There is something about Kickstarters that provokes me to rant on occasions.

From Mantic's latest update on the new Deadzone Kickstarter.

"We've noticed this morning that one or two backers have raised their pledges artificially to help us speed through a stretch goal and see what's next, only to drop it again - sometimes at quite high values. This damages the project and negatively effects momentum. We ask that backers only raise their pledge if there's something they genuinely want to add-on. Thanks for your understanding!"

Jeez, people. Really?

Whoever you are who thinks they're being oh-so-clever there - stop being selfish and gaming the system, for <deleted>'s sake. People like you are why we can't have nice things. Grow up.

[Last chance to vote in the poll if you haven't - results tomorrow.]

TMP make it time to re-revisit the topic of password security...

In the light of a recent rather embarrassing disclosure about password security on TMP, it's time for another heads up/reminder about password security.

In this particular incident, sponsors' passwords are visible in the URL they use to access their stats. Moreover, those URLs have leaked onto Google, complete with password. And the powers that be at TMP seem remarkably unbothered about this.

Let's take a step back to a topic we discussed last year when some Kickstarter passwords leaked, and revisit the question of how passwords work, and all the security risks involved, step by step. Be warned, though, by the time I've finished I should have turned you into a paranoid wreck.

You type in your password.

There's a whole PILE of risks right here.. is your machine (is it your machine?) infected with a virus or trojan that's logging your keystrokes? Given a badly-designed web forum (say), I can install a keylogger on your browser by simply having you read a carefully crafted forum post.

Are you being watched (physically 'shoulder surfed')...?

Your password is sent to the server.

And the first question here is 'is it?'

Do you trust the wifi access point you just connected to? Really? Give me a morning, and I can knock together a very nice, convincing-looking access point which returns the WRONG answer to (say) 'where is Paypal' and presents you with a fake Paypal login page and grabs your password, then says 'sorry, login denied'.

And even if it is the right server, it's not immune to being 'sniffed' - if the server isn't talking HTTPS (the secure, encrypted way for you to talk to a web server - check for the padlock icon) then the channel between you and the server is NOT encrypted, and you're fair game to anyone who happens to have the ability to snoop... Give me that same morning, and I can build an access point that routes all the unencrypted traffic it receives through a proxy that looks for user credentials and takes a copy without you ever knowing (really, do you trust ALL the access points in the shopping mall, or airport?). Or I could probably wave a few Bitcoins somewhere on the Dark Web and get a device mailed to me that already does that.

(Oh, and just because the site responds to HTTPS doesn't mean it's safe: if you click on the little padlock icon, it'll tell you which organisation the security certificate is registered to - if it doesn't match the organisation you believe you're connecting to and it hasn't expired, something's amiss. Either that or someone's being appallingly sloppy with their security certificates.)

The server checks if you have the right password.

Now, as we discussed before, the way this is supposed to work is that your password is stored with a one-way encryption, i.e. one where creating the encrypted password is easy, but recovering the original text is prohibitively difficult. All the server has to do is encrypt the password you supply and see if it matches the stored encrypted one, it never has to, and never SHOULD, store the unencrypted one. (Unless, of course, it's being malicious.)

Of course, if you're lazy, ignorant, or bad, you don't bother encrypting the password, and store it in plain text. (One easy way to tell? tell the site you forgot your password: does it ask you to enter a new one, or send you the old one? If it's the latter, this is not good. Equally, does it do anything else (TMP, I'm looking at you) that indicates it knows your password?)

Why is this a risk?

If it's sniffable, or Googleable? You're at risk, obviously. If you're sloppy, and reuse passwords on other sites, you're doubly at risk. The defence 'but it's hard to find and/or not very important' isn't a good one either. This is 'security through obscurity', which is no defence at all once you've breached the obscurity!

To my mind, this indicates a lack of understanding of some key concepts in security, that or a dangerous level of arrogance. If I found a risk like this in my day job, I'd be looking even harder for other issues. If I as a security professional would, you can bet your bottom dollar there's some hacker out there having a good poke around TMP right now, in the hope of finding a backdoor into a database full of unencrypted passwords.

Passwords are gold. Passwords and the email addresses they belong to are better than gold, because people are generally lazy and sloppy about password reuse.

Do you even know you're accessing the site?

You're probably all looking a little blank here, but: suppose that it's possible for you to perform an action on your target site by sending it an appropriately crafted URL without any other human interaction - let's say for the sake of argument, you can award a customer a gift voucher (this is appallingly bad development practice, BTW - don't do it!). I send you an email, containing a handcrafted URL that I know awards me a gift voucher, as an image link.

The web browser in your mail client (c'mon, how do you think your mail client displays HTML mail) tries to fetch the image. Obviously, the reply it gets back won't be an image, so you'll see the broken  image icon. But, you will still have accessed the URL, and hey presto, I just got a gift voucher and it looks like you legitimately gave me it.


Scared yet?

Change your password. Use a password manager. Don't use the same or related passwords on different sites. Don't blindly trust unknown web access points. Don't trust sites that are flippant or dismissive about security issues.

Also, don't insert USB sticks you pick up in the car park or receive via unsolicited mail to find out who owns them or where they came from. But that's another story.

---

Disclaimer: just in case it's not obvious? I am an IT security professional: part of my job involves looking for places where my colleagues have, accidentally or through omission or laziness, released security risks into our code. In my job, the bad guys only have to win once: I have to win every time. 

I do not use or condone any of the above techniques, except where used as penetration test tools by the likes of me to validate the security of software with the author/owner's explicit consent. And the above techniques are all public knowledge - for crying out loud, most of them have their own Wikipedia pages! So please don't run screaming to accuse me of being a hacker, or enabling hackers.

Kickstarters and entitlement

Prompted by a tweet from Mike Hobbs, and an outstanding thought I never got to raise (because we ran out of time) on one of the Meeples' end of year shows in which we were also going to list our pet peeves of the year:

I really shouldn't read comments on kickstarters as I really get pissed off by peoples unrealistic sense of entitlement
— Michael Hobbs (@M_A_Hobbs) January 18, 2015

I know I've said this before, but once again it rears its ugly head (and yes, the best advice is still 'don't read the comments')...

Kickstarters are, when it comes down to it, a vehicle for (in general and hopefully) low-risk investment on the part of you, the punter, and low-risk fund raising for product/whatever development on the part of the designer. Nothing more. You are not entitled to insane quantities of figures at massive discount over store retail, just because it's a Kickstarter, and Mantic and Reaper have enough infrastructure, resources and fans to do that - they are the exception. In fact, if you see someone promising that on the kind of small run Kickstarter that seems to garner this kind of whinging and moaning? Start questioning their financial planning and common sense, and whether you should actually be risking your money.

Ultimately, what it says on the Kickstarter page is up to the person running the Kickstarter: if you don't like what the Kickstarter is promising, or what they're proposing to do with your money, then don't back it, and walk away. But please? Stop moaning. We seem to have lost sight, amid the headiness of things like Dreadball and the like, of what Kickstarter is actually for: you are the one helping the Kickstarter by putting up your money in advance under the terms they choose to specify, so they can both gauge demand and then have cash-flow available to pursue they project. They don't have to do anything special for you compared to an ordinary after-the-fact punter: yes, it's courteous to express gratitude to backers by some form of rewards, but some peoples' entitlement issues, that a backer should be treated like a close sibling of the Divine for even THINKING about waving money at the Kickstarter, are both greedy and preposterous.

End of rant.

Musing about copyright again

Y'know, for someone who actively dislikes both the 40K game and GW's business practices, I do have a fair few blog posts about it. "Methinks", to misquote the Bard, "he doth protest too much."

40K 7th edition is, apparently, out, to the usual collection of applause, curiosity and complaints about changes that break the system. Regular readers will be unsurprised to learn that, personally, I couldn't give the proverbial rat's posterior.

However, I am concerned to note that there are people blatantly making downloads of the text (both as ePub and PDF) available online.

Now, I do have to hold my hand up here and admit that I do have 'hooky' PDFs and/or ePubs of a few sets of wargames rules, but they are in all cases either long out of print (and sitting on my eBay watch list, as often as not, for as soon as a decent second hand copy comes along), or things for which I have a legal physical copy, wanted one for the iPad and one wasn't available. You are thus, if you wish, at liberty to call me a hypocrite for what follows, but I personally am very clear where I draw the line, namely at the point where I'm not paying for something for which the publisher/author is still in a position to take money from me for. That is unquestionably theft.

Seriously, folks? It may be GW, and it may be ridiculously expensive, but it it's a brand new, in print, set of wargames rules which you can buy. Whatever you think of their business practices, and whatever your views may be of the greyer area of out-of-print and/or digital copies of print rules, this is the wrong side of that line.

Heartbleed - time to visit the thorny topic of passwords again...

If you remember, we had a chat (well, I had a rant) about passwords when Kickstarter had their user DB hacked a while back. Go read it again: I'll wait.

Just in case you've not been following the news of late, here's a very good reason to change your passwords. Herewith the non-techie explanation:

A security hole[1] in some versions of the software that handles secure web connections has just been announced. In a nutshell, it's a programming error that allows a lovingly hand-crafted web request to undetectably coax a server into returning some of the contents of its internal memory. That internal memory is likely to contain recent unencrypted traffic - i.e. anything that passes from a browser to the site or vice versa. Session cookies. Passwords.

The bug has been out in the wild since the 14th of March 2012.

Of course, this isn't to say that someone has exploited it. But we (wearing my IT security hat here) have no way of knowing at the server end if they have done[2]

Not all sites are vulnerable (sites running on Microsoft software, sites with an older version of the software, for example). Many of the key ones were forewarned a couple of days before the vulnerability was announced, and it is an easy fix - just upgrade the software.

But:

Now would be a good time to go change your passwords. Just in case. (And Mashable has a list of which sites you should do it on NOW and which you should wait... which I hope is being actively updated.)

And as an aside, I have to admit now is about the time I'm seriously considering moving to a password manager that will generate and remember high-complexity passwords for me.

---

[1] leads to more technical explanation.
[2] but we can tell if a site is vulnerable. This list is interested on that score. Also, the password app LastPass now tells you if the site you're about to change your password on has been fixed yet, and thus, whether it's worth bothering yet.

Kickstarter and passwords....

Don't groan and hit 'next' on this one either, 'cause it's important. Even if you're not a Kickstarter user.

The following turned up in my email last night:

Important Kickstarter Security Notice

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.

The bit I'd like to emphasis is this[1]:

Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

"Enough computing power?" You're almost certainly using it to read this blog. Given a dictionary and a list of encrypted passwords, it's relatively trivial, especially if you know what encryption method is being used (which if not, it's probably pretty easy to figure out).

Why? Because you don't need to break the encryption[2]. All you need to do is what the site[3] does when it checks your password when you log in: encrypt what you type, see if it matches what's stored. If you encrypt the whole dictionary that way, and compare it against your list of stolen passwords? Watch the matches drop out. In fact? You don't even need the dictionary. Take a list of passwords from say, here, encrypt those... Of course, if you're serious about cracking passwords, you can do better yet.

I can't stress what the KS folks say enough but I'll add to it:

• Change your KS password now. Don't assume its secure just because it isn't a dictionary word or one of the top 100 bad ones!
• If you use that password anywhere else, change it there. Some lowlife out there now has a list of email addresses and encrypted passwords. If yours is one they cracked, where else can they log in?
• Pick more secure passwords everywhere as a matter of course. Because KS wasn't the first, and won't be the last. Your basic two choices are non-dictionary words (and don't just change letters to numbers, either!) or a passphrase... 
• If you have trouble remembering passwords, use a password manager like 1Password (which will also generate highly-random passwords for you) or similar. 
• If you use a password manager, for heavens sake make sure the one password you DO have to remember (namely its own password for its password store!) is both secure and one you can remember.

---

[1] Yes, people with IT backgrounds, I'm oversimplifying :D But unfortunately, so are a lot of web-site developers.
[2] In fact, you'd be daft to try. Most password 'encryption' algorithms are intentionally one-way for sane levels of computing power, i.e. you can't get the plain text given the encrypted text. Your mileage may vary if you're the NSA or GCHQ[5].
[3] Assuming the site is not so stupid as to store your password in clear[4].
[4] In case you'd ever wondered why you normally have to reset your password, rather than get the site to send you a new one? This is why. Because any sensible site doesn't KNOW your password. It only knows what it encrypts to, using a 'one-way' algorithm.
[5] *smiles* *waves*

Of rules and miniatures

Partially revisiting my post on "the rules" from a few weeks back, and partly prompted by a comment in the Meeples and Miniatures Facebook group by Sigur Squrrl. Advance warning - this might be a bit stream of consciousness-y and rant-y :D

"[...] Wargaming is free to design and miniatures not necessarily attached to rules."

Some rules, clearly, exist to sell miniatures. The king above them all is, of course, Warhammer 40K, but if you cast your eyes around you can see countless other examples, many these days via Kickstarter, where someone's come up with a neat idea for a set of rules and a setting, and a range of miniatures to match.

The thing is, some of us are starting to get conditioned to this. We buy the rules, then we buy the figures because they're designed to work with the rules. Depending on how obscure and idiosyncratic the setting is, they may be our only choice. And then (naming no names), out comes Version 2 of the rules, or perhaps Codexes A to D, and we buy more figures, because...

Well.

We like to justify it as being because the new rules have given us new choices, and/or because the forces in Codex A are just super cool.

Is the truth perhaps actually that it's because at least in part we're happy sheep and we want to play against everyone else whe's doing the same thing? Not that this is of necessity bad: just.. y'know? Tie your figures to your rules, and the best way to sell more figures is to write more rules! (And then there's the sad knock on effect that this almost invariably results in the infamous codex creep, followed by a re-baselining of force balance in a new version of the rules, followed by new versions of the codices, both of which as previously mentioned cause more figures to be bought... Stop me if you've seen this before!)

Historical gamers have it a bit easier: our settings have a very important attribute, in that they're not anyone else's property. History is not going to get litigious (oo, good word) just because (for the sake of example) Artizan, Crusader, Warlord, Black Tree, First Corps, Foundry, West Wind, PSC, Wargames Factory and heaven knows who else all produce 28mm WW2 figures. (Even if Lucasfilm and TSR may or may not have tried to trademark "Nazi". :D) And, let's face it, this is, when it comes down to, why Warhammer Historical is no more. Because GW aren't a rules company. They admit it in as many words.

But yet, and perhaps bizarrely, we still do it. I'd be intrigued to know how many of the armies at Rushden Phoenix club's recent Bolt Action tournament (at which three members of our club came back with trophies - well done guys!) were made of nothing but Bolt Action figures, and how many of those players had even considered, or were perhaps even aware of, other ranges. I'm as guilty as the next guy - my Napoleon At War armies (ok, ok, I'll admit it - my several kilos of unpainted lead!) are entirely made by, you guessed it, Man At War. And I have no defence (well, except that they're cheap, they come in the right sizes, and they appeal to my OCD :) ).

Admittedly, tournament play can be different - companies can and have set restrictions on what figures you can use, and they are, like it or not, within their rights to do so. And I'm within my rights to choose whether or not to play as a result (and sometimes I do).

But...

Let's look at this the other way round, because (as Neil and Sigur Squrrl point out), just because A requires B doesn't mean B must perforce require A.

It's an obvious fallacy, but... it was quite scary hearing the reports of groups of people who were selling entire armies of 15mm Flames of War in order to play Bolt Action in 28mm, without, apparently, giving thought to the fact that the rules could, with little or no tweaking, be used with their, and their mates', existing figures.

I probably own more Battlefront lead than several of the Flames of War gamers at our club put together (six full infantry companies and most of a seventh). I own part of the contents of three Open Fire box sets. Why? Well, it sure as hell isn't to play Flames of War! I own a fair few GW LOTR figures - one's the most talkative character on this blog, and he's certainly not being used to play LOTR! :D One of my options for a general for my Palmyran army is a Hell Dorado figure.

And this sort of brings us back to the whole thing about the rules.

The very word 'rules' implies a certain degree of inflexibility. And yes, for tournament play, this is inevitable: unless you have an agreed common framework of rules, you have chaos, and you thus pretty much have to go by the book, or at best with clearly documented variations. And it's very easy to slip into the mentality that because the figures go with the rules, the rules mean you can only use the figures with the rules.

Nuts to that :D

There are some brilliant, brilliant figure sculptors, ranges and concepts out there. We're all intelligent and imaginative people. Rules are made to be broken, or at the very least, tweaked. Knock yourselves out!

Flying home today

...so of course I'm up at 5.30am US time fixing our church website.

If anyone out there is running their own WordPress site, find a better events plugin than "All In One Event Calendar" by time.ly - it may be very pretty, but they have now managed to take our site down twice in a row with badly-managed plugin upgrade scripts, and the support they give to users of the Standard (non-paying) version of the plugin is appalling.

Such is the life of a volunteer IT admin. Ah well.

To my considerable surprise, I seem to have managed to blog every day while away: normal service will be... continued... when I get home, though I've pre-scheduled tomorrow's post since I confidently expect to be way too jet-lagged to tie two sentences together.

Just a reminder - my 50th birthday Prize Draw for a £25 gift voucher for Chain of Command is still running until a week on Sunday! Don't miss it!

Remember me ranting about backups?

That's here, in case you missed it.

Well, here's a cautionary tale.

I co-produced and MD'ed a fantasy musical, which started life as a set of songs a couple of decades ago and plain grew, at a SF con a few years ago. We got FOUR people to video it from different angles, and I took all four sets of video files, and, just to prove I'm not a complete moron, backed them up on TWO different hard drives, one a HP Media Vault, one a WD 1TB external USB drive, because when we have more time, we're going to make a DVD.

Both of these have been stored in reasonable conditions in two different rooms in the house.

The HP Media Vault packed up a couple of months ago. I finally got around to checking it this week, because I need those video files. The drive has the click of death, and isn't coming back.

No worries. I can get the files off the WD external.

It won't spin up.

ARRGGGHH!

You can never have enough backups of critical data.

Backups: a public service announcement

*dons 'trust me, I'm an IT professional and security certifier' hat*

A while ago, I was doing some research for the longboat model I got as a blogger Secret Santa, and found a link to a build on Model Ship World which included some very useful photos of a part I want to built using work's new 3D printer. So I bookmarked it.

Go on, click the link.

Yeah.

Right.

It turns out Model Ship World had a catastrophic hard drive failure shortly after migrating all the posts to their new forum system. Every single post from the old forum is gone: most of them might be on web.archive.org, but they're a complete sod to find because of the way phpBB handles its URLs, and I'm pretty sure the entry I want isn't.

The moral of this story, because, damnit, there are several, and I'm actually both quite cross and dead serious:

The Internet is not your memory.

There is absolutely no guarantee that todays useful link won't be tomorrow's "404: The requested URL /phpBB2/viewtopic.php was not found on this server." If you want to save a link for later for research purposes, use something like Evernote that will store you a copy of the content locally on your hard drive.

Back the heck up.

The above applies just as much to your blog, my blog, anything that's stored online/on the Cloud. Blogger has a backup facility - go to Settings/Other/Export Blog and grab a copy of the export of your blog contents every so often and save it someplace you can find it again. This won't save your images, but if you go to picasaweb.google.com, it should redirect you to a page where you can download the Picasa album that corresponds to your blog photos, if you haven't kept your own local copies.

Do it now. I'll wait while you do.

Why? Because Google have already proved that the thing they're really betting the farm on is Google+, and one day I will NOT be surprised to discover that my choices have become 'use Google+' or 'export your blog someplace else'. If you're not paying for a product (Blogger), remember, you are the product, and if we as users of a service stop being worth their while, they'll drop us. Same goes for Flickr (which Yahoo! seem bound and determined to screw up), Google Wave and heaven knows what else.

You're welcome to assume competence, good faith and lack of self-interest on the part of people providing an online service, but take backups anyway: an errant 747 hitting their data centre, or Amazon S2 having a major outage, is going to ruin their day however nice they are. And you don't know that they take proper backups, that they won't someday forget or fail to pay their hosting bill, or that they aren't one guy with one small Linux box in a cupboard at the end of an ADSL line (I should know. I am that guy, and I do take multiple backups and carry spares of most bits of hardware!).

Back the heck up 2.

Your hard drive. We live in a world where a scary amount of the information we create, be it text, photos, whatever, only exists in digital form. Look back at Model Ship World. The admin's defence was, to paraphrase: "we're not IT professionals, we didn't take backups, move on". I made a point of closing that window before I was tempted to register and comment (which would probably have resulted in my time as a registered user being one of the shortest on record).

This is 2013. There is absolutely NO excuse for not having a backup of the data you care about, doubly or triply so if it's not your bloomin' data. Hard drives fail. You do stupid things (I lost a massive pile of cherished RPG logs by accidentally having the wrong folder selected when I did my two sets of keystrokes for 'move to trash, empty trash' in too-quick succession).

Go to your favourite tech retailer and buy a USB hard drive - here, look, I'll even provide a link to a nice 500GB drive for under 40 quid! Label it prominently 'BACKUPS', don't use it for anything else, and use any of the scads of free backup solutions (some of which even come with your OS) to keep a safe copy of your data. If you want to use an online backup solution as well, that's fine - but don't make it your only one, for reasons stated above.

Oh, and every now and then, make sure you can recover something from the drive. If there's the merest hint of a problem due to the drive itself, buy a new one. There's a saying in IT: "No-one cares if you can back up. Only if you can recover."

Is your data worth more than £40 to you?

Battlefront go all GW

From the Flames of War official site via the excellent Neil Shutt of Meeples and Miniatures (actually on the Facebook group). Empasis mine.

 "The final change we are making is that from the new season all the events we run with will be only allowing Battlefront miniatures to be used. This is bound to cause some debate, so let me be clear as to why we have chosen to go down this path. Joe, Gareth and our events cost a great deal of money to run: a little over a quarter of a million American dollars this year alone. And, although it seems childish to draw a line in the sand and say, “If you want to play at our events and support the FOW hobby, you should not be bringing other people’s models along,” it is absolutely that simple. Our business is a business and we want Flames Of War to grow; we intend to give it the best support we can, but this support has a cost." 

I wonder. Where have I seen that before? I already knew I disliked FoW, but this just takes the cake.

I will buy nothing more from Games Workshop

At the beginning of July, Games Workshop put their prices up, by up to 60+%.

At that point, taking advantage of a no-postage deal from one of the online stores, I picked up another modular gaming hill and two packs of movement trays.

And that's it: the end.

I no longer want to buy their paints. I'm certainly not investing in their new range, or wasting my time trying to figure out what colours from their old range translate to. I can do that just as well with Army Painter's new range.

I have no further need for movement trays - GW's were pretty neat, but not at a 60% markup over what I was paying- I'm pretty sure by the time I'm done with the two new packs I'll have enough of all the sensible sizes, and I can reuse them when I need to.

Any more scenery I'll build myself or buy from someone else.

If I ever have a desire to play a scifi-themed wargame, I'll either play WarMachine or Sedition Wars. I'm certainly not about to pay £45 for the sixth edition of a set of rules that seems to get a new release every two years along with tournament rules that render half my army obsolete, and all of it illegal if I don't buy it from them at their inflated prices.

If I ever have a desire for a fantasy-based wargame, I'll play Kings of War. Also, see above re legality of armies.

If I ever can't find opponents for WAB (and, let's face it, I can't pay ForgeWorld for any more material for it, even if I wanted to), I have Hail Caesar, or I'll explore War and Conquest.

Likewise, for WW2 I have Operation Squad and I Ain't Been Shot Mum. Kampfgruppe Normandy was beyond a joke at its RRP, even before Warhammer Historical got canned.

I certainly have NO remaining desire to fill the pockets of a company who have canned the only products of theirs I cared about, and price their rules and miniatures at a level that is frankly an insult to my hobby, and a detriment to new blood with shallow pockets.

Not only that, they've removed their one path to accidental discovery of other wargames settings, since after all, even when Warhammer Historical was alive, you couldn't buy its products in their stores, or play them at their premises. Their cultish, closed-shop policy is hiding the real joys of my hobby, and the historical learning aspects, from a potentially large percentage of the next generation of wargamers.

Since they don't call their hobby wargaming, and take great pains to mark the distinction at every chance they get, then I'm going to take them at their word.

"The Games Workshop Hobby" is not wargaming.

The Games Workshop shop is not my friendly local wargames store.

I am a wargamer.

End of story.

A small grumble

Dear TMP. 1998 called, it'd like its forum code back.

Particularly the bit that requires downtime for daily maintenance.

I mean, really. Sheesh.