#getting reset to low level everything will be plenty enough challenge for me as is thanks | Explore Tumblr Posts and Blogs

ciathyzareposts · 5 years

Text

Camelot: What Makes Us Unique

This particular Camelot character has probably never existed before or since.

Back in 2004, I was meeting a friend at a bar in Boston. I opened the door to look in for him, saw that he wasn’t there, and backed out, elbowing in the stomach the man behind me. I turned around and saw that it was the governor of Massachusetts. Since then, I’ve liked to think that I’m the only person to have ever elbowed Mitt Romney in the stomach while he was walking into a bar. I’m sure plenty of people have elbowed him in the stomach on other occasions.

This is the kind of story I like, because it’s an assemblage of circumstances that has probably never occurred to anyone else. I look for those in life. I may not be the world record holder in any sport or hobby, but there’s a decent chance that by the end of my life, I will have published more blog articles on CRPGs than anyone else alive. If that turns out not to be true, I’ll only need one other modest qualifier (“than any other Mainer”) to make it true. I guarantee that I’m the only person in the world to have my particular combination of jobs (if you include CRPG blogging as one of them). I don’t hold the record for the number of airline miles flown between 2010 and 2018, but I’ve got to be within the top 10%, and when you’re in the top 10%, you only need one or two additional circumstances to make yourself unique. It’s possible that I’m the record-holder out of Bangor, Maine, for instance.

My enthusiasm for unique experiences filters into CRPGs and probably explains why I like open-world sandbox games so much. I don’t like the idea that I’ve reached the end of a game in the exact same position and circumstances as everyone else who has ever played the game. When you can’t even name your character, this is particularly infuriating. Look at my recent review of Deadly Towers, for instance. How do you really know it was me playing that game? I could have taken those screen shots from anyone. At least Dragon Warrior displayed the first four letters of “Chester.”

These issues got me thinking about the peculiar trade-off that exists between player and character. Think of a game like Pac-Man. When a champion like Billy Mitchell achieves a perfect score, we don’t say, “Wow, you created a great character there. You put a lot into him.” The very statement is absurd; every player’s Pac-Man is the same as everyone else’s. Instead, all praise goes to the hands and eyes of the player himself. In contrast, when we watch the ways that various players have won the Mulmaster Beholder Corps battle in Curse of the Azure Bonds, we look for clues in the characters–their levels, their spells, their weapons, their movements. We’re aware that there’s a player behind it all, of course–perhaps a very intelligent and strategic one. But his success is slightly diffused by the imposition of the characters. We are aware that his strategy only “works” because of the allowances of the game. Perhaps most important, we are aware that we could have done the same thing, whereas no studying of his technique is likely to make most of us like Billy Mitchell.

It is for these reasons that I don’t think it’s really possible to be “good at” a game like Skyrim. Experienced, sure. Patient, definitely. But “good”–what does that even mean? Early in its existence, some players proudly posted images on Reddit of their characters clad in leather armor and wielding pick-axes (possibly the worst weapon in the game) killing dragons. I thought it was silly. Either the game has enough flexibility to allow you to do such a thing or it doesn’t. It says nothing about your skill as a player that you were able to do it except that you were willing to use the game’s resources to grind, or enchant that pick-axe, or improve that armor, or carry and drink a hundred potions, or whatever you did to make it possible.

I just bought Irene the Myst 25th anniversary collection for Christmas. That is a “good at” game. A player that possesses the strength of puzzle-solving to blaze his way to the end without any spoilers is an impressive player. But his end-game screenshot is the same as everyone else and the “character” of the game is essentially invisible, a no-one, a ghost.

In many modern games, “uniqueness” extends quite literally to the character’s appearance.

In case it’s not clear, I’m not particularly interested in being “good at” CRPGs. I don’t play them for competitive reasons. I play them to enjoy the strategy, tactics, world-building, plots, and sense of character development. I like a challenge, but only a modest one–a temporary bump in a game that, because of its very nature (particularly because of reloading), you’re almost certain to eventually overcome.

Many people prize the opposite. I suppose even I do, in different circumstances. The value of most competitive games is that everyone’s playing the same game under the same circumstances, with no real imposition of “character” between the player and the performance. A king in chess isn’t a “character”; he’s just a piece. You don’t give him a name, and he doesn’t acquire new abilities as he defeats pawns and levels up. When he moves to take a rook, there are no probabilities associated with the encounter. When he wins, all glory goes to the player who moves him.

When my king reaches the end of a game, on the other hand, I want him to be my king–a unique character that no other player has won with. I want my endgame screenshots to look different from everyone else’s. And in those screenshots you should be able to tell something about how I played the game. Was I careful or daring? Did I rely on brains or brawn? Did I favor equipment or skills? What role-playing choices did I make along the way?

To me, some of the worst RPGs are closer to chess. Your “character” is just a gambit that you’ve moving across the screen, offering you no sense of connection or identity. These are essentially arcade games with a few nods to RPG mechanics. We’ve seen a million of them: Caverns of Freitag, Gateway to Apshai, Sword of Kadash, Sword of Fargoal. Even worse is when the game offers RPG-style inventory and leveling, but at fixed intervals along a linear plot, so that “character development” is just an illusion and everyone does reach the end the same as everyone else.

The best RPGs, however, offer plenty of opportunities to make your character your own:

Name

Selection of race, sex, alignment, and class

Attributes

Skills and talents

Inventories, especially those with multiple slots

NPC interaction, dialogue, and role-playing choices

Choice of what order in which to do quests and side-quests

Ability to grind, or not (only meaningful without artificially low level caps)

Customization of character appearance

Statistics, achievements, and trophies

The multiplication of these various factors means that many modern RPGs feature characters as unique as the humans who create them, finally achieving some of the sense of ownership and identification that tabletop RPGs allowed from the outset.

Every player may have had to do exactly what I did to win Ultima IV, but at least my name and the number of turns are unique.

Camelot is an early game, and thus not as advanced in the originality of its characters. But of the single-player PLATO games, it comes the furthest. When I play it, I do not feel as if I am feeding so many characters into a meat grinder, as I did with The Dungeon, The Game of Dungeons, and Orthanc. Its allowances for stealth, magic, and multiple fighting styles, paired with the strategic nature by which you must explore dungeon exploration, create as close to a unique experience as anything we’re going to get for many years. If nothing else, the combination of items in the 13 inventory slots likely creates characters for each player that no one else has ever played.

I’ve put about 12 hours into the game since the last Camelot entry and I’ve gotten a lot more powerful–enough to take on dungeon Level 5 with relative ease–but it’s still slightly frustrating how long its’ taking to finish the game, much more so because I keep dying and resetting my score back to -99,999. But I recognize that it was designed for different players in different circumstances.

There was an interesting moment the other night where creator Josh Tabin happened to be logged into the system at a moment that I got stuck. I had teleported into a section of Level 4 that offered only one exit: a downward chute. Unfortunately, I had taken a Potion of Levitation upon beginning the expedition (you always want to use Scrolls of Protection, Potions of Cepacol, and Potions of Levitation at the outset of each expedition if you have them). It turns out that Levitation stops you from using chutes, even deliberately. The condition doesn’t wear off until you return to town. There were no other exits from the area, and I was out of Scrolls of Recall. The only solution I could come up with is to wait until the turn of every hour, when the dungeon levels respawn, and kill everything in the half-dozen rooms I had access to, hoping to get a Scroll of Recall at some point. But since Josh was there, I informed him of my trouble and he opened a secret door for me, then spent some time patching the game so that even if you’re under the effect of levitation, you can manually choose to take a chute.

Other things about the game since I last wrote:

As I previously mentioned, the game occasionally gives you a specific monster to kill before it will let you level up. It’s very erratic. I had a period from roughly Level 10 to 20 where I got a quest every level. Then I didn’t get any at all between Levels 20 and 29.

A “Palantir” tells you at what level you can find the object of your quest. If you’re already on that level, it tells you the specific coordinates. Of course, if the hour turns while you’re still seeking the quest creature, everything resets.

As you move downward, enemies get harder but rewards get better. Some of the magic item rewards are awesome. I’ve had a couple of Wands of Fire that completely clear out rooms in one turn. The problem is how frequently they require recharging and the expense thereof. The game’s economy is still excellent. I make a lot of tough choices between leveling up, recharging, and purchasing new items.

It turns out that items don’t have a fixed number of charges but rather a small probability of running out within any given use. High intelligence seems to lower this chance.

Some of the best items that you can find increase your attributes. Manuals and tomes increase them permanently by one point while various potions increase them temporarily for several points. I have maxed out my strength, intelligence, and constitution with these items, and I must be close on the other two.

A Manual of Bodily Health raises my constitution.

Scrolls of Taming, Orbs of Entrapment, and Wands of Charming all work on different creatures. I’ve learned that when I lose a companion (or one leaves), I want to head down to the lowest dungeon level on which I can survive to start hunting for another. About six hours into this session, I was able to charm a succubus, and it’s remained with me ever since–an extremely powerful ally.

I probably mentioned this earlier, but there are special rooms on each level that the creator calls “stud rooms.” They feature enemies 2-3 levels harder than the normal ones on the same level, but with rewards 2-3 times greater. Any new expedition needs to begin with clearly the stud rooms that you know you can clear.

In one of the “stud rooms.” Seven green dragons are a little much for me. The Scroll of Identification gives grim odds.

There’s a magic item called a “Tardis” that resets the dungeon in between the normal hourly resets. It allows you to quickly hit the stud rooms multiple times in a row until it runs out of magic. It’s incredibly useful but back in the day when there were multiple players hitting the dungeon at the same time, it must have been very annoying for some of them.

The two players on the leaderboard who have won the game both have Level 60 characters, so I assume that’s the game’s level cap. Thus, I’m halfway there. I probably won’t have much more to say about Camelot until I win, so hopefully I can get it done this week while I also wrap up Challenge of the Five Realms. I’ll say this for Camelot: it’s the first PLATO game that I’ve enjoyed lingering with, rather than blasting through it just to document its historical value.

Time so far: 40 hours

source http://reposts.ciathyza.com/camelot-what-makes-us-unique/

#retro games #dos games #retro #crpg #adventure #amiga #oldcomputers #8bit #16bit #blog #repost

1 note · View note

fridge-reviews · 7 years

Text

Circa Infinity

Developer: Kenny Sun Publisher: Kenny Sun Rrp: £6.99 (Steam) and £8.49 (Humblebundle) Released: 9th September 2015 Available on: Steam and Humblebundle Played Using: An Xbox 360 Control Pad Circles within circles within circles within circles going on forever until... well forever. Except they don't, there is an end you can see it. And then there’s another end, and another and another. Circa Infinity is a 'circular platformer', at least that’s what they say. I personally think it falls under the puzzle platformer genre even if its only a loose fit. One thing it definitely is is a game is about timing, more than that, its about learning what you can do with the space and timings afforded to you. If you have dyslexia or just generally have trouble distinguishing left from right this game is going to confuse you. Hell, I suspect that even if you don't have that you're still going to find yourself feeling turned around regularly.

youtube

The controls are very simple [A] makes your character jump and also lets your character enter a circle through the raised area (look at the video to see what I mean). Left and right on the analogue stick (trigger buttons, bumper buttons or D-Pad) moves you clockwise and anti-clockwise. And finally [Y] resets the level. That's it two buttons and a when it comes to directional controls, gotta' love simplistic design. The game itself is separated into five stages and each stage consists of ten levels and a boss fight. As can be expected everything becomes a lot more challenging the further in you go, thankfully the difficulty curve is fair. You're never just thrown in the deep end and plenty of time is given to get used to a mechanic before they really throw the big guns at you.

The default visual style is appealing to the eye using only three colours which keeps the game from being too busy (its already confusing enough without adding extra things to keep track of). It also allows the player to intuitively see that the creature in front of them is dangerous because they're coloured red as opposed to everything else that is either black or white. I can't really not speak on the the music, the composers have done well in creating music that really suits it, energetic and repetitive but not irritating. In some ways it was the music that encouraged me to keep playing for much longer than I would have done without.

youtube

Then there's Circle Affinity, this is a game mode that was added after the game was originally released and... its evil. You see, in the main game mode even though you sometimes feel under pressure there are still safe spots where you can think about how to get past this particular bit. There's no time limit so you can take your time and puzzle it out. BUT in Circle Affinity there most definitely a time limit. A horrid spiky red circle closes in on you constantly, the only way to escape it? Go into the next circle and complete it. What makes the spiky circle o'death so horrid though is the noise. If I never hear a noise like that again I'll die a happy man. I can only describe it as a scream that’s been highly distorted and elongated to make it sound almost demonic. All I know is that it offends my ears even on a low volume. If at any point you die the number of circles you beat gets added to a score which is used to... actually I'll save that for the next paragraph. Remember I said about the 'default' art style? Well, as you might have guessed you can choose from other palettes which change how everything is coloured. Personally I didn't find any that I felt were better than the default but perhaps you may find one you like. At the start of the game most of the palettes are locked, to unlock others you have to play Circle Affinity and just rack up as many points as you can.

I like this game, I can't seem to complete it and it makes my brain ache from the strain but I do like it. That being said, it definitely isn't for everyone. If you don't like puzzles, or brain benders then perhaps give it a skip, otherwise give it a go. I don't think you'll be disappointed. If this appeals to you perhaps try; Downwell Limbo Pony Island

#circular platformer #platformer #kenny sun #puzzle game #puzzle games #puzzler #indie #indie games #independant games #independant #games review #games reviews #game review #game reviews #video games #video game

3 notes · View notes

nerdspeaker · 7 years

Text

This review was originally published by Rogues Portal on Feb. 5, 2018.

A rewarding experience for your thumbs and your spirit

When I started playing Celeste, I knew I was in for some challenging platforming. What I was not expecting was for the journey of trying, dying, and then trying again to be linked to an emotional and life-affirming quest to overcome the main character’s demons.

In Celeste you play as Madeleine, a young woman with a strong desire to climb Celeste Mountain as a means of escape. As she progresses through the hundreds of challenging rooms that require precision controls and lightning-fast reflexes, it quickly becomes apparent that the mountain doesn’t just challenge your ability to jump well, but also forces you to confront yourself. The premise is deceptively simple, but there is a lot of depth here. I was looking forward to the gameplay, having loved the insane platforming challenge that is Super Meat Boy, but certainly didn’t expect such a lovingly crafted story and characters.

Gameplay

So yes, let me say again, this game is difficult, and anyone who is shy of platforming will likely want to skip this one. Madeleine can jump, and has a dash power that allows her to zip once in any direction on the ground or in the air and only resets when you land on a flat surface. She can also climb up and down walls, but like Breath of the Wild has a limited amount of stamina that will deplete when she’s off the ground for too long, eventually causing her to lose her grip and fall.

Each of the game’s stages is broken up into rooms, and every time you die in a room (and you will die in a lot) you have to start that room over again. Even what seems like a simple and short room can flub you up to the point where you die several times, but the challenges are fair and a death never sends you too far back. This rapid repetition of short sections leads to a huge sense of accomplishment when you master a particularly difficult room.

Each stage also introduces fresh game mechanics to keep you on your toes as you venture up the mountain. Between platforms that move quickly and launch you, platforms that move when you air dash, weird blobs that shoot you through them, high winds, and others, the gameplay never gets stale while staying true to the core mastery of proper air dashing and stamina use.

There are also a handful of bosses and enemies to be found in this game, which similarly changes up the gameplay just enough to stay fresh, while still focusing on quick reflexes and platforming.

For an added challenge, the stages have strawberries placed in difficult areas of different rooms which you can collect, as well as hidden cassettes which unlock “B-side” versions of each stage with even harder difficulty. The strawberries are for vanity purposes only, but completing the B-side tapes helps you unlock a post-game stage.

As for length, there’s plenty of value to be found here. As of this review I’ve completed the main quest, which took about 9 to 10 hours, but with only about half the strawberries and having accomplished none of the extremely difficult B-side cassette levels.

My only complaint about the gameplay is a minor one and has to do with the controls on the Switch. Use of the directional buttons felt more natural to me than the joystick, however, the directional buttons are so close together than I often found myself flubbing up the directions of my airdash, and had to really focus on how I was pressing the buttons. It was enough to make me wish that the Switch had a proper D-pad.

Art and Story

While I do feel this game is a spiritual successor to Super Meat Boy in terms of gameplay, it’s a completely different story with the aesthetic. The graphics style of Celeste takes after the charming pixel world of Towerfall, the previous game from developer Matt Makes Games. The character sprites may have low detail, but their subtle movements infuse the world with life. Gorgeous environments and color accentuate your adventure, and work together with the stellar chiptune soundtrack by Lena Raine to evoke specific moods that carry over from the plot.

One final word on the plot without giving too much away – Madeleine goes through a journey of introspection dealing with difficult emotions. Through the other characters including an enigmatic old woman, a ghost hotel manager, and a hipster adventurer, she learns more about herself and why she decided to climb the mountain in the first place. The difficulty of the gameplay, as well as the overall feeling, evoked from the plot points, settings and music make this journey seem more poignant then a straight narrative could have alone.

Verdict

Play it! If it wasn’t apparent by my gushing review, this is not just a beautiful game, but an experience. Minor control issues aside, the game is rewardingly challenging but fair for the veteran platformer, with extra challenges for the masochistic. The added strawberry on top is the story, which I did not expect and really hit me out of left field with its emotional weight. This isn’t just a game – it’s a healing experience.

Celeste is available for Nintendo Switch, PC, PS4 and Xbox One.

This post was originally published on Rogues Portal. They write about everything nerdy, like I do – I highly suggest you give them a follow on Twitter, Facebook and Instagram!

Celeste – Nintendo Switch Review This review was originally published by Rogues Portal on Feb. 5, 2018. A rewarding experience for your thumbs and your spirit…

#8-bit #Chiptune #Matt Makes Games #Pixel art #Platformer

0 notes

arrestyourdebt · 5 years

Text

A while back I was feeling rather bored with life because I didn’t have a hobby. I tried to pick different hobbies here and there but nothing really stuck. I quickly lost interest in everything I tried because I didn’t really have a passion for it.

Not too long ago I stumbled into something I absolutely LOVE to do. I started a blog and I find myself thinking about strategies and different ways to help people all day and night. What started as a hobby has quickly turned into an obsession. It has reenergized me to levels I didn’t think were possible. Blogging may not be right for you, but I encourage you to explore different hobbies to find something that excites you if you have found yourself stuck in a life rut.

What Hobbies Do You Currently Have?

A while back when I was in a rut, I did not have any hobbies. As I got older, I lost interest in things I previously liked to do. I no longer had time to play video games for hours on end and I found myself in a revolving daily routine. My daily routine involved the following sequence:

Get up and go to work

Work all day

Come home, eat dinner, go to bed

Repeat

Weekends were not much more exciting. They involved doing yard work and going to church on Sundays. Don’t get me wrong, I was still happy with life, but I was just bored with life in general. I wasn’t being challenged.

Signs You Need A Hobby

If you find yourself bored with life and no longer challenged, I encourage you to find an inexpensive hobby to reinvigorate your life. Just like being debt free can change your life, so can finding a hobby you are passionate about.

I can not tell you how my life has improved 10 fold now that I started blogging. I am challenged, energized, and my life has a new purpose. I help people on a daily basis and I get to use my creative side as well. Combining everything I enjoy, (reading, writing, creating, helping others) I stumbled upon blogging and it has been the perfect hobby I wish I had discovered sooner.

Enough about me – let’s focus on ways to help you get your fire and energy back!

New Hobbies To Try

Disclosure: Some of the links below are affiliate links, meaning, at no additional cost to you, I may earn a commission if you click through and make a purchase.

Here is a list of 28 hobbies that you can start with a minimum amount of money.

Category: Online Hobbies

Start A Blog

Ok, I had to start this post with my absolute favorite hobby. If you’re a creative person who loves helping others or telling a story, blogging may be the perfect fit for you. I seriously wish I would have discovered this years ago.

A blog can be whatever you make it. It can be a private journal for yourself or you can create elaborate articles to help people with their problems. There really is no limit to what you can do with them. I get the enjoyment out of writing all my posts as well as designing all the graphics and images for it. It hits every intellectual creative aspect I enjoy.

You can also start a blog for pretty cheap. My current blog is rather large and I utilize a bunch of plugins, email services, marketing avenues, etc that can get rather expensive. However, if you are just starting out, you can start a blog for less than $10 dollars a month.

If you are just starting out, I recommend signing up through Blue Host to keep your costs way low while exploring this as a hobby.

Click here for my link to the Blue Host Blogging Platform.

Fill Out Online Surveys

Online surveys are great time killers and many of them will actually pay you to complete them. I personally use SwagBucks when I feel like killing time and I earn points that I can exchange for money and gift cards.

Check out SwagBucks through my link here.

Create Products on Fiverr

Fiverr is an online marketplace where people create content and sell it online. People create graphics for businesses, write content for bloggers, and everything in between. I used Fiverr to find an artist to create my logo for Arrest Your Debt. If you’re creative and like designing, writing, or a myriad of other things, you may be able to sell your work on Fiverr as a hobby.

Check out Fiverr through my link here.

Find A New PodCast

I recently started listening to PodCasts on my way to work. PodCasts are a great way to learn more about a new topic, be entertained by a comedian, or a combination of both. There are many online PodCast episodes you can download or stream online and the topics are only limited to your imagination!

Play Fantasy Sports

I started playing fantasy football years ago and it was one of the best decisions I made. A good friend of mine invited me to play in their league but I was hesitant because at the time I was not a big football fan. Playing fantasy football quickly turned me into a football fan and I know more players and their stats than I ever thought possible.

If football isn’t your thing, they also have fantasy soccer, baseball, hockey, basketball – you name it. You can sign up for a team through Yahoo, ESPN, and other networks for free. For more information about Fantasy Sports, here is a quick overview:

youtube

Category: Outdoor Hobbies

Going outdoors can have calming effects on your mind and soul. I find that I can reset my mind and de-stress by jogging outside rather than on a treadmill. Try one of these outdoor hobbies to calm your mind.

Hiking

If you live in a city, it may take you half an hour or so to find an area to hike. You don’t need to be too far outside the city to get away from the stress of city life. The hustle and bustle of the cars driving by and the overall noise can add stress to your life. Spending time in nature by hiking on a small trail or a rocky mountain can help you regain your focus and energy. The calming effects are definitely worth it!

Camping

When was the last time you went camping? For many of us, we have not been camping since childhood. Camping can be a great way to explore nature and have a bit of an adventure. Depending on how rugged you are, you can camp at a local campground with provided restroom facilities, or you can rough it without any amenities!

Plant A Vegetable Garden

There’s nothing like the taste of an organic vegetable garden. If you have never experienced the taste of freshly grown produce, I suggest you give gardening a try. When I first started a garden, I didn’t know anything about how to grow vegetables. It turns out, it’s relatively simple if you watch a couple of Youtube videos and pay attention to the planting season. I quickly found out through trial and error what grows during the winter, and what doesn’t.

You can either plant a vegetable garden in the ground or you can use a raised garden bed if you are short on room. These raised garden beds from Amazon.com are a great option if you have limited space to start!

Check out these raised garden beds on Amazon.com

Plant A Flower Garden

In the past, my wife would kill everything she planted. However, with a bit of trial and error, she has now gotten the hang of it – and I love it! She now regularly plants perennial and annual flowers near our entryways and porch swing. It adds beauty to our yard and is also relaxing for her while she does it. Below are some of her plants. (Yes, there are a lot of cacti because we live in Arizona)

Running/Jogging/Walking

For me, exercising outside is much more beneficial than working out in a gym. I see similar physical results but being outside gives me the opportunity to think and relax. Working out in a noisy gym is distracting and doesn’t usually relax me the same way running outside does.

When my wife first started running, she started with an app on her phone called, “Couch To 5K.” It worked wonders for her and now she can easily run 5+ miles no problem. I, however, am still working on it….

If you need a little motivation, check out the motivational free app, C25K in your app store!

Ride A Bike

Disclaimer – Biking can be a very expensive hobby. Bicycles can range anywhere from your $100 Walmart special to a $5,000 road bike. Even after the bicycle purchase, you will still run into maintenance costs for new tires, chains, etc. This is not a cheap hobby but it can be a great way to get into shape while enjoying the outdoors!

Category: Learn A New Skill

When I was a kid, I had a list of things I always wanted to learn how to do. The top two things I wanted to learn were:

I Wanted To Learn How To Juggle

I Wanted To Learn How To Moon Walk

Now before you ask me for my autograph, I want you to know that with enough practice – you can do stupid human tricks like me too!

Seriously though, I spent hours as a kid trying to learn how to do these two things. Think back to when you were younger. What have you always wanted to learn how to do but never took the time? Learn a new skill today!

Learn A New Language

In the United States, most of us know only know English. Some of us dabbled in Spanish because our high school forced us, but for the most part, we are not very linguistic. In other countries, it is not uncommon for people to know 2-3-4 or even 5 languages! If you ever wanted to learn a new language, what are you waiting for?

Babble is a language learning program with great reviews. Right now they have a 35% off a 6-month subscription promotion through this link here.

Rosetta Stone is also one of the old time tested and proven ways to learn a new language.

Learn To Play An Instrument

Recently my sister in law started taking piano lessons in her 30s. This can be an expensive hobby if you need to purchase an instrument and pay for lessons. However, a quick search on YouTube will bring up plenty of free lessons depending on the instrument you want to learn. It’s never too late to learn how to play an instrument!

Learn To Sew/Crochet/Knit

Many people enjoy working with their hands and creating masterpieces at the same time. If you have always wanted to know how to sew, crochet, or knit, now is the perfect time to learn how. A quick search on Amazon will offer some inexpensive books to get you started.

Learn Magic Tricks

I went through a phase a few years ago where I wanted to learn how to perform card tricks. Sleight of hand intrigued me and I wanted to learn how they did it. I bought a book about card tricks for beginners and watched several videos on how to perform them.

Category: Improve Your Finances

If you are struggling with your finances, I highly recommend you take the time to learn how to control your money rather than your money controlling you.

Start A Budget

Starting a budget is the #1 way to take control of your money and to improve your finances. I have written several articles about budgeting and have created a free budget printable that you can download here!

Check out my related article: How Do I Create A Monthly Budget? to get started.

Learn About Different Investments

My first rule in investing is I will not put my money towards anything I do not understand. I encourage you to follow this same principle to avoid falling for a get rich quick scheme.

I wrote an article about investing here: What Should I Do With $10,000?[Answered]

Start Couponing

I never had the time or patience to get into the extreme couponing but I know several people who do. You can definitely save a ton of money by using coupons effectively. Here are two great articles on how to coupon if you are a beginner:

Your Money Geek – Grocery Shopping With Coupons

The Practical Saver – Couponing For Beginners

Category: Sharpen Your Mind

Keep your mind active with these great hobbies.

Reading

Have you read a good book lately? I went years without reading after I finished college but a while back I started up again. It’s amazing the amount of knowledge that is in a library and how much more you can connect to a book. Some of my favorite books can be found in this article here: My Top 10 Reading List (2018)

Write A Story

Did you know that Stephenie Meyer started writing the Twilight book series in her spare time as a stay at home mom? I’m not saying we all are bound to become multi-millionaires like her, but if you enjoy writing you never know what you could create!

Put Together Jigsaw Puzzles

It has been years since I sat down and completed a jigsaw puzzle. If this is something you enjoy, you can pick up many different puzzles on Amazon for under $10 dollars!

Adult Coloring Books

I will admit, I have been tempted to pick up some of these coloring books in the past. Unfortunately, right now all my free time is used up on my blogging otherwise I would totally buy some! If you haven’t seen these adult coloring books before, check them out here on Amazon.com!

Put Together Legos

Since I have three children under the age of ten, they give me an excuse to play with legos. Putting together legos is extremely calming but I will warn you, they can be super addictive! In addition, legos can also get quite expensive so make sure you budget accordingly if this is a hobby you want to start.

Yoga

Don’t be tricked into paying an expensive membership fee to attend a yoga studio. Yoga can be practiced at home by following YouTube videos. Yoga is a great way to improve your flexibility and sharpen your mind at the same time.

Explore Your Genealogy

How far back does your family ancestry go? If you don’t have that one family member who has done the extensive background on your family, this could definitely be an interesting hobby for you. Tracking your family line back on both your mother and father’s side is extremely time-consuming. You can either do this through public records, marriage and death certificates on your own or you can use a company like Ancestry.com.

Learn To Meditate

Some of the most intelligent people on this planet meditate on a daily basis. I started to meditate a while back by using the free app, “Headspace.” If you want to try meditating to clear your mind and improve your focus, check out Headspace here!

There you have it. 28 of the most reasonable hobbies you can start with a minimal amount of money – with a few exceptions thrown into the mix. I avoided some of the more obscure hobbies such as stamp collecting (no offense if that’s your hobby) to bring you the most comprehensive list that I have seen.

What other great hobbies did I miss? I’m sure there are a ton, comment below – I’d love to hear what hobbies you currently have that could help my readers!

[convertkit form=883964]

Need A Hobby? Try One Of These 28 Ideas! [2019] A while back I was feeling rather bored with life because I didn't have a hobby. I tried to pick different hobbies here and there but nothing really

0 notes

howellrichard · 6 years

Text

My 2018 Holiday Gift Guide (Eco-Friendly!)

Hiya Gorgeous!

My holiday gift guide is here and this year, I’ve taken it to a whole new level. Only compassionate, eco-friendly gifts made the cut. I believe that giving to someone you love doesn’t have to mean taking away from someone or something else—other people, animals and the environment included.

So much of our gifting culture is wrapped up in an excess of things. Wasteful things. Things with a short lifespan. Things that hurt our fellow beings or beautiful planet. That’s why I’m challenging us (myself included!) to give with a different mindset this year. Let’s focus on meaningful, caring tokens of our affection. On quality, not quantity. And on showing love not only to our friends and family, but to the creatures large and small, soil we tread on, water we drink and air we breath.

Before we jump into the wonderful world of eco-friendly gifts, I wanna say one thing. I know that taking on a more sustainable, ethical approach to gifting can be overwhelming at first. Don’t feel like you have to go from zero to sixty right away. This is a process and it’s definitely not about being perfect. Every little bit you do makes a difference!

Alright, fellow eco elves, let’s do this!

For the Animal Activist

Have a friend who’s got a big heart for fur babies? These eco-friendly gifts are right up their alley!

Donation to an Animal Rescue/Advocacy Organization

Send in a one-time donation or commit to a monthly amount on behalf of your loved one. They’ve probably already told you about their favorite organization, but if you’re looking for inspiration, Second Chance Rescue NYC and Farm Sanctuary are two of my personal favorites. Second Chance’s incredible work helps abused, abandoned and neglected cats and dogs find better lives—support their mission here. Farm Sanctuary has an awesome program that allows you to sponsor one of their furry or feathered residents—check it out here.

Christy Robinson Animals in their Natural Habitat Necklace – $18

Help your pal show of their passion style with one of Christy Robinson’s sweet pieces. My latest favorite from her collection are these Animals in their Natural Habitat necklaces. They’re beautiful, match with everything and come with a powerful message: Animals don’t belong in confined cages or on factory farms. They should be free to roam, play, smell the flowers and munch on the grass—whatever their beautiful hearts desire. Click here to gift a necklace!

Not a Purse and Not a Nugget – $9.95 each

These adorable books by Stephanie Dreyer are the perfect gift for animal activists of all ages! Whether your giftee is a parent, kid or kid at heart, this is a fun, creative way to learn more and spark conversations about living a compassionate lifestyle. Get Not a Purse here and Not a Nugget here.

For the Wellness Seeker

These eco-friendly gifts are exactly what your health-loving friend really wants this year.

Crazy Sexy Reset: 3-Day Plant-Based Cleanse – $29

My Crazy Sexy Reset is simple and FUN, because I believe that getting healthy doesn’t have to be a drag. It’s got everything they need to get back on track quickly, including scrumptious recipes and an easy-to-follow meal plan and shopping list. Plus, since your bud loves learning about nutrition, they’ll devour the daily lessons and in-depth intro to plant-based nutrition, eating and living. Gift the Crazy Sexy Reset (available at a 50% savings) here!

Self-Care for Busy People Meditation Album – $15

This album is perfect for someone who’s new to meditation or has trouble finding time to maintain a consistent practice. And it’s digitally delivered, so no shipping, packaging or other throw-away materials are involved! The album includes calming, guided tracks (all under 15 minutes each!) for lots of different situations and times of day. Giving it is like lifting the stress and overwhelm right off your loved one’s shoulders. Get it for your wonderful wellness seeker here.

Extraordinary Meditations for a Magnificent Life Album – $20

My newest meditation album is great for someone who’s looking to deepen their meditation practice. Plus, just like my other album, it’s all digital—that means no waste and no WAIT (any other last minute shoppers out there?!). This album includes inspirational guided meditations, contemplations with mini-spiritual talks, breathing exercises, mindfulness training, affirmation work and an Extraordinary Living Journal to help reinforce the positive, self-loving mindset the meditations are intended to create. Gift the album here!

For the Self-Care Enthusiast

Not sure what to get for your friend who’s hip to all of the latest lotions and potions? Gift them an at-home spa treatment—no animal testing or yucky ingredients involved!

Charlotte’s Web Hemp Infused Cream – $49.99

If you’ve read my CBD oil blog, then you know about the many potential benefits of this fascinating hemp extract—one of which is that it’s great for your skin! This luxurious cream from Charlotte’s web is the perfect way for your loved one to test out the CBD skincare waters. It’s nourishing, non-greasy and smells lovely. Plus, the ingredients are sustainably grown, non-GMO, gluten free, cruelty-free and packaged in BPA-free containers! Pick up a bottle (plus one for you!) here.

Nail & Bone Nail Polish – $9.99 per bottle

Polish with a purpose? Count me in! These polishes are Leaping Bunny certified (aka 100% cruelty-free!) and made without any of the nasty chemicals commonly found in nail polish. Oh, and did I mention that 20% of their profits are donated to dogs in need? I love this set ($26.99) that they collaborated on with Halle Berry. Each polish is named after one of her pets. A-freakin-dorable. Click here to give the gift of an at-home mani/pedi!

Juice Beauty Green Apple Peel Exfoliating Mask – $48

Top off your friend’s relaxing spa night with a fabulous facial! Juice Beauty’s products are all completely vegan and free of animal testing. They’ve also swapped out the common chemical ingredients usually found in skincare products for clean, organic alternatives! This exfoliating mask really does smell like tart Granny Smiths and leaves your skin feeling soft and refreshed. Check it out here (psst… if your loved one has sensitive skin, check out this mask instead)!

Don’t forget to take care of yourself this season, sweetheart! Get your free holiday self-care guide here:

For the Mover and Shaker

These eco-friendly gifts are for your pal who loves to get up and go!

Girlfriend Collective Leggings – $68

These leggings by Girlfriend Collective are made from recycled plastic bottles! This company seriously rocks. Their line is size inclusive, high-quality, and produced under fair and safe factory conditions. Plus, their leggings are comfortable for rest days AND sweaty workouts—the best of both worlds! Grab a pair here.

Yuhme Sugarcane Water Bottle – $34.99

Who doesn’t need a reliable, take-everywhere water bottle? I love this one from Yuhme because it’s made of sugarcane (what?!), which is a renewable resource, CO2 negative and totally recyclable. And if that doesn’t get you excited, Yuhme also partners with Water for Good to give 6 months of clean water to someone in the Central African Republic for every bottle sold. Order a water bottle here!

Erin Stutland’s Soul Stroll Volume I – $29

This is an incredible gift that doesn’t require your loved one to get any special equipment or drive to the gym. All they have to do is download the audios, pop in their headphones and step outside! Erin’s powerful guided meditations will help them de-stress while building their confidence and boosting their mood. And they get to enjoy some relaxing, mindful movement in the beautiful outdoors—what’s better than that? Get volume I of the series here!

For the Fashionista

Finding eco-friendly gifts for fashion lovers isn’t always easy… until now!

Everlane Slim Cotton Long-Sleeve Crew – $25

Comfy, high-quality basics are a necessity in every closet. Everlane’s mission statement says it all: “Exceptional quality. Ethical factories. Radical Transparency.” And by cutting out the middleman (meaning they produce everything in their own factories and sell it directly to us) they’re able to keep their prices nice and low! One thing to keep in mind: Not all of Everlane’s products are totally animal free, but they have plenty of vegan options to choose from. I bet your fashion-forward friend would love one of these laid-back, layerable long-sleeves. Pick one up here!

Angela Roi Morning Crossbody – $145

A timeless, dress-up-or-down bag is a wonderful gift—and one that’s not made from animals is next-level awesome. Angela Roi’s ethical luxury handbags are stunning, versatile and expertly crafted. I love this everyday cross-body because it’s large enough to carry all the essentials, but small enough not to be a burden. Pick it up for your lucky friend here!

Rothy’s Pointed Toe Flats – $145

Walking can save the environment in more ways than one! These cute, easy-to-wear shoes are made from recycled plastic bottles AND they’re machine washable. So, when they start to look a little rough, don’t retire them—just give ‘em a good bath! Check out Rothy’s here.

For the Aspiring Interior Decorator

Ya know that friend who just has an eye for design? These eco-friendly gifts are for them!

P.F. Candle Co. Terra Soy Candle – $30

Not only are these candles made from 100% domestic soy wax and natural fragrance oils, they also come in the most adorable reusable pots I’ve ever seen. That makes this gift a twofer! First, your giftee gets to fill up their cozy space with a delicious scent like juniper, rosemary or lavender. Then once the candle is gone, they can use the container to plant a sweet little succulent or collect odds and ends on their desk. Order their new favorite candle here!

The Little Market Striped Sisal Nesting Baskets – $8-72

These gorgeous handmade baskets come in all shapes, sizes and colors. They’re made out of sisal—a type of agave plant native to Mexico but grown in Kenya—by the Kasigau Basket Weavers (female artisans ages 25-90) of sisal. Any one of these baskets is sure to make your interior deco-loving pal smile. Click here to support these talented artisans!

Coyuchi Cirrus Supersoft Organic Cotton Throw – $148

Keep your favorite homebody warm all winter long with this beautifully soft blanket! It’s made of 100% GOTS certified cotton, which means it’s produced under strict social and environmental standards from start to finish. Cozy and kind—what more could you want?! Check it out here.

For the Chef

Hedley & Bennet Woodstock Classic Apron – $94

This super functional apron is exactly what your master chef friend needs to take their kitchen game to a whole new level. It’s handmade from recycled materials and the company is female founded (woo!). You can even get it embroidered with their name so everyone knows who’s the boss at mealtime. Check out Hedley & Bennet here.

Purifyou Reusable Produce Bags – $14.97

This may seem basic, but reusable produce bags really are a game changer when it comes to creating an eco-friendly kitchen. This set comes with nine bags in a variety of sizes. They’re made without BPA, lead or mercury, and produced in a facility free from harmful manufacturing chemicals. They’re also machine washable, which is a huge plus! Check them out here.

KitchenAid Sparkling Beverage Maker – $187.85

Single-use plastic bottles are a major source of waste, but we can make a difference by choosing alternatives like this sparkling beverage maker! Gift it to the creative cook in your life so they can make infused sparkling waters and fun cocktails for their next dinner party. Fancy AND good for the environment? Oh la la! This is the one I have (you might’ve seen it hanging out on the counter in one of my videos!), but I noticed there’s low stock, so here’s a backup just in case.

Wanna find the perfect gift for everyone on your list? Check out @kris_carr’s eco-friendly holiday gift guide!

I hope this list of eco-friendly gifts makes your holiday shopping a little bit easier (and kinder!) this year. I’m sending you lots of love, stress-free vibes and big, jolly Santa hugs!

Your turn: What are your favorite eco-friendly gifts to give? I love learning about products and companies that are doing good things for people and our planet. Let me know in the comments below!

Peace and kind gifting,

The post My 2018 Holiday Gift Guide (Eco-Friendly!) appeared first on KrisCarr.com.

0 notes

mikeyd1986 · 6 years

Text

MIKEY’S PERSONAL BLOG 107, June 2018

On Monday morning, I went down to the gym at YMCA Casey ARC and decided to divide my time between two different workouts: a 30 minute CX Works group fitness class and a 30 minute session on the treadmill. Being the first week of June, it was also the start of this year’s Get-Group Fit Winter competition. Unfortunately there didn’t have the stamp cards ready for printing in time today so I’ll have to grab one later this week.

It was my first time doing a CX Works class so naturally my mind was distracting me at times with anxious thoughts (I don’t know what I’m doing. Am I doing this correctly? Shit I have to move my equipment. I can’t keep up). But I did try to cut myself some slack considering I’m not used to this and it is Monday morning. As always, I learn mostly from observation so all I needed to do was see what everyone else was doing from grabbing equipment to doing the exercises. https://lesmills.com.au/cxworx

CX Works is a mixture of Pilates and Resistance Training with a focus on improving your core muscles, strength and posture. The fitness instructor Melanie thankfully demonstrated the movements very clearly with exercises including Crunch Pulses, Bridge Pose, Criss-Cross, Cross over Mountain Climbers and Dynamic Lunges and Squats (using the resistance bands). We also did a few movements using the weight plates including extensions and double leg lifts. It was a really tough class physically but considering it was my first time, I think I did pretty well. https://www.lesmills.com/fit-planet/fitness/the-complete-ab-guide/

During my treadmill workout, I pretty much came to the conclusion that running is not for me. I’ve never really enjoyed running and honestly I’m okay with that. That’s not to say I can’t run. When it comes to short sprints, I can really explode with power as I discovered last year during my PT sessions. But when it comes to endurance running, I burn out far too easily and heavy panting is not fun for me at all.

So I was comfortable just going at a power-walking pace today around 5-6 kmh. I also experimented a little with the incline function to tilt the treadmill upwards and therefore increase resistance. I figure that as long as I’m getting my heart-rate up and I’m burning calories then I’m technically doing a workout, which is good enough for me. I put it on Rolling Hills mode and watched some lovely scenery of Venice and Auckland on the screen. https://www.caseyarc.ymca.org.au/gym/strength-training-equipment

On Tuesday morning, I had an Employ Your Mind session with my support worker Ally Lamb at WISE Employment - Cranbourne Office. Like last week, today was another very small group with only Ally, Monika and myself in attendance (very much like an episode of Survivor without the elimination ceremony). In today’s session, we continued our discussion about conversations, this time focusing on how to actually start one.

Some of the suggestions of starting a conversation includes: Take a deep breath and smile, make a comment about the location, make eye contact and ask open ended questions. Next we brainstormed some ideas about open vs. closed questions. I found this pretty challenging as it’s an area I tend to struggle with. However, I came up with “What did you do on the weekend?” and “How can I help you today” under open questions and “How are you today?” under closed questions. https://www.wikihow.com/Start-a-Conversation-When-You-Have-Nothing-to-Talk-About

The second part of the session involved applying the tips and skills about starting conversations to our projects. Mine is Becoming a Barista and so I came up with the following open ended questions: How did you get into the hospitality industry? What qualifications would I need to become a barista? How much work experience do I need in order to become a barista? Lastly, we started researching the questions in order to find out more about our project topics. http://baristacoursemelbourne.com/#baristacourse

On Tuesday night, I did an RPM class with Kay at YMCA Casey ARC in Narre Warren. Thankfully the Get Group Fit stamp cards had arrived and there was a whole pile of them on the desk in front of the Group Fitness studio. I honestly had one of the best RPM classes tonight. I walked out feeling proud of myself thanks in large part to the instructor Kay who was very positive and motivating. Calling us things like “Crew” and “Champions” which may not seem like much to some people but to someone like me, it’s everything.

It was good to hear a few different tracks in the mix tonight including Lorde’s Green Light and Flo Rida’s Good Feeling. There were some steep mountain climbs, HIIT style attacks and fast racing sections. I honestly felt like I was on Cloud 9 with a huge rush of adrenaline. I was really proud of my results tonight which includes: KCal = 440 calories. Distance = 21 km. Max. Speed = 131 RPM. Max. Resistance Level = 54%. Probably one of my best performances in a while. https://www.lesmills.com/workouts/fitness-classes/rpm/

Following on from the chat I had with my support worker Ally Lamb yesterday, I could pretty much write a novel when it comes to my opinion of the Centrelink system. It is majorly flawed with often harsh and unrealistic thresholds to me their requirements. You could get a claim knocked back simply for making an accidental error on a form, not having enough points during an assessment or not providing enough evidence despite the fact that you SHOULD be getting benefits. It’s a bunch of bullshit and yet here I am again trying my luck to apply for the Low Income Health Care Card.

On Friday morning, I went to my local Centrelink office in Cranbourne to get my proof of identity documents validated. Unfortunately what was meant to be something very simple turned into a complex nightmare. It turns out there was a lot of confusion surrounding my name at birth and the system wasn’t having it. Initially I thought that my Maiden name was RAINEY after my Dad and I put this on my claim form. But it turns out this was a mistake and I was actually born a DIXON. Internally I was exploding with frustration (Are you fucking kidding me?), not that at the Centrelink staff but at the system itself.

For starters, it’s not something I think about very often. The surname of RAINEY is still such a huge emotional trigger for me because I associate it with my Dad. If you’ve been reading my blogs, you’ll know that the relationship with my Dad is a very distant, basically non-existent one and it still upsets me. I’ve always craved a true father figure in my life, to be a physical support and role model in my life. It’s part of the reason why I don’t feel 32 years old and probably will never feel my biological age.

But yes the truth is that I’ve always been a DIXON and I made an error on my Low Income Health Care Card application. It’s just that I was hoping this would be a very easy requirement for me to fulfill and I walked out of Centrelink feeling defeated and pissed off. Having a claim rejected on a technicality is not a pleasant thing to deal with. Believe me, many swear words were said afterwards. However, I have faith that I can get this mess sorted out but the whole situation has rattled me so I may have to hit the reset button on my claim. You live, you learn as Alanis Morissette once said. https://www.humanservices.gov.au/individuals/enablers/confirm-your-identity

On Friday night, I went to my Yoga class with Jade Hunter at YMCA Casey ARC. After all the drama that unfolded from my Centrelink visit today, this was exactly what I needed to do in order to de-stress and forget about my day. I do find Jade’s classes to be physically challenging but with enough flexibility to modify each pose if needed. It was a pretty full class tonight in the Creche which is always a good thing because there’s plenty of space.

Tonight we focused on the chakra of the Solar Plexus which resides behind the belly button. It’s colour is a bright golden yellow like the sun and is associated with digestion, confidence, power and self-esteem. https://www.doyouyoga.com/5-yoga-poses-to-balance-the-solar-plexus-chakra-26778/

Some of the poses and movements we did during tonight’s class include:

Vinyasa Flow Sequence: Baby Back Bend, Standing Forward Fold, Half-Lift, Downward Facing Dog, Plank, Chaturanga, Cobra/Updog. https://www.yogajournal.com/yoga-101/types-of-yoga/vinyasa-yoga

Dancing Warrior Sequence: Three Legged Dog, High Lunge, Warrior 2, Triangle Pose, Reverse Warrior. http://www.yogamagazine.com/dancing-warrior-2/

Strength & Core: Boat Pose, Dolphin Pose, Crane pose, Shoulder Stand, Plow pose, Bridge pose, Happy Baby. https://www.yogajournal.com/poses/types/strength

Seated Poses: Wide Legged Forward Fold with Side Bend, Staff Pose with Forward Fold, Half Lord of the Fishes pose. https://www.yogajournal.com/poses/types/seated-twists

0 notes

gilbertineonfr2 · 7 years

Text

Hacktivity 2017 Wrap-Up Day 1

My wrap-up crazy week continues… I’m now in Budapest to attend Hacktivity for the first time. During the opening ceremony some figures were given about this event: 14th edition(!), 900 attendees from 23 different countries and 36 speakers. Here is a nice introduction video. The venue is nice with two tracks in parallel, workshops (called “Hello Workshops”), a hacker center, sponsor’ booths and… a wall-of-sheep! After so many years, you realize immediately that it is well organized and everything is under control.

As usual, the day started with a keynote. Costin Raiu from Kaspersky presented “Why some APT research is like palaeontology?” Daily, Kaspersky collects 500K malware samples and less than 50 are really interesting for his team. The idea to compare this job with palaeontology came from a picture of Nessie (the Lochness monster). We some something on the picture but are we sure that it’s a monster? Costin gave the example of Regin: They discovered the first sample in 1999, 1 in 2003 and 43 in 2007. Based in this, how to be certain that you found something interesting? Finding IOCs, C&Cs is like finding bones of a dinosaur. At the end, you have a complete skeleton and are able to publish your findings (the report). In the next part of the keynote, Costin gave examples of interesting cases they found with nice stories like the 0-day that was discovered thanks to the comment left by the developer in his code. The Costin’s advice is to learn Yara and to write good signatures to spot interesting stuff.

The first regular talk was presented by Zoltán Balázs: “How to hide your browser 0-days?‘. It was a mix of crypto and exploitation. The Zoltán’s research started after a discussion with a vendor that was sure to catch all kind of 0-day exploits against browsers. “Challenge accepted” for him. The problem with 0-day exploits is that they quickly become ex-0-day exploits when they are distributed by exploit kits. Why? Quickly, security researchers will find samples, analyze them and patches will be available soon. From an attacker point of view, this is very frustrating. You spend a lot of money and lose it quickly. The idea was to deliver the exploit using an encrypted channel between the browser and the dropper. The shellcode is encrypted, executed then download the malware (also via a safe channel is required). Zoltán explained how he implemented the encrypted channel using ECDH (that was the part of the talk about crypto). This is better than SSL because if you control the client, it is too easy to play MitM and inspect the traffic. It’s not possible with the replay attack that implemented Zoltán. The proof of concept has been released.

Then another Zoltán came on stage: Zoltán Wollner with a presentation called “Behind the Rabbit and beyond the USB“. He started with a scene of the show Mr Robot where they use a Rubber Ducky to get access to a computer. Indeed a classic USB stick might have hidden/evil features. The talk was in fact a presentation of the Bash Bunny tool from Hak5. This USB stick is … what you want! A keyboard, a flash drive, an Ethernet/serial adapter and more! He demonstrated some scenarios:

QuickCreds: stealing credentials from a locked computer

EternalBlue

This device is targeting low-hanging fruits but … just works! Note that it requires physical access to the target computer.

After the lunch coffee break, Mateusz Olejarka presented “REST API, pentester’s perspective“. Mateusz is a pentester and, by experience, he is facing more and more API when conducting penetration tests. The first time that an API was spotted in an attack was when @sehacure pwned a lot of Facebook accounts via the API and the password reset feature. On the regular website, he was rejected after a few attempts but the anti-bruteforce protection was not enabled on the beta Facebook site! Today RASK API are everywhere and most of the application and web tools have an API. An interesting number: by 2018, 50% of B2B exchanges will be performed via web APIs. The principle of an API is simple: a web service that offers methods and process data in JSON (most of the time). Methods are GET/PUT/PATCH/DELETE/POST/… To test a REST API, we need some information: the endpoint, the documentation, get access to access key and sample calls. Mateusz explained how to find them. To find endpoints, we just try URI like “/api”, “/v1”, “/v1.1”, “/api/v1” or “/ping”, “/status”, “/health”, … Sometimes the documentation is available online or returned by the API itself. To find keys, two reliable sources are:

Apps / mobile apps

Github!

Also, fuzzing can be interesting to stress test the API. This one of my favourite talk, plenty of useful information if you are working in the pentesting area.

The next speaker was Leigh-Anne Galloway: “Money makes money: How to buy an ATM and what you can do with it“. She started with the history of ATMs. The first one was invented in 1967 (for Barclay’s in the UK). Today, there are 3.8M devices in the wild. The key players are Siemens Nixdorf, NSC and Fujitsu. She explained how difficult is was for her to just buy an ATM. Are you going through the official way or the “underground” way? After many issues, she finally was able to have an ATM delivered at her home. Cool but impossible to bring it in her apartment without causing damages. She decided to leave it on the parking and to perform the tests outside. In the second part, Leigh-Anne explained the different tests/attacks performed against the ATM: bruteforce, attack at OS level, at hardware and software level.

The event was split into two tracks, so I had to make choice. The afternoon started with Julien Thomas and “Limitations of Android permission system: packages, processes and user privacy“. He explained in details how are the access rights and permissions defined and enforced by Android. Amongst a deep review of the components, he also demonstrated an app that, once installed has no access, but, due to the process of revocation weaknesses, the app gets more access than initially.

Then Csaba Fitzl talked about malware and techniques used to protect themselves against security researchers and analysts: “How to convince a malware to avoid us?“. Malware authors are afraid of:

Security researchers

Sandboxes

Virtual machines

Hardened machines

Malware hates to be analysed and they sometimes avoid to infect certain targets (ex: they check the keyboard mapping to detect the country of the victim). Czaba reviewed several examples of known malware and how to detect if they are being monitored. The techniques are multiple and, as said Csaba, it could take weeks to review all of them. He also gave nice tips to harden your virtual machine/sandboxes to make them look really like a real computer used by humans. Then he gave some tips that he solved by writing small utilities to protect the victim. Example: mutex-grabber which monitors malwr.com and automatically creates the found Mutexes on the local OS. The tools reviewed on the presentation are available here. Also a great talk with plenty of useful tips.

After the last coffee break, Harman Singh presented “Active Directory Threats & Detection: Heartbeat that keeps you alive may also kill you!“. Active Directories remain a juicy target because they are implemented in almost all organizations worldwide! He reviewed all the components of an Active Directory then explained some techniques like enumeration of accounts, how to collect data, how to achieve privilege escalation and access to juicy data.

Finally, Ignat Korchagin closed the day with a presentation “Exploiting USB/IP in Linux“. When he asked who know or use USB/IP in the room, nobody raised hands. Nobody was aware of this technique, same for me! The principle is nice: USB/IP allows you to use a USB device connected on computer A from computer B. The USB traffic (URB – USB Request Blocks) are sent over TCP/IP. More information is available here. This looks nice! But… The main problem is that the application level protocol is implemented at kernel level! A packet is based on a header + payload. The kernel gets the size of data to process via the header. This one can be controlled by an attacker and we are facing a nice buffer overflow! This vulnerability is referenced as CVE-2016-3955. Ignat also found a nice name for his vulnerability: “UBOAT” for “(U)SB/IP (B)uffer (O)verflow (AT)tack“. He’s still like for a nice logo :). Hopefully, to be vulnerable, many requirements must be fulfilled:

The kernel must be unpatched

The victim must use USB/IP

The victim must be a client

The victim must import at least one device

The victim must be root

The attacker must own the server or play MitM.

Ignat completed his talk with a live demo that crashed the computer (DoS) but there is probably a way use the head application to get remote code execution.

Enough for today, stay tuned for the second day!

[The post Hacktivity 2017 Wrap-Up Day 1 has been first published on /dev/random]

from Xavier

#Hacktivity 2017 Wrap-Up Day 1

0 notes