Rena

A while back I was either on the Runescape Twitch channel or their Youtube channel and one of the lengthy videos was a Q and A from 2012 where MMG assured people that: a) MTX would be minimally about in-game advantage, mostly cosmetic stuff. b) Where it would be about in-game advantage it would never rival or supplant traditional in-game training and the integrity of the game and achievements would be preserved. c) Any in-game advantage it offered would also be available through some in-game method. He said all of that with a straight face. Fast forward to 2014 and all I can say is what a joke. I am sure Jagex would probably have a good laugh too if someone had them view that stream again. Youtube Video that has since been made Private, or at least Unlisted after a HLF'er posted it and asked Mod Infinity what was up with the video straight up lying to the player base.

I saw this coming... So basically subing super antifire for antipoison++. I'm also betting Araxxor will reside under Darkmeyer. Those steep cliffs would be the perfect place to put a cave for the spider. Teleporting would be a bit far though since you should only have ectophial I think... Drakan's Medallion

I don't consider 200m's endgame - because there are many things you might not have done by then. It would be silly to say someone with 200m all skills but hasn't beat all the quests has "beat Runescape".

I don't think it classes as best site of all time just because it's your most visited site.. I would assume 80% of the world has facebook or twitter as their most visited site but they're both shitGrats Drum Just so you know, when kr148 said "best site of all time" it was more more of a personal hyperbole/overstatement and that he didn't mean it literally.

Well the first thing to do is to contact Jagex who has the authority to authenticate you and give the account back. Not a fan site with no authority to get your account back and can't really do anything to help other than to tell you to contact Jagex. The Jagex support@ email is discontinued. So try to contact them on Twitter - the support team there tends to get back within 2-4 hours (when they're working, so don't expect weekend replies and such)

I'm honestly surprised they've managed to not run the company straight into the ground, full throttle ahead. I'm torn between whether that's because most of the player base is addicted or if Jagex has a hint of intelligence somewhere in the company. They don't seem to have any actual game designers. Very little thought is actually put into how certain things will play out (see: all the minigame failures recently where one side is completely unfun to play or is completely unbalanced) That's a tell-tale sign of having no game design. It's just "oh that sounds fun! Let's throw it in!" - only to later find out it isn't fun at all because the lack of game design makes the game pretty much unplayable, even if you weren't trying to boost it. The updates time and time again seem to not care about the longetivity of the game - and hopes to ride off Runescape's terrible PvM system by rushing people into end-game so they can do endgame PvM. They gave a huge middle finger to their veteran players and only give just enough shits about us to get us to shut up and keep playing (see: Elf City being max/comp centric) Regardless of all of this - I don't see Jagex/Runescape dying anytime soon. I still play the game (I find the bits and pieces I can actually enjoy and just stick to those). But I think Jagex is one of the most idiotic "succesful" companies and I'm genuinely impressed they haven't somehow [bleep]ed it all up. If most any other company made the mistakes on the same level as Jagex, they'd be out of business within 6 months.

This is like my 3rd purple in 2 weeks. Are they more common now?

That difference in XP.

ew. why? I really wanted a farm cape and I was getting 99 with a friend who was also at vinesweeper most of the time. I also like playing Minesweeper. So I found it fun. Playing a game for fun. What a weirdo.

Nearly every video on Youtube will tell you "40k xp/hr" (most actually result in 36-38k xp/hr and are just rounded up, although 40k xp/hr is possible it usually isn't the average) I did nothing but Vinesweeper between herb/farm runs for 40 to 99 Farming. Even when you recognize all the patterns there isn't much you can do to speed up digging holes and placing flags. If you have bonus XP - AFK'ing cure plant is 66k~ xp/hr. Meanwhile Vinesweeper requires 100% attention, cannot make mistakes, and caps at around 45k xp/hr but averages closer to 36-40k xp/hr

Livid Farm is 33k XP/Hr + Bonus XP applies, meaning 66k Xp/Hr with a small about of bonus XP. Vinesweeper (solo) is 35-37k XP/hr on average (my highest in one hour was 42k, but that was a bit of luck) If you know a way of doing 66k xp/hr solo at Vinesweeper consistently - teach me. Better yet - make an instructional video for your method.

Not if you're good at Vinesweeper. However it's only like 1-2k XP/hr slower with a fraction of the effort.

Yay. No more swapping between them and mud staff. Glad my suggestion got through. Just what we need! More XP!

Just have to know how to update really... unfortunately it seems updating is largely neglected.

Penetration testing is also quite interesting. Most businesses don't bother updating their servers, even if they are far out of date with security flaws everywhere - which means people can easily gain access. Businesses don't tend to take security as seriously as people think they do, until after a severe breach has occurred. You can read quite a few articles about pen testers who gain administrative access in under a few hours - sometimes mere minutes through unpatched exploits and social engineering of an adminstrative person through their private Facebook and other venues. Reverse Engineering is mostly done to patch software (by disabling certain checks) and understanding Malware design by RE'ing it in a virtual machine. If you are interested in RE you can learn some basics through Lena's tutorials here. I've had to patch a software before because although I had purchased the program - I had reinstalled Windows and the original programmer had passed away, so I was unable to ask for another key - I still had the program, but it required a new key due to being installed on a "new system". I had to patch it to not check for the key so that I could continue using it. It's a useful skill to have, although usually not worth the effort if you don't plan to have it as a career. I also don't support patching software to avoid paying for it. :P SQL injections and other server exploits are largely automated now. I won't give the name of the program - but there are several programs out there that automatically try to do SQL injection. So a person doesn't even need to be knowledgable to do injection anymore.

3.5m richer.

it forces them to try and discover and crack the email instead. That's the first step any competent cracker would go for - not the second. It gives more general access and after gaining access once is easy to do a form of social-engineering by snooping for data through accessing accounts related to that email. Once you have their email you can also more easily find all of their related accounts - recover those and possibly claim more information. Gaining access to the email also makes it harder for them to send recovery requests for all of their related accounts - meaning they have to wait on what is usually a 3-4 days proccess on GMail (and longer for other mail hosts usually) to recover their account. Once you have all that information, if/when the person recovers their own email/accounts back - you have all the information you need to recover other accounts and possibly even the email address again - although at that point you would be more focused on accounts of value. Nobody is going to try and bruteforce your RS password. Bruteforcing is only done on encrypted databases or devices/websites without a lockout timer (which almost all do nowadays) and even for those purposes is rather slow. They would first start out with a dictionary attack to recover as many passwords as possible. Many blackhat crackers have expansive dictionaries that include common phrases, common password lists, foreign languages, other common passwords they've found, and would be used far before they bother bruteforcing. The issue with the point you are trying to make is it assumes people will first go for the RS account and only go for the email if the RS account is too secure. This is backwards, because they would first go to the email regardless of the RS security. Knowing you'll need to hold onto an RS account for 3-5 days to cancel a bank pin to actually clear the account automatically tells you: 1) Your targets must be targets you know aren't actively playing the game 2) You must keep access to the account for 3-5 days if they are active, meaning you need to have access to their recovery method (usually: their email address) to prevent them from recovering the account. 3) If you have knowledge of them not having a bank pin you might try to access the account directly through social engineering [this is the only exception to the "attack the email first"] The RS account is your door. It doesn't matter how much security you add to that door if the robber is just going to come through the window - so you better have a barred window. Your email address is your window and is also the first place any cracker will go for.

No, if it provides no additional security over your email it is superfluous. You're just as secure with or without the addition because any competent cracker will bypass the security entirely and focus on recovering your email address and using that for their entry into your account. Tell me, if someone can access your email - what good does having this app do for you? Zilch. Nadda. Nothing. It's a false sense of security for those who don't understand online security. Or security in general - you're only as strong as your weakest link. The only thing you should care about securing is your email if you have one authenticated. Telling people "Oh, your account will be more secure if you download our app!" is lulling people into a false sense of security because in reality it doesn't do anything for you. E: Think of it like a house. A salesman tells you your house is insecure because your front door doesn't even have a lock! So you pay to have the lock installed. A few weeks later, your house is broken into. A different salesman tells you of course it was! Your lock wasn't strong enough and they just broke the lock and forced their way in. So he sells you a chainlock, which is a lot stronger. You have it installed. A while later your house is broken into yet again. Puzzled, you ask your neighbor. He tells you that chainlocks can be unlocked with just a rubberband and a pencil - and then the robber forced his way into your house. So you have a Grade-A retina scanner installed with an airtight steel security door installed. You really stepped it up! Now nobody is getting in or out of that door without your eyeball! A few weeks later, your house is broken into yet again. You consult a security expert - who tells you one of your windows was left cracked open and the robber just entered the house by removing the screen from the window. How useful was the door?

It defaults back to your email which makes it superfluous. It's just as useless as JAG was (JAG didn't actually do anything either). It's just another false sense of security. It's only as secure as your email is - and most people don't keep their emails very secure.

for [bleep] sake Buddhism 5,314 Kr148 11,386 Happy now? Will you pretty please do mine? In exchange you can have a cute picture of a kitten: /s

It's possible to know that something isn't being done right without knowing exactly what the mistake is and how it could have been corrected. In my example they know how it is done and isn't done as well as the method to correct it but cannot do it right themselves. In a sentence, "An understanding of how something is done with a physical incapability of doing it themselves."

Beyond the lack of testers - the community shouldn't be trusted for game balance or game design. Sure, maybe for outlying things that are blatantly broken, but not in general. Players are terrible game designers - and this is what makes Power to the Players a bit more dangerous. What worries me more is that Jagex themselves don't seem to have anyone knowledgable in game design. Get Riot to speak about game design, counterplay, and what creates a "fun" environment. Then see what Jagex has to say. Sure the games are different genres entirely - but the same aspects can be applied to both games - and especially the PvP side of Runescape. For those relatively unfamilar with Riot - this is a quick summary of their game design beliefs: There should (nearly) always be counterplay / a way to outplay your opponent. There should always be meaningful choices. There should never be a "trap" choice. One that "seems" like a good choice at first glance, but further anaylsis shows its one of the worst choices you can make at any point in time. (Unrelated except on a tangent): The game shouldn't be decided on "champ select". | This could apply to Runescape as "The outcome shouldn't be decided entirely on gear." Runescape lacks #1 and #2 and thus has boring, meaningless combat. Completely off topic: I'm not sure if this would fall under that explanation by John Cheese or not... Is being bad at playing a musical instrument the same as being bad at teaching, understanding, or creating music on that musical instrument? Someone may lack the ability to play piano themselves but can critique others who do play piano. Whether it's pointing out they arch their fingers or perhaps messed up a chord during a progression. In other words, they have no skill in actually playing the piano but can accurately judge others who have at least some capability of playing piano. Which contradicts what he says.

Agree 100%. Powercreep is inevitable in an MMO unless the highest ends of the game have been filled out - at which point the game stagnates and grows boring). Of course I do agree it should be a slow, gradual curve and not an insane power spike. But moving onto what I think is the more important issue: If a Dragon Crossbow is meant for users with 60 range to use - it should be at a cost that level 60's can afford. If they can't afford it - Jagex needs to ask themselves "why" and if there is anything they can do to fix it. Ascensions could have used another Crossbow created by "crossbow pieces" dropped by the lower levelled Ascensions monsters and to combine into let's say... a tier 75 crossbow. Then you use the Signets to create Ascensions from it. The tier 70/75 Crossbow would be a viable replacement to Chaotics for those who don't want to grind the tokens or lack the levels - they can still release a Dragon Crossbow at Tormented Demons - and everything is balanced. Having to be built from 3 different parts and perhaps be equivalent in rarity to an Armadyl Crossbow could justify it being the same/slightly higher level.

IIRC he doesn't have any BXP in Mining. But that's because he planned on doing WBS for Mining anyways.