Because nobody has ever, in the history of the world, been wrongfully indicted by the police.
I have a newsflash for you: Terrorists aren't caught by the methods they sell us to fight terrorism. Quick quiz: How many terrorists have been caught at the body scanners and pat-down checks at the airport?
You don't want to brick because you can easily use the lock finger by mistake. But it should be a hassle to unlock after, and require something non-biometric.
With a password, it can be argued that divulging it would constitute self-incrimination,
That's one part. The other part is that the stress of prosecution is well known to cause your memory to go hazy and even top politicians who are used to a lot of stress have a tendency to suddenly not be able to remember important details anymore. How will you, a normal person, remember your password under such circumstances?
"I don't remember." is the get-out-of-jail-card you only have if the thing they need is something that is in your memory.
Long passwords (please, please stop this complexity nonsense. Length > complexity !) are too inconvenient to be used constantly.
Something that allows me to use my fingerprint if the phone hasn't left my possession but requires a long password if it has been off for a day, etc. would be a nice solution.
The better solution would be to have "lock fingers" as well as unlock fingers. Let me use some of my fingers to tell the device that I'm not trying to unlock it voluntarily, and it should instead lock down, encrypt everything, turn off the unlock fingers and require the long password to unlock. Then let them guess which finger is which.
but the sub-events that don't actually lead to an incident are often grossly under-reported.
Oh I couldn't agree more on that. I too rarely see "near misses" as part of the risk management or incident management process and most of the time the part where I talk about them in my workshops it's a cheap "revelation" to sell because it makes so much sense but is rarely done.
But it's also because raising a security bug can rain fire and brimstone down on that team and be abused politically.
That is slowly changing, though. I've seen the same change in culture 25 year ago on the business side with TQM. I was still in university when that happened, but it was basically the same thing. One day soon someone will invent TSM and write a cute book about it and then the whole CxOs will finally listen. I'd love to peer-review that book, but I won't write it, business fluff isn't my thing.
Great, you have read Norman and learned about threat modeling.
I've read a lot more and threat modeling is a small element in one step (risk identification) of a risk management process. But you've just demonstrated your ignorance.
I'm at the bottom and teach people with fancy titles the likes you have and listed,
...and that twice in one posting, congratulations!
I used to be a sysadmin. I've run many of the systems I talk about at one point or another in my career. That's why I've insisted to not have "consultant" as my job title ever in my career. Because what you say is right when you're talking about them. I've seen so many consultants who make excellent powerpoint slides and don't have the first clue about Bayes or regression to the mean or can't explain what a sunk cost fallacy is or how proper forecasting works.
And yes, fluffing executives is a big part, but you can shorten it by a few clear demonstrations of competence. One of the primary skills of a CISO is to earn the trust of his top management so they don't double-check everything he does.
I don't know who invented the phrase (maybe xkcd?) but as we all know "the cloud is just other peoples computers". Anyone who expects magic from it also believes in Santa Claus and $deity.
Because MacOS is a pain in the ass. It's that simple.
It's actually not so simple.
I've seen first hand making people transitions between OSes in many cases and in practically every direction. I think OSX to Linux is the only direction I've not seen happen.
There is always the pain of things just being different than you are used to. That happens no matter from which OS you switch to which other OS. It even happens to a smaller extend between major versions of the same OS (we all remember the crying and shouting when Windows 10 appeared).
So if you are a life-long Windows user and you sit down for half an hour in front of MacOS or Linux or anything else, yes it will feel like a pain in the ass. The same way that for me Windows is the worst user interface that you can possibly invent. I mean, it has things I wouldn't have come up with if someone had specifically tasked me with making it as bad as possible. And I've seen the same initial feelings for people moving from Linux to OSX or from Windows to Linux.
Nice conspiracy theory but if anything Windows and general IT security has gotten worse over the years, not better, not because of technical flaws per se but because the stuff is explicitly built to be easier and thus also easier to exploit.
Most purely technological challenges have been solved when it comes to IT security.
We haven't solved the management and usability challenges.
I can lock down a Linux system so much that I can give you remote root SSH access and you still can't damage it. In fact, I've done exactly that at hacker conferences. And the resulting system is still useable enough that I will give my presentation from it, after it's been on the conference wifi for the whole day and while it's still open to SSH during my talk with the root password posted in sight.
But it won't be a system where you can deploy a new docker container with a few clicks or where you can run "composer install" without jumping through some hoops. Or where your random office application will run without extensive configuration of the security policy.
As long as every office worker needs a fully functional general purpose computer at his desk, the challenge to combine security and usability is insurmountable. If you can tell me what your people are actually doing and what they need to do their work, I can give you a secure machine for them. But in the real world one half of managers doesn't have half a clue what and more importantly how their people are actually working and the other half has people doing so many different and constantly changing tasks that the definition of their job is in constant fluctuation.
And that's not a technical challenge, that's a management challenge.
I have clients that are the exact same way, they want the prototype of software out of the door because it's functional and it's a minimal spend
We know how to build secure development into software development. In fact, we've known it since the 1960s. It's not even expensive when you consider TCO. But speed to market is impacted and most software development today doesn't even have a clear understanding of the end product (no matter if you call that agile or not-having-a-clue), which makes it hard to make a proper architecture and define proper security requirements.
I do risk analysis for a living, among other things. I'm the Senior Information Security Architect at my company and I train risk managers and CISOs. Most importantly, I do quantitative risk analysis using actual numbers and statistics, not the "green, yellow, red" nonsense that most IT consultants sell you because it's the only thing they (barely) understand.
One of the most consistent findings I have almost every time is that expert intuition is wrong about risk. That's not exactly news, almost every book ever written about the topic confirms it. But the conclusion is just as obvious: What IT security experts feel is the biggest threat has a low correlation coefficient with what is actually real.
That doesn't mean insider threats aren't real, they definitely are and they typically do rank high in a properly conducted risk assessment. But there are almost always two types of risks that outrank them. First, the low-probability but high impact risks that more often than expected turn out to be existence-threatening and that fact makes them more important than their statistical value indicates. And secondly the bothersome low-impact but high-frequency (yes, probability becomes meaningless if the number of events can be higher than one) ones. They add up, and much more than you'd think.
Insider attacks are just the high-impact with sufficiently high probability events that come to the top of our intuitive understanding. Which has been empirically proven to be wrong in so many ways that books have been written about that alone.
62 percent of respondents believe the biggest security threat comes from the well-meaning but negligent end user.
Have the same respondents checked their incident management report to validate their feeling against recent events? How much damage have those end users actually caused and is that value within the confidence interval of your expectation? Do they know that you can take historic data and actually calculate the probability that your assessment of the risk is true given that data? Have they done it?
Well, you have a choice. You can fly somewhere for $50, or you can be reasonably sure to arrive alive.
Air travel has become cheap, but so much more crappy in every aspect, from the nickel-and-diming where you pay extra for the smallest service (such as picking your own seat during check-in, I mean seriously?) to saving on safety.
As long as price is the dominating reason for decisions, it will continue to go this way.
When we stop being cheap assholes and ready to pay the price that things cost, it will change.
There's an entire engine on YouTube, Twitter and Facebook dedicated to exploiting angry, bitter, jobless young men for ad revenue and Pateron donations. I'm bloody sick of it. It's dangerous as fuck. Eventually a real demagogue will come along and organize them into brown shirts.
Given how much easier it is to bleed them and buy yourself a yacht and a villa, most of them will be content with that. One of the (rare) advantages of the social media revolution is that the vast majority of people these days don't have enough attention span to attend an actual revolution anymore.
Man did the sjw types get a hard on for him and will not drop it. It's foolishness like this, when they're so blatantly wrong which actually weakens their cause as people start to question "if they're wrong about PDP, who else are they misrepresentating?"
Absolutely everything. That was an easy question. Any other questions?
Feminism and astrology have multiple things in common. One of them is that they started with a general good idea ("women should be equal" or "stars are pretty interesting") and ended up in in the land of total nonsense.
PewDiePie encompass typical childish and nerds humour, taking the piss and messing around. There's very very little bad stuff here.
Except, again, by those who took the harmless basic idea and then went with it until they were way over the cliff.
and for everyone not following the very latest technobabble GPU boards:
Does that mean the new iMac has good VR support coming?
That's basically the only thing the slightly older ones don't have. I play everything on max settings in most games, so I really wonder why it's considered insufficient - except for VR.
I honestly don't remember the name, mostly because it was in french which I still speak at A1 level and that's on a good day. I might have the character sheet somewhere in a box on the roof, but honestly for a/. comment I'm not digging through that. I remember it had magic swords that drained life energy on hits, and similar to the much later Earthdawn had their own section on the character sheet.
You might have heard of it. If you have and especially if there is an english translation, I'd love to read that.
The systems you never heard about were the ones that we made up ourselves. Often unbalanced and badly written, but we worked around the holes and had fun. I'm very, very happy that my introduction to roleplaying was not a 200 page tome, but a 20 page notebook and a basic philosophy of "if the rules don't work for the situation, we adapt the rules".
D&D is arguably not the best of pencil and paper RPGs, but it was the first of it's type to become widely known and basically launched the entire industry.
There is much truth to that, yes. D&D was and still is the elephant in the room and for all I care they can be. I just wish they don't completely dominate the scene, because there is so much cool stuff aside from it.
Did you ever play any of the Palladium titles? Heroes Unlimited, Rifts, After the Bomb, etc? What about Shadowrun or Cyberpunk 2020? Then of course there was Rolemaster, where there was effectively no limit to how well or poorly one could roll, allowing for the occasional stunning success or the laughably epic fail. All of that 80s gaming goodness really takes me back.
Yes, of course. I started one or two Palladium titles but never got far enough that I would say I actually played it. I did play both Shadowrun and Cyberpunk. There was also Twilight:2000, another one of my all-time-favorites.
Absolutely. But in the words of Ron Edwards: System matters.
Also, if you need to work around too many parts of the system, it raises the question if another system wouldn't be better. Because I've made up enough house rules and even entire RPG systems in my time (one of which I'm even selling on DriveThruRPG) that when I sit down to play I actually want to play. Not fix the rules.
A brilliant GM, meanwhile, is at his best exactly when players go off the script.
I have so many fond memories of the gaming evenings I had where no script even existed. Many times we came to the gaming evening not even knowing who would be the GM that night.
If you have a group of people who first and foremost want to enjoy the game, and understand that it's a cooperative effort to create a story, you don't even need a script. Players will volunteer their ideas, enjoy whatever you make up, and not purposefully look for holes in the story that was just invented on the fly and by that fact alone will, of course, be full of holes.
That is where pen&paper RPGs are actually very similar to improv theatre. The first goal of everyone is to keep things flowing, and to patch over instead of exploiting points where it could break.
I shudder to think about trying to teach someone how to play 1st or 2nd edition at this point. They were really really bad. I have super fond memories, but man, I can't imagine how much better it would have been to start with a more modern version.
I tried 3.x back in the days and I agree with you how terrible they were. I actually read the rules for I think 2 and decided to never, ever, touch it even with a very long pole.
But that's not a question of modern. There were better games around already, with better rules and higher playability. It's just that D&D was stuck way too long in its dungeon-hauling-gold-equals-xp ways. They may have dumped the most blatant rules of that mindset, but not the mindset itself.
I tried Pathfinder and it wasn't really a change. They still try to solve overcomplicated rules by adding more rules. They still don't trust the players or the GM to use their brains. They envision gaming groups to be adversial, disfunctional geeks who play to min-max and get a kick and write rules the way other people write laws. That's a functional shortcoming of the mindset behind the rules.
Meanwhile, at the very same time, people were happily playing roleplaying games with rules that filled about 20 pages and allowed freedom to adapt them to any circumstances which also means you're never in the situation where you need to hit stackoverflow to ask what the rules say about your specific unusual circumstances.
I'm a big fan von Vin Diesel playing RPGs. I just wish they would play others as well and show people that there's more than just D&D, because D&D does not fit to every playing style and everyones preferences. I'm one of those people and I would like more people with more free, creative, cooperative playing styles and I don't want they are driven out by thinking that all RPGs are like D&D.
Did games such as Final Fantasy, Diablo, World of Warcraft, Neverwinter Nights, etc have an influence on keeping the genre alive?
Yes, but in the worst possible way. They made games that use miniatures and battle maps popular, and modular dungeons and... well, basically RPGs that are complicated board games.
The real roleplaying happens outside of that. The appeal of pen&paper roleplaying is in the parts that you can't put into a computer game. There have been some computer RPGs that did more than move you from combat encounter to combat encounter with a storyline about as thick as that from Wolfenstein 3D or any other shooter, but sadly most of them turn into walls of texts because they went too far into the "visual novel" direction and they try to deliver a strong story but forget that player choice is more deep than picking options in a dialog tree.
Some of my most memorable gaming moments - as both player and GM - are when the player actions just completely broke the storyline, when players did entirely unexpected things, went sideways and drove a truck through the plot holes to exploit them to their advantage. Maybe 10% of those moments would've been possible in a computer game.
While I'm happy that more people get into the hobby, D&D isn't roleplaying. Especially since they introduced RAW (rules-as-written) it's should be clear to all the naysayers that it's a tabletop war game with roleplaying elements. Miniatures, battle maps...
This does make it a good candidate for turning it into a computer game and it's not a surprise that D&D has more computer games titles to it than any other RPG system.
I'm very glad I was introduced to roleplaying games by somethign else, and only years later played some D&D. Never liked it (as if you couldn't tell so far) and soon stopped. Tried again with its bastard child Pathfinder and barely got past the character generation.
I hope those starting RPGs via D&D soon meet other games as well. There has been such a great revival of indie games and truly innovative RPGs. I haven't even come around to playing all of them. It used to be that we would play some obscure french system with the only guy with fluent french being the GM. Or something someone brought back from the US because it didn't exist in Europe (that was before Amazon and DriveThruRPG, obviously). We played Villains & Vigilantes, a superhero game where you, your real life identity, is the secret identity of your superhero. I'm still searching for a copy of the original rules book, 20 years after they stopped publishing it (if anyone has it, please answer!). We played Justifiers (the 1988 original, not the recent relaunch). I'm still in love with Fireborn, a game where you play dragons and jump between two timelines. Or The Riddle of Steel which is everything that a Conan RPG should be, minus the name. And so much in the grey area between mainstream and indie - Paranoia, Werewolf (Vampire's less popular brother), Traveller, Earthdawn.
I just wish all these new players that they don't get stuck with D&D and discover how rich the hobby actually is and how much else exists.
Slashdot Mirror
Because nobody has ever, in the history of the world, been wrongfully indicted by the police.
I have a newsflash for you: Terrorists aren't caught by the methods they sell us to fight terrorism. Quick quiz: How many terrorists have been caught at the body scanners and pat-down checks at the airport?
You don't want to brick because you can easily use the lock finger by mistake. But it should be a hassle to unlock after, and require something non-biometric.
One reason why all my really important passwords are not in a password manager. Eggs and baskets and all that.
With a password, it can be argued that divulging it would constitute self-incrimination,
That's one part. The other part is that the stress of prosecution is well known to cause your memory to go hazy and even top politicians who are used to a lot of stress have a tendency to suddenly not be able to remember important details anymore. How will you, a normal person, remember your password under such circumstances?
"I don't remember." is the get-out-of-jail-card you only have if the thing they need is something that is in your memory.
Long passwords (please, please stop this complexity nonsense. Length > complexity !) are too inconvenient to be used constantly.
Something that allows me to use my fingerprint if the phone hasn't left my possession but requires a long password if it has been off for a day, etc. would be a nice solution.
The better solution would be to have "lock fingers" as well as unlock fingers. Let me use some of my fingers to tell the device that I'm not trying to unlock it voluntarily, and it should instead lock down, encrypt everything, turn off the unlock fingers and require the long password to unlock. Then let them guess which finger is which.
but the sub-events that don't actually lead to an incident are often grossly under-reported.
Oh I couldn't agree more on that. I too rarely see "near misses" as part of the risk management or incident management process and most of the time the part where I talk about them in my workshops it's a cheap "revelation" to sell because it makes so much sense but is rarely done.
But it's also because raising a security bug can rain fire and brimstone down on that team and be abused politically.
That is slowly changing, though. I've seen the same change in culture 25 year ago on the business side with TQM. I was still in university when that happened, but it was basically the same thing. One day soon someone will invent TSM and write a cute book about it and then the whole CxOs will finally listen. I'd love to peer-review that book, but I won't write it, business fluff isn't my thing.
Great, you have read Norman and learned about threat modeling.
I've read a lot more and threat modeling is a small element in one step (risk identification) of a risk management process. But you've just demonstrated your ignorance.
I'm at the bottom and teach people with fancy titles the likes you have and listed,
...and that twice in one posting, congratulations!
I used to be a sysadmin. I've run many of the systems I talk about at one point or another in my career. That's why I've insisted to not have "consultant" as my job title ever in my career. Because what you say is right when you're talking about them. I've seen so many consultants who make excellent powerpoint slides and don't have the first clue about Bayes or regression to the mean or can't explain what a sunk cost fallacy is or how proper forecasting works.
And yes, fluffing executives is a big part, but you can shorten it by a few clear demonstrations of competence. One of the primary skills of a CISO is to earn the trust of his top management so they don't double-check everything he does.
Then there is the cloud.
I don't know who invented the phrase (maybe xkcd?) but as we all know "the cloud is just other peoples computers". Anyone who expects magic from it also believes in Santa Claus and $deity.
Because MacOS is a pain in the ass. It's that simple.
It's actually not so simple.
I've seen first hand making people transitions between OSes in many cases and in practically every direction. I think OSX to Linux is the only direction I've not seen happen.
There is always the pain of things just being different than you are used to. That happens no matter from which OS you switch to which other OS. It even happens to a smaller extend between major versions of the same OS (we all remember the crying and shouting when Windows 10 appeared).
So if you are a life-long Windows user and you sit down for half an hour in front of MacOS or Linux or anything else, yes it will feel like a pain in the ass. The same way that for me Windows is the worst user interface that you can possibly invent. I mean, it has things I wouldn't have come up with if someone had specifically tasked me with making it as bad as possible. And I've seen the same initial feelings for people moving from Linux to OSX or from Windows to Linux.
I stand corrected. They had a first version in 2006, only 12 years after Apple. :-)
Nice conspiracy theory but if anything Windows and general IT security has gotten worse over the years, not better, not because of technical flaws per se but because the stuff is explicitly built to be easier and thus also easier to exploit.
Most purely technological challenges have been solved when it comes to IT security.
We haven't solved the management and usability challenges.
I can lock down a Linux system so much that I can give you remote root SSH access and you still can't damage it. In fact, I've done exactly that at hacker conferences. And the resulting system is still useable enough that I will give my presentation from it, after it's been on the conference wifi for the whole day and while it's still open to SSH during my talk with the root password posted in sight.
But it won't be a system where you can deploy a new docker container with a few clicks or where you can run "composer install" without jumping through some hoops. Or where your random office application will run without extensive configuration of the security policy.
As long as every office worker needs a fully functional general purpose computer at his desk, the challenge to combine security and usability is insurmountable. If you can tell me what your people are actually doing and what they need to do their work, I can give you a secure machine for them. But in the real world one half of managers doesn't have half a clue what and more importantly how their people are actually working and the other half has people doing so many different and constantly changing tasks that the definition of their job is in constant fluctuation.
And that's not a technical challenge, that's a management challenge.
I have clients that are the exact same way, they want the prototype of software out of the door because it's functional and it's a minimal spend
We know how to build secure development into software development. In fact, we've known it since the 1960s. It's not even expensive when you consider TCO. But speed to market is impacted and most software development today doesn't even have a clear understanding of the end product (no matter if you call that agile or not-having-a-clue), which makes it hard to make a proper architecture and define proper security requirements.
I call massive bullshit on the conclusion.
I do risk analysis for a living, among other things. I'm the Senior Information Security Architect at my company and I train risk managers and CISOs. Most importantly, I do quantitative risk analysis using actual numbers and statistics, not the "green, yellow, red" nonsense that most IT consultants sell you because it's the only thing they (barely) understand.
One of the most consistent findings I have almost every time is that expert intuition is wrong about risk. That's not exactly news, almost every book ever written about the topic confirms it. But the conclusion is just as obvious: What IT security experts feel is the biggest threat has a low correlation coefficient with what is actually real.
That doesn't mean insider threats aren't real, they definitely are and they typically do rank high in a properly conducted risk assessment. But there are almost always two types of risks that outrank them. First, the low-probability but high impact risks that more often than expected turn out to be existence-threatening and that fact makes them more important than their statistical value indicates. And secondly the bothersome low-impact but high-frequency (yes, probability becomes meaningless if the number of events can be higher than one) ones. They add up, and much more than you'd think.
Insider attacks are just the high-impact with sufficiently high probability events that come to the top of our intuitive understanding. Which has been empirically proven to be wrong in so many ways that books have been written about that alone.
62 percent of respondents believe the biggest security threat comes from the well-meaning but negligent end user.
Have the same respondents checked their incident management report to validate their feeling against recent events? How much damage have those end users actually caused and is that value within the confidence interval of your expectation? Do they know that you can take historic data and actually calculate the probability that your assessment of the risk is true given that data? Have they done it?
You mean windows will get a feature that's been built-in to every Mac I've ever owned?
(to those who don't own a Mac - I'm speaking of Grapher).
So amazing... so revolutionary... please do let me know when windows get another feature that real operating systems have had for a quarter century.
Well, you have a choice. You can fly somewhere for $50, or you can be reasonably sure to arrive alive.
Air travel has become cheap, but so much more crappy in every aspect, from the nickel-and-diming where you pay extra for the smallest service (such as picking your own seat during check-in, I mean seriously?) to saving on safety.
As long as price is the dominating reason for decisions, it will continue to go this way.
When we stop being cheap assholes and ready to pay the price that things cost, it will change.
There's an entire engine on YouTube, Twitter and Facebook dedicated to exploiting angry, bitter, jobless young men for ad revenue and Pateron donations. I'm bloody sick of it. It's dangerous as fuck. Eventually a real demagogue will come along and organize them into brown shirts.
Given how much easier it is to bleed them and buy yourself a yacht and a villa, most of them will be content with that. One of the (rare) advantages of the social media revolution is that the vast majority of people these days don't have enough attention span to attend an actual revolution anymore.
Man did the sjw types get a hard on for him and will not drop it. It's foolishness like this, when they're so blatantly wrong which actually weakens their cause as people start to question "if they're wrong about PDP, who else are they misrepresentating?"
Absolutely everything. That was an easy question. Any other questions?
Feminism and astrology have multiple things in common. One of them is that they started with a general good idea ("women should be equal" or "stars are pretty interesting") and ended up in in the land of total nonsense.
PewDiePie encompass typical childish and nerds humour, taking the piss and messing around. There's very very little bad stuff here.
Except, again, by those who took the harmless basic idea and then went with it until they were way over the cliff.
and for everyone not following the very latest technobabble GPU boards:
Does that mean the new iMac has good VR support coming?
That's basically the only thing the slightly older ones don't have. I play everything on max settings in most games, so I really wonder why it's considered insufficient - except for VR.
Oh, you're one of those.
You lost me there. One of whose, exactly?
I honestly don't remember the name, mostly because it was in french which I still speak at A1 level and that's on a good day. I might have the character sheet somewhere in a box on the roof, but honestly for a /. comment I'm not digging through that. I remember it had magic swords that drained life energy on hits, and similar to the much later Earthdawn had their own section on the character sheet.
You might have heard of it. If you have and especially if there is an english translation, I'd love to read that.
The systems you never heard about were the ones that we made up ourselves. Often unbalanced and badly written, but we worked around the holes and had fun. I'm very, very happy that my introduction to roleplaying was not a 200 page tome, but a 20 page notebook and a basic philosophy of "if the rules don't work for the situation, we adapt the rules".
D&D is arguably not the best of pencil and paper RPGs, but it was the first of it's type to become widely known and basically launched the entire industry.
There is much truth to that, yes. D&D was and still is the elephant in the room and for all I care they can be. I just wish they don't completely dominate the scene, because there is so much cool stuff aside from it.
Did you ever play any of the Palladium titles? Heroes Unlimited, Rifts, After the Bomb, etc? What about Shadowrun or Cyberpunk 2020? Then of course there was Rolemaster, where there was effectively no limit to how well or poorly one could roll, allowing for the occasional stunning success or the laughably epic fail. All of that 80s gaming goodness really takes me back.
Yes, of course. I started one or two Palladium titles but never got far enough that I would say I actually played it. I did play both Shadowrun and Cyberpunk. There was also Twilight:2000, another one of my all-time-favorites.
Ah... memories...
It depends on how you play it.
Absolutely. But in the words of Ron Edwards: System matters.
Also, if you need to work around too many parts of the system, it raises the question if another system wouldn't be better. Because I've made up enough house rules and even entire RPG systems in my time (one of which I'm even selling on DriveThruRPG) that when I sit down to play I actually want to play. Not fix the rules.
A brilliant GM, meanwhile, is at his best exactly when players go off the script.
I have so many fond memories of the gaming evenings I had where no script even existed. Many times we came to the gaming evening not even knowing who would be the GM that night.
If you have a group of people who first and foremost want to enjoy the game, and understand that it's a cooperative effort to create a story, you don't even need a script. Players will volunteer their ideas, enjoy whatever you make up, and not purposefully look for holes in the story that was just invented on the fly and by that fact alone will, of course, be full of holes.
That is where pen&paper RPGs are actually very similar to improv theatre. The first goal of everyone is to keep things flowing, and to patch over instead of exploiting points where it could break.
I shudder to think about trying to teach someone how to play 1st or 2nd edition at this point. They were really really bad. I have super fond memories, but man, I can't imagine how much better it would have been to start with a more modern version.
I tried 3.x back in the days and I agree with you how terrible they were. I actually read the rules for I think 2 and decided to never, ever, touch it even with a very long pole.
But that's not a question of modern. There were better games around already, with better rules and higher playability. It's just that D&D was stuck way too long in its dungeon-hauling-gold-equals-xp ways. They may have dumped the most blatant rules of that mindset, but not the mindset itself.
I tried Pathfinder and it wasn't really a change. They still try to solve overcomplicated rules by adding more rules. They still don't trust the players or the GM to use their brains. They envision gaming groups to be adversial, disfunctional geeks who play to min-max and get a kick and write rules the way other people write laws. That's a functional shortcoming of the mindset behind the rules.
Meanwhile, at the very same time, people were happily playing roleplaying games with rules that filled about 20 pages and allowed freedom to adapt them to any circumstances which also means you're never in the situation where you need to hit stackoverflow to ask what the rules say about your specific unusual circumstances.
I'm a big fan von Vin Diesel playing RPGs. I just wish they would play others as well and show people that there's more than just D&D, because D&D does not fit to every playing style and everyones preferences. I'm one of those people and I would like more people with more free, creative, cooperative playing styles and I don't want they are driven out by thinking that all RPGs are like D&D.
Did games such as Final Fantasy, Diablo, World of Warcraft, Neverwinter Nights, etc have an influence on keeping the genre alive?
Yes, but in the worst possible way. They made games that use miniatures and battle maps popular, and modular dungeons and... well, basically RPGs that are complicated board games.
The real roleplaying happens outside of that. The appeal of pen&paper roleplaying is in the parts that you can't put into a computer game. There have been some computer RPGs that did more than move you from combat encounter to combat encounter with a storyline about as thick as that from Wolfenstein 3D or any other shooter, but sadly most of them turn into walls of texts because they went too far into the "visual novel" direction and they try to deliver a strong story but forget that player choice is more deep than picking options in a dialog tree.
Some of my most memorable gaming moments - as both player and GM - are when the player actions just completely broke the storyline, when players did entirely unexpected things, went sideways and drove a truck through the plot holes to exploit them to their advantage. Maybe 10% of those moments would've been possible in a computer game.
While I'm happy that more people get into the hobby, D&D isn't roleplaying. Especially since they introduced RAW (rules-as-written) it's should be clear to all the naysayers that it's a tabletop war game with roleplaying elements. Miniatures, battle maps...
This does make it a good candidate for turning it into a computer game and it's not a surprise that D&D has more computer games titles to it than any other RPG system.
I'm very glad I was introduced to roleplaying games by somethign else, and only years later played some D&D. Never liked it (as if you couldn't tell so far) and soon stopped. Tried again with its bastard child Pathfinder and barely got past the character generation.
I hope those starting RPGs via D&D soon meet other games as well. There has been such a great revival of indie games and truly innovative RPGs. I haven't even come around to playing all of them. It used to be that we would play some obscure french system with the only guy with fluent french being the GM. Or something someone brought back from the US because it didn't exist in Europe (that was before Amazon and DriveThruRPG, obviously). We played Villains & Vigilantes, a superhero game where you, your real life identity, is the secret identity of your superhero. I'm still searching for a copy of the original rules book, 20 years after they stopped publishing it (if anyone has it, please answer!). We played Justifiers (the 1988 original, not the recent relaunch). I'm still in love with Fireborn, a game where you play dragons and jump between two timelines. Or The Riddle of Steel which is everything that a Conan RPG should be, minus the name. And so much in the grey area between mainstream and indie - Paranoia, Werewolf (Vampire's less popular brother), Traveller, Earthdawn.
I just wish all these new players that they don't get stuck with D&D and discover how rich the hobby actually is and how much else exists.