Connect with us


How Playable Worlds is building a cloud-native sandbox MMO



Raph Koster is CEO of Playable Worlds.

Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.

Playable Worlds, an online game company founded by Raph Koster and Eric Goldberg, is making a “cloud-native” massively multiplayer online game.

But what that means is still a mystery, as the company isn’t yet disclosing the game details like the lore or the setting. But in an interview with GamesBeat, Koster and Goldberg talked about what they’re trying to achieve and dropped some clues about their approach. It will be a sandbox MMO with a player-driven economy. It will be a living world, where players can make a mark on the world and the environment is driven by simulation. Naturally, I tried my best to figure out what the game is by asking Koster and Goldberg to tell me what the game is not.

Koster has been trickling out the clues in his blog posts. Koster’s games include Ultima Online, Ultima Online: The Second Age, Ultima Online Live, Star Wars Galaxies, EverQuest II, and Metaplace. He also wrote a game design book, A Theory of Fun for Game Design. Goldberg is a role-playing game designer and an investor in game companies. His exits include Playdom (sold to Disney), PlaySpan (sold to Visa), and Pixelberry (sold to Nexon). Both Koster and Goldberg talked to be about their plans in an interview.

Koster and Goldberg are fans of the metaverse, the universe of virtual worlds that are all interconnected, like in novels such as Snow Crash and Ready Player One. But Koster made it clear that their project is a “sandbox world” online game first and foremost, accompanied by a service and technology suite that makes it a very ambitious work.

The company raised a seed round of $2.7 million in funding in 2019, and it raised another round in 2020.

“We are leaning into collaborative design. We’re going to bring up the design and we will talk to the player community,”  Koster said.

With the advent of the cloud, Koster believes game makers can provide a wider variety of gameplay and a more accessible game. For instance, you won’t have to wait to download large patches anymore.

Above: Raph Koster is CEO of Playable Worlds.

Image Credit: Playable Worlds

One of the goals is engagement and retention, meaning how long do players play for and how often do they play. And how long do they stick with a game until they stop playing for good? The goal is to turn the game into a hobby that becomes part of life for years to come. The reason they do this is because a game is “fun,” but fun isn’t particularly measureable.

Game makers have different ways to keep players engaged, like nurturing pets, crafting things, tearing down or harvesting, and combat. Koster and Goldberg a lot of fun is driven by how people learn and eventually master tasks. The trick is how to create something that people don’t outgrow, the way that kids outgrow toys.

Competition is one way to keep players interested, but many people don’t want to become esports pros. And so cooperation and collaboration are important parts of sandbox games as well.

Koster said it’s good to create a game that welcomes diverse play styles, which results in stronger communities that last longer. Players need a change of pace or they become bored. Players who contribute to an economy can make a faction stronger, and that helps the combatants fare better in battle.

Game designers can escalate the difficulty of challenges to put players on a treadmill, but that only works until players realize they’re on a treadmill and that it’s no longer fun. The designers can also create things for players to collect. Players will put up with these progression paths, so long as they’re fun.

Koster wants to provide players with lots of ways to play and ways to move between them freely. Players can specialize in a skill tree of advancement, but they can also dabble in other things. Koster said that designers should think of their projects as services and communities, not games. His first virtual world was LegendMUD, which is still running after 25 years.

The key is to create a service that establishes a long-term emotional relationship with a player, but that means the designers have to earn the player’s trust, prove their value every day, and treat the relationship as valuable. That requires transparency in communication, and that’s one reason why Koster is blogging about the game already.

Personalized and social gameplay

Raph Koster is cofounder of Playable Worlds

Above: Raph Koster is cofounder of Playable Worlds

“Social design is one of Raph’s strengths,” Goldberg said. “If there’s one thing this game will do, it’s about community and retention.”

Koster added, “We are trying to design the entire game around social systems. The big thing about this is it means recognizing all of the different ways in which players play these games, and not just combat, not just narrow ways to play. We are doing a game that allows players to come and choose the ways in which they want to play across the different kinds of play styles. Whether that is combat, whether that is crafting, whether that is exploring whether it’s various forms of social support.”

The different styles are interdependent, Koster said. You don’t have to party up with each other, but there are reasons that a combatant will need the services of crafters periodically. If players don’t want to fight, they don’t have to. The crafters will need the explorers. The economy of the game ties the players together.

When Koster did Ultima Online, the company ran ads about whether players wanted to crush enemies or bake bread.

“The answer is it turns out a heck of a lot of people want to make chairs,” Koster said. “It was supposed to be a game about blasting people in the face.”

Back in the day, Koster got criticism for enabling players to dance in Star Wars Galaxies. It seemed silly, but the Fortnite Dance played a big role in making that game famous, and so no one questions things like that anymore.

“We are explicitly trying to think forward to what are other important ways in which players can express themselves,” Koster said. “We want to have ways to reward players for engaging in things that they’re fans of, whether that’s the intellectual property or the environment.”

Players love to do things like hunt, make maps, gather information, and be the first to explore a mountaintop.

Eric Goldberg

Above: Eric Goldberg is cofounder of Playable Worlds.

Image Credit: GamesBeat

“People love to do that, but games often leave these out,” Koster said.

Goldberg was one of the skeptics about dancing in Star Wars Galaxies, but he acknowledges he was wrong about that. People will pay more for a game that allows personalization, he said.

“Personalization is still one of the most important things,” Goldberg said.

The company is doing a sandbox MMO, and its features will enable at the very least the low-end of user-generated content, Koster said.

“We’re very much designing this,” Koster said. “A real-world society needs all sorts of people doing different kinds of things. There are many ways for players to engage with an alternate world. All of those should feel viable and rewarded.”

As for the crazes of the moment, there’s no plan right now to implement nonfungible tokens (NFTs) or cryptocurrency, Koster said.

What is a cloud-native game?

121004 sonygame

Above: Star Wars Galaxies

Image Credit: Sony

“Cloud-native technology is certainly important,” Goldberg said. “This is cloud computing, you can summon the force of lots of CPUs to be able to do your stuff and do things you cannot do with the client game.”

By cloud-native, the company is thinking of games like Roblox, which runs on servers in the cloud and can be played on virtually any device.

Playable worlds isn’t talking about platforms yet, but Koster said that as a cloud-native game, the company won’t care which device you’re using. You should be able to access the experience of the game, regardless of the way that players are trying to access the game.

“We see these devices as just screens,” Goldberg said. “The most crucial thing is the degree to which the game is running on servers in the cloud, as opposed to being about game clients. Most games today are client bound. But Roblox works almost more like a browser does. We are aiming in that same direction.”

Koster added, “They’re basically all windows onto the virtual world. Now, different sizes and shapes of windows, onto the virtual world do have different control affordances. They have different usage patterns, right. And doing good social design means paying attention to that. So we are building a game where there are some activities, where it will always make more sense for you to be sitting at a desktop while you use it. But there are other activities that are bite-sized. There’s no reason that you couldn’t do them on a phone while you’re in line at the grocery store. And we’re explicitly designing around that.”

The game may not, however, be playable on every device on day one.

Simulating a living world

img 7493

Above: The original Ultima Online team.

Image Credit: GamesBeat

Exploration has often been capped because all of the environments have to be hand built and you run out of maps to explore, Koster said. He recalled playing Seven Cities of Gold on an 8-bit computer, where you could go to the top of a mountain or into the deepest swamp because it was procedurally generated.

“Cloud compute lets us do more simulation than what we typically see in handcrafted environments,” Koster said. “It’s still sad to me that when we were dreaming of online worlds, we wanted the seasons to change and the worlds to be dynamic. But they’re not.”

Koster wants to create a world that is dynamic. He said it’s long overdue for games to simulate chemistry, where you can mix things together and get something else, and not just physics. Goldberg said you should be able to have a game where you could fire at some attackers, miss them, hit some trees instead, and set them on fire. You could further shoot at the attackers, miss them, hit a dam instead, and a hole opens in the dam. The dam bursts, the water spills out and puts out the fire. The next time you log into the game, the dam is still busted, Goldberg said.

“We think of this as build a truly living world,” Koster said.

Some games have had dynamic events like rifts opening up in an existing MMO, or changing weather.

“All of those were set pieces that designers created and said they would put them into the game,” Koster said. “Once upon a time in EverQuest II, we implemented dogs chasing cats. And that’s fine. But it doesn’t mean that cats chase mice and so on. There’s a difference. Our world is a simulation. Everything is data driven and everything is simulated.”

Koster said the team is building a lot of proprietary tech to make the cloud-native game. Playable Worlds is aiming for a shardless game experience. The game isn’t necessarily aiming for an experience with giant crowds, like having giant battles.

“It’s so clear that that is the future,” Koster said. “The whole notion of shards works against player community. It was a necessity when we built it in the 1990s.”


GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it.

How will you do that? Membership includes access to:

  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and “open office” events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties

Become a member

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning



Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Sean Rayford | Getty Images

Nearly a week after a ransomware attack led Colonial Pipeline to halt fuel distribution on the East Coast, reports emerged on Friday that the company paid a 75 bitcoin ransom—worth as much as $5 million, depending on the time of payment—in an attempt to restore service more quickly. And while the company was able to restart operations Wednesday night, the decision to give in to hackers’ demands will only embolden other groups going forward. Real progress against the ransomware epidemic, experts say, will require more companies to say no.

Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying. They either don’t have the backups and other infrastructure necessary to recover otherwise, can’t or don’t want to take the time to recover on their own, or decide that it’s cheaper to just quietly pay the ransom and move on. Ransomware groups increasingly vet their victims’ financials before springing their traps, allowing them to set the highest possible price that their victims can still potentially afford.

wired logo

In the case of Colonial Pipeline, the DarkSide ransomware group attacked the company’s business network rather than the more sensitive operational technology networks that control the pipeline. But Colonial took down its OT network as well in an attempt to contain the damage, increasing the pressure to resolve the issue and resume the flow of fuel along the East Coast. Another potential factor in the decision, first reported by Zero Day, was that the company’s billing system had been infected with ransomware, so it had no way to track fuel distribution and bill customers.

Advocates of zero tolerance for ransom payments hoped that Colonial Pipeline’s proactive shutdown was a sign that the company would refuse to pay. Reports on Wednesday indicated that the company had a plan to hold out, but numerous subsequent reports on Thursday, led by Bloomberg, confirmed that the 75 bitcoin ransom had been paid. Colonial Pipeline did not return a request for comment from WIRED about the payment. It is still unclear whether the company paid the ransom soon after the attack or days later, as fuel prices rose and lines at gas stations grew.

“I can’t say I’m surprised, but it’s certainly disappointing,” says Brett Callow, a threat analyst at antivirus company Emsisoft. “Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”

In a briefing on Thursday, White House press secretary Jen Pskai emphasized in general that the US government encourages victims not to pay. Others in the administration struck a more measured note. “Colonial is a private company and we’ll defer information regarding their decision on paying a ransom to them,” said Anne Neuberger, deputy national security adviser for cyber and emerging technologies, in a press briefing on Monday. She added that ransomware victims “face a very difficult situation and they [often] have to just balance the cost-benefit when they have no choice with regards to paying a ransom.”

Researchers and policymakers have struggled to produce comprehensive guidance about ransom payments. If every victim in the world suddenly stopped paying ransoms and held firm, the attacks would quickly stop, because there would be no incentive for criminals to continue. But coordinating a mandatory boycott seems impractical, researchers say, and likely would result in more payments happening in secret. When the ransomware gang Evil Corp attacked Garmin last summer, the company paid the ransom through an intermediary. It’s not unusual for large companies to use a middleman for payment, but Garmin’s situation was particularly noteworthy because Evil Corp had been sanctioned by the US government.

“For some organizations, their business could be completely destroyed if they don’t pay the ransom,” says Katie Nickels, director of intelligence at the security firm Red Canary. “If payments aren’t allowed you’ll just see people being quieter about making the payments.”

Prolonged shutdowns of hospitals, critical infrastructure, and municipal services also threaten more than just finances. When lives are literally at stake, a principled stand against hackers quickly drops off of the priorities list. Nickels herself recently participated in a public-private effort to establish comprehensive United States–based ransomware recommendations; the group could not agree on definitive guidance about if and when to pay.

“The Ransomware Task Force discussed this extensively,” she says. “There were a lot of important things that the group came to a consensus on and payment was one where there was no consensus.”

As part of a cybersecurity Executive Order signed by President Joseph Biden on Wednesday, the Department of Homeland Security will create a Cyber Safety Review Board to investigate and debrief “significant” cyberattacks. That could at least help more payments be made in the open, giving the general public a fuller sense of the scale of the ransomware problem. But while the board has incentives to entice private organizations to participate, it may still need expanded authority from Congress to demand total transparency. Meanwhile, the payments will continue, and so will the attacks.

“You shouldn’t pay, but if you don’t have a choice and you’ll be out of business forever, you’re gonna pay,” says Adam Meyers, vice president of intelligence at the security firm CrowdStrike. “In my mind, the only thing that’s going to really drive change is organizations not getting got in the first place. When the money disappears, these guys will find some other way to make money. And then we’ll have to deal with that.”

For now, though, ransomware remains an inveterate threat. And Colonial Pipeline’s $5 million payment will only egg on cybercriminals.

This story originally appeared on

Continue Reading


Talend: 36% of business leaders don’t rely on data to make decisions



40% of business leaders still rely on gut decisions, not data.

Join Transform 2021 this July 12-16. Register for the AI event of the year.

Even as enterprise leaders tout the importance of data, 36% of business leaders don’t rely on it for making critical decisions, according to a survey by Talend, an open source data integration platform. The same survey found that 78% of business executives face challenges effectively working with data to make decisions.

Above: 40% of business leaders still rely on gut decisions, not data.

Image Credit: Talend

Our relationship with data is not healthy. Talend’s survey found only 40% of executives always trust the data they work with. For decades, managing and using data for analysis was focused on the mechanics: the collecting, cleaning, storing, and cataloging of as much data as possible, then figuring out how to use it later. Companies don’t know what data they have, where it is, or who is using it, and, critically, no way to measure their data health.

Data health is Talend’s vision of a comprehensive system for ensuring the well-being and return of corporate information. Data health offers proactive treatments, quantifiable measures, and preventive steps to identify and correct issues, ensuring that corporate data is clean, complete, and uncompromised.

Data health is a complex journey of unique requirements, regulations, and risk tolerance. It will take substantial market collaboration and research to align on appropriate standards for different companies. Eventually, data health solutions will help create a universal set of metrics to evaluate the health of corporate data and establish it as an essential indicator of the strength of a business. Talend’s initial framework imagines four primary focus areas to establish data health: reliability, visibility, understanding and value. We believe that data health will become a key, if not the most important, performance framework used within and across organizations to monitor and evaluate the health of the company. With this new data health first approach, and new standards, leaders can level the employee playing field and drive a data-charged cultural change.

From March 24th to April 8th, 2021, Talend led a survey via Qualtrics among a base of 529 independent respondents worldwide. (57% North America, 26% Asia-Pacific, 17% Europe). The respondents are all executives — with titles ranging from director to the C-suite — from medium and large companies making more than $10 million in annual revenue.

Read Talend’s full report Data Health Survey.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading


Pipeline attacker Darkside suddenly goes dark—here’s what we know



Pipeline attacker Darkside suddenly goes dark—here’s what we know

Darkside—the ransomware group that disrupted gasoline distribution across a wide swath of the US this week—has gone dark, leaving it unclear if the group is ceasing, suspending, or altering its operations or is simply orchestrating an exit scam.

On Thursday, all eight of the dark web sites Darkside used to communicate with the public went down, and they remain down as of publication time. Overnight, a post attributed to Darkside claimed, without providing any evidence, that the group’s website and content distribution infrastructure had been seized by law enforcement, along with the cryptocurrency it had received from victims.

The dog ate our funds

“At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked,” the post stated, according to a translation of the Russian-language post published Friday by security firm Intel471. “The hosting support service doesn’t provide any information except ‘at the request of law enforcement authorities.’ In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.”

The post went on to claim that Darkside would distribute a decryptor free of charge to all victims who have yet to pay a ransom. So far, there are no reports of the group delivering on that promise.

If true, the seizures would represent a big coup for law enforcement. According to newly released figures from cryptocurrency tracking firm Chainalysis, Darkside netted at least $60 million in its first seven months, with $46 million of it coming in the first three months of this year.

Identifying a Tor hidden service would also be a huge score, since it likely would mean that either the group made a major configuration error in setting the service up or law enforcement knows of a serious vulnerability in the way the dark web works. (Intel471 analysts say that some of Darkside’s infrastructure is public-facing—meaning the regular Internet—so malware can connect to it.)

But so far, there’s no evidence to publicly corroborate these extraordinary claims. Typically, when law enforcement from the US and Western European countries seize a website, they post a notice on the site’s front page that discloses the seizure. Below is an example of what people saw after trying to visit the site for the Netwalker group after the site was taken down:

netwalker notice

So far, none of the Darkside sites display such a notice. Instead, most of them time out or show blank screens.

What’s even more doubtful is the claim that the group’s considerable cryptocurrency holdings have been taken. People who are experienced in using digital currency know not to store it in “hot wallets,” which are digital vaults connected to the Internet. Because hot wallets contain the private keys needed to transfer funds to new accounts, they’re vulnerable to hacks and the types of seizures claimed in the post.

For law enforcement to confiscate the digital currency, Darkside operators likely would have had to store it in a hot wallet, and the currency exchange used by Darkside would have had to cooperate with the law enforcement agency or been hacked.

It’s also feasible that close tracking by an organization like Chainalysis identified wallets that received funds from Darkside, and law enforcement subsequently confiscated the holdings. Indeed, Elliptic, a separate blockchain analytics company, reported finding a Bitcoin wallet used by DarkSide to receive payments from its victims. On Thursday, Elliptic reported, it was emptied of $5 million.

At the moment, it’s not known if that transfer was initiated by the FBI or another law enforcement group, or by Darkside itself. Either way, Elliptic said the wallet—which since early March had received 57 payments from 21 different wallets—provided important clues for investigators to follow.

“What we find is that 18% of the Bitcoin was sent to a small group of exchanges,” Elliptic Co-founder and Chief Scientist Tom Robinson wrote. “This information will provide law enforcement with critical leads to identify the perpetrators of these attacks.”

Nonsense, hype, and noise

Darkside’s post came as a prominent criminal underground forum called XSS announced that it was banning all ransomware activities, a major about-face from the past. The site was previously a significant resource for the ransomware groups REvil, Babuk, Darkside, LockBit, and Nefilim to recruit affiliates, who use the malware to infect victims and in exchange share a cut of the revenue generated. A few hours later, all Darkside posts made to XSS had come down.

In a Friday morning post, security firm Flashpoint wrote:

According to the administrator of XSS, the decision is partially based on ideological differences between the forum and ransomware operators. Furthermore, the media attention from high-profile incidents has resulted in a “critical mass of nonsense, hype, and noise.” The XSS statement offers some reasons for its decision, particularly that ransomware collectives and their accompanying attacks are generating “too much PR” and heightening the geopolitical and law enforcement risks to a “hazard[ous] level.”

The admin of XSS also claimed that when “Peskov [the Press Secretary for the President of Russia, Vladimir Putin] is forced to make excuses in front of our overseas ‘friends’—this is a bit too much.” They hyperlinked an article on the Russian News website Kommersant entitled “Russia has nothing to do with hacking attacks on a pipeline in the United States” as the basis for these claims.

Within hours, two other underground forums—Exploit and Raid Forums—had also banned ransomware-related posts, according to images circulating on Twitter.

REvil, meanwhile, said it was banning the use of its software against health care, educational, and governmental organizations, The Record reported.

Ransomware at a crossroads

The moves by XSS and REvil pose a major short-term disruption of the ransomware ecosystem since they remove a key recruiting tool and source of revenue. Long-term effects are less clear.

“In the long run, it’s hard to believe the ransomware ecosystem will completely fade out, given that operators are financially motivated and the schemes employed have been effective,” Intel471 analysts said in an email. They said it was more likely that ransomware groups will “go private,” meaning they will no longer publicly recruit affiliates on public forums, or will unwind their current operations and rebrand under a new name.

Ransomware groups could also alter their current practice of encrypting data so it’s unusable by the victim while also downloading the data and threatening to make it public. This double-extortion method aims to increase the pressure on victims to pay. The Babuk ransomware group recently started phasing out its use of malware that encrypts data while maintaining its blog that names and shames victims and publishes their data.

“This approach allows the ransomware operators to reap the benefits of a blackmail extortion event without having to deal with the public fallout of disrupting the business continuity of a hospital or critical infrastructure,” the Intel471 analysts wrote in the email.

For now, the only evidence that Darkside’s infrastructure and cryptocurrency have been seized is the words of admitted criminals, hardly enough to consider confirmation.

“I could be wrong, but I suspect this is simply an exit scam,” Brett Callow, a threat analyst with security firm Emsisoft told Ars. “Darkside get to sail off into the sunset—or, more likely rebrand—without needing to share the ill-gotten gains with their partners in crime.”

Continue Reading