Thri-Kreen multi-attack total attack bonus calculation

Would you mind casting an eye over this and check my understanding is correct?

This question refers to an NPC I’m modelling from AD&D Pegasus magazine #8. It’s a 5th level Thri Kreen fighter and its base attack bonus is +7 it has +5 from its fighter levels and +2 from its hit dice. It has the Multiweapon Fighting feat. It has an 18 strength (+4). Therefore its total attack modifier is +11

Multiweapon Fighting penalties for fighting with multiple weapons are reduced by 2 with the primary hand and reduced by 6 with off hands. Normally a creature without this feat takes a -6 penalty on attacks made with its primary hand and a -10 penalty on attacks made with its off hands. It has one primary hand and all the others are off hands.

And the multi-attack feat.

Multi-attack the creature’s secondary attacks with natural weapons take only a -2 penalty. Without this feat the creature’s secondary attacks with natural weapons take a -5 penalty.

It’s using a Gythka and a longsword (actually rather than a long sword it’s a chain blade from Bastion Press’ Torn Asunder 3rd party rule system, but for simplicity of this question let’s assume it’s a longsword)

The Gythka is being used as a double weapon:

Gythka: This two-handed exotic melee weapon is a polearm with a blade at each end. You can fi ght with it as if fighting with two weapons, but if you do, you incur all the normal attack penalties associated with fighting with two weapons, just as if you were using a one-handed weapon and a light weapon. A thri-kreen can wield two gythkas at once as double weapons due to its four arms, but takes penalties as if its off-hand weapon were a one-handed weapon, not a light weapon.

Therefore full attack bonuses would look like this:

+7 / +7 gythka, +7 longsword and two secondary with natural weapons +9 claw and +9 bite.

-4 penalty is imposed upon the manufactured weapons because although the thri kreen is using a double weapon (normally treated as a one handed and a light weapon therefore imposing a -2 penalty on manufactured weapon attacks with multi weapon fighting feat) he is also using a longsword which is a one handed weapon and instead a -4 penalty is imposed on ALL manufactured weapon attacks. The claw and the bite have a -2 penalty instead of -5 due to the Multi-attack feat.

Is my understanding of the total attack bonus with the respective weapons correct?

Also because it’s part of the same question in the Expanded Psionics handbook on page 15 gives an example of a thri kreen fighting with 3 shortswords and seems to be implying the thri-kreen can only take a bite OR a claw as a secondary attack. I believe this is incorrect.

Natural Attacks: Thri-kreen can attack with four claws and a bite. The claws deal 1d4 points of damage, and the bite is a secondary attack that also deals 1d4 points of damage. A thri-kreen can attack with a weapon (or multiple weapons) at its normal attack bonus, and make either a bite or claw attack as a secondary attack. For example, a thri-kreen ranger with the Multiweapon Fighting feat who is armed with three short swords could attack with all three swords at a –2 penalty (the normal penalty for fighting with multiple weapons while using light weapons in its off hands) and also make a bite attack at a –5 penalty.

Because, however this is not the case when we consult the entry for thri-kreen on page 213 of the same book.

Full Attack: 4 claws +3 melee (1d4+1) and bite –2 melee (1d4 plus poison); or longspear +3 melee (1d8+1/×3) and 2 claws –2 melee (1d4) and bite –2 melee (1d4 plus poison); or javelin +4 ranged (1d6+1)

Wherein it takes a primary attack with the longspear, 2 claw attacks AND a bite attack.

Are there any other practical reasons for choosing proficiency in Intelligence saving throws, other than seeing through illusions?

Are there any other practical reasons for choosing proficiency in Intelligence saving throws, other than seeing through illusions?

It was suggested to me to take the Resilient feat. I considered taking Intelligence, but I can only think back to a handful of occasions where I used an Intelligence saving throws and it was always to do with illusion magic.

RESILIENT

Choose one ability score. You gain the following benefits:

  • Increase the chosen ability score by 1, to a maximum of 20.

  • You gain proficiency in saving throws using the chosen ability.

(PHB p. 168)

I mean, other than to have a better chance of seeing through an illusion spell, is there any point in having a proficiency with Intelligence saving throws?

It seems like it is the least useful out of all the saving throws proficiencies.

Dexterity, Wisdom and Constitution get used the most; Strength and Charisma less so, but Intelligence…

Of course, if you are in a campaign where illusions are very common, then yes I can see how this could be very beneficial, but for most campaigns I can’t see the point.

Are there any other uses for the Intelligence saving throw, such as to counter a monster’s special ability (other than an illusion)?

This is a question about saving throws, not ability checks.

Verify Quad9 is working

Disclaimer: I am a complete neophyte.

I set 9.9.9.9, Quad9, as my DNS in my router’s configuration.

  1. How do I verify Quad9 is working and that I am benefiting from its features, especially encrypted DNS and DNSSEC?
  2. Do I need to use a client on each computer/device, or does configuring my router make it work for the entire network?
  3. If using encrypted DNS and HTTPS (only), am I protected from snooping, including by my ISP?
  4. Is it bad to use encrypted DNS with Tor as mentioned here: https://www.privacytools.io/providers/vpn/#info (“However you shouldn’t use encrypted DNS with Tor.”)?

Extended Vision changes ranged effects modifiers due to distance?

I’m trying to build a character that has an incredible vision, using her Extended Senses (Vision). She uses firearms in battle. I kinda wanted to simulate her efficiency in shooting at great distances at easy, but I got stuck in some rules.

Range attacks have three types of ranges: short, medium and long, each one giving different modifiers base on the distance to hit the target.

A ranged effect has a short range of (rank x 25 feet), a medium range of (rank x 50 feet) and a long range of (rank x 100 feet). Ranged attack checks at medium range suffer a –2 circumstance penalty, while ranged attacks at long range suffer a –5 circumstance penalty.

Extended Vision would be a reasonable choice, but it seems to just affect Perception checks and not range attacks. I could use Extended Distance Extra, but it seems that I would need to apply it to each weapon, or at least for a container of powers. Shouldn’t Extended Vision affect the range for ranged attacks?

Is CTR really equally secure than CBC?

Here is a typical cryptographic situation:
A secret key exists that is only known to a sender and a receiver of messages. As it is hard to replace that key, since you either need a secure channel for transmission or a way how the receiver can send something to the sender to perform a key exchange and both may not exist, a lot of different messages will be encrypted all with the same key. Note, however, that the messages exchanged will all be different. It’s not impossible that two messages could start with the same couple of bytes or contain the same byte sequences somewhere within the messages but that would be pure coincident and is not generally expected to happen frequently.

Now when using CBC encryption, there is an IV and that IV is randomly chosen for every message exchanged. With a 128 bit block cipher, like AES, the IV has 128 bits as well, so the chances that two messages are encrypted with the same IV is only 1 to 2^128, which is rather tiny. And even if the same IV would have been used for two messages, does it really matter if the messages are entirely different in the beginning? After all the IV is XORed with the first 128 bit of the message first, so even for the same IV that operation has a different result if the first 16 byte of the message are different than the last message that had the same IV.

However, CBC is considered outdated by most people today, pretty much every paper about block cipher chaining recommends to only use CTR for new development, praising all it’s advantages. Sure, CTR has a couple of nice features but is it really equally secure to CBC in a situation initially described?

CTR also uses an IV, yet that IV is split into two parts: A nonce and a counter. As the counter values are for sure repeating for different messages, since all counters start at zero for the first block of every new message, the only randomness comes from the nonce. Yet the nonce will be less than 128 bit because there must be room for the counter. All papers say, you must never use the same IV with the same key to encrypt two different data blocks but the nonce space of CTR is always for sure smaller than the IV space of CBC, so the chances for a collision are much higher, aren’t they?

I’ve seen CTR implementation that split the IV in half, so there are 64 bit nonce and 64 bit counter. In that case the chances for a nonce collision are just 1 to 2^64 compared to 1 to 2^128 for the CBC case. While 2^64 is still a big number, it’s a whole lot smaller than 2^128.

Thus won’t using CTR force you to replace the key much more frequently, unless you want to risk the security of your encrypted data exchange? Is CTR really a suitable replacement for CBC in a situation as described above?

Aside from that, CTR doesn’t seem compatible to itself. Every CBC implementation can decrypt data correctly that any CBC implementation has been encrypted. That’s because there are no open question on how CBC works, everything is standardized. The same cannot be said for CTR as different CTR implementation can use different ways to split the IV into nonce and counter. When I know that my messages will never have more than 2^20 blocks, I could use only a 20 bit counter and thus get a 108 bit nonce, yet this won’t work if the other side expects a nonce to be exactly 64 bit long.

To make things even more complicated, instead of splitting the IV into two parts, one can also create the IV by adding nonce and counter together or XORing nonce and counter together, which avoids the issue with the IV space reduction, yet I have no idea what such a behavior means in regards to security of CTR. Also it will make the implementation incompatible to most existing CTR implementations.

What are some possible repurcussions of using story-based leveling rather than experience points?

I am the DM for a D&D 4e game. Recently, I stopped keeping track of XP, on the assumption that I could just give my players a level every time they finished a major quest. In my mind, this had a few benefits:

  1. It severely reduces bookkeeping, both for the players, and for me, because it means I don’t have to worry about each adventure having exactly ten encounters.
  2. It prevents leveling at an awkward time ― we’ll never have an issue where the PCs finish an adventure and aren’t quite leveled up, and then get an encounter or two into the next adventure. In this way, it also helps split the game into even chunks.
  3. It also removes a mindset that I think a lot of players pick up from videogames, where they feel like they need to go fight monsters and engage in random, pointless fights just to gain XP. This is not the sort of thing I want.

However, before I completely commit to this progression system, I’m like to see it from the opposite perspective, to see what I may be missing out on by abandoning XP.

What benefits does an XP-based leveling system offer that I will lose if I use a story-based leveling system?

Should a DNS server restrict reverse lookups from external hosts?

What risks are there in allowing external clients to resolve internal IPs to their domain names? The server is used internally for clients, as well as for external clients needing to resolve a web server’s domain. Couldn’t allowing these reverse lookups allow an attacker to gather a wide array of information if the domain names contain usable information?

Selling Bitcoin ?

Hey,

Im wondering if anyone can recommend me a trusted website to sell bitcoins for GBP and payment by bank transfer or paypal if it comes to it, but id rather avoid paypals fee's.

I have 0.800 bitcoin to sell, ive tried signing up to a few exchanger websites but i can't seem to work out how they function.

Any help is appreciated.