Advice for first time DM/player with first time hero players trying the Lost Mine of Phandelver with an under-sized party

After listening to and enjoying some “actual play” podcasts I’m about to try DnD with my wife and children. None of us have played before, so after some research I’ve decided to go with the official DnD 5e starter set.

Due to a slight misunderstanding I thought that the set was fine for four players including the DM, it seems that actually it’s meant for a party of four or five plus the DM.

Given that the party will only be three strong, none of them have played before, and two of them are children I would expect them to not be hugely effective to begin with.

As DM I’m planning to help as much as I can with the rules and hints about what they can do (initially they won’t have read all the rules). But I’m concerned that as a small party they might struggle.

The kids have decided that they like the wizard and rogue and my wife is happy to play any of the remaining characters. From my research I’ve suggested the cleric for her so that they have someone with high AC and good healing.

As I haven’t played before either I’m looking for suggestions on what else I can do to get things off to a good start. Obviously I can do things like reduce the number of enemies in fights, but I assume that there are a lot of other tricks that I’m not aware of to help in this kind of situation.

Any advice on HIPAA compliance & security consultants for a web page?

I’m working on a web page that sends statistical data to providers, hosted in Azure. It will only be accessible to users we give permission to. While the page is functionally complete, it will contain PHI. I’ve been researching and implementing the requirements to make it HIPAA compliant, listed below. Are there any other items to make the list more complete?

  • Stored data encrypted
  • Backup data encrypted
  • Automatic backups, never lost, recovered at any time
  • Data transmitted to site is encrypted
  • Website accessible only to authorized persons
    • Unique permissions that can be audited
  • The web site can be permanently deleted
  • Information no longer needed must be permanently disposed
  • BAA agreement with Microsoft
  • Data breach protocol documentation
  • SSL encryption
  • Regular password changes
  • Security logs
  • Appointed HIPAA compliance officer
  • Published HIPAA policy on site
  • All web forms are secure
  • Page not tampered with or altered

We’re also looking for a security consultant to verify everything is locked down. Are there any suggestions on companies to contact? After some research, the two that kept popping up are and Any insight into consultants would be appreciated, thanks!

Hong Kong webhost for Chinese users? Advice please! [closed]

I am planning to create a website that mainly aimed towards Chinese users from mainland China. As you probably know, China is a huge pain in the buttocks when it comes to web hosting and everything internet related in general. Without a vpn, 99% of websites hosted in foreign countries are either blocked or extremely slow when viewed from China. Hong Kong kind of works like a bridge between China and the rest of the world.

Could someone please recommend a web host in Hong Kong that offers good speeds for mainland visitors? Google does not really help as the “top 10 web host blabla” is just BS from people trying to make money.


Seeking GM advice, tricking players into helping the villian

I’m looking for a little help and guidance as I’m trying to plan out my first attempt at gm’ing.

My basic idea for a plot:
The new adventuring group in a Tabaxi town are hired by the towns mayor to solve various ill’s befalling the place. I’m planning on starting them off at LV1 and using his quests to build the players up to about 4-5.

The thing is, I want the mayor to secretly trying to destroy his own town as sacrifice to his evil deity (in order to receive a blessing and become a Rakshasa).

What sort of quests could I give to the players intermingled with ordinary quests that would eventually lead to plague, famine, invasions and various calamities that would ultimately end the town?

Best practices or advice to convince IT admins not to map network drives in privileged sessions with users

Why are currently trying to enhance the security posture of our company, and this means changing how some IT personnel work.

Precisely, our IT helpdesk now have 2 separate accounts: 1 for normal day to day usage (mails, internet, etc…), and 1 for administrative tasks. The later is a privileged account having several rights on the AD and some servers.

The way they work is not very secure when it comes to supporting the users: they use their privileged account to login to the user’s workstation and perform tasks where admin rights are needed.

But my question is more accurately related to network drives being mapped in their privileged account’s profile. They insisted on using the same logon script as with their standard account.

Do you have any recommendations, references to guidelines and/or best practices in such a case ? I’d like to present them some resources to convince them it’s not secure to have network drives mapped in this profile.

I tried to explain to them that if they log in a ‘contaminated’ workstation, their privileges might spread the infection to the network… But they did not understand and argued they need to access some files on the network while assisting the users. They don’t want to waste time typing UNC path, etc…

Advice on 5e Paladin/Warlock

I’ve got an Aasimar Paladin 1/Celestial Warlock 3. RP-wise, he’s a paladin of Lathander who delved into his lineage to make a pact with a like-minded Solar. He’s got a kind of obsession with light (metaphorical and literal).

We’re sticking with published material mostly. My party is a fighter, a sorc, a wiz, a rogue, and a ranger, which makes me lean toward being healer/backup tank. I’ve already gone Celestial Tomelock, but I haven’t decided on an oath for the Paladin. I’m leaning toward Ancients or Redemption, but haven’t ruled out everything.

Starting Stats (point buy w/ DMG Aasimar):

Str 15 (to use plate)

Dex 10

Con 13

Int 10

Wis 9

Cha 17

I’ve been using alternations of Eldritch blast at range and Shillelagh/Green Flame Blade up close – pretty effective so far. I’m eyeing the possibility of Pole-arm Master, but still juggling with when to take feats vs ASI and if I want War Caster with it or instead (mostly for the shield AC). The next level is Warlock 4 and I’m thinking ASI for Cha and Con. I’m also considering that there won’t be much campaign left when I reach level 16/17, so usability along the way is probably more important that end-game optimization.

I’ve done some math on the DPR re: range/melee and stat choices, but it isn’t all the variations and I know DPR isn’t the only factor (nor is it my primary considering the other party members). Here’s the math on that, though:

5th level EB, Agonizing & Hex:
2d10 + 4(Ag) + 4(Ag) + 3.5(H) + 3.5(H) =
Average 26, 2 chances to crit (or miss)

5th level GFB, Shillelagh, & Hex:
1d8+1d8 + 4(CHA) + 3.5(H)= 16.5
w/ second enemy: add 1d8+3.5 = 8
Average 24.5 across 2 enemies

**At 6th level, GFB adds 2 dmg from Dueling Style, so 26.5 across 2 enemies

**Could get PAM at 8th, bringing it online well before EB can outclass it

11th Level (6War, 5 Pal) EB:
3d10 + 15(3xAg) + 10.5(3xH) =
Average 42, 3 chances to crit

GFB, Shillelagh:
3d8 + 5(CHA) + 3.5(H) + 5(Rad Soul) + 2(Duel) = 29 to 1 enemy
w/ second enemy: add 2d8 + 5 = 14
Average 43 across 2 enemies, only 1 chance to crit (or miss)

2 Attack, Shillelagh
1d8 + 5(CHA) + 3.5(H) + 2(Duel) = 15
1d8 + 5(CHA) + 3.5(H) + 2(Duel) = 15
Average 30, 2 chances to crit (or miss)

PAM alternative, 3 attacks, 1 less CHA
1d8 + 4(CHA) + 3.5(H) + 2(Duel) = 14
1d8 + 4(CHA) + 3.5(H) + 2(Duel) = 14
BA: 1d4 + 4(CHA) + 3.5(H) + 2(Duel) = 12
Average 40, 3 chances to crit (or miss)

17th Level (6War, 11 Pal) EB:
4d10 + 20(3xAg) + 14(4xH) =
Average 56, 4 chances to crit (or miss)

GFB, Shillelagh:
4d8 + 5(CHA) + 3.5(H) + 5(Rad Soul) + 1d8(Imp Smite) + 2(Duel) = 38 to 1 enemy
w/ second enemy: add 3d8 + 5 = 18.5
Average 56.5 across 2 enemies, only 1 chance to crit (or miss)

PAM, 3 attacks
1d8 + 5(CHA) + 3.5(H) + 1d8(Imp Smite) + 2(Duel) = 19.5
1d8 + 5(CHA) + 3.5(H) + 1d8(Imp Smite) + 2(Duel) = 19.5
BA: 1d4 + 5(CHA) + 3.5(H) + 1d8(Imp Smite) + 2(Duel) = 17.5
Average 56.5, 3 chances to crit (or miss)

Any corrections to the math? Thoughts on oath and other choices? What’s a recommended level progression and order of ASI/Feats? Invocations, etc…

How to deal with this fundamental problem with the advice: “Don’t trust obscure PHP libraries that nobody uses!”?

Frequently, I’d say in virtually every case, there is only one PHP library for any particular problem. (I don’t count obsolete, abandoned, trash ones.)

Therefore, it’s never a “choice” by me to use it. I have to either use it or nothing.

For this simple reason, the sound-sounding safety advice to “not use obscure libraries not promoted or used by lots of people and major corporations” is rarely applicable, because there just aren’t any alternatives to pick from!

And this is for PHP — one of the most popular/biggest/most used current programming languages on the planet. Imagine if I were using some far less popular language; I’d never find a library to do anything!

It seems like this advice only works in theory. In reality, there’s very little, if any, choice between libraries and even languages unless you are going to do everything on your own, from scratch. (Or possibly if you can pay money, which I cannot, and thus I’ve never even considered any potentially existing paid alternatives.)

The reason I ask this question is that I’m always given it as one of the main tips for how to stay secure and not get malware through compromised/evil PHP libraries. However, when there’s just one thing to pick, for example “MailMimeParser”, which nearly always seems to be the case (with any “alternatives” having major show-stoppers such as being dead or just not working as advertised), what else can I do?