Is this alternative to Telekinetic Throw balanced?

I’m in a game of D&D 4th Edition. While I am not the GM, an interesting situation came up. A player tried to use Telekinetic Grasp (Dark Sun Campaign power, pretty similar to Mage Hand) to attack by throwing/loosening a rock. This is the power in question:

With your mental strength, you can manipulate nearby objects.

At-Will Psionic Minor Action Ranged 5

Target: One object that weighs 20 pounds or less and isn’t carried by another creature Effect: You manipulate the target or move it 5 squares to a square within range.

20 pound is ~ 9 kg if google did not lie to me. When falling, a 20 pound rock does 1D6 damage per 40 ft (12 meters) of falling, up to 4D6.

Now the GM blocked this for the time being, claiming it was an abuse of the spell.

But the GM was interested in trying to allow it, after figuring out how to balance it. I have experience with multiple systems, so I thought I might give it a shot. I am looking for feedback on the balance of my solution.

I would start from “throwing a rock”. And if I would write it down as a power/combat ability, this is what I came up with:

Name: Improvised Telekinetic Throw

Repeatable: At-Will

Action: Standard Action. I think this is the way to balance this attack. Using your arms is a free action, yet using them to attack is still a Standard Action.

Tags: Weapon, Ranged Weapon Including this tag means Proficiency modifiers would apply.

Requirements: You must be able to use a power capable of picking up and throwing the weapon and usable in the same turn.

Opportunity Attacks: Telekinetic Grasp itself triggers a Opportunity Attack, being considered a Ranged Power. If not, I would have it trigger one because you are making a Ranged Attack. Again, using your arms or legs in general does not incur a Opportunity Attack, but what you do with them might.

Defense and Effect: As the item used. For a Rock (improvised throwing weapon), it would be “vs AC” and 1D4 damage. A lit torch would be 1D6 fire according to some sources. But basically every single weapon in the book – including alchemical weapons and those designed for throwing – could be propelled by this power, so I’m trying to keep it abstract.

Attack roll: The highest of Charisma, Wisdom or Intelligence. Normally ranged attacks are Dexterity, but it does not seem fitting here. The mental Attributes seem usually used for Psionic/Magic, excluding tanky builds.

Special:

  • the Origin point is the place from which you pick up the item. The range is 5/10 or what is normal for the item, whichever is less.
  • The first time you use it in any Encounter, you have Combat Advantage with this attack. (In particular useful as the Character is a Rogue. Stuff like using Bluff to Feint and Grant Combat Advantage or Distraction to hide works similarly once/Encounter)
  • It is difficult to aim with this attack, given that you are not aiming from your stand point, not using a hand and not a properly trained Class Power. You attack as if the target has Total Concealment but you know its position (-5 to attack Roll). No sense can negate that penalty.

Targeting issue:

Now that last part – the part where you act as if the target has total concealment – is what I think the solution is to “Abuse Magehand/Telekinesis to attack”. I lifted it from the HERO System: Since they are classified as “Targeting” or “Non-Targeting”. Non-Targeting sense can be used to find the Square to aim at. Targeting is used to actually make attacks unhindered. Normally only Sight is targeting, but you can sell back your sight to play Daredevil. At which point you buy another targeting sense. Or you might buy an additional targeting Sense, that is not covered by the Invisibility/Darkness. Also there are cases when sight’s targeting ability fails (Sight through Clairvoyance is not targeting, unless you bought this extra and the GM allows something as problematic as that).

Not standing at the origin point (and not a power designed for it). Not having a “targeting sense” to lock onto the enemy (and no power that takes care of such minor details). Aiming behind you through a mirror. Sounds similar enough for me in terms of difficulty as far as RPG rules would be concerned.

Porting that would be frustrating in D&D 3.X, as their Total concealment gives a infuriating 50% miss chance. I ran a combat with that once. But 4th Edition it is a direct -5 penalty. And in 5th Edition, it is Disadvantage. So it is a easy enough port.

So what do you guys think: Is this a halfway decent solution I came up with? What did others came up with for this issues, other then a stern “no” or something imbalanced?

Alternative to Qubes OS network domain for a server

I know that Qubes Os is not suitable for a server use, but some of its features are quite interesting for that. In fact, all the network drivers are contained in a VM that run a different Linux based system and the connections from the “main OS” to the network are made through TCP/IP with that VM. Moreover, network drivers have been moved out from the main OS kernel. That allows to prevent the use of a potential bug in the network driver.

How can I reproduce the same configuration ? I thought about using Xen with a virtual network, but I would like to know if somebody already made it.

Any alternative to Carousal Tabs for mobile?

I am designing a mobile application for enterprise , so for desktop view we are using tabs as you can see in the image below. I want to design the same for mobile, so if we use carousal tab navigation we have to swipe to reach last tab and it can be less discoverable.

enter image description here

Mobile views

  1. Carousal tab navigation

enter image description here

  1. Tab with more dropdown

enter image description here

So wanted to know if there’s any better alternative to this?

Is there an alternative to using hashing to identify malware?

I’m reading a sans paper on IOCs (indicators of compromise) in malware forensics and I came across this interesting obstacle:

polymorphic and metamorphic codes (Paxson, 2011) result in multiple hash identities for the same class of malware

Now I understand the existence of IOCs and the frameworks (such as OpenIOC) purpose is to account for this flaw in using hashing as a way of identification. But I’m trying to dig in a little deeper into the way we use hashing, and perhaps create a solution. Unless there’s already a solution in which case that’d be the answer to this question

Is there an alternative to using hashing to identify malware?

My idea is to create a way to hash something that expresses the level of difference between the two, maybe call this a “measured hash,” where the first, middle, or last portion of hash of length x, shows the same values for binaries with the same values. Maybe, by definition, what I’m describing is no longer a hash but it’d still be a program or function that takes a binary and outputs a fixed length representation of that binary for identification purposes. Then if only one small element of the binary is different, we’d be looking at a hash that is very similar to the hash of the original.

Using sha1 hash as an example: CA422BBF6E52040FF0580F7C209F399897020A7A

Is the result of this sentence:

I’m stealing all your files using this binary but then I’ll recompile another binary after adding or subtracting a few blocks of code

Now if I change the last three words of this sentence I get: F5BB055C7F7E76275C6F0528D2ACD6F288CE7496

Which is no surprise for anyone who knows hashing 101. My proposal is to use a mechanism that gets me something like this for the before CA422BBF6E52040FF0580F7C209F399897020A7A and this for the after: CA422BBF6E52040FF0580F7C209F399897029B10 because, after all, only three words were deleted and replaced by a single word.

What I’m NOT looking for in an answer, is a list of artifacts or frameworks that are already being used to identify malware. What I would like to know is if such a tool already exists or if my idea is preposterous and wouldn’t be of value to forensic investigators looking to share the intelligence of their research.

Alternative routes for Incident Response approach other than Windows Event Viewer?

I am currently developing an Incident Response Plan for a computer that has been hacked (no malware installed, just a system hack). My plan is to look through Windows Event Viewer to try and detect any unusual behaviour to the machine.

However, if an attacker has changed the contents of the log file or altered the time, what are the alternative routes for developing an IRP other than Windows Event Viewer?

DBAN alternative

so I’m selling my computer (HDD). I had some important data on it. Plese don’t tell me to physically destroy that drive, I need the money 😀 So I’m looking for some reliable solution that could erase things that DBAN can’t, as far as I know, erase host protected area, device configuration overlay and bad sectors. Questions are:

  1. I heard that Secure Erase (HDDErase) apparently can do erase of this. What do you guys think about it, is that a better alternative :)?

  2. What’s the best software to check if that HDD is truly erased? Even paid, I can get licence for many programs with a discount.

Thank you kindly and have a nice day!

Macros and Trust Center Settings – Alternative Combo of Settings

I asked a question in the about enabling Macro’s in the “Trust Center” and the security implications. I have now begun signing my projects with a “Code Signing” certificate and placed that certificate in the “Trusted Publishers” store of my end users.

I really don’t like the combination of settings available in the Trust Center.

See https://support.office.com/en-us/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6#__toc311698313

I would like to set the following and wondered if there was a way via RegEdit and/or Group Policy.

Disable all Macros WITHOUT notification, except digitally signed Macros.

This would block end users from running Macro’s by hitting allow, but still allow “TrustedPublishers” to share VBA Enabled Office content.

Cunning Caster Feat with Alternative Focus

Cunning Caster

This feat allows you to hide spellcasting, but takes penalties for every visual aspect of the spell you need to hide.

The general benefit is below:

When casting a spell, you can attempt a Bluff check (opposed by observers’ Perception checks) to conceal your actions from onlookers.

Each thing you do that is part of spellcasting causes a penalty here. For example, if you use material components you get a -4, but that is known to be removed by the Eschew Materials feat.

On the topic of focus and divine focus, the exact wording is this:

If the spell requires a focus or divine focus, you take a –4 penalty on the Bluff check.

All of the penalties in Cunning Caster tie to the process below. Components, including material and foci, are normally expected to be manipulated as part of casting the spell.

To cast a spell, you must be able to speak (if the spell has a verbal component), gesture (if it has a somatic component), and manipulate the material components or focus (if any). Additionally, you must concentrate to cast a spell.

My question: Do you still take the focus penalty from Cunning Caster when your focus is permanent? IE: Part of clothing, a holy symbol tattoo, or otherwise something treated as a focus that does not stipulate having to touch it to use it as a focus.