How can I avoid problems that arise from rolling ability scores?

Rolling ability scores is a time-honored tradition across many editions of D&D. However, it can sometimes cause problems for players and/or the DM. For example, one player character may end up much weaker or much stronger than the rest of the party, which can result in a poor experience for some of the players. In other cases, a player may have their characters repeatedly commit suicide-by-monster so they can try to reroll for higher stats, which can be quite frustrating for the GM and other players.

What approaches are available to mitigate these problems?

Note: Answers should ideally be able to prevent both the “Joe rolled all 7s, and his character is useless” problem and the “Karen rolled all 18s and her character makes everyone else’s character useless” problem. That is, an answer that only avoids very low average/total scores is not as good as one that avoids both very low and very high average/total scores.

how to avoid hard-coding of client credentials in browser(front-end) for external web application when posting to SharePoint Online

I am able to successfully upload a file from external web application(SAP UI5, a javascript based framework) to SharePoint Online using SharePoint REST services. I have registered the app as a ‘SharePoint Add-In’ in Azure ACS and set the ‘App permission requests’ by allowing ‘app-only policy’.

I have the generated ‘client-id & client secret’ credentials with me which i hardcoded in my web application while making Ajax POST request in order to authenticate and get the access token(that is required to make REST calls to SPO).

There is no server-side code, so all code is written/implemented in front-end, I want to know if there is a way to directly get access token in our application without passing the client credentials?

Can we pass the client credentials somewhere in SPO instead of hardcoding in the application or is there any other option like installing client certificate etc to authenticate instead of user/password ?

Should divine powers avoid the pact limitation to prevent double-dipping?

Looking at GURPS Powers, p.26, I see that Divine powers have a -10% discount because it is expected that the player character will live a life that is moral according to the divinity in question:

A deity grants you your power. Nothing can prevent your god’s power from reaching you . . . but your patron expects certain behavior in return. The precise details depend on your god.

A good god expects you to lead a virtuous life. The required moral code is a -10-point disadvantage (-10%), typically Honesty (12), Sense of Duty (Coreligionists), or a major Vow.

Very well, it seems that a player character could have a god as a Patron. But looking at the basic book, p. B73:

Minimal Intervention: Your Patron is less useful than its power level would suggest. On a successful appearance roll, the GM makes a reaction roll for your Patron to determine whether it actually provides aid; see Requests for Aid (p. 562). On a Neutral or better reaction, you receive the aid your Patron thinks you need – which may or may not be what you want. This is the classic modifier for gods who have many other minions to aid, and frequently accompanies the Pact limitation (see p. 113). -50%

However, a 10-point Pact would be a 10-point limitation on the “Patron” advantage. Conversely, the moral code for the divinity power source is a general disadvantage on the character.

So my first impression is that I could make a 210-character-point divine superhero who follows a 10-point code of morality; that 10-point code of morality would take 10 points off the total, making the hero a 200-point character. Somewhere in that point total, the character would have Patron (highly accessible +50%, minimal intervention -50%, special abilities +100%, Pact limitation -10%) for 57 points of advantage. However, that 10% Pact limitation looks like it might be double-dipping.

Possibly “pact” should not be given because the moral code only gives its deduction once, at the granted-power level. So perhaps the “Patron” advantage should be 60 points, not 57 points. If it costs 60 points, I think it definitely avoids double-dipping.

Can I avoid storing data on the web by emailing it?

My client wants to gather some sensitive info via an app. I don’t want to store it on the server. Is this a good plan?

  1. Encrypt it on the phone using a public key embedded in the app.
  2. Send it to the server.
  3. Without saving it, email it to the client.
  4. They copy the base64 into a desktop app that decrypts it using a private key stored on the machine.

They already have such data in-house. So I figure this wouldn’t be any less secure.

How to avoid neccessity to re-enter password during schell script execution

I am working on a shell script performing recurring tasks of

  • git commit
  • git push
  • mvn release:prepare
  • mvn release:perform

in a couple of paths of a JAVA software project.

Now each of these commands asks for my rsa token password at least once, sometimes even multiple times: “Enter passphrase for key /…./.ssh/id_rsa:”

Is there a way to get around this? It would be OK if I had to enter the password once per script execution.

One boundary condition: I cannot use “spawn, expect, send”

Can you avoid ever password to be sent on the wire?

Let’s say I want to secure authentication on a web app or a mobile app or even a machine to machine app.

My first approach to secure the password is to enable HTTPS and some sort of client side message level encryption of data to be sent on the wire.

So I’m starting to think that since MITM could help circumvent HTTPS and discover at least an encrypted password, there is maybe no way to truly protect a password.

So I was wondering (not considering VPN here), if a user submitted data (ex : password) on the wire is ever secure ? Or if there exists a way to to never submit password on the wire ?

How to avoid too much RAM memory usage

I use Ubuntu Studio 18.04.3 with additional backports PPA to get LTS.

I want to use “xLogo”, a Java version of the old Logo Programming Language, to get 3D figures in the screen.

But, when xLogo is working, I get a message about it is using almost the 90% of the computer RAM memory.

And I can confirm this is true, because the System Charge Monitor shows me the same thing: RAM Memory at 90%!

How can I get xLogo “eats” less RAM memory?

BTW: The System Charge Monitor is always shows me that my RAM Memory is around 60% to 65% used. Is it a normal value? Can I get more free RAM Memory? How?

Are there effects where holding your breath allows you to avoid them?

As suggested by one of the answers to this question on holding breath, there can be situations where damage may be able to be avoided by holding your breath.

A creature can hold its breath for a number of minutes equal to 1 + its Constitution modifier (minimum of 30 seconds).

When a creature runs out of breath or is choking, it can survive for a number of rounds equal to its Constitution modifier (minimum of 1 round). At the start of its next turn, it drops to 0 hit points and is dying, and it can’t regain hit points or be stabilized until it can breathe again.

Consider cloudkill:

When a creature enters the spell’s area for the first time on a turn or starts its turn there, that creature must make a Constitution saving throw. The creature takes 5d8 poison damage on a failed save, or half as much damage on a successful one. Creatures are affected even if they hold their breath or don’t need to breathe.

And stinking cloud:

Each creature that is completely within the cloud at the start of its turn must make a Constitution saving throw against poison. On a failed save, the creature spends its action that turn retching and reeling. Creatures that don’t need to breathe or are immune to poison automatically succeed on this saving throw.

The wording is a little confusing, does holding your breath count as not needing to breathe for purposes of potentially avoiding damage? What are the situations where holding your breath will allow you to avoid taking damage for the duration of your ability to hold your breath?