Who picks the type of the Basic Attack?

Charm of Misplaced Wrath (Heroes of Fallen Lands, p206)

The target makes a basic attack against a creature of your choice as a free action. The basic attack gains a +2 power bonus to the damage roll.

This is a 1st level Wizard encounter power, if it matters.
Can I make the target do a Ranged Basic Attack (so it provokes attacks of opportunity) or does it get to pick the type of Basic Attack?

Few basic questions on CA

  1. Which problem does it solve – AuthN or AuthZ or something else?
  2. If a client is attempting to talk to a large pool of servers and I want to individually establish the identity of each server host, is CA scalable? If the pool size is 10,000 hosts will a single CA service scale?
  3. How is a server’s certificate deployed on that server host in the first place? Don’t we need a secure channel that establishes the identify of that host to even do that? Isn’t this a chicken-and-egg situation?
  4. Can I use open-ssl toolkit to generate certificates signed by a CA?

How useful is the 5e ‘Wish’ spell (‘Basic Use’ version) for spell research?

The 5e Wish spell does, literally, whatever you wish, but for a price. The Basic Use version may be useful for instant spell research without the usual time / gold costs. Logically, one could use this Basic Wish to learn all the wizard spells lvl. 8 and lower. But what are the limits? To quote:

The basic use of this spell is to duplicate any other spell of 8th level or lower. You don’t need to meet any requirements in that spell, including costly Components. The spell simply takes effect.

Here are some possibilities:

  1. Casting ‘Wish’ may allow one to have a version of any existing / official spell (found in Player’s Handbook, Volo’s &/or Mordenkainen’s manuals). This exists as a memorized spell ‘slot’, uncast, in one’s mind. Wizards (class) could then write-scribe this spell, providing this was a wizard’s (spell-list) spell in the first place. This learning technique may also extend to some ritual spells, q.v.

  2. As the Basic Use of a ‘Wish’ spell does NOT require material components. As such, the caster of this spell can automatically gain one (1) fully transcribed non-magical version in a book (or scroll / carved tablet / scribed on a skull / whatever suits your fancy). Should this be a ‘wizard’ spell, the caster could then use this written version as though they had transcribed this themselves. Other wizards would need to endure the usual transcription-study-cost process from this origin material, as normal.

  3. This Basic Version of the spell vetoes any and all requirements! As such, any spell imaginable (of less than 8th level value) can be instantly scribed into a book. If it were considered a ‘wizard’ type spell others of that class could make use / transcribe it as usual. If it were a spell for any other list, those of the appropriate class could use this written spell to re-establish a new relationship with their deity, patron or other spell-delivery creature.

Off the cuff, the first one seems reasonable. The second version seems to be pushing boundaries a little (not sure why). The last one, drafting out Brand New Spells every day, seems totally implausible for a mere Basic Wish (perhaps a FULL wish could do this?) – yet i have no known RAW defence on this. It just seems like a bad idea to let a CR 11 ‘arch-mage’ pump out 300+ spells (of any class / up to 8th lvl) in any given year, risk free. But… why not?

Gathered Exchangers of Stackings… what say ye?

Purpose of randomization/derandomization in basic randomized algorithm for MAX SAT

In Sections 5.1 of The Design of Approximation Algorithms by Williamson and Shmoys, they describe a basic randomized algorithm for MAX SAT and how to derandomize it. The algorithm is just to assign each variable 1 (true) with probability 1/2 and 0 (false) with probability 1/2. In other words, sample uniformly at random from the space of all solutions. They show that this is a 1/2-approximation.

Then in Section 5.2, they describe how to derandomize it using the method of conditional expectations. (I won’t describe the process here because it is not very complex and widely known I’m assuming.)

My question is, why bother derandomizing this way? Or even, why bother making the algorithm random in the first place?

It seems to me that an equally good algorithm would be the one-liner which deterministically sets all variables to 1. Given some MAX SAT instance as input, it seems to me that you would also expect this to (i.e., "in expectation it would") satisfy half of the clauses. To me, the analysis of the random algorithm really seems to say that any fixed guess is "good." (Rather than showing that our random algorithm is inherently good.) So why go through the process of randomizing and derandomizing in the first place?

Thanks in advance!

curl query to regular url: basic auth

I’m currently experimenting with the Toggl API https://github.com/toggl/toggl_api_docs/blob/master/chapters/workspaces.md#get-workspace-users

For example, the page states

curl -v -u 1971800d4d82861d8f2c1651fea4d212:api_token -X GET https://www.toggl.com/api/v8/time_entries/current 

If i enter this in my console (using my api token, not the example token of course) it works and I’m getting back the requested JSON.

If I try to get the json however directly in a browser by restatting the query as


I’m getting

Access to www.toggl.com was denied You don't have authorization to view this page. HTTP ERROR 403 

what am I doing wrong? I thought that user:pw@domain would be the same as curl -u user:pw -X GET domain

Guidance for a basic responsive website

Hello, this is my first post on this forum.
I need to make a new website, a quite simple one with some pages.
It is a company website (my company) and for selling a product.
The product is a software for Windows (I mention that so you can know more or less what the site is about).

I've been reading how to make a responsive website, but I have some questions and I need some place to ask them, so here I am. I hope that I came to the right place, and if it is not, please point me where I…

Guidance for a basic responsive website

sqlmap: Test injection in Basic Authentication?

I have been trying to make sqlmap test the username parameter in a fake login page that uses basic authentication. However I cannot make it test the Authentication header via the asterisk trick:

sqlmap --auth-type "BASIC" --auth-cred="*:pass" --level 5 --risk 3 --method POST -u http://fake_endpoint.local/ --proxy 

I receive at the proxy only one login attempt with literally *:pass (b64: KjpwYXNz)

POST http://fake_endpoint.local/ HTTP/1.1 Content-Length: 0 Authorization: Basic KjpwYXNz Cache-Control: no-cache User-Agent: sqlmap/1.4.3#stable (http://sqlmap.org) Referer: http://fake_endpoint.local/ Host: fake_endpoint.local Accept: */* Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=utf-8 Connection: close 

Any ideas if this is feasible through sqlmap?

Early-1990s basic D&D adventure – had three dragons in a ruined keep of squabbling mooks

This was a DnD adventure I recall playing in the early 90s.

There were three adventures all closely connected: a black dragon, a green dragon (which uses illusions to make itself seem like three dragons together), and a red dragon. There was also a ruined keep filled with squabbling mook races, like goblins, orcs, etc. The dragons had to keep the peace among the tribes, and the lieutenants included a goblin leader and a harpy or siren. Her name was something similar to “Hauraura”.

This would have been 1990 to 1993.

Can someone in Cyber Security or IT help answer this basic question on the change of today’s malware? [closed]

1.) Before the most common types of malware were usually trojan horses and various other types of viruses derived from one’s own e-mail on a desktop. Given the timespan since those days, the game has changed. Today ways of breaching a user’s data have changed drastically. What are the most prevalent methods that an average person should be aware of today?