## What are the gambling games in the “Black Box” edition of Basic D&D?

I have a vague memory of my father teaching me about dice probabilities from a “mini-game” within the Black box set, at the beginning of being in jail in the salt mines. The other prisoners, is willing to gamble with me, but we use different combinations of dice to see who will roll the higher number. From what I can remember it was from the Escape from Zanzer Tem’s dungeon adventure.

I’m looking to find what exactly those combinations of dice were, and what the rules of the gambling game were.

## Does exploration movement rate in Basic D&D (B/X) include trap/secret-door detection?

In the Basic Rulebook for D&D, on page B19, it states that characters can move 120′ in a dungeon per turn (10 minutes). Later it states that this movement assumes players are mapping carefully, searching, and trying to be quiet.

What is meant by ‘searching’? Are characters automatically getting a detect trap and detect secret door roll (every 10′ or per trap/door) as part of this movement rate? It seems unclear what searching exactly means in this context.

## Just adding basic token by POST parameter for securing the API. It is safe?

Let’s say I have an address for an API like this:

mywebsite.com/api/mydata 

If accessed, a JSON will appear like this:

[   {     "id":"1",     "name":"John"   },   {     "id":"2",     "name":"Smith"   } ] 

The result defaults will be displaying the entire data if a post has no parameters. If you use post "ID" and the ID parameter value is one of the existing data in the API, it will only display objects from the data selected based on the ID. The API can be accessed by anyone. API needs to be accessed using token parameters to secure the data.

Let’s say I add a token parameter to be able to access data like this:

yourtoken="yourtoken"  if (post_param[token]==yourtoken) {   // Displaying JSON } 

so if you want to open the API, you need to add a token parameter.

Is simple security like this worth using? what vulnerabilities will arise if I use this? is there a better way than this?

## PostgreSQL injection with basic sanitization

I’m trying to figure out if an SQLi for the following PostgreSQL/Java code exists.

public void availableItems(String name) {   return this.query("SELECT * FROM items WHERE name='"+name+"'"); } 

Assuming that in the name is sanitizing space, apostrophe and semicolon. Is it possible to make a SQLi work with this restrictions? my gut feeling tell me that I could but I’m a bit lost.

## Confusion about definition of languages accepted by Turing Machine, very basic question

I’m studying for an upcoming exam and my book gives the following definition:

Let $$M$$ be a Turing machine, then the accepted language $$T(M)$$ of $$M$$ is defined as $$T(M) = \{x \in \Sigma^* \mid z_0 x \vdash^* \alpha z \beta; \alpha, \beta \in \Gamma^*; z \in E\}$$.

As a side note, $$\vdash$$ denotes the transition from one configuration of the TM to the next, and the $$^*$$ denotes an arbitrary number of applications of this relation.

What I’m confused about is that under this definition of acceptance, I only have to enter the end state once and even if I leave it, the word would be accepted, or I could loop in this end state. In push down automata or regular automata, we do not have this problem as we move through the word sequentially from beginning to very end, especially in push down automata where the stack is separated from the input word.

Now I read in most other definitions, additionally to ending up in an end state, the Turing machine must also halt, meaning that it must end in a state that has no transitions. Although I’m not sure what this would mean for deterministic Turing machines as they have to have transitions for all configurations of the machine.

To wrap it up:

Question 1: Is halting required? Is it a useful property for accepting languages or is there a reason the definition was given as is?

Question 2: How would you define "halting" for deterministic Turing machines?

## Who picks the type of the Basic Attack?

Charm of Misplaced Wrath (Heroes of Fallen Lands, p206)

The target makes a basic attack against a creature of your choice as a free action. The basic attack gains a +2 power bonus to the damage roll.

This is a 1st level Wizard encounter power, if it matters.
Can I make the target do a Ranged Basic Attack (so it provokes attacks of opportunity) or does it get to pick the type of Basic Attack?

## Few basic questions on CA

1. Which problem does it solve – AuthN or AuthZ or something else?
2. If a client is attempting to talk to a large pool of servers and I want to individually establish the identity of each server host, is CA scalable? If the pool size is 10,000 hosts will a single CA service scale?
3. How is a server’s certificate deployed on that server host in the first place? Don’t we need a secure channel that establishes the identify of that host to even do that? Isn’t this a chicken-and-egg situation?
4. Can I use open-ssl toolkit to generate certificates signed by a CA?

## How useful is the 5e ‘Wish’ spell (‘Basic Use’ version) for spell research?

The 5e Wish spell does, literally, whatever you wish, but for a price. The Basic Use version may be useful for instant spell research without the usual time / gold costs. Logically, one could use this Basic Wish to learn all the wizard spells lvl. 8 and lower. But what are the limits? To quote:

The basic use of this spell is to duplicate any other spell of 8th level or lower. You don’t need to meet any requirements in that spell, including costly Components. The spell simply takes effect.

Here are some possibilities:

1. Casting ‘Wish’ may allow one to have a version of any existing / official spell (found in Player’s Handbook, Volo’s &/or Mordenkainen’s manuals). This exists as a memorized spell ‘slot’, uncast, in one’s mind. Wizards (class) could then write-scribe this spell, providing this was a wizard’s (spell-list) spell in the first place. This learning technique may also extend to some ritual spells, q.v.

2. As the Basic Use of a ‘Wish’ spell does NOT require material components. As such, the caster of this spell can automatically gain one (1) fully transcribed non-magical version in a book (or scroll / carved tablet / scribed on a skull / whatever suits your fancy). Should this be a ‘wizard’ spell, the caster could then use this written version as though they had transcribed this themselves. Other wizards would need to endure the usual transcription-study-cost process from this origin material, as normal.

3. This Basic Version of the spell vetoes any and all requirements! As such, any spell imaginable (of less than 8th level value) can be instantly scribed into a book. If it were considered a ‘wizard’ type spell others of that class could make use / transcribe it as usual. If it were a spell for any other list, those of the appropriate class could use this written spell to re-establish a new relationship with their deity, patron or other spell-delivery creature.

Off the cuff, the first one seems reasonable. The second version seems to be pushing boundaries a little (not sure why). The last one, drafting out Brand New Spells every day, seems totally implausible for a mere Basic Wish (perhaps a FULL wish could do this?) – yet i have no known RAW defence on this. It just seems like a bad idea to let a CR 11 ‘arch-mage’ pump out 300+ spells (of any class / up to 8th lvl) in any given year, risk free. But… why not?

Gathered Exchangers of Stackings… what say ye?

## Is the old “Linear Fighters Quadratic Wizards” problem still around in 5e Basic?

(This question is a comparison to 3.x, though things might have been different in 4e)

In 3.5e there is a large power and capability gap between fighters and wizards that fighters couldn’t hope to close, even in their nominal area of excellence. Is this problem still around?

## Purpose of randomization/derandomization in basic randomized algorithm for MAX SAT

In Sections 5.1 of The Design of Approximation Algorithms by Williamson and Shmoys, they describe a basic randomized algorithm for MAX SAT and how to derandomize it. The algorithm is just to assign each variable 1 (true) with probability 1/2 and 0 (false) with probability 1/2. In other words, sample uniformly at random from the space of all solutions. They show that this is a 1/2-approximation.

Then in Section 5.2, they describe how to derandomize it using the method of conditional expectations. (I won’t describe the process here because it is not very complex and widely known I’m assuming.)

My question is, why bother derandomizing this way? Or even, why bother making the algorithm random in the first place?

It seems to me that an equally good algorithm would be the one-liner which deterministically sets all variables to 1. Given some MAX SAT instance as input, it seems to me that you would also expect this to (i.e., "in expectation it would") satisfy half of the clauses. To me, the analysis of the random algorithm really seems to say that any fixed guess is "good." (Rather than showing that our random algorithm is inherently good.) So why go through the process of randomizing and derandomizing in the first place?