Does Alarm caster know if alarm has been triggered by multiple creatures at the same time?

Scenario:

I know that Alarm has been cast on an area.

I become invisible and wait for another creature to approach the affected area.

At the exact moment this creature enters the affected area, I also enter (still invisible).

Would the caster of Alarm know that the Alarm had been triggered by two creatures, or would they only be aware that the Alarm had been triggered generally?

Has the Underdark ever been a separate plane to the Material Plane?

I play D&D 5e; I am not that familiar with the other editions of D&D. However, I’m looking for lore on the Underdark from any edition, since the settings (e.g. the Forgotten Realms) are still roughly common to most editions (even if certain events have occurred in some editions and not in others).

For context, in my own homebrew universe, I’ve decided that the Underdark is in fact another plane, although it is accessible from the Material Plane via certain tunnels and such that are like subtle portals (similar to Fey Crossings). However, this question is not about my homebrew universe (which I doubt I’ll change regardless of the outcome of this question).

I was looking into the Underdark, searching through information online and in 5e books, to see if the Underdark is a different plane or whether it is simply beneath the “surface” of the Material Plane. It seems as though it’s the latter, which means I’ll have to go to greater efforts to adapt existing adventures to my homebrew universe that were written in the Forgotten Realms, for example.

However, I believe I got my idea about the Underdark being a different plane from somewhere, so I was wondering if there have ever been any adventures or settings within D&D where the Underdark has been considered a different plane.

I’ve read online that Matt Colville has used this idea from an adventure called “Night Below”, which was apparently an old 2e adventure. I did used to watch some of his videos, so maybe that’s where I got this idea from? But even if this lead proves false, are there any adventures or settings that have ever treated the Underdark as a different plane from the Material Plane?

What happens to your class features if you short rest while your form has been changed?

Bob the Warlock has blown all of his spell slots. The friendly party druid casts Animal Forms on Bob, and while in his animal form he takes a Short Rest. After the rest completes, he drops out of animal form for whatever reason. Does Bob have his spell slots back, or does he have to take a rest while in his Warlock form to regain htem?

This kind of situation could also come up with Polymorph (all three varieties) or Shapechange, combined with Catnap.

How to see the original text of the the function that has been wrapped by “DBMS_DDL.WRAP”

As I’m new to Oracle PL-SQL,I’m trying to be familiar with DBMS_DDL package and I used it to hide my source code,below you can see the example I’m working on:

Declare   v_string varchar2(32676); begin      v_string := 'create or replace function get_os_user                   return varchar2 ' || ' is  ' || ' begin ' ||               ' return (sys_context(''userenv'',''os_user''));' || ' end; ';      execute immediate sys.dbms_ddl.wrap(v_string); end; 

The function get_os_user is created in the function section and In the view mode , I see the non readable hex format of the original function.Now my question is how I can see the original format of the function? The way the book from which I read about the package just said this:

The original text can be viewed in DBA/ALL/USER_SOURCE 

Where is DBA/ALL/USER_SOURCE? Are there other ways to see the original format of wrapped functions and procedures?

SQL Server Launchpad – The user has not been granted the requested logon type at this machine

I am trying to execute python scripts within t-sql on sql server 2017. With external scripts enabled, when executing a trivial script, I get the error "SQL Server was unable to communicate with the LaunchPad service. Please verify the configuration of the service". When I try to start the launchpad service, it fails to start reporting error "The user has not been granted the requested logon type at this machine" to the event logs. I have local admin on the host server and have tried to add NT Service\MSSQLLaunchpad to adminstrators and still fails for the same error. The NT Service\MSSQLLaunchpad does not have the explicit permission allow logon locally or logon as a service. I had my dba change the login to a domain user which does have those permissions and the same error occurred. Have also tried to repair the instance installation.

Any ideas of how to fix this problem?

Does a drawn Teleportation Circle remain after it has been used?

Simply put, once a Teleportation Circle drawn for the usage of the spell of the same name has been activated and utilized, does the drawing remain behind? I understand the spell has material components that are required and consumed in the casting of the spell, but it’s a bit vague as to whether the drawing is consumed or if it remains behind but is inert.

Example: A party’s wizard draws a circle for their home base and the party uses said circle, teleporting them all home. An enemy tracking them finds where the spell was cast and sees the circle left behind, now inert, but easy to replicate with the material components again and cast the spell teleporting the enemy into the party’s home base.

Is there a legitimate reason for a USB-ethernet hardware device to have been connected to my laptop?

There was an unknown network adapter in my device manager. I found out it was for a USB-RJ45 ethernet device, which I have never even seen before. This device was not present when I bought the machine. As far as I have researched, it is not installed by any software or devices I use.

I’m concerned because there is a known vulnerability in Windows that’s exploited using these devices. A malicious person with access to the device could have stolen my credentials and logged in. (Google Usb-ethernet windows vulnerability if you don’t believe me.)

I believe the police or another malicious party exploited that vulnerability, and they used it to install a keylogger and acquire my hardware info. Is the presence of this device suspicious enough, from an information security standpoint, to support my belief? What would you do if you discovered the same on an enterprise machine?

Understanding CSP: report shows blocked that shouldn’t have been blocked

I’m having trouble making sense of some reported CSP violations that don’t seem to actually be violations according to the CSP standard. I have not managed to reproduce the violations in my own browser, and based on my own testing I believe that the block is the result of a non-compliant browser. That seems like a bold assertion, but based on all the documentation I’ve read and my tests it’s the only thing that makes sense.

Here is (more or less) what the CSP is:

frame-ancestors [list-of-urls]; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' [list-of-more-urls]; report-uri [my-reporting-endpoint] 

The problem is that I’m getting some violations sent to my reporting endpoint. Here is an example violation report:

{"csp-report":{     "document-uri":"[REDACTED]",     "referrer":"[REDACTED]",     "violated-directive":"script-src-elem",     "effective-directive":"script-src-elem",     "original-policy":"[SEE ABOVE]",     "disposition":"enforce",     "blocked-uri":"https://example.com/example.js",     "status-code":0,     "script-sample":"" }} 

The context would be that the page in question had a <script src="https://example.com/example.js"></script> on it somewhere.

To be clear, https://example.com is not in the list of allowed URLs under default-src. However, that shouldn’t really matter. Here are all the relevant facts that lead me to believe this is being caused by a non-compliant browser that someone is using:

  1. There is no script-src-elem defined so it should fall back on the default-src for the list of allowed URLs.
  2. default-src includes the https: schema, which means that all urls with an https scheme will be allowed. The blocked URL definitely uses HTTPS
  3. This source agrees that the scheme source (https) will automatically allow any https resources. Therefore this should be allowed even though example.com is not in the list of allowed URLs.
  4. The official CSP docs also agree, showing that scheme matching happens first and can allow a URL even before the list of allowed URLs is checked.
  5. Therefore, if you include the https: scheme in your default-src, your CSP will match <script src="https://anything.com"> even if not specifically in the list of allowed URLs
  6. In my own testing I found the above to be true.

Despite all of this, I have sporadic reports of CSP violations even though it shouldn’t. Note that I’m unable to replicate this exactly because the pages in question have changed, and I don’t have easy control over them. The only thing I can think of is that some of my users have a browser that isn’t properly adhering to the CSP standard, and are rejecting the URL since it is not on the list of allowed URLs, rather than allowing it based on its scheme.

Is this the best explanation, or am I missing something about my CSP? (and yes, I know that this CSP is not a very strict one).

Is Deluge safe to use still when it’s not been updated since the first part of 2017?

https://dev.deluge-torrent.org/wiki/Download

https://ftp.osuosl.org/pub/deluge/windows/?C=M;O=D

The latest version of Deluge for Windows that can actually be downloaded and installed is deluge-1.3.15-win32-py2.7.exe from 2017-05-12.

That’s well over three years ago now!

They have been discussing the problems of releasing the new version for years, but nothing comes from it. Like so many slowly dying (but never quite gone) projects I’ve painfully witnessed in the last many years.

Doesn’t this more than likely make it extremely unsafe for me to be running this software on my machine? I feel as if it’s an open door to my machine, almost certainly containing unpatched exploits.

Yet the sad reality is that there are no alternatives. uTorrent is an ad-infested spyware nightmare since many years, and others… well, just like with browsers, I’ve given up on searching because there’s just nothing out there. Nobody seems to care one bit about the entirely desktop computer anymore.

Can I still use this ancient software? If so, how much longer?