Would all melee PC attacks doing alignment damage be unbalanced at low levels?

For a campaign, I am currently discussing giving the PCs the ability to convert all melee and unarmed damage into alignment damage instead of normal physical, slashing, etc. damage.

One of the players suddenly realized that that makes the attacks extremely powerful and unbalanced at first level and lower levels.

Now I am wondering: is there anything I have overlooked that means having this ability starting at lower levels or level 1 could unbalance things in a normal Golarion campaign?

How do we cross-verify if the device is doing exactly what it is supposed to do?

I am very sorry for misleading and confusing title as this was best I could think of.

What i meant to ask is, how do we know any device is doing what it is supposed to do? like for example, Android is an open source OS (ignore google libraries for now) and they do claim that all passwords will be store on device only, but what if they are storing it on their servers and this piece of code is not there in the open source version but it is there only in pre-compiled libraries so, How do we check that the same code is there in the actual phone and open source version? same goes for other devices like iphone, routers, desktops etc.

Also most manufactures now a days have encryption enabled which makes it impossible to monitor the actual content on the tcp/ip packet.

We can always remove existing os and install the open source version but thats not possible in all cases as in some, it might be really confusing and might even need lot of extra stuff that people dont have usually.

So my general question is how do we verify if the same code is there in the open source version and pre-compiled binaries? I can think of reverse engineering but that would require great knowledge and skills which most people dont have.

Two processes doing extensive calculations – I want one to get ~100% of processor time – how?

I am running Ubuntu basic server with two processes: – process 1 – performing calculation 100% of uptime, and which I use to share computing power to community (it’s running @ prio 19) – process 2 – performing calculations for 5-10mins, from time to time, which I use to compute for me (it’s running @prio -19)

I want process 2 to be given with 100% of computing power (process 1 is at that moment should get close to 0% of CPU). But best what I get is 50% of CPU for process 1 and 50% of CPU for process 2 (checked with htop).

I don’t want to manually stop/start any process when I need computing power (both processes must be running all the time); 100% of CPU for process 2 must be given automatically.

What should I do to achieve my goal? Thanks.

How to check if my Ubuntu system is doing ok

I am a beginner in Ubuntu and using 18.04 with Nvidia GTx 1080Ti GPU… I am concerned because recently the fan inside my Dell Precision 7920 is being turned on frequently. Even when I am running one or two tabs in Google chrome or running some simple apps. Though I am not running any models in GPU but nvidia-smi gives me only 2~3% of GPU usage… and there is nothing significant I can find in system monitors… I have attached the image in the link. see the system monitor info here

I want to know if anything is wrong, please let me know how to proceed.
N.B.: my system has dual boot with windows 10, which I rarely use…

Saving preferences & data whne doing clean install of Ubuntu 18.04

I am currently running Firefox & Thunderbird/Lightning in Ubuntu 16.04 LTS.

I wish to do a clean install of Ubuntu 18.04 LTS with a clean install of Firefox & Thunderbird/Lightning preserving ALL my preferences & data from 16.04.

I do a complete backup (via luckyBackup) of the “Home” folder every time I log on.

Which folder/files should I check for to ensure that I can reload my preferences & data?

Thank you

Step by step guide for doing Wireguard VPN security and setup properly, for Android phone to LAN

Truism: Doing security right, is subtle and full of snags for the clueless.

Concern: I haven’t ever set up a connection between 2 computers using RSA/SSH keys or certificates, in my life. Realistically, I’m very aware of the theory, and I’ve read most of the steps piecemeal in security writeups, but for practical purposes, I’m still one of the clueless (for now).

Conclusion: Step by step help appreciated, so I do my Wireguard setup right, and also begin to learn “properly” and gain confidence for future connections (whether they are certificate or key based – SSH, 802.1X, web HTTPS certs, etc).

My setup

I’ve tried to follow the principle that what I can’don’t know enough to do reasonably safely, I at least try to avoid and not do insecurely.

LAN gateway – runs OPNSense FreeBSD soft router (fork of pfSense running on HardenedBSD, a hardened derivative of FreeBSD, so I can use pfSense analogies and find the same functionality on mine if needed). There’s separate NICs for wired and wireless LAN. Almost all wireless traffic is blocked from the LAN, so I’d open a port for “trusted device” traffic and then limit its access according to minimum needs (no help sought on that).

Wifi AP – The router’s wifi NIC is connected by ethernet to an OpenWRT Wifi router. Because it’s got virtually zero access to the LAN (ping router NIC and reach one dumb isolated printer server IP/port) and can only reach the WAN, there’s actually no security on this at all at the moment (I don’t have a problem running an open wifi network where I am; I’m also running a public tor exit node on one IP on the LAN).

Network services – DHCP4 and Unbound (resolver) on the router. No AD/directory services. No certificates/CA/RSA in use currently except automatically created ones for router/file server WebUI etc. Password based logins (ugh! Hope to learn + fix that someday!).

Mobile phone – Runs LineageOS 16 (Android Pie) with MicroG (FOSS Google services package replacement). Would like to move to 802.1X but again, lack knowhow of the certificate or key setup process done right.

VPN software – Wireguard seems quite well suited to my situation – I use public transport a lot, and theres a lot of intermittent disconnection and short lived reconnects, so a FOSS VPN that needs less config, auto uses decent tunneling setup, seems well reputed, and is designed for quick reconnects, seems better for me than, say, OpenVPN, although I’m sure both would work.

VPN endpoint/IPs – The VPN terminates on the OPNSense router so the open Wifi device isn’t an issue. The LAN uses 192.168.0.0/16, with 192.168.0.1/20 allocated for router, static, DHCP, and all non-VPN devices. So I can use 192.168.32.0/24 for any VPN-connected devices.

Broadcast domain – I’d like to have level 2 OSI broadcast not just switching, I * think * this is typical with VPN but not sure? I don’t expect broadcasts to flood the network 🙂

Likely usage/purposes

  1. SSH/FTP/SMB/RDP/ADB-over-TCPIP and perhaps media streaming between phone and LAN devices. Moving 20-40 GB dirs between phone and file server will become much quicker if I can use Wifi (when available) instead of waiting till home and using USB/SDCard.
  2. VPN tunnel to route all phone network traffic via LAN when away from home when using unknown wifi networks
  3. Moving some functionality from phone to LAN (Example: calendar/notes/feed via a LAN-based web server rather than locally as phone apps).
  4. Once more confident, doing similar for laptop, to allow remote working from laptop via VPN to LAN via RDP.

VPN security choices

A large part of any key/cert setup is about “how secure/hardened do you want to make it?” To make this simple, assume “hard enough that I probably don’t have to worry for 15 years”, other than deal with any publicly identified vuls (which I’ll leave to the software writers to fix). Assume plenty of CPU power for more rigorous at both phone+LAN ends, and roughly, enterprise level rather than home LAN style security for the VPN aspect. Meaning, I’d like to begin learning to do it right, even if patchwork/piecemeal at first (I’d like to avoid “no point in doing much, as more serious vuls exist”).

So I’m happy to use RSA 4096 rather than 2048, or more processor intense but secure algorithms; if a cert is needed, I’d rather have steps that create an intermediate CA so I can keep my top level CA totally offline. If there’s additional hardening options that a conscientious security pro would choose for say, CEO/CFO of a SME size business, that’d be about my kind of level.

Threat model

Mobile phone – overall I’d treat it as trustworthy. AFAIK I haven’t ever had a security issue with it, or an unsafe app, and in a way it’s unavoidable that I need to trust it somewhat. I can also set rules to block all but limited usage, either in the router or in my main servers, so that it’s got limited capacity for usage/harm and no root access to any device even if exploited. But that’s separate.

Connectivity/tunnels – I don’t feel comfortable just with WPA2/PSK. I’d like to ensure its the actual expected device, via some form of mutual authentication, if there’s a way to do it. Hence even where I can trust the network, at home, I’d like not to just connect via WPA2, but only via VPN, even if I’m going to access the LAN from my phone while at home, using my home router.

Own ignorance of correct setup+security processes/good practices for this – See below. I think this, and threats arising from it, are the main risk. I’m especially thinking, if I open the LAN to one device, I’ve potentially opened it to all, so I need to make sure I do only open it to that one device, as best I can, and not to others. I think that’s the biggest risk, and the motive for the question.

SUMMARY WHAT I AM HOPING FOR

I’m worried about my “Unknown unknowns”.

I don’t know what keys/certs I might need, nor how to correctly generate them. There are writeups but not a good start-to-end walkthrough I feel comfortable with. Basically, what recommended software+commands to use? What is good practice for the settings/CLI options/config used to generate them? What .conf settings should I also consider setting in Wireguard’s server/client?

I also don’t know which if any keys/files to generate on a “known safe” machine, and which if any files generated, should be stored airgapped/offline. I think it’s pretty much that simple.

So what I’m hoping for is a step by step recipe for my 1st time. A bit like this –

“Use package X or Y on BSD. These are the important switches/config choices. Use (or don’t use) a password. These are the commands to run on package X, or these commands on package Y. 3 files/keys will be generated. Put this one here and that one there. Hide this one on an airgapped system or USB stick. Configure Wireguard server/client .conf with these extra options. Done.”

I’d like to use CLI packages such as OpenSSL (already installed) rather than the router’s built-in GUI functionality, to generate any keys/certs, as this will help me be more competent in future.

Hopefully if I get this right, I’ll also learn quite a lot of what I need, to do other (certificate|priv+public key) based connections like 802.1X and SSH properly, both between the mobile devices and the OpenWRT bridge, and between LAN devices, and also be well on my way to getting RADIUS or other AAA running at some time to harden the LAN a bit more internally.

minimizing/restoring multiple windows with one action instead of doing that for each window

I use Ubuntu 16.04 and have to build/run an Android application on multiple emulator at the same time to compare differences between them. This requires minimizing/restoring windows of multiple emulator for each test which is annoying. I want to know is there a way to do minimizing/restoring those windows with one action instead of doing that for each window? For example is it possible to merge multiple windows into one? Or can I group them?

Note: I do not want to do minimizing/restoring all windows, I want to do that for some windows.