What’s behind the widespread negative response to Wild Sorcerers, and how can I ensure they’re fun at my table?

I’m just starting to get into D&D 5e. Magic classes in particular fascinate me, and the one that caught my eye the most is the wild sorcerer. Or, rather, the concept did. The mechanics of the design itself seem particularly lackluster when compared to every other magic class I’ve looked at.

After quite a bit of searching, it seems I’m not alone in this observation. All over the place, people insist that wild sorcerers are unbalanced/underwhelming/generally unwanted. But I haven’t really seen any explanations of what exactly makes them this way, compared to other classes.

I’m now looking at attempting to DM a game with a bunch of other newbies, and trying to figure the game out as a group. One of my players will likely want to play a wild sorcerer. I’m interested in seeing how that plays out in RAW, but more importantly, I want the players to have fun.

I’m new and inexperienced. What should I look out for in the Wild Sorcerer when considering balance, or fun? Are there any gaping flaws in practice for the wild sorcerer’s design?

Right now I’m considering using the existing mechanics, but supplementing them with a secondary system of character progression that slowly takes the sorcerer from fearing their magic that’s unpredictable, to having some, but not total, control over it. Basically there’s a chaos level that increases and decreases based on player ability/spell usage. High chaos means more wild surges, low means less. To get the most out of the design, you have to balance the chaos level (in theory).

Note, I’m well-aware that I should probably stick to RAW during the learning phase. But as someone that works in gaming, I’m also aware that mechanics typically function differently in practice than in theory, and so I want to be prepared for any known “in-practice” shortcomings.

It sounds like the main ones are how often a surge happens (GM overhead, chance of anything happening at all), and exactly what happens (more flavor vs more functionality, which is up to what you want from the game). Both answers were solid, but I’m going with Icy’s, since it approached the question more specifically targeting the Wild Sorcerer’s in-practice functionality with examples and edge cases.

Generate constraints that ensure positive definiteness

What is a good way to generate algebraic constraints that ensure matrix be positive definite? Ideally, I’d be able to do something like below

Solve[# \[Element] Reals & /@ Eigenvalues[A]]

However, this doesn’t directly work. Practical example below uses this to find the norm of a positive linear operator (related issue). It works, but requires AposDefiniteConstraints to be specified manually which I’d like to avoid.

(also tried Thread[Eigenvalues[X] > 0] suggestion from Find minimum with matrix positive-definiteness constraint but I get Maximize returning unevaluated)

(* Find norm of a positive transformation of a positive definite \ d-by-d matrix *) SeedRandom[1]; d = 2; symmetricMatrix[d_] := Array[a[Min[#1, #2], Max[#1, #2]] &, {d, d}]; extractVars[mat_] := DeleteDuplicates@Cases[Flatten@A, _a];  (* using built-in Norm/Simplify too slow, use this helper instead *)  norm[A_] :=    Max[x /. # & /@ Solve[CharacteristicPolynomial[A, x] == 0, x]];  A = symmetricMatrix[d]; Avars = extractVars[A];  B = Mean[#\[Transpose].A.# & /@     Table[RandomReal[{-1, 1}, {d,        d}], {d^2}]]; (* random positive transformation of A *) normA =   norm[A]; normB = norm[B]; AposDefiniteConstraints =    a[1, 1]^2 + 4 a[1, 2]^2 - 2 a[1, 1] a[2, 2] + a[2, 2]^2 >= 0 &&     a[1, 1]^2 + 4 a[1, 2]^2 - 2 a[1, 1] a[2, 2] + a[2, 2]^2 >= 0; Maximize[{normB, normA < 1,    AposDefiniteConstraints}, Avars] (* => {0.7853700810760375`,{a[1,1]\ \[Rule]0.999855037823971`,a[1,2]\[Rule]0.00017274783320670866`,a[2,2]\ \[Rule]0.9997941436806035`}} *)  ``` 

Ensure function has completed before allowing another Ajax call

I am updating an array saved in a users meta field using an ajax function.

The values added to the array are taken from the data-attributes within the tags which also act at the trigger to make the ajax call.

Whilst the function works 95% of the time, it can be a bit hit and miss whether the values save or not. I suspect this is because a user can fire these ajax calls too quickly and not give enough time for the original function call to save and update the meta field.

What would be the best method to ensure the ajax triggered function of updating the meta field value has been completed before allowing the function to run again?

Hope this makes sense – needless to say, please let me know if you need any more info.

Thanks in advance!!

Sample HTML

<div id="rjb_slots" class="slots">   <h5>Mon, 24th Aug 2020</h5>   <div class="slot">     <span class="time">10:30</span>     <a class="book" data-timestamp="1598265000" href="#"></a>   </div>   <div class="slot">     <span class="time">11:00</span>     <a class="booked" data-timestamp="1598266800" href="#"></a>   </div>   <div class="slot">     <span class="time">11:30</span>     <a class="booked" data-timestamp="1598268600" href="#"></a>   </div>   <div class="slot">     <span class="time">12:00</span>     <a class="book" data-timestamp="1598270400" href="#"></a>   </div>   <div class="slot">     <span class="time">12:30</span>     <a class="booked" data-timestamp="1598272200" href="#"></a>   </div>   <div class="slot">     <span class="time">13:00</span>     <a class="book" data-timestamp="1598274000" href="#"></a>   </div>   <div class="slot">     <span class="time">19:30</span>     <a class="book" data-timestamp="1598297400" href="#"></a>   </div> </div> 

Ajax .js

$  ('.slot').on('click', 'a.book', function(e) {   e.preventDefault();    var user   = $  ('#rjb_day').attr( 'data-user' );   var stamp  = $  (this).attr( 'data-timestamp' );       // console.log(bookCap);      $  (this).removeClass('book').addClass('booked');    $  .ajax({     type: 'POST',     url: ajax_object.ajaxurl,     data: {         action: 'rjb_make_diary_slots',         user: user,         stamp: stamp     },     success: function(data) {       // This outputs the result of the ajax request       console.log(data);     },     error: function(errorThrown){         console.log(errorThrown);     }   });      }); 

Function that updates the user metafield

add_action( 'wp_ajax_rjb_make_diary_slots', 'rjb_make_diary_slots' );  function rjb_make_diary_slots() {    $  user   = $  _POST['user'];    $  stamp  = array(               array(                  'rjb_cal_day'           => strtotime('today', $  _POST['stamp']),                 'rjb_cal_when'          => $  _POST['stamp'],                 'rjb_cal_position_id'   => '',                 'rjb_cal_candidate_id'  => ''               )             );    $  calendar   = get_user_meta( $  user, 'rjb_cal', true);   $  stamps     = !empty($  calendar) ? $  calendar : array();   $  new_stamp  = array_merge($  stamps, $  stamp);    usort($  new_stamp, function($  a, $  b) {     return $  a['rjb_cal_when'] <=> $  b['rjb_cal_when'];   });    update_user_meta( $  user, 'rjb_cal', $  new_stamp);    $  log = print_r($  stamp);    wp_die($  log);  } 

Example of a value stored in the rjb_cal user meta field

array (   [0] => array (     [rjb_cal_day] => 1598227200     [rjb_cal_when] => 1598266800     [rjb_cal_position_id] =>      [rjb_cal_candidate_id] =>    )   [1] => array (     [rjb_cal_day] => 1598227200     [rjb_cal_when] => 1598268600     [rjb_cal_position_id] =>      [rjb_cal_candidate_id] =>    )   [2] => array (     [rjb_cal_day] => 1598227200     [rjb_cal_when] => 1598272200     [rjb_cal_position_id] =>      [rjb_cal_candidate_id] =>    ) ) 

how two phase commit ensure serializability

Two phase commit is used in distributed transaction. For example, a client sends a transaction to two databases with a coordinator.

  • step1: client get a global transaction id from coordinator
  • step2: client send the transaction to two databases respectively
  • step3: client send the commit flag to coordinator
  • step4: coordinator send prepare flag to two databases, and two databases response prepare ack
  • step5: coordinator send commit flag to two databases, and two databases response commit ack
  • step6: coordinator response commit ack to client

My questions are

  • What is the global transaction id in step1 used for?
  • And two phase commit is used to ensure the atomic in ACID, but how does it ensure the serializability? For examples, if client A sends transaction A and client B sends transaction B to databases simutaniously, then two databases may execute two transactions in different orders. Then two databases may end with non consistent states.

Is there any encryption mechanism where i can ensure that the decryption can only happen within my data center?

I have a requirement where i need to store confidential data in an encrypted format in the url, i understand POST with body is better approach but it is not an option for me. I am thinking of using a pass phrase based AES 128 bit encryption for encrypting the query string parameter. The concern i have is that the url could get cached in different parts of the internet and if the pass phrase is exposed somehow then it could be used to decrypt these values.

Does Message allow me to ensure I am talking to a particular person?

Message:

You point your finger toward a creature within range and whisper a message. The target (and only the target) hears the message and can reply in a whisper that only you can hear.

You can cast this spell through solid objects if you are familiar with the target and know it is beyond the barrier. Magical silence, 1 foot of stone, 1 inch of common metal, a thin sheet of lead, or 3 feet of wood blocks the spell. The spell doesn’t have to follow a straight line and can travel freely around corners or through openings.

Alice casts Message towards a creature. She believes that creature to be her friend Bob.

The creature is, however, actually the villainous Eve merely disguised as Bob. Can Alice preclude Eve from hearing the Message?

Steps to take to ensure Android security? [closed]

I am aware that I should keep android up to date and have an anti virus like MalwareBytes. I also use VPN for connections. What other steps should I take to secure my android phone?

In addition, how can I check which apps are transmitting data?

(I also scan apps using the Play Protect).

If this question has already been answered in detail, could you link to it please?

How does BLE secure connection ensure man in the middle protection?

I understand BLE secure connection pairing mode is improvement over Legacy Pairing. The issue with legacy pairing was intial TK value can easily be bruteforce by an attacker.

In contrast, in secure connection, both device start by generating ECDH key pair and exchange public key.

Since BLE doesn’t use certificate for public key, how would a device know if the public key actually belong to the entity it wants to communicate with.

I know later in pairing, there is confirmation check but that’s similar idea to legacy pairing, just sequence is changed.

How to ensure your own native app is talking to your own API

I’m developing an API and different apps to access to it, each with different scopes, including a native mobile app, and I’m wondering what would be a good strategy to authenticate my own native app to my own API (or more specifically my users).

I can’t find a recommended method to guarantee that it is really my client (in this case a native app) which is talking to my API.

For example, if I implement the Authorization flow to authenticate my users. Let’s say I have a server acting as the client mobile.mydomain.com, so my mobile app make requests only to mobile.mydomain.com and mobile.mydomain.com is be able to securely talk to api.mydomain.com as the client id / client secret is never exposed to the public.

So far so good, api.mydomain.com is sure that calls are from mobile.mydomain.com however mobile.mydomain.com isn’t sure who is sending requests to it and it’s still possible to impersonate my mobile app by making another app that just includes the same login button and does the same oauth2 process and finally get a token to continue talking to mobile.mydomain.com.

How is that different from using the Password flow (which isn’t recommended I know) and embedding the client id / client secret in this case? (client_secret being completely useless in this case)

=> basically from the api point of view, it just needs to know what is the client id.

How does google to make sure that a request is really from the Gmail app and not from another app doing the exact same thing with the same redirect uri etc? (which wouldn’t be harmful anyway as it requires a username / password). I guess it can’t know for sure

PS: I’m aware that OAuth2 isn’t for authentication but for authorization only

How to ensure JWT security in authentication?

I have implemented a backend as a REST API. To maintain the statelessness in REST, I intend to use JWT to verify that that a user has logged in or not. (A user is logged in if a valid token is present in headers. Not logged in if a token is not present.)
But even with expiration times are set, an attacker can access the REST api by simply copying the JWT from the web browser. What are the methods available to stop this without killing the statelessness?