What events are depicted in these frescos from the “Shield of the Hidden Lord” DMsGuild module (which expands on the Descent into Avernus adventure)?

There is an unofficial module on DMsGuild named "Shield of the Hidden Lord" by M.T. Black – who is one of the writers on the official adventure Baldur’s Gate: Descent into Avernus, so I assume its lore is correct.

Pages 7-8 of the "Shield of the Hidden Lord" PDF include the descriptions of 4 frescos on the walls of area T2. These paintings reportedly depict Gargauth (presumably different key aspects or events relating to Gargauth).

What events or aspects exactly are depicted in each of the following frescos?

First Fresco. A handsome sage in amber robes sits on a throne with a pile of scrolls next to him. He is speaking to a group of kings and queens, who listen to him with interest and respect.

  • I suppose this is just an illustration of Gargauth’s charming abilities. Is that the only meaning?

Second Fresco. The sage in amber robes looks at a city in the background. The city is burning, and soldiers fight in its streets. In the foreground are two snakes, twisted together.

  • What city is depicted here?
  • Who are the soldiers, and what organisations do they belong to? Why do they fight?
  • What is the meaning of these snakes?

Third Fresco. The sage in amber robes rides a blue dragon over a dark forest. In a clearing in the forest is a unicorn with a broken, twisted horn.

  • I found this dragon’s name: Rathguul. Is that right?
  • Why is there a unicorn?
  • A twisted horn is Gargauth’s holy symbol. But the module says that Gargauth’s holy symbol is a Knight of the Shield badge. What is right here?

Fourth Fresco. The sage in amber robes wields a rapier and fights a shadowy figure in dark armor. The shadowy figure wears a jeweled gauntlet.

  • Why a rapier?
  • Who is the figure? Bhaal?

Calculate the total on events with two time conditions

I have a table in BigQuery that looks something like this:

    schema = [         bigquery.SchemaField('timestamp', 'TIMESTAMP', mode='REQUIRED', description='Data point timestamp'),         bigquery.SchemaField('event_id', 'STRING', description='EventID'),         [...]     ] 

The table has a fairly large dataset, and I’m trying to find write an efficient query that returns the number of events that happened in the last 24 hours but also within the last N days. That is, two different records with different conditions but the same event_id. I don’t care so much about the actual event_id, but rather the distribution.

Ideally, the query would return something like this:

7_days: 20 30_days: 15 60_days: 7 

If it’s impossible to do this in pure SQL, I also have Pandas available at my disposal.

How would pre-galifar texts and observers date major events like the War of the Mark?

Running the adventure in "Eberron: Rising from the Last War", there’s a ghost of a gnome that died during the War of The Mark, which takes place at roughly -500 YK. The ghost still thinks he’s in that time period, and provides the players with information about the city based on that.

Clearly someone living 500 years before Galifar was founded wouldn’t describe the year using the YK scale. Is there an easy way to get across to the players that the ghost believes himself to be living in the past?

Improve querying of Extended Events target file

As part of our server estate monitoring, I am adding extended events to pick up warnings, blocking etc and I’d like to periodically (Every couple of minutes) query the event file to collect the data. I have been using the below to query data using xQuery, but it seems to be quite slow. I am aware of using a fileoffset as an option to optimise, but beyond that, are there any ways in which I can better improve predicates as been below?

    SELECT           event_data         ,n.value('@timestamp', 'DATETIME2') DtTimeStamp         ,n.value('(action[@name="collect_cpu_cycle_time"]/value)[1]', 'bigINT') CollectCpuCycleTime         ,n.value('(action[@name="collect_system_time"]/value)[1]', 'DATETIME2') CollectSystemTime         ,n.value('(action[@name="last_error"]/value)[1]', 'varchar(255)') LastError         ,n.value('(action[@name="collect_system_time"]/value)[1]', 'datetime2')             CollectSystemTime         ,n.value('(action[@name="task_time"]/value)[1]', 'bigint')                          TaskTime         ,n.value('(action[@name="client_app_name"]/value)[1]', 'varchar(255)')              ClientAppName         ,n.value('(action[@name="client_hostname"]/value)[1]', 'varchar(255)')              ClientHostName         ,n.value('(action[@name="database_name"]/value)[1]', 'varchar(255)')                DatabaseName         ,n.value('(action[@name="nt_username"]/value)[1]', 'varchar(255)')                  NtUserName         ,n.value('(action[@name="server_instance_name"]/value)[1]', 'varchar(255)')         InstanceName         ,n.value('(action[@name="session_id"]/value)[1]', 'INT')                            SessionID         ,n.value('(action[@name="client_pid"]/value)[1]', 'INT')                            ClientPID         ,n.value('(action[@name="sql_text"]/value)[1]', 'VARCHAR(MAX)')                         SQLText     FROM          (             SELECT                  CAST(event_data as XML) event_data             FROM                  sys.fn_xe_file_target_read_file('C:\Temp\EE_QueryWarnings*.xel', null, null, null)         ) ed     OUTER APPLY         ed.event_data.nodes('event') (n)     WHERE         n.value('@name', 'varchar(MAX)')    = 'missing_column_statistics'     AND         n.value('@timestamp', 'DATETIME2')   >= DATEADD(MINUTE,-10,GETUTCDATE()); 

Do such network events indicate attack attempts? [closed]

logcheck fished out some suspicious log records for me:

May 11 15:50:50 mailserver dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.2.3.4, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<Gf6Gol+lJgItjVcH> May 12 06:17:10 mailserver dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=5.6.7.8, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F09C:SSL routines:ssl3_get_record:http request, session=<NYC/vGulRn+nrNEM> May 13 09:02:52 mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=9.10.11.12, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1417D0FC:SSL routines:tls_process_client_hello:unknown protocol, session=<6x8rK4KlPNdZ+KwQ> May 13 09:02:53 mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=13.14.15.16, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1417D18C:SSL routines:tls_process_client_hello:version too low, session=<Prc7K4KlutdZ+KwQ> May 13 09:02:59 mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=17.18.19.20, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher, session=<v0yhK4KlztpZ+KwQ> 

Those records seem suspicious to me, as if they indicated attacks on my internet-exposed network services. Are they? What can you tell me about security risk of particular events here?

What lore events marked the changes between editions?

It was mentioned in this answer that “Only two characters have ever managed to free themselves from Ravenloft, and the only one to actually manage to stay free, Vecna, broke reality so hard in the process that it changed the AD&D 2e rules into D&D 3e rules.” which made me wonder “what other lore events have caused editions to change?”

When during the events of the Curse of Strahd plot does Kasimir want to do this thing?

In Curse of Strahd, during my current playthrough of it (with me as the DM) the NPC Kasimir is the party’s ally (“Strahd’s Enemy”). It says throughout the adventure (whenever Kasimir is mentioned at all) that he:

It says, on p. 90, in the description for Crypt 21:

This implies that Kasimir would do this first before we face Strahd.

On p. 196, it describes a Special Event concerning Kasimir:

The first part implies he may want to do this before we face Strahd, but since both are related to Castle Ravenloft, it is ambiguous, so this part of the quote is perhaps not that helpful. The second part, though, implies again that Kasimir would do this before we face Strahd, since otherwise that part doesn’t make any sense.

However, his entry in Appendix D says the following of relevance under Dreams of the Damned, pp. 232-233:

This implies that Kasimir would do this after we face Strahd.

So my question is:

Can you use a “History” check to remind players of events from previous sessions or their backstory?

My players and I are starting a new campaign soon, with brand new characters set in the same world and after all of our previous campaigns. In the first session, I plan on having them run into some cultists that the players (but not the characters) have encountered in a previous campaign. One of the new characters was a student of one of the old characters, and it is mentioned in their backstory that “he showed me a museum of his previous adventures.” Would a History check be used to determine if this new character identifies the cultists from the museum?

More generally, what’s the time limit on a History check? Can they roll a history check to see if they remember things from the previous session? From their backstory? Or is it explicitly past events they did not experience? If this is the case, then what sort of check would I use for more recent history, like a “memory” check? Straight Wisdom, Investigation, straight Intelligence, Perception?

Is there any information on what Bloodroot Grove was before the events of this AL module?

I was looking over the Adventurer’s League module, DDAL09-08 – In the Garden of Evil (Season 9, Descent into Avernus). This adventure concerns a location in Avernus (the first layer of the Nine Hells) called Bloodroot Grove, and the evil unicorn Zhalruban who has been corrupted by the grove.

What I can’t understand is what such a grove was doing in Avernus in the first place. My impression of Avernus is that it’s a blasted wasteland, not somewhere where you would expect to find a grove.

Apparently, it is in some way related to Silvanus, the god of nature:

Clearly Silvanus didn’t decide to put it in Avernus, so how did it get here? Was it “lifted” from somewhere else (such as the Material Plane or the Feywild*), similar to how the town Elturel was taken into Avernus from the Material Plane (from the main adventure)?

* The grove might have once been in the Feywild, since there’s this quote (even though it only explicitly refers to one tree):

I assume it has been corrupted simply because it has been on Avernus for so long, since Silvanus wouldn’t have created it as a corrupted grove initially, so something must have corrupted it, and being on Avernus fits as the cause of the corruption, but that further suggests my theory that it wasn’t located in Avernus to begin with.

Is there any more information whatsoever about Bloodroot Grove and how it came to be on Avernus?