How to roll for avoiding damage when using Black Hack 1e with optional rule “Original armor”?

The Black Hack 1e has an optional rule called "Original Armour". It reads like this:

Original armor

The traditional concept of ascending AC bonuses can still be used with The Black Hack. Attacks are still made by rolling below attributes (such as STR and DEX) however the AC bonus of the target is added to the roll.

For example in ascending AC systems Leather typically adds +2 to a base of 10 (giving you AC12) – with TBH you would roll an attribute test to see if you hit or are able to avoid taking damage, and add +2 to the dice roll. The quick way to read AC from existing resources is just use the last number as a bonus.

But to avoid taking damage in this edition of the The Black Hack one also has to roll under a stat. In which case it makes no sense, in my opinion, to add +2 to the dice roll. Rather, it makes sense to add +2 to the target number. Is my interpretation correct?

For reference, the Black Hack 1e SRD is here. And the optional rules, including the one in question, are here.

Can Someone hack your phone? [closed]

Is it possible for someone to hack your phone and be able to receive replies from websites, but it still show up as your IP address’?

For instance, over time, can someone access websites etc through your phone, and get the replies back from websites but make it look as though it’s coming from your phone? (Your data connection/WiFi)

Potential Hack (Macbook/Edge/Teams/Remote)

A kind disclaimer, i’m new to this network and i have checked the guidelines about the nature of my question with no luck and still not sure if this is an appropriate one, so my apologise if i’m overstepping.

I have noticed earlier that my Macbook Pro camera light was lit on – the screen is turned off but not sleeping – the entire time the device was not being used or touched, i logged in to investigate and i have found that Microsoft Edge (Chromium) was on with a few tabs, the moment i have tried to navigate through it, edge broke and shutdown unexpectedly.

I opened it again, tried to access last tabs (Cmd+Shift+T) with no luck, I went through the browsing history and i have found a url for Microsoft Teams was accessed (same url was accessed some hours before with different parameters)

The very interesting thing about it, the url was accessed twice at a time when no one was using the Macbook, which i’m willing to take but the fact that it was followed by a crash made things seem a bit suspicious, looking into the console the only thing i was able to find in the log around the crash time is this:

Microsoft Edge[356]: BUG in libdispatch client: mach_recv, monitored resource vanished before the source cancel handler was invoked { 0x7fad88231bf0[source], ident: 56579 / 0xdd03, handler: 0x110c94610 }

Is there any explanation to how or why would such thing happen? should i be concerned or meh? (Any additional info i can provide upon request)

PS: Energy Settings currently prevents the Macbook from sleeping so no worries there, just does not explain why would it access the url randomly and crash the browser without retrieval.

How hard is it to hack the JWT HS256 algo?

By convention, I see a lot of folks using this approach to generate a private key from a nodejs console:


But considering I could input other values besides 0-9 and A-Z, I wondered if my key would be more secure if I used other non hex-only characters?

Second, if my key is 64 bytes for the HS256 algo., how much time would it take an attacker to brute force the signature? My JWTs are only valid for 15 minutes, but that doesn’t stop an attacker from logging in, grabbing an access-token and brute forcing it.

My JWTs maintain 3 claims that I don’t encrypt — the email address of the user, the user’s ID (which never changes) and a boolean value. I was considering appending to my key the hash value of the user’s ID so that brute forcing the key (if successful) would only yield the password for that one user as the attacker would likely not realize that I appended the hash of the user’s ID.

I’m just concerned that JWTs aren’t as secure as session IDs in a cookie as I can control how many requests an attacker can make from my endpoints but can’t control a brute force against an offline verify.

Could presence of the string “_CONSOLE” in multiple files indicate a hack?

I run a combination of Linux & Windows machines with Dropbox.

Many "selective sync conflicts" occurred, for unknown reasons. Meaning two copies of the same folder appear on dropbox – each copy should be identical.

I will pick one example folder: a music album, folder contains 12 .mp3 files, and a number of .jpg’s.

All files are the exact same file size between the two copies, butdiff clearly shows the contents are different.

Running linux strings on the newer version, every file contains the string _CONSOLE, and the majority of the file has been zero’d out, i.e the data is gone.

Uploading the file’s to for a scan yields a completely clean scan.

Question: is this likely to be malicious? What does the string "_CONSOLE" indicate? Can anyone advise if it is common string for a windows or linux executables?

Can people hack your iPhone Via Bluetooth if you leave it on?

I leave in an apartment complex with lots of people and often times, I would be able to see Bluetooth devices that do not belong to me on my iPhone or MacBook when I search for my Bluetooth device. Does Apple Tell you/ask by default before someone with Bluetooth devices tries to Connect to your phone via Bluetooth? Or is this A potential security Vulnerability to leave your iPhone Bluetooth on at all times? (I do since I use AirPods)

I don’t remember setting or seeing any options to set Bluetooth permission on my iphone which makes me nervous.

Thank you!