## What classes and approaches are helped and/or hindered by this set of house rules?

For an upcoming DnD 5e campaign I am considering two house rules, both of which substantially effect one another. The implications are far reaching and complex enough I am having trouble deciding what classes, techniques, and playstyles come out ahead or behind.

## Rule 1: Players Roll Rule

• When a PC is attacked, they roll a defense and add ac bonus vs a static attack (calculated as attack bonus +10)
• When a PC casts a save spell on an NPC they roll, and add the DC bonus (static save for npc is calculated as save+12)

## Rule 2: Deck Play in Combat

• Use a 52 card deck (without Jokers) instead of a D20 during combat rounds.
• When initiative is rolled in combat draw 10 cards.
• When a D20 would be rolled as part of an action (not a free action) instead you must play a card from your hand.
• Red number cards are listed value
• Black number cards are listed value plus 10
• Aces are 1 (1 if red, 11 if black)
• Royals are top of your discard minus a value. K=D-1, Q=D-2, J=D-3
• If the top card of the discard is a royal or the discard is empty, the royal is =2
• When the last card is played from your hand, draw back up to ten
• When the last card is drawn from your deck, shuffle in the discard.
• Adv and Disadv
• Advantage is “play 1 card from your hand, and the top card of the deck, take the higher result”
• Disadvantage is “play 1 card from your hand, and the top card of the deck, take the lower result”
• You may take a full round action to discard your entire hand and draw up to ten.

## NOTES

The title of this campaign, as pitched to the players, is “An extremely house rule heavy and experimental campaign” so they at least know what they’re in for. ^_^

Rule tweaks and alternatives sound conversationally fun, but are not quite answers.

The motivation here is to turn some output random into input random, inspired by this video: https://www.youtube.com/watch?v=dwI5b-wRLic

This is intended to embrace the “figure out the enemies’ ac/hp/attack value” aspect of some combat.

## Are there any larger implications of allowing a variant rule Ability Score Improvement/Feats in a multi-classing campaign? [duplicate]

Are there any larger implications of allowing a variant rule Ability Score Improvement/Feats in a multi-classing campaign?

In one campaign we have all multi-class players. There has been a frustration about having to take a 4th or 8th level in a class for the sole purpose of having access to an Ability Score Improvement (ASI) or a Feat.

I want to suggest we have a character level progression system instead of class, when it comes to ability score improvements and feats. This seems simple enough. The majority of classes get an ASI or feat at levels 4, 8, 12, 16 and 19, with the exception of a Fighter who also gets this at levels 6 and 15.

The variant rule would be that a PC gets the option of an ASI/feat when it reaches character levels: 4, 8, 12, 16 and 19. If the player chooses to develop into the Fighter class, then that PC would get an ASI/feat upon reaching Fighter level 6 and 14.

There is a similar mechanic with cantrips for mult-classing players, where the upgrades depend on overall character level, rather than class level (PHB, p.164).

Variant Rule: Ability Score Improvement, or Feat

When you reach 4th level on your overall character level, and again at 8th, 12th, 16th, and 19th level, you can increase one ability score of your choice by 2, or you can increase two ability scores of your choice by 1. As normal, you can’t increase an ability score above 20 using this feature. The increase is based on your character level, not your level in a particular class. Using the optional feats rule, you can forgo taking the Ability Score Improvement feature and take a feat of your choice instead.

In addition, if you train as a Fighter, you get an Ability Score Improvement at upon reaching 6th and 14th level in that class.

Would this create any great unbalance? I can’t see it, but I might be missing something.

## What are the implications of the Find Familiar and Find Steed spells changing the creature type from Beast to Celestial/Fiend/Fey?

The Find Familiar and Find Steed spells both have this sentence describing the creature type of the summoned creature:

The [familiar/steed] has the statistics of the chosen form, though it is a celestial, fey, or fiend (your choice) instead of its normal type. (PHB 240)

I’m wondering what implication choosing celestial vs. fey vs. fiend for the summoned creature would have. I have three things I’m specifically interested in listed below.

1. Is a familiar visible distinguishable as the type of spirit? For example:
• A wizard with an allergy to cats conjures a hypoallergenic fey cat sprouting soft grass instead of fur
• A tiefling paladin conjures a fiend warhorse steed to have a coat colour resembling a Nightmare
2. Does the type have any effect on the familiar’s alignment? For example:
• Inheriting the alignment from the creature’s stat block (unaligned in most cases) seems like the most direct option but would a celestial imp still be considered lawful evil?
• If you command your fiend cat to sit on someone it may choose to painfully knead them whereas a celestial may be more relaxed and cuddly.
3. Does changing a familiar to a new form allow it to change the type of spirit?

If you cast this spell while you already have a familiar, you instead cause it to adopt a new form. Choose one of the forms from the above list. Your familiar transforms into the chosen creature.

Adopting a new form sounds like it remains the same kind of entity. Does this mean to change the familiar from fiend to fey would require summoning a new spirit and therefore be treated like a new NPC?

These are grey areas in the rules, I am looking for official guidelines or other credible sources that can help me make an informed decision on how to rules these as a DM.

## Mechanical Implications Of Long Rest Restoring All Hit Dice

Is there any mechanical implications, short of the fact players can heal more on a short rest, to allowing them to restore all their hit dice per long rest?

We recently lost our Cleric so I instituted the Healing Surge to allow them to spend Hit Dice as an Action in combat to heal themselves. It’s used more frequently than they rested prior but they struggle a bit since they only regain so much at a Long Rest. (Currently Level 6).

## Would there be any major balance implications for swapping the Soulknife rogue’s daggers to deal fire damage as opposed to psychic?

I have a specific character concept in mind but for it to work I would need to change the UA Psionic Rogue’s Psychic Daggers into Fire Daggers. I plan to ask my DM about it but before I do I want to be aware of any possible balance implications in the damage type change. Would it be over- or under-powered or would it be relatively the same?

## What are the balance implications of using passive Arcana to identify spells for counterspell?

Xanathar’s Guide to Everything (p. 85) gives an optional rule if a character wants to identify a spell:

Sometimes a character wants to identify a spell that someone else is casting or that was already cast. To do so, a character can use their reaction to identify a spell as it’s being cast, or they can use an action on their turn to identify a spell by its effect after it is cast.

If the character perceived the casting, the spell’s effect, or both, the character can make an Intelligence (Arcana) check with the reaction or action. The DC equals 15 + the spell’s level. If the spell is cast as a class spell and the character is a member of that class, the check is made with advantage. For example, if the spellcaster casts a spell as a cleric, another cleric has advantage on the check to identify the spell. Some spells aren’t associated with any class when they’re cast, such as when a monster uses its Innate Spellcasting trait.

I’m thinking of completely replacing the check with comparing the passive Arcana score and the DC (15 + spell level). This would also not require a reaction to perform.

However, I’m not sure whether this will be balanced or not. The goal is to allow identifying spell before casting counterspell. The side goal is to reduce dice rolling.

One of my main concern is early level this would be useless, as even with proficiency in Arcana, you would only get at most +5 (+3 from INT and +2 from proficiency). Except if you have expertise, you will never be able to identify even 1st level spell. Without expertise, you will only be able to identify up to 5th level (10 +5 INT and +5 proficiency against DC 20 for 5th level spell).

Is this modification (completely replacing identification using passive score instead of actively rolling Arcana) underpowered? Can it be remedied by changing the base DC to 10 instead of 15? What are some other concern I might have missed?

This rule will also apply on other situations other than for counterspell.

## Are there serious balance implications to permitting Bonus Actions to be Readied/Prepared?

My Ancients Paladin is commonly stymied by the limitation on Readied Actions, in that Bonus Actions cannot under any circumstances, per RAW, be “prepared”.

For example, suppose a Paladin wished to react to a creature trying to cross a bridge. She would prepare to cast Misty Step to teleport in front of them, blocking their way, and (on a successful roll) prevent them from crossing the bridge. To me, this seems like a reasonable use of mechanics—except that it’s explicitly disallowed per RAW:

## Ready

Sometimes you want to get the jump on a foe or wait for a particular circumstance before you act. To do so, you can take the Ready action on your turn so that you can act later in the round using your reaction.

When you ready a spell, you cast it as normal but hold its energy, which you release with your reaction when the trigger occurs. To be readied, a spell must have a casting time of 1 action..

Misty Step, with a casting time of 1 bonus Action, is expressly disallowed.

To fix this, I’d like to permit in my games the following modification to this rule to permit these kinds of mechanics:

### Readying a Bonus Action

When a character uses the Ready Action, they may choose to ready a Bonus Action or a spell with a casting time of 1 Bonus Action, instead of a regular Action, to be used as their Reaction. They may do this by using a Bonus Action on their turn, in addition to the Action used to perform the Ready Action. Bonus Actions prepared in this way are not subject to the normal limitation placed on Bonus Actions where they must be performed on the character’s turn, but otherwise obey the restrictions placed on Bonus Actions.

For example, I would have to spend my Action and my bonus action to ready Misty Step. Any time between when I readied it and the beginning of my next turn, once my trigger is met, I can release the spell as a reaction.

Does this seem like a reasonable modification to the rules, or are there some obvious/non-obvious exploits that could be used if I were to permit this rule in my games?

## Security implications of homebrew

I want to install homebrew in the safest possible way (single user system). It is often criticized that homebrew takes precedence over `/usr/bin` and `/bin` (in `/etc/path`) and therefore any malware can simply put binaries or libraries there. For example, software that I install with Homebrew could deliver an infected binary file called “sudo”. How can you prevent this and still install binary files that are already provided by MacOS (e.g. git or ruby)?

# CVE-2009-5030

### OpenJPEG: Heap memory corruption leading to invalid free

The `tcd_free_encode` function in `tcd.c` in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a `Gray16` `TIFF` image, which causes insufficient memory to be allocated and leads to an “invalid free”.

What are the security implications of the invalid free? How might it be abused or exploited in a security context?

My interest in information security eventually led to an interest in computer science in general, not the other way around: always being less interested in cause than effect.

I recently began trying my hand at writing C code. It’s going alright, but still amateur at best. Many of the lower level programming concepts (e.g. heap, memory management, etc.) continue to elude me to a certain extent.

I’m not particularly interested in the specific example provided above. It’s just the most recent example (although patched long ago) to inadvertently come across my desk. Anyway, it’s a term I’m all too familiar with, from reading and writing reports, yet I have no more than a vague or abstract understanding of what it really implies. Despite the frequency of occurrence, it seems considerably neglected in the common literature. The reports for the CVE above mention remote arbitrary code execution, but it seems to be in addition to the invalid free – the relationship is unclear.

### Similar Terms

• Double Free
• Use After Free

## Triple handshake attack – what are the implications of not supporting RFC 7627: “Session Hash and Extended Master Secret Extension”?

The referenced RFC details a mitigation to what appears to be the ability to compromise a TLS connection through an attack known as the ‘triple handshake attack’.

How serious is this vulnerability? How could this vulnerability be exploited and what would the impact be?

The related RFC for this can be found here: https://tools.ietf.org/html/rfc7627