Is giving my character amnesia about it’s backstory a bad idea?

During my first campaign as a player I had a issue with my DM regarding the background I gave to my character. It was my first time creating a background for my character and I loved doing it, so much that my backstory became quite big. (I gave my DM a short summary to make his life easier).

While I loved creating a backstory, I wasn’t too comfortable with going all in with roleplaying. For this reason I added a piece in my backstory where my character was cursed, couldn’t remember where he was from and he was now wandering around looking for answers. I just wasn’t ready to dive straight into roleplaying this backstory and wanted to learn RP step by step.

A couple sessions after I handed over my backstory, my DM briefly mentioned his dislike towards my backstory. He did this in a single comment, away from all the other players which went along the line of “Who gives their player amensia, what kind of person does that?” At that time I didn’t know how to respond and not too long after that we stopped playing anyway, but the comment still makes me wonder if it really is a bad thing to do?

So, is giving your player amnesia about their backstory a bad thing to do to your DM? Or is it something just my DM had issue with?

How to capture an input device and prevent it’s default behavior

I have an RFID tag reader. But it works like a HID device (like a keyboard). It sends keystrokes to the computer when a tag is scanned. When I open notepad and scan a tag – it types the ID one digit at a time. Is there a way to create a program to listen to this device (or this port) and capture (intercept) all input. So that the keystrokes wouldn’t appear on my system but I could assign my own events when the device sends and input. I don’t want it to show up on Notepad.

I realize that the implementation can differ depending on the OS and programming language used. Ideally, I would like to make this work on both Windows and Linux. I would prefer to use something like Node.js but I suppose C could also be good.

I would appreciate any hints or pointing me in the right direction.

enter image description here

If a NPC is successful in a saving throw against a type it’s vulnerable against, does it just take what I rolled for damage or would it be halved?

During a dnd campaign, we were fighting a Mummy Lord and it’s vulnerable to fire, so I used Scorching Ray against it and he succeed the saving throw to half the damage, so would he just take whatever I rolled, or would what I rolled he halved?

Is this a XSS vulnerability? I can’t figure out why it’s not working

I was working on a web app and as I was building the front-end for a search function I tried to see if it would be vulnerable to XSS.

After pressing the search button, the js code will generate a paragraph with the search value and append it to the div, and when the paragraph exists it will just modify the innerHTML property.

After searching for <script>alert();</script> the paragraph looks like this <p id="results">Searched: <script>alert();</script></p>.

I was expecting this to trigger an alert. I tried it in Firefox and IE.

my code:

<!DOCTYPE html>  <head> <meta charset="utf-8"/>      <script>         var label_results;      function search_function(){          var label_results ="";          if(document.getElementById("inputtext").value)         label_results = "Searched: " + document.getElementById("inputtext").value;         else label_results = "Missing term"          if(document.getElementById("results"))         {             document.getElementById("results").innerHTML = label_results;         } else  {             var para = document.createElement("p");             var node = document.createTextNode(label_results);             para.id = "results";             para.appendChild(node);             var element = document.getElementById("search");             element.appendChild(para);         }      }      </script>  </head> <body>  <div id="search">     <input id="inputtext" type="text" name="search_value" placeholder="Search..">     <input id="search_button" type="submit" value="Search" onclick="search_function()"> </div> </body> </html> 

Why is this defense against “It’s a Unix system!” not widely implemented?

The Jurassic Park scene referenced in the title is infamous for how ludicrous it sounds to those who are tech literate. But it also illustrates what seems to me to be a glaringly huge hole in web security, particularly IoT devices–as soon as attackers find out a server or camera or baby monitor is running linux, they instantly know volumes about how it works. They know that commands like sudo are big juicy targets and they know that shell access will bring with it gobs of useful tools like ls and cat.

So why isn’t OS obfuscation more of a thing? I’m not talking about just hiding the version in web headers. Similar to JavaScript minification or obfuscation, I’m talking about changing the names of binaries and filepaths in the OS itself. Wouldn’t entire classes of attacks be practically useless if the OS had ha7TrUO and RRI6e29 commands instead of sudo and ls? Imagine a hacker that somehow gained remote root access–what are they even going to do if they don’t know any commands?

Implementation would be fairly easy for compilers. Take the simplest case of “rename this function and all calls to it.” You could give an OS compiler and an application compiler the same randomized names and they’d be able to talk to each other. But even if the application has poor security and is vulnerable to bash injection, such attacks would be fruitless.

Obviously this technique can’t be used in all scenarios. Setting aside scenarios like servers maintained by human sysadmins, it seems to me that any device or server managed by automation is a prime candidate for this defense.

I guess the question(s) needs to be a bit more concrete:

  1. Is OS obfuscation as described used widely and I just haven’t encountered it?
  2. If not used widely, what are the practical or technical barriers to usage?

Are there any ways to make an improved familiar speak with people other than it’s master

Outside ones that can talk naturally like the silvanshi who has truespeech I can’t think of any way to get an improved familiar to talk with people other than it’s master. The mascot and decoy familiar archetypes won’t work because they both require speak with animals for the related abilities.

Masoct Ability

Speak with Team (Ex) At 7th level, a mascot gains the ability to speak with all members of its team verbally as if using speak with master.

This replaces speak with master and speak with animals of its kind.

Decoy Ability

Mockingbird (Ex) At 5th level, a decoy can speak any of its master’s languages. At 7th level, it can mimic its master’s voice and intonation perfectly.

This ability replaces speak with master and speak with animals of its kind.

Concerned Lines

Improved familiars otherwise use the rules for regular familiars, with two exceptions: if the creature’s type is something other than animal, its type does not change; and improved familiars do not gain the ability to speak with other creatures of their kind (although many of them already have the ability to communicate).

Should user input be validated/checked for it’s length in PHP (server side) as a security measure?

important to note that this user input is something that after validation & sanitation – will be inserted into a database, and later on be shown to other users on the same web site. (example: a forum) I’m referring to both a case when I know in advanced what’s the length I should expect from the user and a case in which I don’t but know vaguely that’s not more than 100 length. I’m trying to figure out if there is any security advantages for checking user input length in PHP. taking into account I’m already validation & sanitation user input based on the type of content I’m expecting using regex. I know this differs from language to language to I want to refer to PHP this time, but any referring to other language like Java, .NET, python etc. would be fine.