How to manage players who stay in the gamemaster mindset when they are only player?

The situation takes place in an online Pathfinder 2 community. Here everybody have PCs and can play on any session with a level that more or less matches the level of one of his PCs. A handful of those persons are also GMs and organize the sessions (by vocal+a VTT). There are guidelines about many aspects of the games (like the amount of xp per session so that each encounter is worth a certain amount of xp depending on its difficulty).

The problem I encounter is that when I have the most ancient members of the community as players on my games they tend to behave like they were the gamemaster, and have expectations that the game is ran as they would run it, which can be more or less troublesome. For example:

  • They ask other player for checks

  • They correct me by quoting the rules of the book when I want to enforce rule of cool

  • They look at the monster’s stats to correct me on how they work in the middle of a fight

  • They are bad sports when I correct them about a rule they got wrong

  • They grumble about the amount of xp I give to them because they think the combat encounters are worth more

Outside of those games they are nice people, but the more I play with them as players the worse it gets. What can I do? I don’t have any issue with the other players on this community.

There are similarities with this question but as here I am in the GM position and it is an online roleplaying community I think it is worth a different question.

Randomly assign n elements to n agents such that each agent only knows its own element


I’m working on an app that involves shuffling and distributing playing cards to players. As a challenge, I tried to solve this problem in a way that doesn’t require a trusted intermediary.

In other terms, the task is to find a distributed algorithm that

  • uniquely assigns $ n$ agents numbers $ 1..n$
  • allows each agent to know nothing about the assignment but its own
  • when revealing the assignment, allows other players to verify the assignment

We also assume that knowing other’s assignment is an advantage for each agent, and revealing its own prematurely a disadvantage. Agents are also assumed to be able to talk with each other in a way hidden from all other agents.

Partial solution

The solution I came up with works only under the assumption that adversaries do not collaborate.

The idea is to create a set of $ n$ nonces, and assign each agent exactly one nonce. The set is then passed from agent to agent in an agreed upon order, hidden from all others, until each agent received the set exactly once. Each time an agent receives the set, it swaps its nonce with a new one, memorizes the new nonce, and confirms receival of the set to the others. This entire procedure is done twice, at which point, all agents have received the set at least once after all other agents swapped their nonces, making it impossible to recognize and hence map the nonces to the other agents.

When the last agent receives the set the second time, it shares it with everyone, and all agents confirm to the others that their nonce is contained in the set. The agents then assign a number to each nonce in the set based on an agreed upon random seed, giving us the required unique assignment.

To allow ownership verification, instead of the nonces, agents put the hash value of their nonce on the set, revealing the actual nonce only when verification is required.

The problem with this solution is that if adversaries are allowed to collaborate, each time an adversary receives the set, they can compare their versions, identify changes and potentially derive which nonce belongs to other agents, allowing them to know what number got assigned to them.

All ideas are appreciated!

Making S3 objects viewable only for logged in users

As a service provider, I allow logged in users to upload documents to a web server, and upload it to S3. The logged in user should subsequently be able to view his own documents, and I want to serve it directly from S3, with some token-based authentication per request.

I thought that this was a pretty simple and standard use case for S3, but I am unable to find a standard way to this.

Does S3 effectively support per request authentication at object level, and what is the "correct" or "standard" way to do this.

I have read some documentation for STS, but am not able to find a clear way to solve this.

Pre signed urls almost works; the only difficulty is that that it seems to only work with a pre-set expiration time, and "logout" is not supported.

Prevent block from being used in main editor, use only as inner block

I am currently using the allowed_block_type filter to control the available blocks in my theme, similar to the following example:

function acf_allowed_blocks($  allowed_blocks, $  post) {     // Register core blocks     $  core_blocks = array(         'core/buttons',         'core/heading',         'core/image',         'core/list',         'core/paragraph',     );      // Register custom blocks     $  custom_blocks = array(         'acf/test-block',     );      // Register plugin specific blocks     $  plugin_blocks = array(         'gravityforms/form',     );      // Specify block groupings available on specific post types     switch ($  post->post_type) {     case 'post_type_example':         $  allowed_blocks = array_merge($  core_blocks);         break;     default:         $  allowed_blocks = array_merge($  core_blocks, $  custom_blocks, $  plugin_blocks);     }      return $  allowed_blocks; } add_filter('allowed_block_types', 'acf_allowed_blocks', 10, 2); 

While this works perfectly, I am trying to determine whether or not it’s possible to remove the gravityforms/form block, but allow it inside the acf/test-block. Currently, if I remove the block from this function, it’s also becomes unavailable as an inner block in my ACF block markup, which looks like this:

$  allowed_blocks = array( 'gravityforms/form' ); echo '<InnerBlocks allowedBlocks="' . esc_attr(wp_json_encode($  allowed_blocks)) . '" />'; 

Does anyone have any idea on whether or not this is even possible with the current state of Gutenberg? I can just as easily live with it being available as both a main and an inner block, but it would be my preference to only use it as an inner block.

Email Scraper UK only


I have been trying to work out how to use the email scraper that will only grab me emails from the UK.   I have looked in the settings and not having much luck. 

Can someone tell what I’m missing? 


MessageBoxA only shows up in debugger?

This question is related to’s k1 by xtfusion. I’m trying to add custom shellcode through stack overflow.

The shellcode works perfect under Windows XP (without ASLR) when the program is attached in the debugger. But when I run the program with double click, the program only exits quietly and no window pops up.

Full alphanumeric shellcode (and the screenshot above):

                     ; no need to LoadLibraryA manually push eax             ; eax should be 0 now push 0x646E7770      ; 'pwnd' push esp pop ecx              ; address of 'pwnd' push esp pop eax push esp pop edx              ; address of 'pwnd', backup for later use sub eax,0x55555521   ; only `sub eax, xxx` is allowed for Alphanumeric shellcode sub eax,0x55555421 sub eax,0x55555648 push eax pop esp push 0x7E and eax,0x554E4D4A and eax,0x2A313235 sub eax,0x55555555 sub eax,0x55555555 sub eax,0x334D556E   ; encode intruction e8070822 push eax             ; write to memory on the fly push edx pop esp push esi             ; 0, esi should be 0 now push ecx             ; address of string 'pwnd', 4 bytes to save life push esi             ; 0 push esi             ; 0 jne 0x22FFE6         ; jump to the generated instruction `call USER32.MessageBoxA` 

I’m not quite familiar with Windows API.

What does the window do when the program exits? Do I need to migrate the window to another existed process?

Why the window does not show up without the debugger?

Thanks in advance.