Is there an overview of rules differences between various editions of Tunnels and Trolls?

There are several versions of Tunnels and Trolls available, with a good deal of variation in the format between them. Is there a good summary of the changes between the different versions?

(I’m especially interested in the more modern releases: 5.5, 7, The “alternate” system from 7, 7.5, 8, and Deluxe.)

What is the broad overview of the differences between Wizard and Sorceror in D&D 5e?

What are the differences between Wizards and Sorcerers in D&D 5e, in broad overview terms?

Really, I’d like to know this from two perspectives. One I have a somewhat idea about from reading the PHB and other websites, one I don’t get at all.

  1. What are the differences in the two classes from a character building background in terms of story and roleplaying? This is the part I don’t have any clue about.

  2. What are the differences from a mechanical standpoint? I understand Sorcerers get spells a bit quicker and it looks like Wizards have to buy their spells but I’m really not too clear on this either.


I’ve already read a few articles and watched a few videos but still don’t know the answer. I especially don’t know the answer to the character building / roleplaying side as most of what I did find just talks about which one is more powerful. These are the resources I’ve looked at thus far (not including the Player’s Handbook which I’ve read over and over now):

  • Why did the sorcerer/wizard spell lists diverge in D&D 5e?
  • Which spells do Wizards get at lower levels than Sorcerers?
  • Sorcerer vs. Wizard: Clearing Up the Choice 5e
  • Sorcerer vs. Wizard: Anything You Can Do I Can Do Better?
  • Nerdarchy’s YouTube Channel: Wizards Vs Sorcerer| Dungeons and Dragons 5th Edition Classes

Overview of Java Server Security Issues

My goal is to understand, which security issues will arise, when I use old java 8 versions on my server applications. There are lots of java security issues, but most are only relevant for client applications.

This vulnerability does not apply to Java deployments, typically in servers …

There is a similar question. But:

  • The question is outdated
  • Of course you should patch all software to get maximum security. But in practise upgrading software is sometimes associated with high costs. Therefore you have to explain your management why there is a security issue and what impacts do arise.

So my questions:

  • Are there any lists with java security issues which are only relevant for server applications?
  • Are there any guides regarding this topic?

Overview of common languages per plane

For my current campaign I’m exploring lore options regarding planar travel for NPCs and PCs. Where in the books can I find more information about which languages are common in which planes?*

I’m aware that the Monster Manual states which languages a creature knows and/or understands. But the details don’t offer me demographics on how common certain languages are. Or am I missing something in the book?


*My campaign takes place in a personal adaptation on the planes of the Forgotten Realms.

Overview of daily status for list of items

I’m trying to design an overview UI that helps people understand the daily status for a list of items.

Each item is a “job” or automation that runs once on each day. A given day’s instance can only run once the previous day’s instance has succeeded.

For some additional context, these jobs are user-created. Users can add/delete jobs to start on arbitrary dates.

Users care about at least:

  • For an individual item, what’s the latest date that was successful?
  • What is the latest date where all items were successful?

Here is a preliminary design we’ve been working with. It’s essentially a one-week calendar view. We have a date picker above this for navigation above this, not portrayed:

Mockup of current overview table

As you can see, one challenge is that since jobs are independent of each other, any given 5-day window may not be relevant for all jobs.

I would love any suggestions on:

  1. The design of the overview table
  2. Navigation or other controls that help users find relevant info

How to revert to tabbed overview in Chrome?

I recently updated my Chrome for Android (currently on v68) and noticed that tapping on the box icon (next to address bar) gives a tab list instead of SystemUI type overview that Chrome used to give. See the two images below for comparison.

I know that I can get that same view by swiping downwards from the address bar but I’m habitual of getting it from that box icon.

So what can I do to get back that view from that box without reverting to a previous version of Chrome and without switching to an another browser (unless it is Chrome based)?

IMG: IMG:

Lynis Overview & Installation

Once a server is installed, you will want to keep a regular watch for points of vulnerability. Having a security auditing application will make this an easier task. Lynis is open source, server-based application that evaluates it for vulnerabilities and generates a report with the suggestions. You can then evaluate this and make necessary changes.

Before we get started, I must point out that security auditing takes a bit of time to review, revise and fine-tune before you get to the Goldilocks zone (neither too permissive nor too restrictive).

Why Lynis (Or Any Security Auditor for That Matter)?

One of the prime reasons you will need Lynis is to get compliance certified. By running a security audit you can prove to auditors that all necessary steps required for compliance are met. Other use cases for running Lynis are

  • Security auditing
  • Penetration testing
  • Vulnerability detection
  • System hardening

Lynis works on almost all UNIX based systems (including systems such as Raspberry Pi).

How It Works

Lynis works by identifying current components, applications and services and digging in further. This means that no additional installation of components. For e.g., if it detects the presence of MySQL, it will try to check if root user has an empty password. If yes, reports it. Likewise, each application or service has a list of tests that are performed against.

Some of the key controls validated include Authentication (checking for empty passwords, multiple root user IDs), certificate expiry, web services (missing error logs for nginx, for e.g.) and so on.

A typical scan involves the following

  • Initialization
  • Perform basic checks, such as file ownership
  • Determine operating system and tools
  • Search for available software components
  • Check latest Lynis version
  • Run enabled plugins
  • Run security tests per category
  • Perform execution of your custom tests (optional)
  • Report status of security scan

The report is displayed online and the scan log is also reported in a log file (lynis.log). Throughout the test process, Lynis runs hundreds of tests (mainly shell scripts) and is based on a given set of controls. Each test has a unique identifier. For e.g., the empty root password is control DBS-1816 Lynis is extensible, which means you can write your own controls.

It also means that the controls can be enabled or disabled based on your system needs. Tests run are defined based on profiles found in the folder /etc/lynis. The default is /etc/lynis/default.prf. If you want to skip a test create a custom.prf file. If you want to bypass the checks for HTTP servers nginx and apache, add the following entries

# contents of /etc/lynis/custom.prf  # Check if nginx is installed  skip-test=HTTP-6622  # Check if apache is installed  skip-test=HTTP-6702

Installation & Execution

Lynis is available as a package for most linux distributions and installation is a single command

# yum install lynis       # CentOS/RHEL  # apt-get install lynis   # Ubuntu/Debian

Running Lynis is as easy as running

# lynis audit system

Or

# lynis audit system --quick

(use the second one if you want to run a quick scan)

Other commands available are

Command Description
audit system Perform a system audit
show commands Show available Lynis commands
show help Provide a help screen
show profiles Display discovered profiles
show settings List all active settings from profiles
show version Display current Lynis version

The output from Lynis can be investigated further using the test ID

For e.g., if the output shows this

! Reboot of system is most likely needed [KRNL-5830]  - Solution : reboot  https://cisofy.com/controls/KRNL-5830/

You can find more about KRNL-5830 by

# lynis show details KRNL-5830

Conclusion

Lynis by default starts with running a lot of tests, as I mentioned earlier, you can skip some of them based on the custom profile. I would also advice to run this as a cronjob (daily/weekly) and review the audit logs on a regular basis.