Placing Critters in the appropriate place in the Natural Order Hierarchy in Mouse Guard

I am currently developing a campaign setting using the rules and lore for Mouse Guard. The setting will be similar but not in the same geographical location (Northern Michigan) that the original was written in. To that end I will be bringing in additional animals and developing their stats. I asked a question here that references how to balance the Nature scores and encounter abilities of the creatures but will also need to determine how best to place new creatures in the Natural Order table.

In MG mice can only directly attack/kill creatures that are up to two levels higher than they are in the hierarchy. Where to place a new creature in this table could indicate mechanically whether they would need extraordinary means to interact with that creature during an encounter. Balancing this would be an important part of creating a new creature in a custom Mouse Guard campaign.

I’m looking for expertise in balancing new creatures and placing them within the Natural Order hierarchy when introducing them into a Mouse Guard campaign.

I’m looking for answers using the “Good Subjective” standard and experience on how specifically balancing was done and determining where to place the creatures in the Natural Order hierarchy.

put some function in cloud and execute from any place cellular phone or tablet or laptop

Mostly I would like to have back a small string produced after entering few integers…

anyway the functions is:

pw[j_Integer, nd_Integer, sl_Integer, oeo_Integer] :=   Style[StringJoin[" ",     Map[ctec[[# + 1]] &,      First[RealDigits[N[1/Prime[j*sl + oeo], (j*sl + oeo)*10*5],        Length[ctec], nd, -sl*oeo]]], " "], FontSize -> 25,    FontColor -> Red, Bold, Background -> Yellow] 

where ctec is a list of all key-able characters in Latin-kb

Why do we need security measure likes control flow integrity and buffer overflow guard if we have good access control protocol in place?

Reading into information security, I noticed two branches. Access control when communication with external device by using some type of cryptographic authentication and encryption mechanism and things like control flow integrity. My question is why do we need the latter if former is good enough. Are there example of control flow exploits on access control protocol implementation themselves? My focus is mainly on embedded devices.

What can protect a character from being possessed by a Ghost in the first place?

What can protect a character from being possessed by a Ghost?

What spells, class abilities, feats or magical items could stop a Ghost from possessing a character? i.e. before the Ghost can attempt to possess a character and force a Cha DC 13 saving throw.

Possession (Recharge 6). One humanoid that the ghost can see within 5 feet of it must succeed on a DC 13 Charisma saving throw or be possessed by the ghost; the ghost then disappears, and the target is incapacitated and loses control of its body. The ghost now controls the body but doesn’t deprive the target of awareness. The ghost can’t be targeted by any attack, spell, or other effect, except ones that turn undead, and it retains its alignment, Intelligence, Wisdom, Charisma, and immunity to being charmed and frightened. It otherwise uses the possessed target’s statistics, but doesn’t gain access to the target’s knowledge, class features, or proficiencies.

The possession lasts until the body drops to 0 hit points, the ghost ends it as a bonus action, or the ghost is turned or forced out by an effect like the dispel evil and good spell. When the possession ends, the ghost reappears in an unoccupied space within 5 feet of the body. The target is immune to this ghost’s Possession for 24 hours after succeeding on the saving throw or after the possession ends.

(MM p.147)

The obvious I can think of is a Cleric’s Turn Undead ability. Or using a spell like Magic Circle or waiting it out in Leomund’s Tiny Hut.

What overpowered combinations would be available if I allow a bonus action to be used in place of a standard action?

It has come up in game a couple of times that a player might want to cast a spell that has a casting time of 1 bonus action using their “main” action (if they have another bonus action they also want to take on that turn, such as giving bardic inspiration, or controlling a Bigby’s hand, etc.)

On the face of it, it seems obvious that something (a bonus action) that is usually much faster than a full action could be done as your full action. Although the question comes up most often with respect to spellcasting, if I house rule this, I would rule that any bonus action can be taken as a regular action instead; however, I would not allow the same type of bonus action to be taken twice (so no giving bardic inspiration to two allies on the same turn, for instance).

Are there any abusive or overpowered combinations I should be wary of if I were to allow a character to take 2 bonus actions instead of one regular action and one bonus action on a turn?

The issue of casting two bonus-action spells would not come up because the rule against casting 2 spells on your turn unless one of them is a cantrip with a casting time of 1 action would still be in effect:

PHB p. 203 (under Bonus Action casting time)

You can’t cast another spell during the same turn, except for a cantrip with a casting time of 1 action.

I know it’s hard to prove/justify a negative answer to a question like this, but I’d be happy to get answers that say you don’t think there would be any issues if you describe how you came to that conclusion.

Why server side hashing is required if the client side hashing is already in place?

I am looking for best practice for username/password login. People have different views for client side hashing on password.

From Google’s recommendation https://cloud.google.com/solutions/modern-password-security-for-system-designers.pdf

The client side hashing should be implemented as below:

Have the client computer hash the password using a cryptographically secure algorithm and a unique salt provided by the server. When the password is received by the server, hash it again with a different salt that is unknown to the client. Be sure to store both salts securely.

My questions are

  1. I agree the server should send a (unique) salt to the client. But why does the server need to hash the client result again with another salt?

  2. Does the above mechanism suggest the server should store both salts as separate columns in the database table? And assume both salts are static (not changed per each login?)

  3. SSL/TLS have mechanism to avoid replay attack. Does the above mechanism provide extra value to counter replay attack? I don’t see any random factor about the static salts and I cannot relate anything can address replay attack.

Does silent image require the caster to actually have visual contact with the area they want to place the effect on?

Or the 60ft radius is all that matters, even if it is behind a wall?

To be even more specific, what about if it is a 15ft area in a location in-range that you have seen before but is now out of sight? And what about when on your turn you have visual contact with an enemy in a certain area, then move behind some cover and then place the illusion -area around the enemy & within the 60ft range-? I am placing this question because I have seen other illusory spells’ descriptions that specify that you must see where you place your spell. Silent image doesn’t specify whether the sight component is or isn’t required.enter image description here