## Can a barbarian maintain rage by attacking a creature that is not present?

Suppose a raging barbarian does not see any opponents on the battlefield but is attempting to maintain rage by attacking a hostile creature, according to the following:

Your rage lasts for 1 minute. It ends early if you are knocked unconscious or if your turn ends and you haven’t attacked a hostile creature since your last turn or taken damage since then.

If there was a successfully Hidden opponent on the field, the barbarian would be permitted to attack it by guessing its location. Even if they were incorrect, that would be sufficient to maintain their rage.

But how far ‘off’ is the barbarian allowed to be in their guess and still have the attack count?

Suppose the successfully Hidden opponent has actually left the field without the barbarian knowing. Does the fact that the opponent is not actually there prevent the barbarian from making an attack on an unseen opponent?

If yes, and the rage ends, the player then gains information about the fact that the opponent is not present (which seems to go against the spirit of "If the target isn’t in the location you targeted, you automatically miss, but the DM typically just says that the attack missed, not whether you guessed the target’s location correctly.")

If no, and the barbarian is allowed to attack an opponent that is not actually there based on the plausible belief that an opponent is present, then what prevents the barbarian from postulating an opponent who could be there? For example, the barbarian invokes an NPC that has successfully Hidden against the party before – is it enough to maintain rage for the barbarian to say that they believe said NPC is present and Hidden and then attempt to attack them as an Unseen opponent?

Somewhat related: A barbarian’s belief that they are attacking an opponent is not sufficient to maintain rage if what they are attacking is an illusion. So attacking a not-creature that is there is not enough to maintain rage, but is it enough to attack an actual creature that is not there?

## Does this registry entry for implementing custom protocol handlers in Windows present a security risk?

Background

Some features are not yet available on the web platform and thus require cooperation with a native application in order to provide them. One method for a web application and a native application to communicate with each other is a custom protocol handler.

For instance, the web application can call "mycustomproto://some/params", where "mycustomproto" must first be registered with the operating system as a valid URI protocol. On Windows, this is done in the registry. There are a few keys/subkeys/values etc that must be added to the registry, but only one actually deals with specifying the executable and it’s parameter(s).

Note that once the protocol handler is registered with the operating system, it can be launched by any website that knows of its existence, subjecting it to potential abuse.

Example Windows registry value for this purpose

All of the examples that I’ve found documenting this show the following:

C:\myapp.exe "%1"

Primary Question

Assuming that the registered handler (e.g. "myapp.exe") has zero possible security flaws, is the above example registry value sufficient for ensuring that malicious websites are unable to piggyback additional commands and/or arguments?

Clarifications

• For the purpose of this question, please assume that the protocol handler (e.g. "myapp.exe") is incapable of exposing vulnerabilities of its own – it’s idle – it launches, does nothing, and quits. This question is specifically related to the browser and/or OS and the "execution" of this registry value.
• Can malicious actors somehow escape out of the "%1" double quotes and cause the browser and/or OS to run additional commands (e.g. ` && C:\Win32\do-something-malicious.example.exe`)?
• Similarly, can malicious actors somehow send additional arguments to the protocol handler? Or does the "%1" ensure that the handler will only ever receive a single argument?
• If this registry value is insufficient to only ever call the protocol handler (and nothing more) with a single argument, is there a better way?

## What’s the best way to present a sandbox world to your players?

In my sessions, I let my players play in a sand-box world. There is a main story that I always plan that they could follow, and I have no problems with them doing so.
However, I would like my players to fully realise this is a big, breathing world that they can fully explore however they like.

I have already shown them the map of the whole globe, given some standard lore about important places and told them that they can go wherever they like.
I’m hoping to be able to let go of the main story and let them wander around the world, but I’m afraid they’ll remain passive until I throw some encounters towards them, instead of them looking for adventure.

The party is currently level 6, and I would prefer it most if they would gradually expand their influence over the world.

What would be a good way to achieve this? How can I best present a sand-box world to my party, who’ve never done something similar before?

We’re playing D&D 3.5 if that changes anyone’s answer.

## meta_query order by date present -> future then show null

Thanks for taking the time to read this. I’ve been struggling with a meta_query for an events site I’m working on.

I have used ACF to create a field for date start and date end, but not all events will have a date.

What I’m trying to achieve, is when you go to the archive or tax view, the first thing you see are the posts that have a date assigned, in order from today’s date into the future. Then after those dated events have been output, to cycle through all empty date posts.

So far I have the below in my functions.php file. This kind of works, but in the wrong order. So the correct events that are dated are output and in the right order. But only after the null valued items have output. I thought that may be because of the ordering in the arrays themselves, so moved the date ordered array to the end. That had no effect.

``\$  query->set( 'post_type', 'courses' ); \$  query->set( 'meta_query', array(     'relation' => 'OR',     array(         'key'        => '_course_date_from',         'compare'    => '=',         'value'      => '',     ),     array(         'key'     => '_course_date_from',         'compare' => '>=',         'value'   => date('Ymd'),     ) ) ); \$  query->set( 'orderby', 'meta_value title' ); \$  query->set( 'order', 'ASC' ); ``

## How do I present an unbeatable encounter without frustrating my players?

So, I have run Curse of Strahd sometimes, but every time I run it I find a new problem in my DM’ing haha.

I will try to make it answerable without specifically CoS experience and keep it spoiler free.

Strahd, a powerful Vampire, is the main villain of the adventure, and, as the book describes, he is not a villain that will only show up for the final encounter. Strahd will, certainly, appear many times during the adventure, either to probe the characters, to scare them, or generally to play with them. In the many times I have run the adventure, I never had any problem with this encounter until now.

Recently, in one of the tables I am running, for reasons I am still unsure, my players felt very frustrated with this encounter. Let me tell how the encounter went:

The party met Ireena, helped with her request, and stayed a little bit too long in the Town. Long enough for Strahd’s spies to inform him about Ireena leaving her house in company of the characters (they insisted) and, well, pay a visit to the characters when they were returning from the Tavern to the Burgomaster mansion. Strahd had no intention of actually harming the characters or even getting Ireena here – it was just to, well, make an introduction and… be Strahd.

However, the party has a very beautiful Half-Elf with 16 Cha who grabbed the attention of Strahd. He proceeded to Charm her and Bite her, just as a sign of "affection" – again, no intention of harming, I was not even rolling damage here, I only made the character in question roll the Wisdom Saving Throw and told her to "role play as if she was charmed by a vampire" when she failed – the player was fine with it and joined the role play nicely.

The other two players, however, tried many things. They tried to enter an abandoned house hoping that he wouldn’t enter without invitation, or "talking the charm out" – all to no avail.

From one point, I can understand their frustration: they felt powerless. On the other, that is… kinda one of the points. At this point in the adventure, they are powerless against Strahd. He presents himself as an unbeatable encounter, who is there for his own amusing.

Other than that, there were many points – most sadly missed by them due to they worrying about how unfair the encounter was – in that encounter, which I tried to convey at the best of my abilities. These will be listed in the spoiler below as they are part of the Curse of Strahd adventure, but essentially, it was a nice opportunity to give some hints about the relationship of Strahd and Ireena, as well as introduce some Vampire Features to them.

So, overall, I think there are many reasons for the encounter to happen, both from an in-game perspective, and simply to provide some useful information to the players and characters. However, they felt powerless, that the encounter was unfair and generally frustrated, even asking me "what is the point of this encounter?" in the middle of the encounter.

So, how can I present such an encounter, which is essentially unbeatable at this point, without frustrating them? I am asking because I plan to have them meet Strahd after the events in Vallaki again, and actually have a little bit of a combat this time, depending on how they behave, but I don’t want it to end up being a "again this unfair fight? There is nothing we can do at this stage please stop throwing him at us".

Some things: First, I do not want to tell them "Don’t worry he won’t kill you" – they should be scared. And he will kill them, depending on how they act, and how bored he becomes with them. And I also would prefer to not disclose the spoiler’d reasons for the encounter, I would prefer them to find out by themselves that those were clues. I also think, even without them, there is enough in-game motivation for the encounter to happen from Strahd’s perspective, and he is a character that I want to develop as well.

PS: I should note that this was fairly soon after the Shambling Mound encounter in the Death House, where they also felt powerless because they couldn’t beat the monster in combat (and two characters actually died there – the players were back in this session with new characters).

PPS: I should also mention that, while Strahd himself was unbeatable, they had a feasible goal in sight: run to the Burgomaster mansion, where Strahd would not enter uninvited – which they understood quite quickly and managed to accomplish. That is to say that they had an objective in the encounter and even successfully managed to complete it, but obviously it lacked some sense of reward for them.

System agnostic answers get extra internet points.

Related questions:

How can I best invoke the trope of a foe who radically outclasses the heroes in Fate without compromising player agency? – but this is specific for FATE and the answers are very system-specific.

How can I present an "unsolvable right now" puzzle without frustrating my players? – Same thing, but instead of an enemy NPC, it’s a puzzle.

How do I add a recurring fantasy villain without frustrating the players?

## getting no subject alternative name present exception when the csr shows that the SANs are present

I am trying to setup ssl for grpc but no matter what I try I get a no subject alternative name present. I’ve verified the SANs are in the certificate signing request. The common name and also a SAN are the ip addr. I am trying to connect using the ipAddr. The exception I get is

``Caused by: java.security.cert.CertificateException: No subject alternative names present     at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:137)     at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:96) ``

The text of my csr follows:

``sysadmin@rit5 san]\$   openssl req -in my.csr -noout -text     Certificate Request: Data:     Version: 0 (0x0)     Subject: C=US, ST=TX, L=Austin, O=MYCOMPANY, OU=MYUNIT, CN=172.28.4.89     Subject Public Key Info:         Public Key Algorithm: rsaEncryption             Public-Key: (2048 bit)             Modulus:                 00:b9:1d:0c:80:ee:b3:20:06:df:6e:f1:04:e5:10:                 54:5d:70:07:fd:68:25:33:12:37:73:98:45:8b:35:                 ba:cf:9b:7c:63:82:0a:e2:16:0d:33:36:10:dd:b5:                 f9:21:da:04:8c:18:15:77:e2:65:72:e8:c9:6e:01:                 dc:47:48:53:ce:45:c9:a9:f1:9d:d0:0f:a7:cb:d5:                 5b:55:eb:b4:38:cb:50:5d:51:c2:bb:65:f6:76:09:                 76:8d:34:0a:c6:35:95:e3:0f:8f:71:be:73:22:78:                 84:26:4f:5e:d3:6a:2c:69:b4:57:e1:fc:37:47:e6:                 56:80:6c:bf:7a:97:78:20:17:22:d0:fc:c6:0c:17:                 0b:dc:23:8f:0e:8a:cb:48:6d:a6:0c:ce:4b:24:54:                 66:82:d0:29:dd:bf:5b:5f:cd:b8:f3:2f:3a:40:09:                 cd:84:6c:2f:74:60:74:e2:3a:13:b9:2e:5c:df:39:                 a3:47:07:96:5a:ed:be:14:71:42:58:6b:53:77:a2:                 af:0a:6d:c3:57:ba:e0:95:ed:55:78:2f:21:cc:af:                 95:e7:de:50:3d:7d:7e:29:4e:ed:bf:9e:14:36:0e:                 71:a3:e4:79:03:12:cd:55:c3:77:00:0f:02:2d:d1:                 e6:2f:a5:b0:3e:62:76:4e:bd:2a:33:56:76:8f:8d:                 2f:b5             Exponent: 65537 (0x10001)     Attributes:     Requested Extensions:         X509v3 Key Usage:              Key Encipherment, Data Encipherment         X509v3 Extended Key Usage:              TLS Web Server Authentication         X509v3 Subject Alternative Name:              DNS:172.28.4.89, DNS:rit5.mycompany.com, DNS:rit5 Signature Algorithm: sha512WithRSAEncryption      17:18:63:dc:d9:84:90:da:de:b6:8e:82:ce:84:6a:a3:5d:11:      87:37:2b:e7:56:6e:e5:ea:42:11:4c:8f:66:28:8b:44:4f:0a:      b9:89:d9:67:86:f4:0f:8a:44:b8:b2:87:62:65:c2:9c:7a:08:      bf:74:4a:b3:f4:35:82:45:50:7f:3f:ab:c4:97:60:59:99:8c:      8e:8b:12:0f:3b:dd:2a:6d:a9:be:06:8a:70:e7:e6:08:22:57:      89:e8:c0:86:f1:26:dc:23:08:aa:ab:2f:07:0d:0b:78:0b:3d:      d9:ce:ac:92:32:80:81:18:25:17:d4:04:22:e2:f9:f2:96:b1:      be:76:96:0c:70:39:cf:64:d3:7d:66:b9:f8:b5:20:18:17:66:      a4:f8:26:a7:02:42:0e:9f:6f:1e:4c:19:1d:d5:19:7b:17:0c:      64:45:34:d0:12:af:e1:8e:9d:e1:ce:84:49:54:87:78:c9:ba:      10:f0:65:5b:0e:f4:4f:3f:91:de:cc:46:36:fa:45:ff:0d:7a:      a4:c7:9b:b7:82:f6:b0:3b:c4:f3:9f:45:94:43:a8:ad:ae:e2:      e2:a2:66:59:d1:5e:b2:ee:a6:55:90:27:4c:57:c8:04:4b:30:      bd:02:bf:e5:3e:7c:b1:c6:0f:04:50:f5:96:76:37:bb:ed:7a:      ba:3c:7c:07 ``

The config file I used to create the csr and key is here

``[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no  [req_distinguished_name] C = US ST = TX L = Austin O = MYCOMPANY OU = MYUNIT CN = 172.28.4.89  [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = 172.28.4.89 DNS.2 = rit5.mycompany.com DNS.3 = rit5 ``

To generate the csr I used the following command

``openssl req -new -out my.csr -newkey rsa:2048 -nodes -sha512 -keyout my-private-key.pem -config ssl.ext ``

To self sign it used the following command

`` openssl x509 \         -signkey my-private-key.pem \         -in my.csr \         -req -days 365 -out my-public-key-cert.pem ``

I’m at my wits end. Any help would be appreciated. The certificate is generated without the SANs.

``Certificate:     Data:         Version: 1 (0x0)         Serial Number:             c7:af:ad:c2:98:be:7b:c1     Signature Algorithm: sha256WithRSAEncryption         Issuer: C=US, ST=TX, L=Austin, O=MYCOMPANY, OU=MYUNIT, CN=172.28.4.89         Validity             Not Before: Jun  5 20:26:00 2020 GMT             Not After : Jun  5 20:26:00 2021 GMT         Subject: C=US, ST=TX, L=Austin, O=MYCOMPANY, OU=MYUNIT, CN=172.28.4.89         Subject Public Key Info:             Public Key Algorithm: rsaEncryption                 Public-Key: (2048 bit)                 Modulus:                     00:b9:1d:0c:80:ee:b3:20:06:df:6e:f1:04:e5:10:                     54:5d:70:07:fd:68:25:33:12:37:73:98:45:8b:35:                     ba:cf:9b:7c:63:82:0a:e2:16:0d:33:36:10:dd:b5:                     f9:21:da:04:8c:18:15:77:e2:65:72:e8:c9:6e:01: ``

## Do the targets of Prayer of Healing need to be present during the casting time?

Prayer of Healing has a casting time of 10 minutes. The typical case for this spell would be a cleric casting this on injured members of a party while they rest. But what if one more fellow drops in right before the casting time is done?

That is, do the targets of the spell need to be chosen when the spell casting is started? Or upon completion of the casting time?

## eLiquid & CCarter present SERPWoo – Destory Niches And Rule ORM Today

.

And now you’re thinking… what the hell’s  about to happen. 2+ years in conceptualization, 8+ months in  development… It’s time…
Have you ever wondered how some of these top SEOs seem to ALWAYS be  ahead of the curve. How can so many of them be ahead of world events…  There are 2 keys to this; first is to be a player making the world  events happen and second is to monitor world wide movement. We’re giving  you the first tool, in a line of many to come, to perform BOTH.
There are dozens of big money niches, hundreds of money terms, and  thousands of competitors all vying for the same top 10 rankings. For a  long time, the kings of the serps have had some of the most  sophisticated monitoring tools available to them; and they’ve use them  to their advantage by dominating the rankings.
Now we give you the same tools. Monitor niches that matter to you, to  SEOs, to spammers, to blackhatters, to whitehatters, and any other web  marketers worth their weight.
eLiquid and CCarter present to you SERPWoo
Starting off at only \$ 19.95 a month for SUPER Beta Testers (beta tester pricing is grandfathered in and locked for life – so get in on the beta asap).
It’s a quick way to see what competitors are doing for a keyword, how  have they moved up and down, hover over to see their (Ahrefs, Moz,  social signals and more. That screenshot doesn’t even do it justice as  to it’s power.
Wait a minute, what’s the difference between traditional rank trackers and SERPWoo?
SERPWoo – See everything, manual reviews, updates, plus 3rd party metrics and A.I. bots that analyze data for you.
SERPWoo is a niche monitoring tool, the real missing tool that the  online marketing community’s been lacking. Unlike traditional rank  trackers which only allow you to track your site through the rankings,  we monitor ALL the positions that matter for your keyword so you can  have a better understanding of what’s really going on in your niche.
Overtime, the charts fill out and you’ll have a historical account of  who the real players are, with the ability to look up their backlink  profile from AHREFS, see their PageRank, Moz metrics, SEMRush stats,  Majestic data, and more – oh yeah, we aggregate this data in charts as  well.
So enough talking… As I update the threads with bumps, I’ll be giving  out more details, tips, tricks, and things we’ve got going on. Anyone  can create a free account and test drive it. We give you a nice size  list of default keywords which do not count against your current limit  with each account. But the folks that sign up who become SUPER Beta  Users will have more power, priority data requests, and access to each  new engine as they come online.
Just and fyi, there will be bugs, if you find them, just hit the  feedback button, and let us know. Also give us feedback on what you  like, don’t like, and want to see. Here is a quick list of coming  features:
1. Parasite detection –  Currently in infancy – this a.i. bot is learning the different signals  of a parasite, and once out of the sandbox, it’ll send global  notifications once one of it’s crawlers finds a new parasite, web 2.0,  new social and viral sites property that’s ranking in the top 20 of the  SERPs.
2. Time Portal – This is probably the most  badass feature and was probably supposed to be classified but… Anyways, the ability to go backwards in  time for most SERPs even if you weren’t tracking them. In Alpha stages,  the farthest back we’ve been able to go so far is 2007.
3. [ Classified ]- Regarding on-site…
4-10. [ Classified ] – [ SERIOUSLY Classified ]
Fun story about the most recent update, and how we were  able to see it a week before it happened… Grind was there… actually  I’ll save it for the next bump. Let us know what you think. I know, I  know, it’s a lot of information, sign up for a Super Beta Account and  open your eyes.
There is a lot more but I don’t want to overwhelm you guys with the  potential and what we’ve got going on within the tool for SUPER Betas.
– CCarter & eLiquid
.

Join @ https://www.serpwoo.com

P.S., Don’t forget to run and tell the haters… #DatFreeBump
P.P.S. Click to LOCK! Click again to unlock! <- this will be important later on…

## possible new Target URLs from present accounts.

i  keep getting the same message thousands of times, i have deleted/blocked the domain/url in the global system as well as in the specific project (after turning off all projects except one to isolate the problem)
the same message again & again is :-
15:46:00: [-] 1/1 PR-0 too low – http://www.gomaze-play.de/index.php?page=Register&action=register
15:46:00: [+] 001 possible new Target URLs from present accounts.
project > options > skip sites with the following words in url/domain

## Comparing shortest path distance and relation between two modes present in FIFO queue at the same time during breadth first traversal

I came across following problem:

Consider two vertices $$a$$ and $$b$$ that are simultaneously on the FIFO queue at same point during the execution of breadth first search from $$s$$ in an undirected graph. Then which of the following is true:

1. The number of edges on the shortest path between $$s$$ and $$a$$ is at most one more than the number of edges on the shortest path between $$s$$ and $$b$$.
2. The number of edges on the shortest path between $$s$$ and $$a$$ is at least one less than the number of edges on the shortest path between $$s$$ and $$b$$.
3. There is a path between $$a$$ and $$b$$.
4. $$a$$ may lie on shortest path from $$s$$ to $$b$$.

The solution just said first three may hold separately. But that really left me confused. Especially it did not say anything about point 4.

Here is what I guess is correct:

1. The shortest path distance of two nodes simultaneously present in FIFO queue can differ at max by 1. That is one node may be closer to source by at max just 1 edge than the other or it may be present at the same distance from source as other node. So either point 1 is correct or point 2, but not both. Am I right with this?

2. Also what is significance of “at most” and “at least” in point 1 and point 2? I feel the difference between shortest path distance if two nodes can be “at most” 1. I guess “at most one more” aligns with this, but “at least one less” does not. That is shortest path distance of node $$a$$ cannot be lesser than that of node $$b$$ by 2 or more.

3. I feel point 3 will always be true as there will always be path from $$a$$ to $$b$$ going through $$s$$

4. I feel point 4 is always false, because we dequeue the node $$a$$ and then enqueue all its neighbours, one of which is $$b$$. So such $$a$$ and $$b$$ cannot be in the queue at the same time.

Am I correct with these?