When using the evocation wizard’s Sculpt Spells, can you protect fewer creatures than the maximum you are allowed?

The Evocation Wizard’s Sculpt Spell ability allows the wizard to protect some creatures from their own evocation spells:

When you cast an Evocation spell that affects other creatures that you can see, you can choose a number of them equal to 1 + the spell’s level. The chosen creatures automatically succeed on their Saving Throws against the spell, and they take no damage if they would normally take half damage on a successful save.

Does the number of chosen creatures need to be exactly equal to 1 + the spell’s level, or can it be lower?

For example, if an evocation wizard casts Fireball, can they choose 1, 2, or 3 creatures to be protected from the spell, or do they need to select either zero or exactly 4 creatures?

Can spells that stabilize you when you would die protect you from death by massive damage?

Characters die from damage when their health is reduced below their negative Constitution score. However, some spells stabilize you when you would die. Can these spells save you from the massive damage rule?

For example, Shadow Endurance says:

If you are reduced below 0 hit points or rendered unconscious, shadow endurance immediately discharges, shunting your injured body into a hidden alcove on the Shadow Plane.

You immediately stabilize, but cannot awaken or take any further actions until the second duration expires.

Nine Lives does something similar:

Rejuvenate: The target uses this ability when it is reduced to 0 or fewer hit points. The target is instantly healed 3d6 points of damage. If enough hit points are regained to bring the target to positive hit points, it does not fall unconscious. If it is not enough to leave the target with positive hit points, the target automatically stabilizes. Both of these effects work even if the damage was originally enough to kill the target.

Which magic item of very rare or lower rarity is most useful to protect a group of ordinary soldiers?


Background

I’m playing a mid-level artificer (artillerist) who’s a disgruntled veteran with a missing limb who, disillusioned by the leaders’ willingness to send soldiers to their deaths, has retired from the army and opened a shop. An adventure hook has people steal his work-in-progress masterpiece and now I need to find a fitting item he was trying to create.
Because of this background, the item he would be most interested in would be something that helps ordinary soldiers without magic powers survive the horrors of the battlefield. It might be something that protects a group of people from hostile spells or something that provides healing to them, similar to the artificer’s Protector cannon.

Criteria

  • I am trying to find an officially published item before resorting to homebrew (UA is probably fine, as is basic refluffing)
  • The DM has ruled that the item should be below legendary rank, so very rare at most
  • I probably won’t be held to strict prerequisites such as being able to cast every spell going into the items myself, but the item should still basically fit the artificer flavour
  • The item should be usable by someone who cannot cast spells
  • The item should be able to affect a group, not just the carrier
  • The item should be defensive in nature

My own research

I’ve gone through the "warding" and "healing" categories of magic items on D&D Beyond and found very little. There are almost no items that work on groups and those that do tend to be musical instruments or magic staves that need the user to be a spellcaster.
In general it seems that antimagic items aren’t really a thing in 5e. An item that can cast Antimagic Field on he regular would probably be in the legendary category and a Ring of spell Storing would again require a (powerful) spellcaster to be useful.
An ideal solution would be something like a banner of protection or an Eldritch Cannon: Protector that doesn’t need an artificer to be present. I’ve also considered something like a Ring of Regeneration, but that’s again a one-person item.

Does the pressurized lung augmentation in Starfinder protect a character from the effects of sudden decompression?

According to the Starfinder rules, the pressurized lungs biotech augmentation has the following effect:

"You can hold your breath for up to 1 hour and are immune to the normal environmental effects of being in a vacuum."

The rules on vacuums are as follows:

Vacuum

The void of space is effectively empty of matter, and this vacuum is perhaps the greatest danger of outer space. A creature introduced to a vacuum immediately begins to suffocate (see Suffocation and Drowning) and takes 1d6 bludgeoning damage per round (no saving throw). Because a vacuum has no effective temperature, the void of outer space presents no dangers from cold temperatures. A creature retains its body heat for several hours in a vacuum. Sound doesn’t travel in a vacuum.

Decompression occurs when a creature suddenly transitions from a pressurized environment to a vacuum, such as by being flung out of an airlock or being inside a sealed structure that becomes heavily damaged. Such a creature takes 3d6 bludgeoning damage (no saving throw) in addition to any suffocation damage.

Most creatures travel the vacuum of space in a starship.

Do the 3d6 points suffered from sudden decompression (discussed in the second paragraph under Vacuum) count as the "normal environmental effects of being in a vacuum"? Or do normal environmental effects only pertain to the suffoction and 1d6 per round?


Here is an article about the real science.

It is logical for lungs that hold an hour’s worth of air to protect you from suffocation in a vacuum, and they theoretically could stop your lungs from bursting (another danger in a vacuum). I don’t see how they would prevent your blood from vaporizing and stopping circulation. Scientifically, even with pressurized lungs, the vacuum should damage/kill you. Granted, it is a fantasy game.

Are hardware security keys (e.g ones supporting Fido2) “able to protect authentication” even in case of compromised devices?

Correct me if I am wrong, please.

I understand that 2FA (MFA) increases account security in case an attacker obtains a password which might be possible via various ways, e.g. phishing, database breach, brute-force, etc..

However, if the 2FA device is compromised (full system control) which can also be the very same device then 2FA is broken. It’s not as likely as opposed to only using a password but conceptually this is true.

Do hardware security keys protect against compromised devices? I read that the private key cannot be extracted from those devices. I think about protecting my ssh logins with a FIDO2 key. Taking ssh as an example, I would imagine that on a compromised device the ssh handshake and key exchange can be intercepted and the Fido2 key can be used for malicious things.

Additionally: Fido2 protects against phishing by storing the website it is setup to authenticate with. Does FIDO2 and openssh also additionally implement host key verification or doesn’t it matter because FIDO2 with openssh is already asymmetric encryption and thus not vulnerable to MitM attacks?

How to protect IP-sensitive data in files generated and used by users

I’m working on an offline windows application that generates and loads key results as files. However, these files provide key insights into how our product works internally. To make matters worse my users will for sure be tech-savvy but not hacker like tech-savvy. So if I do not encode it, we give away our magic. So given this problem, I have some questions:

  • Is there an encryption method commonly used to make files unreadable (or at least hard to read) except for (multiple instances of) a certain application?
  • How hard is it to read what assets (like private keys) are baked into a .dll file?

How to protect a Cha-based caster against Feeblemind?

Feeblemind requires an Int save: on a fail, the target’s Intelligence and Charisma are set to 1. This pretty much destroys any Int or Cha-based caster, but the fact that the latter have low Int (and are not proficient with Intelligence saving throws) makes them especially vulnerable.

What are some ways to handle this? The route I’ve taken with a Sorcerer concept is to start as a Rogue for my 1st level (for Int proficiency) and then go Sorcerer from 2nd level. Other ideas welcome.

My goal is to learn what options there are to prevent getting Feebleminded, be it at character creation, or a magical item, or… anything that helps resist it. E.g., it just occurred to me that, while expensive, L9 Globe of Invulnerability will prevent it (and duration could be doubled for 1 sorc point).

Protect password from apache user by making file executable-only

I (will) have a binary executable file. It’s only permission is user-execute. It cannot be read by user, group, or world. The owner of the file is the Apache user. I don’t want the apache user to be able to read the file, but I do want the apache user (via a PHP script) to be able to execute the file.

The binary executable file contains a password that is used to decrypt an SSH private key file, as I need the public key to hash the request body & compare against a hashed signature my server is receiving. The executable binary file will receive the request body & hashed signature, do its stuff, and simply return "yes" or "no" to indicate if the request is valid.

I know my executable binary file could still be accessed by root or sudo. Preventing that would be interesting, but is beyond the scope of my question.

Would this be an effective way to protect the password (which is in the binary file that can ONLY be executed) against PHP scripts running under the apache user?

Note: I would like to open-source this setup so want it to be useable on a variety of linux servers. I’m personally on a shared-server so can’t really configure apache or the system, and that would be my target audience.