Can the Half-Orc’s relentless endurance protect them from things that would normally kill someone instantly

In our campaign, we have a Half-Orc Barbarian. Very original. We are going along this cliff-side fortress and our worried about falling off. The Half-Orc’s player jokingly says that he’ll be fine, due to his Relentless Endurance. But I was thinking about it, and it seems like he’s right, but this seems excessive. Could he really survive the fall? Or survive lava? Or anything else that should kill instantly?

I need just to protect my website against DDoS. Is Cloudflare for me?

My website hosts 2,000,000+ webpages, and I need to protect it against frequent DDoS I suffer.

I’m considering using Cloudflare. But I’ve read that Clodflare creates some problems with the TTFB and waiting times, and I don’t want Google to penalize my website. As far as I understand, the increase of TTFB leads to an increase of the “Time Spent Downloading a page” of Search Console, leading to a penalization of the Crawl Budget and the SEO ranking.

As mentioned, I just need to protect my website agains DDoS, not extra features. Are there other services similar to Cloudflare, which just protect websites against DDoS?

Thank you very much.

What ways are there to protect yourself from alignment-based effects?

Following along with this related question, I’m looking for ways that one can protect ones self from things that adversely affect them based on their alignment, such as taking extra damage from a Holy Avenger for being evil, or being deafened/staggered/etc. by a Dictum for being non-lawful. The only spell that I know of is Corruption Resistance, which reduces tha damage you take, but won’t reduce other effects.

So in short, What ways are there to be treated as a different alignment when being targeted by spells or other harmful effects that affect you based on your alignment?

What is the ideal technique to protect unauthorized redirects

I’m looking for the best way to secure unauthorized redirects by GET parameter where

url=http://example.com 

I’m thinking about creating an unique identifier like using a hashing function (md5 for example) and check whether hash(url) === passed hash via GET to validate the redirect or deny it,

Where passed hash is within an html tag like: <a href="?url=url_here&hash=pre_calculated_here"> And I think this is bad because an attacker can figure it out, maybe add an unique HASH_SUFFIX by applying md5 to url+hash_suffix

What is the best way to protect my redirects?

Thank you.

Is there a option to protect a USB stick from being infected other than flash drives with hardware protection?

I would like to protect my flash drives to being infected when I put it in another computers or devices. After some research, I found that I will not be able to reach this level of protection by using only software solutions (correct me if I’m wrong).

However, I don’t have a flash drive with hardware protection and my only way to get one is importing (it will not be cheap). I also found that SD card’s switches against writing is not in a hardware-level, so I kinda have to trust that a potentially infected computer will respect it, which is not a good idea.

So, my question is: is there a trustful way (using USB) to put my files into another computer without my USB stick (flash drive or SD card) being infected?

What can protect a character from being possessed by a Ghost in the first place?

What can protect a character from being possessed by a Ghost?

What spells, class abilities, feats or magical items could stop a Ghost from possessing a character? i.e. before the Ghost can attempt to possess a character and force a Cha DC 13 saving throw.

Possession (Recharge 6). One humanoid that the ghost can see within 5 feet of it must succeed on a DC 13 Charisma saving throw or be possessed by the ghost; the ghost then disappears, and the target is incapacitated and loses control of its body. The ghost now controls the body but doesn’t deprive the target of awareness. The ghost can’t be targeted by any attack, spell, or other effect, except ones that turn undead, and it retains its alignment, Intelligence, Wisdom, Charisma, and immunity to being charmed and frightened. It otherwise uses the possessed target’s statistics, but doesn’t gain access to the target’s knowledge, class features, or proficiencies.

The possession lasts until the body drops to 0 hit points, the ghost ends it as a bonus action, or the ghost is turned or forced out by an effect like the dispel evil and good spell. When the possession ends, the ghost reappears in an unoccupied space within 5 feet of the body. The target is immune to this ghost’s Possession for 24 hours after succeeding on the saving throw or after the possession ends.

(MM p.147)

The obvious I can think of is a Cleric’s Turn Undead ability. Or using a spell like Magic Circle or waiting it out in Leomund’s Tiny Hut.

How to configure a VM to protect all my hardware fingerprint from guest OS and softwares?

This question was originally Does Firefox in VM have a common enough fingerprint so I don’t need tor browser? in Tor community.

I want to know about what a web browser’s fingerprint like in a VM, if VM runs a common OS and have default system settings. Can VM be configured to not have any of host machine’s fingerprint?

(Here I just want to ask about fingerprint, ignoring IP addresses, web scripts and tracking cookies)

Here the VM software we discuss would better be FOSS, like Virtualbox or qemu.

That question could be on not just web browser, but also other kind of softwares.

How can we protect encrypted files and directories from being fingerprinted when stored on online storage services?

Assuming that online storage providers are considered untrusted, if files and directories are encrypted, how can these be protected against fingerprinting?

The files are encrypted using rclone’s implementation of Poly1305 and XSalsa20 before being backed up to the cloud provider.

According to rclone’s documentation, the available metadata is file length, file modification date and directory structure.

  • What can be identified?
  • What can be inferred?
  • What attack vectors are there against the encrypted files and directories if the online storage provider is compromised assuming the passphrase is at least 24 characters long and is a combination of alphanumeric and special characters (uppercase and lowercase) as well as salted with similar entropy?

The encrypted data is considered to be sensitive.

How can I protect those files from being fingerprinted and the contents inferred such as ownership, source and the like?

Protect sensitive data in memory

Is there a way to protect sensitive data which is in RAM? Our setup is a microcontroller with no hardware support for security. When there is a need to encrypt data, then the secret key exists in RAM. Even further- plain text exists in RAM. So if anyone can have an access to RAM (e.g. jtag), then the sensitive data is in danger?

Strategies to protect SANs in branch offices in risky places

A company has several remote branch offices located in relatively dangerous places, such as Iraq, and I’m looking into strategies to secure the SAN in the event of theft, looting or rogue admins. Some of these offices are mobile, moving locations every couple of months.

Basically, the goals are:

  1. Prevent data from the SAN falling into the hands of others
  2. Prevent the destruction of data

Each site has:

  • A VPN, providing access to a central data centre in the USA (over a satellite link, sometimes as low as 4MB/s)
  • A local, highly-available ESXi cluster (note the vCentre server is located in a central data centre in Europe)
  • Virtual SAN storage (using StorMagic)
  • No local backups; backups are done remotely to a central data centre in Europe. The satellite links are often slow, and sites can sometimes be without access for several hours

At present, no data is encrypted – for this question, that’s what I want to focus on.

Do you have any suggestions? Should we encrypt at the SAN level, the vSphere level, the OS level? How should keys be managed?