Has there been clarification of the Random Weight Table in the Player’s Handbook?

I was reading through the Player’s Handbook today to make a character when I saw the Random Height and Weight tables. Looking at that, I saw that the weight, for a Tiefling, was 110 lbs * (2d4). Surely, I thought, a 220-880 lb tiefling is a little bit much compared to their 4’11” – 6’1″ height, so I looked at the others, and they are all similar.

Amusingly, the Mountain Dwarf has a weight of 130 lbs * (2D6), which can result in a character of the range of 260-1560 lbs, or close to a full ton of dwarf.

Has there ever been any clarification on this?

How Do “Random Attack” Effects Work Against Characters With Multiple Attacks?

I have a party of 13th level characters, one of which happens to be a fighter who loves to swing her dual hammers at anything within reach. Recently I’ve been experimenting with some custom monsters and they are going to encounter a Gibbering Mouther/Minotaur hybrid, but before they get there I want to clear up a question I had. Gibbering Mouthers have an ability called gibbering, which reads as follows:

The mouther babbles incoherently while it can see any creature and isn’t incapacitated. Each creature that starts its turn within 20 feet of the mouther and can hear the gibbering must succeed on a DC 15 Wisdom saving throw. On a failure, the creature can’t take reactions until the start of its next turn and rolls a d8 to determine what it does its turn. On a 1 to 4, the creature does nothing. On a 5 or 6, the creature takes no action or bonus action and uses all its movement to move in a randomly determined direction. On a 7 or 8, the creature makes a melee attack against a randomly determined creature within its reach or does nothing if it can’t make such an attack.

The part I was particularly interested in was the last part, where a creature who rolls a 7 or 8 makes a melee attack against a random creature within range. Given that the fighter has 3-4 attacks normally, not including her action surge which can effectively double that, how many attacks should she be randomly making? Is she effectively using the full extent of her attack action to swing wildly, or would she only make the 1 attack and call it quits?

How to code an algorithm to generate a random but valid train track layout?

I am wondering if I have quantity C of curved tracks and quantity S of straight tracks, how I could write a computer program to design a “random” layout using all of those tracks, such that the following rules are satisfied:

1) The tracks, when all connected, form a closed (continuous) loop for the train to go around.

2) Ramps, bending of tracks, bumping of tracks, crossing of tracks are all not allowed.

So would the computer program have to create a geometric model and remember the exact positions of each track or is there some simpler way to code this? I want to be able to “push a button” and the computer “spits out” a valid “new” layout for me.

Do I need to give the exact measurements of the 2 types of tracks? If so, I can provide those.

I have some coding skills but I need to know an algorithm first before I can code something meaningful (other than just testing a few parts of a candidate algorithm)

What would happen if some random webpage made an Ajax request for http://127.0.0.1/private.txt?

I run a localhost-only webserver (PHP’s built-in one) for all my admin panels and whatnot on my machine. I’m worried that, if any random webpage has a JavaScript snippet which makes an Ajax call to http://127.0.0.1/private.txt , and I visit that webpage, it will make my browser (Firefox) fetch whatever data is returned from that URL and be able to use it, for example to send it back to their own server in another Ajax request.

Let’s assume that http://127.0.0.1/private.txt returns my entire diary since 1958. Or anything equally sensitive. I definitely don’t ever want it to interact with anything other than my Firefox browser, but from what I can reckon, this could be a massive privacy/security issue. I hope I’m wrong about my assumption that this request would be allowed. I hope that it has some kind of “cross-domain policy” blocking it or something. Especially since it’s from 127.0.0.1, which should be some kind of special case.

What would stop it from doing this? What am I missing in my reasoning?

How could a WPA2 WiFi with a 40+ character random password have been penetrated

I can confirm an intrusion from an unknown MAC address (identified as a Realtek device), getting a new, valid IP from the DHCP pool, and using the network for roughly 1 hour.

The network is WPA2 – 1 each for 2.4Ghz and 5Ghz both with the same password. The 2.4Ghz network also includes a TP-Link extender, which creates its own SSID, but again with the same password. So a total of 3 networks with the same password.

This 40+ random password was set less than 10 days ago. It is certainly random, with the recommended mix of cases, numbers and symbols, generated by a reputed password manager. There are no proximal patterns I can find or think of, and no characters have been repeated – I made sure of that.

How is it possible for this network to have been compromised so quickly?

  1. Is it even theoretically possible for a 40-character random password to be cracked IN 10 DAYS with anything less than a few hundred multi-GPU setups? I don’t think anyone wants to “get” me that badly.

  2. Is it possible for a network to be intruded/joined without knowing the password at all? A version of the KRACK attack or something similar, targeted at the router or perhaps at the repeater.

  3. Is it possible to perform a LOCAL attack similar to KRACK or BlueBorne on one of the 10-ish client devices, that would have allowed the intruder to read the WiFi password off one of these clients, thus compromising the network?

  4. The extended network shows a security setting of [WPA-PSK-CCMP]-TKIP, in addition to [WPA2-PSK-CCMP]-TKIP. Whereas the original networks only have [WPA2-PSK-CCMP]-TKIP. Is this a possible vulnerability?

I do know this question is broad – but I am dealing with a very real intrusion here. I would gladly narrow down the possibilities and subsequently the question based on guidance from the community

using HW random number generator as source of entropy

Currently I am using haveged on my server as source of entropy.

My Server is used as KVM hypervisor, to run virtual machines.

I did not use haveged at the beginning, and I noticed the VMs were draining the entropy pool from the server. Sometimes, when VMs were started SSH waited for enough entropy (to generate session keys, I guess).

Now with haveged, I don’t have this problem anymore.

But I would like to try to use a HW random number generator. I am not saying haveged is bad, but true HW random number generator can only make the entropy better. I have seen some HW RNG which work on basis of Geiger counter, some which collect noise from microphone, and so on.

Which are most reasonable to use ? Could somebody perhaps recommend some specific one ?

Ideally, I would like it to be connected over serial port. Second best would be over USB.

Bing/msn bots is heavily requesting random of my website

I am facing a big problem with my server. I have a website that keeps getting massive page requests coming from “Bing/Msn” bot every second or two and the ip changes now and then. Which is putting a heavy load on my server.

My CPU is constantly over 90%

I tried to block the bot from htaccess and robots.txt but they don’t seem to have any effect.

If anyone has an idea how to defeat this it would be much appreciated.

Thank you in advance

Wordfence live traffic

If current time in milliseconds is considered good enough random seed for a pseudorandom number generator, why not just use that time directly?

I was reading about pseudorandom number generators and how they need a seed and how that seed is usually current system time in milliseconds. One of the most common algorithms is the linear congruential generator, which is an algorithm that based on some fixed constants and this seed through some mathematical computations gives the final pseudorandom output.

But what are the disadvantages of using this time directly as a pseudorandom number?