System for really large group one-shot?

Every year, my youth group pulls an all-nighter.

Given that we do these in church and at night, with a group of 15-20 people, I think this would be the perfect environment to do a group Murder Mystery campaign, where I’d introduce some sort of moral debate – for example, have an Angels & Demons sort of plot, with several religious members being killed, and, in your search for the killer, you have to look into their motivations and debate the sins of the church itself.

I have some experience with D&D but I really don’t know of any other formats, much less ones that would work with a group this big (in terms of logistics, it doesn’t make sense for people to have to create very complex characters or work with a lot of rules). I also like the idea of a LARP, because it would make more sense for the people who’ve never played any RPGs.

Does anyone have an idea of where I could start looking for something like this?

Is my VPN traffic really being routed through all these strange networks? [closed]

I use the client of a reputed paid VPN company. With each server location I connect to, the log tells me I am instead connecting to networks completely unrelated to the company and the country of the VPN location. But when I check my external IP address, my expected VPN location is returned. So it appears that my traffic is being routed (and logged?) through these strange networks, yet when I try to block them in the firewall, it still connects successfully, making me wonder if I am not connecting to these networks after all or if the firewall is unable to block the connections. Even if no shady routing (MitM) is actually taking place, the question remains: why are those IP addresses showing up in my logs? The signatures of both the VPN client and OpenVPN are valid.

I contacted support, and although they expressed concern, I couldn’t get any explanation in 30 minutes of chatting.

Here’s a redacted transcript of a log. Is there a possibility that my traffic isn’t actually being routed through those networks?

`==============================================

Connecting to Some VPN country - Some VPN city, ip: **SPOOKY IP**, protocol: tcp ... Sat Jul 25 15:47:01 2020 OpenVPN 2.4.7  ... Sat Jul 25 15:47:01 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:55583 ... Sat Jul 25 15:47:01 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sat Jul 25 15:47:01 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sat Jul 25 15:47:01 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]**SPOOKY IP**:443 ... Sat Jul 25 15:47:01 2020 Attempting to establish TCP connection with [AF_INET]**SPOOKY IP**:443 [nonblock] Sat Jul 25 15:47:02 2020 TCP connection established with [AF_INET]**SPOOKY IP**:443 Sat Jul 25 15:47:02 2020 TCP_CLIENT link local: (not bound) Sat Jul 25 15:47:02 2020 TCP_CLIENT link remote: [AF_INET]**SPOOKY IP**:443 Sat Jul 25 15:47:02 2020 TLS: Initial packet from [AF_INET]**SPOOKY IP**:443, sid=xxxxxxxx xxxxxxxx ...  Sat Jul 25 15:47:02 2020 Peer Connection Initiated with [AF_INET]**SPOOKY IP**:443 ... Sat Jul 25 15:47:03 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.151.0.1,route 10.151.0.1,topology net30,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.151.0.102 10.151.0.101,peer-id 0,cipher xxx-xxx-xxx' ... Sat Jul 25 15:47:03 2020 OPTIONS IMPORT: data channel crypto options modified Sat Jul 25 15:47:03 2020 Data Channel: using negotiated cipher 'xxx-xxx-xxx' Sat Jul 25 15:47:03 2020 NCP: overriding user-set keysize with default ... Sat Jul 25 15:47:03 2020 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16) Sat Jul 25 15:47:03 2020 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16) Sat Jul 25 15:47:03 2020 Opened utun device utun2 Sat Jul 25 15:47:03 2020 /sbin/ifconfig utun2 delete Sat Jul 25 15:47:03 2020 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Sat Jul 25 15:47:03 2020 /sbin/ifconfig utun2 10.151.0.102 10.151.0.101 mtu 1500 netmask 255.255.255.255 up ... ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address  DNS setting update type: up DNS setting update type: up, completed  Sat Jul 25 15:47:03 2020 /sbin/route add -net **SPOOKY IP** 192.168.1.1 255.255.255.255 add net **SPOOKY IP**: gateway 192.168.1.1 Sat Jul 25 15:47:03 2020 /sbin/route add -net 0.0.0.0 10.151.0.101 128.0.0.0 add net 0.0.0.0: gateway 10.151.0.101 Sat Jul 25 15:47:03 2020 /sbin/route add -net 128.0.0.0 10.151.0.101 128.0.0.0 add net 128.0.0.0: gateway 10.151.0.101 Sat Jul 25 15:47:03 2020 /sbin/route add -net 0.0.0.0 10.151.0.101 128.0.0.0 route: writing to routing socket: File exists add net 0.0.0.0: gateway 10.151.0.101: File exists Sat Jul 25 15:47:03 2020 /sbin/route add -net 128.0.0.0 10.151.0.101 128.0.0.0 route: writing to routing socket: File exists add net 128.0.0.0: gateway 10.151.0.101: File exists Sat Jul 25 15:47:03 2020 /sbin/route add -net 10.151.0.1 10.151.0.101 255.255.255.255 add net 10.151.0.1: gateway 10.151.0.101 Sat Jul 25 15:47:03 2020 Initialization Sequence Completed ` 

Conway’s Game of Life: Is it really P-complete?

Wikipedia claims that the Game of Life is P-complete (or the decision problem version of it is; the function version, I suppose, would then be FP-complete).

Colloquially, P-complete and FP-complete problems are difficult, if not impossible, to parallelize. However, most software for evaluating the Game of Life is parallelized. The algorithms aren’t even that hard to understand. This seems to be in conflict. What is going on? Is Wikipedia wrong, or do I misunderstand something?

Cookie expiration time : Is it really necessary? [duplicate]

Why not cookies be just there forever? Why expiry time is needed? Unless the app is very security critical (like banking) I don’t find a reason to expire the session. Why irritate user frequently with auth ?

Should I have session expiration (X dasys since session created, X days since lsat visit etc) for my normal webapp?

When a user registers their mobile number during sign up, how can we verify that they really own the mobile number?

A lot of websites send a 4-digit or 6-digit one-time code to a mobile number via SMS or phone call when the user registers a mobile number on the website?

Is this a secure way to validate the ownership of mobile number? Are there any issues with it?

If it is not secure, are there any better alternatives?

What does the Tracker hireling’s Track skill really do?

In Dungeon World, there is a hireling skill-set called Tracker. It has two skills: Track and Guide. Guide is straight forward. However, Track doesn’t make much sense to me as I’ve never been good at understanding what Ranger-type classes were really good for. (I’m a city slicker; what can I say?)

The description for the hireling skill Track follows:

When a tracker is given time to study a trail while Making Camp, when camp is broken they can follow the trail to the next major change in terrain, travel, or weather.

What does it mean to follow a trail to a change in terrain, travel, or weather? Wouldn’t a change in terrain be obvious?

Dude: “Hey, look a mountain to the south-west.”

Tracker: “Hmm, yes, to reach a mountain to the south-west… we must travel, SOUTH-WEST!”

A change in weather?

Dudette: “Wow it sure is pouring rain! The clouds to the north seem less dark and rainy and the wind is clearly blowing south. I wonder which way we could possibly go to avoid this downpour.”

Tracker: “Hmm, I see you are in need of my specialized skills… if it is raining here, it is not raining to the north, and the wind is pushing our storm further south… we must head… NORTH! Yes, aren’t you glad you pay me?”

I don’t even know what a change in travel is.

I’m really confused with my .htaccess config

My directory structure is

- Assets - Dashboard    - index.php    - account.php index.php about.php verify.php 

What i basically want it to be:

  1. Remove the .php extension for example http://example.org/about.php should be http://example.org/about/ (including the trailing slash as well)
  2. If .php is encountered in the URL redirect it back to http://example.org/about/
  3. Instead of having the URL as http://example.org/verify.php?key=123456 it should be http://example.org/verify/123456
  4. Conditions to be met in sub directory as well for example http://example.org/dashboard/ should be the URL instead of http://example.org/dashboard/index.php

My .htaccess file looks like this

RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^([^.]+)$   $  1.php [L] RewriteRule ^verify/([0-9a-zA-Z]+)\.php /verify.php?key=$  1 [NC,L]  <FilesMatch "\.(jpg|png|svg|css)$  "> Header set Cache-Control "proxy-revalidate, max-age=0" </FilesMatch>   <Files .htaccess> order allow,deny deny from all </Files>  Options All -Indexes  ErrorDocument 403 /404.html ErrorDocument 404 /404.html ErrorDocument 500 /404.html 

Im really sorry for not giving much clarity.

I’m running it on localhost XAMPP web server.

  • Rule 3 and 4 works absolutely fine!
  • Rule 1 works fine but when it encounters the trailing slash it gives me a 404.
  • Rule 2 doesn’t seem to work.

Is there a really good and powerful website builder you would recommend?

Is there any website builder that is good and powerful enough for a blog with 100 – 200 posts?
It can be a premium version, just needs to be good enough, with very little bugs, and etc.

I am currently using SitePad and I am not really satisfied with how it handles some things, it has bugs, and blog acts weird

How much is a Gold Piece really worth?

I have been wondering what a gold piece is worth, due to the fact there are many things that cost the same, but in reality, are probably worth radically different prices, such as a Goat and a Whip, which both cost 1 gp.

What is a gold piece really supposed to be worth? Like, how would things be priced if they were in familiar modern monetary units instead of “gp”? That would give me something to base my adjustments to abnormal prices on, such as items not listed in the PHB.

Do the Secret Chats of Telegram really support Perfect Forward Secrecy?

In the Telegram API it is stated that Telegram support Perfect Forward Secrecy in their “secret chats”. It is also stated that

official Telegram clients will initiate re-keying once a key has been used to decrypt and encrypt more than 100 messages, or has been in use for more than one week, provided the key has been used to encrypt at least one message.

So my question is, in this case, if a session key gets compromised, is it possible for an attacker to read 100 messages (or possibly more)? If yes, can we still say that perfect forward secrecy is satisfied here?