Circumventing inbound traffic rule by faking reply traffic

My question is about security groups/firewalls and protecting a virtual private cloud from the external world. Here is a description of VPC default policy for inbound/outbound traffic (on AWS):

Each security group by default contains an outbound rule that allows access to any IP address. It’s important to note that when an instance sends traffic out, the security group will allow reply traffic to reach the instance, regardless of what inbound rules are configured.

I was wondering if there exists an attack vector where a malicious user tries to circumvent the VPC’s inbound policy (i.e. block all traffic) by tricking it into thinking that the incoming traffic is a “reply” traffic? Does such attack have a name in the literature?

I can also think of a scenario where a target machine T (within a VPC) sends a request to some valid server V, but the malicious user M sends a malicious response to T (tricking it into believing that it comes from V) before T receives the actual response from V, thence circumventing T‘s inbound traffic policy.

Is a critical failure on a natural 1 a rule or house rule?

There’s a question about this relating to 3.5e, but I couldn’t find one for 5e.

According to RAW, is a natural 1 a critical failure? And if so, under what scenarios does it apply, and what is the expected result?

One of my players is dissatisfied with my calls relating to 1’s* but I don’t have my books handy and I’m having trouble figuring out if the whole shebang is a very popular houserule or actually in RAW.

*I have a feeling that I am likely in the wrong here and it’s more of a same-page issue than a mechanics one, but I want to check what the book’s ruling is before we sit down to have a conversation about it. Our table dynamics aren’t the question here; I just need to know the mechanics to make an informed decision.

John the Ripper / Hashcat rule, reject candidate if char at position X is the same as character at position Y

I’m using John to generate some word lists and I’m trying to figure out the most optimized way to do the next step. What I want to do is add ever possible 3 digit number to a set where the first digit of the number is not the same as the first digit in the set

Set example 123ABC

to add

+ 213 = 123ABC213 OK

+ 131 = 123ABC131 REJECT

I see rules that reject unless a string includes, but not a comparison function like this.

I could make the whole list and prune it after with a python script, but it would be way bigger than needed.

Thank you!

Is there any official rule softening power checks to NPCs in Ravenloft?

My players have scaped Aggarath to find themselves in Falkovnia. They started to walk to south trying reach Calimshan (they came from Toril) and instead, approached Aerie and had their first battle with a elite patrol of Talons. The session ended there and I begun to think about next plot. I readed ‘Death Unchained’ and 2nd edition Ravenloft campaign books and was creating Aerie’s leader character, Rudolph, a young Talon of Taladas, ‘today’ 64 years old, when I realized he had to be already a monster (minimum stage X – demilord serving Drakov). Torture is an automatic power check (‘+’ in table 16 of ‘Domains of Dread’). Worst, the entire military of Falkovnia (just in Lekar, more than 3000 human beings), certainly is already partial physical monsters. Drinking Drakov’s potion is not a pass to commit torture without ‘punishment’ (mainly because the NPC knew what Talons do and choose to be above peasants). So, even with certain high death rates among military, any official rule softening power checks to NPCs in Ravenloft or Falkovnia is a nest of future darklords?

Is sending an Email without any PHI violates HIPAA privacy rule?

I am evaluating options to choose email providers for a HIPAA compliant web application. I understand that, if the email contains any form of PHI, it would be violating the HIPAA rule especially if the email is not encrypted.

What if the email that is been sent only contain a link to login and nothing else ? Would it still be violation of HIPAA ? I am concerned about the part that email being identified as PHI from the list of PHI’s. So, would the recipient email address itself would be considered as a PHI and violate HIPAA ?

Assumption Rule in Dependent Type Theories

I am reading an introductory book on type theory and formal proof, I get confused with the assumption rule:

If $ \Gamma\vdash A: Type$ and if $ x\not\in FV(\Gamma)$ , then $ \Gamma, x:A\vdash x:A$ .

My questions are:

(1) If $ y:A\rightarrow\perp$ is an assumption in $ \Gamma$ , then does $ \Gamma$ derives $ A:Type$ ?

(2) If (1) is the case, shall we extend $ \Gamma$ with the new assumption $ x: A$ ?

I think there must be some clearer explanation for the conditions of application of the assumption rule, but it is at least not clear from the introductory book I am reading. Thanks!

Paged/Pagination Not Working on URL Rewrite Rule

add_action('init', 'do_rewrite'); function do_rewrite(){     add_rewrite_rule('^shop/men/?$  ', 'index.php?post_type=product&product_tag=men', 'top');     add_rewrite_rule('^shop/men/page/([0-9]{1,})/?$  ', 'index.php?post_type=product&product_tag=men&paged=$  matches[1]', 'top');     flush_rewrite_rules(); } 

The first rewrite rule works great. goes directly to with the post_type and product_tag filtered as expected.

Now, if I go to

The query and filters in the url, including the new paged of 2, works as intended.

So I assumed my rewrite rule would work the same. But instead it just goes straight to my 404 Page Not Found Error Page.

When I do go to the link with the paged=2 query in the url, it does do a redirect to

So my best guess is that there may be some overlap of some sort causing the issue… but I am not sure where to go from here. How can I get my paginated rewrite rule to work with the url .../shop/men/page/3 and so forth in my add_rewrite_rule?

Can I let a single PC use the Spell Points variant rule without unbalance?

One of my players (level 5 Druid) has been looking at the Spell Points variant rule in the 5th edition DMG (page 288) and wants to use it for his character. I’ve talked to the other players with spellcasting (a Wizard and an Arcane Trickster) and they would prefer to stick with spell slot. So,

  1. Would there be any problem in letting the Druid use Spell Points while the other PCs used spell slots?
  2. Would anyone be at a disadvantage by doing so (druid or other PCs)?

eLiquid & CCarter present SERPWoo – Destory Niches And Rule ORM Today

And now you’re thinking… what the hell’s  about to happen. 2+ years in conceptualization, 8+ months in  development… It’s time…
Have you ever wondered how some of these top SEOs seem to ALWAYS be  ahead of the curve. How can so many of them be ahead of world events…  There are 2 keys to this; first is to be a player making the world  events happen and second is to monitor world wide movement. We’re giving  you the first tool, in a line of many to come, to perform BOTH. ;)
There are dozens of big money niches, hundreds of money terms, and  thousands of competitors all vying for the same top 10 rankings. For a  long time, the kings of the serps have had some of the most  sophisticated monitoring tools available to them; and they’ve use them  to their advantage by dominating the rankings.
Now we give you the same tools. Monitor niches that matter to you, to  SEOs, to spammers, to blackhatters, to whitehatters, and any other web  marketers worth their weight.
eLiquid and CCarter present to you SERPWoo
Starting off at only $ 19.95 a month for SUPER Beta Testers (beta tester pricing is grandfathered in and locked for life – so get in on the beta asap).
It’s a quick way to see what competitors are doing for a keyword, how  have they moved up and down, hover over to see their (Ahrefs, Moz,  social signals and more. That screenshot doesn’t even do it justice as  to it’s power.
Wait a minute, what’s the difference between traditional rank trackers and SERPWoo?
Traditional Rank Trackers – Can’t really help you with your SEO strategy can they?
SERPWoo – See everything, manual reviews, updates, plus 3rd party metrics and A.I. bots that analyze data for you.
SERPWoo is a niche monitoring tool, the real missing tool that the  online marketing community’s been lacking. Unlike traditional rank  trackers which only allow you to track your site through the rankings,  we monitor ALL the positions that matter for your keyword so you can  have a better understanding of what’s really going on in your niche.
Overtime, the charts fill out and you’ll have a historical account of  who the real players are, with the ability to look up their backlink  profile from AHREFS, see their PageRank, Moz metrics, SEMRush stats,  Majestic data, and more – oh yeah, we aggregate this data in charts as  well.
So enough talking… As I update the threads with bumps, I’ll be giving  out more details, tips, tricks, and things we’ve got going on. Anyone  can create a free account and test drive it. We give you a nice size  list of default keywords which do not count against your current limit  with each account. But the folks that sign up who become SUPER Beta  Users will have more power, priority data requests, and access to each  new engine as they come online.
Just and fyi, there will be bugs, if you find them, just hit the  feedback button, and let us know. Also give us feedback on what you  like, don’t like, and want to see. Here is a quick list of coming  features:
1. Parasite detection –  Currently in infancy – this a.i. bot is learning the different signals  of a parasite, and once out of the sandbox, it’ll send global  notifications once one of it’s crawlers finds a new parasite, web 2.0,  new social and viral sites property that’s ranking in the top 20 of the  SERPs.
2. Time Portal – This is probably the most  badass feature and was probably supposed to be classified but… Anyways, the ability to go backwards in  time for most SERPs even if you weren’t tracking them. In Alpha stages,  the farthest back we’ve been able to go so far is 2007.
3. [ Classified ]- Regarding on-site…
4-10. [ Classified ] – [ SERIOUSLY Classified ]
Fun story about the most recent update, and how we were  able to see it a week before it happened… Grind was there… actually  I’ll save it for the next bump. Let us know what you think. I know, I  know, it’s a lot of information, sign up for a Super Beta Account and  open your eyes.
There is a lot more but I don’t want to overwhelm you guys with the  potential and what we’ve got going on within the tool for SUPER Betas.
– CCarter & eLiquid

Join @

P.S., Don’t forget to run and tell the haters… #DatFreeBump
P.P.S. Click to LOCK! Click again to unlock! <- this will be important later on…

Proving the language of a CFG with this rule [duplicate]

If I want to prove a language (e.g. $ L = \{ z \;|\; z \in \{x,y\}^*\}$ ) correct based on a context-free grammar, how can I do so if there exists a rule in the grammar

$ $ S \rightarrow xS \;|\; yS \;|\; \varepsilon$ $

I know that multiple applications of the rules $ S \rightarrow xS$ and $ S \rightarrow yS$ can lead to any string $ z \in \{x,y\}^*$ , but is there a specific way I can show this? I do not know how to articulate this step into my proof.