## Show postcondition i:=i+1 using Hoare assginment rule

as far as I understand the hoare assignment rule works like:

``{i+1=3}i:=i+1{i=3} ``

E.g. to get the precondition I take the postcondition {i=3} and replace every occurence of i against i+1.

But what if i want to show that if i holds a certain value before

``{???}i:=i+1{i=i+1} ``

that after the assignment i is increased by one, i.e. {i=i+1} is true? I cant replace i against i+1, otherwise i will get something like which is

``{i+1=i+1+1}i:=i+1{i=i+1}  {i+1=i+2}i:=i+1{i=i+1}       i+1=i+2 is not equal ``

Another example:

I want

``{i=0}i:=i+1{i=1} ``

But replacing i against i+1 in the postcondition I get

``{i+1=0}i:=i+1{i=1} ``

Something like

``{i=i}...i:=i+1{i=i+1}      ``

would be good

## How to exclude rule 930120 for google oauth

I’ve this error:

``ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `lfi-os-files.data' against variable `ARGS:scope' (Value: `email profile https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/useri (16 characters omitted)' ) [file "/usr/local/owasp-modsecurity-crs-3.0.2/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "84"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "2"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "a.a.a.a"] [uri "/***/create_account_oauth.php"] [unique_id "159608684932.394214"] [ref "o53,8v144,116t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase" ``

and I’ve created this exclusion rule for that:

``SecRule REQUEST_URI "@beginsWith /***/create_account_oauth.php" \         "phase:2,log,pass,id:19023,ctl:ruleRemoveById=930120" ``

what I’d like to do is to refine the exclusion for googleapis only. I’m think chaining the rule with another one to match googleapis in the data field. Is that what you’d recommend? It seems difficult to find resource on chaining. Can someone please help? Thank you.

## computing the run time of random algorithm based on metropolis hestings rule

How do you compute the run time of your algorithm, if you know you want n samples; your sampling method is based on metropolis heastings, so you have long does it take for the algorithm to give you the desired n samples?

## How does the optional Healing Surge rule interact with other uses of hit dice?

There is an optional rule in the DMG (p. 266-267) for Healing Surges:

As an action, a character can use a healing surge and spend up to half his or her Hit Dice. For each Hit Die spent in this way, the player rolls the die and adds the character’s Constitution modifier. The character regains hit points equal to the total. The player can decide to spend an additional Hit Die after each roll.

A character who uses a healing surge can’t do so again until he or she finishes a short or long rest.

Under this optional rule, a character regains all spent Hit Dice at the end of a long rest. With a short rest, a character regains Hit Dice equal to his or her level divided by four (minimum of one die).

The rules for a Short Rest (PHB p. 186) state:

A character can spend one or more Hit Dice at the end of a short rest, up to the character’s maximum number of Hit Dice, which is equal to the character’s level.

This leads me to two questions about how these things interact:

1) If a character has spent Hit Dice on a Healing Surge, can he or she still spend additional Hit Dice at the end of a Short Rest? (I think yes.)

2) What is the order of things happening “at the end of a short rest” — does the character regain level/4 HD first, and then might re-expend those immediately, or does he expend as many as he or she wants and has left first, and then regains level/4?

## Are there any game breaking consequences in this multiclass house rule?

Follow up to this question.

So, as stated in that question, I feel that it is quite weird that a 3rd level paladin + 2nd level Ranger is not equivalent to a 5th level Half-caster (such as a 5th level Paladin), but weaker (being equivalent to a 4th level Paladin).

With that in mind, I intend to use the following multiclassing house-rule for determining the spell slots:

• Sum the levels of the half-casters first. So, in the example, 3 + 2 = 5.
• Divide by two. (Divide by three for Arcane Fighter/Rogue – both after summing them together as well).
• Round it to closest integers, rounding .5 up.

Obviously, this only applies to classes that actually have the spellcasting feature, i.e., the Paladin and Ranger should be at least 2nd level, and the Fighter or Rogue should be at least 3rd level.

Such an idea is not novel and already appears in the Artificer, which is explicitly described as having its half-caster levels being rounded up.

From my understanding, this house-rule will mirror the behavior of single class spellcasting of half-casters and third-casters more closely (not entirely – rounding up would mirror it perfectly). Is there any weird edge case that I am missing that would make this house-rule imbalanced in any way?

The only reason I round to nearest integer rather than directly rounding up is that a 4th level Arcane Fighter would contribute as much to the spellcasting as a 4th level half-caster. Although this is what happens in single class, my gut feeling was that this would make dipping 4 levels in a Fighter, for example, be considerably stronger than before, since specifically 4th level also includes an ASI.

## Inaccurate Suricata ET rule (SID: 2030388, CVE-2020-11900)

I found too many event on suricata after recent update regarding this rule:

``alert ip any any -> any any (msg:"ET EXPLOIT Possible CVE-2020-11900 IP-in-IP tunnel Double-Free"; ip_proto:4; metadata: former_category EXPLOIT; reference:url,www.jsof-tech.com/ripple20/; classtype:attempted-admin; sid:2030388; rev:1; metadata:signature_severity Major, created_at 2020_06_22, performance_impact Significant, updated_at 2020_06_22;) ``

This is strange because it match with all packets with IPIP protocol (ip_proto:4)!! Also i found another rule from Carnegie Mellon University’s CERT (link):

``alert ip any any -> any any (msg:"VU#257161:CVE-2020-11900 IP-in-IP tunnel Double-Free https://kb.cert.org"; ip_proto:4; sid:1370257161; rev:1;) ``

But same issue is exists here!

## Would this Point Buy house rule for Maid character creation work at all?

Recently we’ve started a maid game here on the stack and we have a huge disparity of stats between the players, one of them has barely average stats, while some of the other players are pushing fours and sixes in abilities because of great rolls during generation. We have found that the standard rule that characters with good stats get fewer maid powers is insufficient.

Would a point buy system work in Maid RPG while still being able to attain the same level of play in Maid games? Using the favor base presented in the handbook I’ve come up with the following figures for point buy statistics. The standard array in Maid would be 1,1,2,2,3,3 or you could buy points at the following costs, with 200 starting favor:

0: 0 points
1: 10 points
2: 30 points
3: 60 points
4: 100 points

With the stipulation that any favor points not used during point buy are lost. Does a system like this function properly in the Maid system provided the Maid characteristics (Boyish, Sexy, Lolita, Pure, etc.) were rolled after (and only after) a character has distributed their points as they wish?

## Algorithm to check gibbs phase rule

I am looking for an algorithm to solve the following problem. I am unsure whether to post this in computational science or here, but since this is an algorithm I thought I would try here first.

I have a set of species made from a number of components.
Let’s number each component $$0, 1, 2 … n$$.
So now each species can be described as a set of these components.

I am given a set of species, and I need to check whether any subset of these species fulfills the following condition: that the number of species in this subset is greater than or equal to the number of unique components in this subset.

For example: the set of species {[0, 1, 2], [0, 2], [1, 2]} fulfills the criterion, as the set has 3 species and 3 unique components. The set of species {[0, 1, 2], [0, 2], [1, 2], [3,4]} also fulfills the criterion, as a subset of the set fulfills the criterion. The system {[0, 1, 2], [0, 2]} does not fulfill the criterion, as there are 2 species and 3 unique components.
In case it is relevant: there can be many species (40-50) and components (10-20) but the number of components per species remains relatively small (2-5)

Can this be done with polynomial time complexity? It seems kind of similar to the set cover problem, so I don’t have much hope.

## Is this house rule to balance the college of whispers bard balanced?

As a player and a dungeon master, I feel like the Psychic Blade of the college of whispers bard is really unbalanced regarding the Sneak Attack feature of the rogue.

First of all, they mostly does the same amount of damage… But the Psychic Blade does psychic damages, where the sneak attack’s damage type is the one of the weapon (bludgeoning, piercing or slashing). The problem is that psychic damage is one of the less resisted type of damage, where bludgeoning, piercing and slashing damages are the most resisted type of damages.

Second, Psychic Blade is way easier to trigger than Sneak Attack, only needing to spend a Bardic Inspiration (which come back on short rest after level 5) and you have it, where Sneak Attack require advantage or an ally to use it.

So, looking those elements, I decided to replace the cost Bardic Inspiration of Psychic Blade with a condition. To use the Psychic Blade feature, you don’t need to spend a Bardic Inspiration, you need advantage on charisma check against your target, be under the Mantle of Whispers feature effect, or the target have to be frightened or charmed before the attack hit.

To me, it keep the flavor of a bard that is also a killer, still synergyse with the others college of whisper features, but make it a little bit harder to the bard to have the Psychic Blade. But is it balanced?

## What rule system handles fully automatic firearms the best?

I know it is a subjective matter, so let me specify a bit:

• Full automatic fire encompasses all modern and future firearms with some form of recoil (lasers out of scope)
• The attacker is sending multiple projectiles downrange. This includes 3 round burst, long burst, suppressive fire, etc
• the focus is on infantry sized weapons. The combat dynamics of i.e. fighter jets is so much different it makes no sense to try to squeeze them in under the same set of rules

How I define good:

• it encourages cooperation it the team. Covering fire, bounded overwatch, etc. are the primary tools of small unit tactics
• it is reasonably elegant. Rolling a skill check for all the bullets in a 30 round burst is too complicated, but some extra rolls or bookkeeping is acceptable
• it captures the key compromises an infantryman should consider (i.e. long burst makes no sense on a longer range, but devastating from up close), but not all the physical factors of muzzle rise, recoil, etc