Is there an official source for the properties of stone?

The issue comes up mainly in relation to the spell wall of stone, which states that:

A nonmagical wall of solid stone springs into existence at a point you choose within range. […] The wall is an object made of stone that can be damaged and thus breached. (PHB 287)

The wall is a nonmagical object from the moment it is created. This, to me, reinforces that it is ordinary stone, with all the properties of it. However, the spell unhelpfully neglects to inform us of many of its properties, in particular any damage threshold, resistances and immunities.

Objects are immune to poison and psychic damage. You might decide that some damage types are more effective against a particular object or substance than others. […] Big objects such as castle walls often have extra resilience represented by a damage threshold. (DMG 247)

While we can make up our own ruling, I am interested whether we got any official information that can be applied here.

Is there any officially published material that describes the properties of stone, especially a wall and its resistances, immunities and damage threshold? If yes, what does it say? Bonus points if that wall was created by the spell wall of stone.

Can you get “Flurry of Blows” (or “Decisive Strike”) from a source other than Monk?

Closely related to this question; I want both Flurry of Blows and Decisive Strike on the same character. Decisive Strike as the main combat strategy for the build, and Flurry of Blows because it’s a requirement for all the feats I can find that would let me Decisive Strike with the weapon I want to use (mind blade, though short sword or longsword would also work).

Are there any classes/feats/etc. other than Monk that grant the class feature “Flurry of Blows”? (It has to be called exactly that, or otherwise count as FoB for prerequisites.)

Or are there any classes/feats/etc. other than Monk that grant an ability like Decisive Strike? This one doesn’t have to be as exact; I just want a shtick like this as my main combat strategy. I would prefer to do so with Decisive Strike from Monk, because this is supposed to be for a Monk competition, and just having FoB for the sake of saying I do while using an unrelated shtick in combat would be lame.


For the sake of completeness, the feats I know of that could make the mind blade a monk-special-weapon are Flowing Blade (web), Unorthodox Flurry (Dragon Compendium), and Whirling Steel Strike (Eberron Campaign Setting). Note how all three have “flurry of blows class feature” as a prerequisite.

Phishing attempt?? – EML attachment from a “trusted source” might be urgent and important, or malware / phishing

I don’t usually feel competent enough to ask decent questions, let alone answer one here. But, this is rather urgent, so please be patient with me:

I CANNOT tell if the “secure encrypted message” I got in an email from a “state agency” was genuine or malware! I was somewhat (reluctantly) expecting an email from that department and their email signature appeared genuine. Unfortunately, they may or may not have attached that file, which purportedly contained the message body as an *.EML “secure attachment message”.

I couldn’t open the secure message attachment, which was the first clue of something amiss. (I also do NOT want to call them, and then have them read me the message, which would trigger a conversation I’m not prepared for, without first knowing what the message was about.)

As I started working hard to open the attachment. As I failed and researched more, my findings appeared more and more ominous. I will keep this question UPDATED with any missing details.
SUMMARY:

  • Received seemingly valid email from a known state agency, known person, known division I do business with.
  • Plain text message body:
    “Please find the attached.” [?? Odd wording –> “‘FIND‘ the attached” ??]
  • The [real] message was attached, encrypted, and only viewable by the email recipient that it was addressed to. The attachment then had to be opened by the email client, (Gmail-web). I’ve done this before once or twice, so it is a pain, but not unheard of.
  • Email ATTACHMENT was then “viewed in a an NEW WINDOW” in Chrome and Vivaldi with similar if not the same results: https://mail.google.com/mail/u/0/?????????????..[etc.]/: WHICH SAID:

[ERROR MESSAGE FROM GOOGLE MAIL:]
“You are viewing an attached message. COMPANY Mail can’t verify the authenticity of attached messages. Your document has been completed”

“VIEW COMPLETED DOCUMENTS:”
[LINK GOES TO: https://www.notion.so/(KNOWN_AGENCY_-_GUID)/]

“Ms. [known person]”
“[Known State Agency]”

  • After clicking on the link from the popup shown above, it opened a new TAB in my email browser’s page at this URI: https://www.notion.so/(KNOWN_AGENCY_-_GUID)/ which said the following:

“[KNOWN STATE AGENCY]”
“This PDF is password protected ,”   “[KNOWN PERSON] sent you an important vital file to review.”

“REVIEW FILE HERE:”
[LINK GOES TO: https://fafanfan.tk/000/nsw/data/UntitledNotebook1.html ] 

“Please take a look and let me know if these are ready to print.”
[ HUH?? Why let you know?? And, why print, instead of view?? ] 
“Kindly open with your professional email.”
[ HUH?? “Kindly”, “Professional email”?? Who talks like this?? ]
“Login with your email and password to view file.”

  • So, then I clicked on the email link and TRIED to log into my company GMAIL account.
  • It appeared to log into my account successfully, but then said I had to verify my account and to provide [either the] recovery phone or recovery email address
  • I provided a valid phone #, which failed with an error.
  • Then I tried my valid recovery email address, which also failed with an error.
  • I tried both Vivaldi and Chrome, and all failed each time. (I assumed that it opened a window without cookies, so the login to Google was from a new, unknown page.)

At this point, I started Googling the URI’s and other things —

  • Hmmm strange domains [TLD].TK ?? Searched the URI = NO hits.
  • Searched [TLD].TK — not good — It said 95% of the .TK traffic is malware / spam.
  • Searched the other URI shown above = NO hits. NOT cool.
  • I changed all my email PW’s. I checked for odd logins, but saw nothing odd. (If I provided my credentials to the bad guys, they are a bit slow today. So maybe I dodged a bullet.)
  • I Checked/scanned the downloaded file with Windows Defender — no detection
  • I submitted the file to Virus Total — no detection by anyone.
  • I also submitted the two URI’s shown above, and came up with only one hit from an unknown security company, who likely flagged the *.TK as possibly a “bad URI”.

At this point, I’m not at all sure what to do… I do NOT want to call them and start a conversation that might later deny “plausible deniability that I received this notice”. OTOH, I can’t ignore it too long, either.

RANT: I hate all these “protections”, that invite malware to be easily inserted. Then, you are relying on ordinary users to figure out if the attachments are safe?? Few users are smart enough, and I know that I’m not. (Although I’m not a total security idiot, as I’m more cautious and knowledgeable most than anyone I know.)
If Adobe wants to provide tools like this, fine. Then please make it much easier and obviously safe for both senders and [very novice] readers. For instance, use Adobe.com URI’s and never TLD’s that are also used for malware. If providing security tools, please don’t rely on these agencies’ IT staff to try to train equip their users to properly use these tools with the public, most of whom have never opened a “secure attachment”, let alone know how to open them (OR NOT), safely.

Open source project using encrypted API keys

My API keys are encrypted with AES256 and will be decrypted in the code pipeline for a new release for every change to the repo (no more manual builds and no more manual upload to appstore). ( https://docs.travis-ci.com/user/encrypting-files/ )

- openssl aes-256-cbc -K $  encrypted_key -iv $  encrypted_iv -in secrets.tar.enc -out secrets.tar -d - tar xvf secrets.tar 

but if the project were open source with a CI/CD pipeline ( https://github.com/Triple-T/gradle-play-publisher#encrypting-service-account-keys )

then what will prevent an incoming PR which triggers the code pipeline to print the decrypted files in clear text?

i.e. assume that the project is open source and we did encrypt the API keys. then an incoming PR will still trigger the Travis pipeline and could output the keys in clear text like this

- openssl aes-256-cbc -K $  encrypted_key -iv $  encrypted_iv -in secrets.tar.enc -out secrets.tar -d - tar xvf secrets.tar - cat api-key.json 

any ideas how to prevent such a scenario ? or did I misunderstand ?

Is there any difference between original prints and PoD (Print on Demand) source books?

Regarding source books by Onyx Path/White Wolf (for the World of Darkness), is there any difference between original prints and PoD (Print on Demand) source books?

Basically, is there a way to know if a source book is an original print? Are there any differences in paper or print quality? Are there other ways to tell them apart?

what the trustworthy way to verify the integrity of source code?

In some of the organizations, takes the hash value of source code build to maintain the integrity of source code review process.According to reviewer if you change the source code than the hash of that source code is changed. But what about when we zip that source code files than also hash of that source code build is changed.

So, My question is

1) I am not sure this method fulfill the requirement of integrity check ?

2) Is there any alternatives for such kind of integrity check ?

Are the pre-compiled binaries in open source projects safe to use? [duplicate]

It seems that the author of a project can upload arbitrary binary files on the release page, and I don’t see a way to verify that the binary is actually built from the source code without malicious modifications.

Surprisingly after some search, I did not find discussions on this potential issue. Is it that I’ve missed something, or people simply just trust those binaries?