Can a slowed or staggered character take a 5-ft step?

Both Slow spell and staggered condition restrict characters to a single standard or move action per round.

Pathfinder seems more precise, explicitly adding to staggered condition (which is, in Pathfinder, the effect of the Slow spell) that you can take free, swift and immediate actions.

Meanwhile, 5-ft step is a miscellaneous action. Is it allowed, by RAW, to make a standard action and a 5-ft step (provided that half speed is greater than 5ft) when slowed?

SQL Server Agent – Report Failure but continue When intermediate step fails

I have a SQL Server Agent job that has three steps with the following control flow:

  • Step 1 – on success – Go to next Step. on fail – job fails
  • Step 2 – on success – Go to next Step. on fail – Go to next Step
  • Step 3 – on success – report success, on fail – report fail

However, What I want to happen is, if step 2 fails, run step 3 but report that the job has failed (regardless of whether step 3 is successful or not)

The only way I can think to do this is as per the screenshot below which duplicates the final step but the duplicate step reports failure if it succeeds

enter image description here

Is there a better way of doing this?

Step by step guide for doing Wireguard VPN security and setup properly, for Android phone to LAN

Truism: Doing security right, is subtle and full of snags for the clueless.

Concern: I haven’t ever set up a connection between 2 computers using RSA/SSH keys or certificates, in my life. Realistically, I’m very aware of the theory, and I’ve read most of the steps piecemeal in security writeups, but for practical purposes, I’m still one of the clueless (for now).

Conclusion: Step by step help appreciated, so I do my Wireguard setup right, and also begin to learn “properly” and gain confidence for future connections (whether they are certificate or key based – SSH, 802.1X, web HTTPS certs, etc).

My setup

I’ve tried to follow the principle that what I can’don’t know enough to do reasonably safely, I at least try to avoid and not do insecurely.

LAN gateway – runs OPNSense FreeBSD soft router (fork of pfSense running on HardenedBSD, a hardened derivative of FreeBSD, so I can use pfSense analogies and find the same functionality on mine if needed). There’s separate NICs for wired and wireless LAN. Almost all wireless traffic is blocked from the LAN, so I’d open a port for “trusted device” traffic and then limit its access according to minimum needs (no help sought on that).

Wifi AP – The router’s wifi NIC is connected by ethernet to an OpenWRT Wifi router. Because it’s got virtually zero access to the LAN (ping router NIC and reach one dumb isolated printer server IP/port) and can only reach the WAN, there’s actually no security on this at all at the moment (I don’t have a problem running an open wifi network where I am; I’m also running a public tor exit node on one IP on the LAN).

Network services – DHCP4 and Unbound (resolver) on the router. No AD/directory services. No certificates/CA/RSA in use currently except automatically created ones for router/file server WebUI etc. Password based logins (ugh! Hope to learn + fix that someday!).

Mobile phone – Runs LineageOS 16 (Android Pie) with MicroG (FOSS Google services package replacement). Would like to move to 802.1X but again, lack knowhow of the certificate or key setup process done right.

VPN software – Wireguard seems quite well suited to my situation – I use public transport a lot, and theres a lot of intermittent disconnection and short lived reconnects, so a FOSS VPN that needs less config, auto uses decent tunneling setup, seems well reputed, and is designed for quick reconnects, seems better for me than, say, OpenVPN, although I’m sure both would work.

VPN endpoint/IPs – The VPN terminates on the OPNSense router so the open Wifi device isn’t an issue. The LAN uses 192.168.0.0/16, with 192.168.0.1/20 allocated for router, static, DHCP, and all non-VPN devices. So I can use 192.168.32.0/24 for any VPN-connected devices.

Broadcast domain – I’d like to have level 2 OSI broadcast not just switching, I * think * this is typical with VPN but not sure? I don’t expect broadcasts to flood the network 🙂

Likely usage/purposes

  1. SSH/FTP/SMB/RDP/ADB-over-TCPIP and perhaps media streaming between phone and LAN devices. Moving 20-40 GB dirs between phone and file server will become much quicker if I can use Wifi (when available) instead of waiting till home and using USB/SDCard.
  2. VPN tunnel to route all phone network traffic via LAN when away from home when using unknown wifi networks
  3. Moving some functionality from phone to LAN (Example: calendar/notes/feed via a LAN-based web server rather than locally as phone apps).
  4. Once more confident, doing similar for laptop, to allow remote working from laptop via VPN to LAN via RDP.

VPN security choices

A large part of any key/cert setup is about “how secure/hardened do you want to make it?” To make this simple, assume “hard enough that I probably don’t have to worry for 15 years”, other than deal with any publicly identified vuls (which I’ll leave to the software writers to fix). Assume plenty of CPU power for more rigorous at both phone+LAN ends, and roughly, enterprise level rather than home LAN style security for the VPN aspect. Meaning, I’d like to begin learning to do it right, even if patchwork/piecemeal at first (I’d like to avoid “no point in doing much, as more serious vuls exist”).

So I’m happy to use RSA 4096 rather than 2048, or more processor intense but secure algorithms; if a cert is needed, I’d rather have steps that create an intermediate CA so I can keep my top level CA totally offline. If there’s additional hardening options that a conscientious security pro would choose for say, CEO/CFO of a SME size business, that’d be about my kind of level.

Threat model

Mobile phone – overall I’d treat it as trustworthy. AFAIK I haven’t ever had a security issue with it, or an unsafe app, and in a way it’s unavoidable that I need to trust it somewhat. I can also set rules to block all but limited usage, either in the router or in my main servers, so that it’s got limited capacity for usage/harm and no root access to any device even if exploited. But that’s separate.

Connectivity/tunnels – I don’t feel comfortable just with WPA2/PSK. I’d like to ensure its the actual expected device, via some form of mutual authentication, if there’s a way to do it. Hence even where I can trust the network, at home, I’d like not to just connect via WPA2, but only via VPN, even if I’m going to access the LAN from my phone while at home, using my home router.

Own ignorance of correct setup+security processes/good practices for this – See below. I think this, and threats arising from it, are the main risk. I’m especially thinking, if I open the LAN to one device, I’ve potentially opened it to all, so I need to make sure I do only open it to that one device, as best I can, and not to others. I think that’s the biggest risk, and the motive for the question.

SUMMARY WHAT I AM HOPING FOR

I’m worried about my “Unknown unknowns”.

I don’t know what keys/certs I might need, nor how to correctly generate them. There are writeups but not a good start-to-end walkthrough I feel comfortable with. Basically, what recommended software+commands to use? What is good practice for the settings/CLI options/config used to generate them? What .conf settings should I also consider setting in Wireguard’s server/client?

I also don’t know which if any keys/files to generate on a “known safe” machine, and which if any files generated, should be stored airgapped/offline. I think it’s pretty much that simple.

So what I’m hoping for is a step by step recipe for my 1st time. A bit like this –

“Use package X or Y on BSD. These are the important switches/config choices. Use (or don’t use) a password. These are the commands to run on package X, or these commands on package Y. 3 files/keys will be generated. Put this one here and that one there. Hide this one on an airgapped system or USB stick. Configure Wireguard server/client .conf with these extra options. Done.”

I’d like to use CLI packages such as OpenSSL (already installed) rather than the router’s built-in GUI functionality, to generate any keys/certs, as this will help me be more competent in future.

Hopefully if I get this right, I’ll also learn quite a lot of what I need, to do other (certificate|priv+public key) based connections like 802.1X and SSH properly, both between the mobile devices and the OpenWRT bridge, and between LAN devices, and also be well on my way to getting RADIUS or other AAA running at some time to harden the LAN a bit more internally.

Does the Way of Shadow monk’s Shadow Step feature count as a magical ability?

The Way of Shadow monk’s Shadow Step feature says (PHB, p. 80; emphasis mine):

At 6th level, you gain the ability to step from one shadow into another. When you are in dim light or darkness, as a bonus action you can teleport up to 60 feet to an unoccupied space you can see that is also in dim light or darkness. You then have advantage on the first melee attack you make before the end of the turn.

In D&D 5e, does Shadow Step count as a magical ability? Or is it more of the ninja-like reflexes using those abilities to move within shadows? I get the word used is “teleport” which, in the general D&D world would be considered magical, but based on the context, it doesn’t seem to be a magical ability.

For example, on the D&D Beyond website, in the text description of Shadow Step, the word teleport is not linked to the teleport spell, whereas Cloak of Shadows does reference invisible as a link. Also Shadow Step is not under the Shadow Arts section where Ki can be used to duplicate certain spells. These separations make me think it’s not really magical.

I’m asking specifically regarding its use in the Waterdeep: Dungeon of the Mad Mage adventure. My understanding is that all magic doesn’t work the same way in there so wondering if Shadow Step would be affected there seeing how it’s not mentioned as a spell and/or magical.

Ubuntu installation skips a step

I’m trying to replace my current OS (Windows 10) with Ubuntu 18.04.

I followed this guide to create a bootable USB (I used Rufus 3.8).

After that, I followed this guide to install Ubuntu but installation skips the 6. Allocate drive space to a partition window without anything available.

The only solution I found to this problem was that the ISO might be corrupted, but I verified the sumchecks and they were OK.

What can I do?

What parts does a design system have, how to support development? some documentation with step by step examples uu

I’m just starting in the world of ux, I would like to know what a design system has I have read but I still don’t understand, the only thing I have been able to do is create some components in figma and choose the letter size and message tables but nothing more, I don’t know how to make the grid , so: c I would like to know about the experience of those who have built a design system I want to be able to help the front end. thanks in advance 🙂

extundelete: what’s the next step after “unable to restore”?

I have this 150Gb compressed file I accidentally deleted on an ext4 file system (running Ubuntu 16.04). Unfortunately, I only realized my mistake after a couple of days and about as many reboots. I burnt a LiveCD and tried this:

ubuntu@ubuntu:~$   sudo extundelete /dev/sda3 --restore-file really_big_compressed_file.xz NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 7189 groups loaded. Loading journal descriptors ... 30218 descriptors loaded. Unable to restore inode 19017642 (really_big_compressed_file.xz): No undeleted copies found in the journal. Unable to restore file really_big_compressed_file.xz extundelete: Operation not permitted while restoring file. extundelete: Operation not permitted when trying to examine filesystem 

What’re my options at this point?