## OD&D said it could be played with 20-50 players and one referee. How was that expected to work and still be fun?

Original D&D is often the shorthand name for the 1974 Dungeons & Dragons, Vol. 1, Men & Magic, written by Gary Gygax and Dave Arneson. The section on “Scope” has this quote:

Number of Players: At least one referee and from four to fifty players can be handled in any single campaign, but the referee to player ratio should be about 1:20 or thereabouts.

This is mindboggling to me that a campaign, not just a one-shot, is expected to be able to work with one referee (a precursor to a Dungeon Master) and up to 50 players, although admittedly not as ideal as one referee and 20 players, which still sounds ludicrous to me. I find 8 or 10 players for one DM to be especially challenging to work with, particularly as you are trying to gauge if everyone is having fun, and I can’t imagine how this many people would be a practical or satisfying experience.

If nothing else, this many players would be a problem in that if each player is working quickly and takes an average of 1 minute (and we don’t have delays like dice rolling off the table), you’re going 20-50 minutes between turns.

How was this size of group expected to work out and still be a fun experience for everyone?

## Do modern operating systems still send targeted or directed Wi-Fi probe requests that contain SSIDs?

Do modern (versions of) operating systems, primarily Android and iOS on mobile, still send targeted or directed probe requests when searching for Wi-Fi networks to connect to?

Such targeted or directed probe requests contain the SSIDs of known networks, and may thus leak information about the sending device’s location history, the owner’s social relationships, etc.

According to this source, modern operating systems do not send these requests anymore:

Around 2014, the privacy implications of targeted probe requests started to become widely publicized and understood. Most new devices therefore stopped sending them. […] When the privacy implications of targeted request probes became widely appreciated, most new mobile devices stopped sending them altogether. […] Targeted probe requests are mostly a thing of the past.

Other sources, like this one or this one, seem to confirm that targeted probe requests are not sent anymore on the latest versions of Android, at least.

If this is indeed true, and perhaps also for iOS (and some desktop OSs), are there any press releases, bug tracker entries, security reports or code commits that confirm this?

Directed probe requests, as opposed to broadcast requests that don’t contain a network’s SSID, should only be necessary for hidden networks. The impact is stronger on mobile devices, where you tend to both have more known networks added to your device and broadcast that list in more places.

## How to still allow plain HTTP while preventing accidental use?

I have a website that must be available over both HTTP and HTTPS, however I only want people to use HTTP if they really need to (obviously). The idea I came up with is to have redirection to HTTPS, along with HSTS, on mydomain.com, and to offer plain HTTP on http.mydomain.com. I would ask search engines not to advertise my http subdomain, it should only be found via instructions on my site itself. This should prevent users from accidentally using HTTP and would also make the choice really explicit.

My question is what kinds of attacks I’m opening myself up to with this approach. Phishing attacks seem inevitable; an attacker might always trick a victim into using the insecure domain and hoping they won’t notice. I could show a permanent warning banner on my http site, but that would only help if the attacker is unable to modify the packets in flight. The second concern is DNS spoofing, where an attacker points mydomain.com to http.mydomain.com, or points http.mydomain.com to their own servers. However, more and more clients are DNSSEC-validating, and my website has DNSSEC enabled, so I’m hoping that attack vector will keep on shrinking.

Any things I’m missing? Is there a better approach to what I’m trying to do?

## Why does changing Texture of Particle System using Material Property Block changes texture, but Particle System is still emitting old texture?

I try the code in Start, checking in Editor shows new texture, but Particle System still emits old texture. The script works for SpriteRenderer, but not ParticleSystem. I tried to Play/Stop emission – no difference.

ParticleSystemRenderer renderer = gameObject.GetComponent<ParticleSystemRenderer>();     MaterialPropertyBlock materialPropertyBlock = new MaterialPropertyBlock();     renderer.GetPropertyBlock(materialPropertyBlock);     materialPropertyBlock.SetTexture("_MainTex", texture);     renderer.SetPropertyBlock(materialPropertyBlock);

Hiya – So per the suggestion on the sister site, I went to Captcha Sniper’s website, clicked purchase and selected I wanted to buy the software for $57 with bitcoin. It gave me the address to send my btc. I sent it and……….absolutely nothing happened. The screen didn’t refresh. It didn’t ask for my email. It did *nothing*. In the last 24+ hours I tried to contact them via their webform but have had no response. I tried emailing the support email listed on the bottom of their page, but it bounced as undeliverable. I tried to sign up to their forum, but it refused to allow new accounts to be created. I fear I’ve just burned$57 of bitcoin on a service that no longer exists.

Anyone have any information?

## Replacing revoked SSL with a new cert but domain still showing old revoked cert

I bought and installed a SSL cert for my domain but then changed my mind and canceled the purchase and bought a slightly cheaper one. The old cert is then revoked and I proceed to install the new cert.

Here is when things got worse. The domain still showing old revoked SSL and that makes my site couldn’t be loaded on Firefox or any browser which are using OCSP. I tried reinstalling the new cert and even reissue it but to no avail.

Can anyone tell me how exactly can I purge the old revoked cert from getting in a way of the new cert? I believed this has caused downtime to my site.

Is this an issue with SSL provider or server side? The hosting company kept bouncing this and blaming SSL provider while the other one pointed me to the hosting company.

## Does a natural 20 on the attack roll still automatically hit if the target is wearing adamantine armor?

My Fighter (Battlemaster) Warlock (Hexblade) build character has just acquired a suit of +1 adamantine plate armour.

From the description of adamantine armor (DMG, p. 150):

This suit of armor is reinforced with adamantine, one of the hardest substances in existence. While you’re wearing it, any critical hit against you becomes a normal hit.

Is a roll of a natural 20 (which is normally a critical hit) still automatically a hit, despite the critical becoming a “normal hit” because of the armour? Or would the attacker need to exceed my AC in order to score the “normal hit” if (for instance) I cast shield or use the Evasive Footwork maneuver to boost AC?

My AC is 20, so with shield cast it becomes 25; for example, would a goblin with a +4 attack modifier score a hit on a roll of 20 against me? A total of 24 would not be sufficient to “hit” under normal rules, but does the “20 is always a hit” mechanism override this despite the critical being cancelled by the adamantine armour?

## Perfect Probabilistic Encryption still requires key length about as long as message

Let $$(E,D)$$ be a probabilistic encryption scheme with $$n$$-length keys (given a key $$k$$, we denote the corresponding encryption function by $$E_k$$) and $$n+10$$-length messages. Then, show that there exist two messages $$x_0, x_1 \in \{0,1\}^{n+10}$$ and a function $$A$$ such that

$$Pr_{b \in \{0,1\}, k \in \{0,1\}^n}[A(E_k(x_b)) = b ] \geq 9/10$$

(This is problem 9.4 from Arora/Barak Computational Complexity)

My gut intuition says that the same idea from the proof in the deterministic case should carry over. WLOG let $$x_0 = 0^{n+10}$$, and denote by $$S$$ the support of $$E_{U_n}(0^{n+10})$$. We will take $$A$$ to output $$0$$ if the input is in $$S$$. Then, assuming the condition stated in the problem fails to hold for all $$x \in \{0,1\}^{n+10}$$, we conclude that $$Pr[E_{U_n}(x) \in S] \geq 2/10$$ for all $$x$$. This implies that there exists some key so that $$E_k$$ maps at least $$2/10$$ of the $$x$$ into $$S$$ (the analogue of this statement in the deterministic case suffices to derive a contradiction), but now I don’t really see how to continue. Is my choice of $$A$$ here correct, or should I be using a different approach?

## Would getting a natural 20 with a penalty still count as a critical hit?

Since rolling a number up to 20 with modifiers (an example 17 + 3) is not counted as a critical hit, what happens in the following case?

If I roll a natural 20 and because of penalties end up with a total of less than 20 (an example 20 – 3) does it still count as a critical hit? Or in this case would it resemble the natural 1 with positive modifiers taking you out of critical error?