How can you stay safe from spyware used by governments?

It is a fact that antivirus software can’t detect all the spyware/viruses/malware that exist. And when they get detected, new ones are created.

An example is the pegasus spyware for ios created by the NSO group. There is also an android version available. And there are many spyware for windows computers which claim to be undetectable. And there are probably many more for different OS that are not made public.

So what can you do about a possible spyware on your device that your antivirus/antispyware doesn’t detect? Apart from being careful in the first place?

Do you think Qubes OS is an answer for people worried about a problem like this?

Can Counterspell be used to prevent a Mystic from using a Discipline?

The most recent version of the Unearthed Arcana Mystic (V3) can be found here.

The way I read it RAW Counterspell has not effect on Psionic Disciplines but this seems extremely over powered and I find it difficult to believe that this is RAI. What are your thoughts and what approach have you taken on your tables?

Below is my reasoning for the above conclusions.

Counterspell states that:

  • You attempt to interrupt a creature in the process of casting a spell

This costs one reaction and further clarify’s exactly when a reaction can be used to cast Counterspell:

  • which you take when you see a creature within 60 feet of you casting a spell

This raises a couple of questions:

  1. Does using a Discipline qualify as casting a spell for the purposes of Counterspell?
  2. Is it possible to ‘see’ a Mystic use a Discipline being that it has no verbal, somatic or material components?

The Mystic V3 UA-Mystic pdf offers some help here but is far from conclusive and arguably contradictory. In regards to the first question; It states the following at various different points in the document:

  • Psionics is a special form of magic use, distinct from spellcasting

This would seem to suggest that using a Mystic Discipline is not the same as casting a spell.

  • Psionic Disciplines are magical and function similarly to spells

This statement suggests that Mystic Disciplines and spells function similarly and that using a Discipline may well count as ‘casting a spell’

  • Psionics and spells are separate effects, and therefore their benefits and drawbacks overlap. A psionic effect that reproduces a spell is an exception to this rule.

This statement suggests that using a psionic Discipline may count as ‘casting a spell’ if it is a psionic effect that reproduces a spell.

I find this statement particularly unhelpful as nowhere in the document does it clarify what Mystic Disciplines duplicate spell effects or how similar the two have to be for this to apply.

Some Disciplines are very similar to existing spells in 5e others are not and some while similar in some aspects while differ considerably in others. For example take the Immortal discipline ‘Bestial Form’ – Flight:

‘You transform your body, gaining traits of different beasts. Wings sprout from your back. You gain a flying speed equal to your walking speed.’

when compared to the Transmutation spell ‘Fly’:

‘You touch a willing creature. The target gains a flying speed of 60 feet for the duration. When the spell ends, the target falls if it is still aloft, unless it can stop the fall.’

Both abilities allow the target to fly so you can argue that this duplicates the effect of a ‘Fly’ spell. However, the Mystic Discipline does not require concentration last an hour instead of 10 mins and in most cases will give you a fly speed of 30ft rather then 60ft, making it far from clear cut.

There are numerous other examples like Occluded Mind from the Telepathic Contact Discipline and Zone of Truth… Similar effects but certainly not an exact duplicate.

My approach would be to use quite broad brush as to when a psionic discipline ‘duplicates’ a spell effect to catch as many disciplines as possible in this definition. That said we still have the issue raised in question 2 above to address which makes all of the above something of a mute argument.

As stated above you can use a reaction to cast Counterspell when you see a creature within 60 feet of you casting a spell.

Even assuming the Mystic Discipline counts as casting a spell it would still not be possible for a normal caster to Counterspell it because Mystic ‘Disciplines don’t require the components that many spells require. Using discipline requires no spoken words, gestures, or materials. The power of psionics comes from the mind.’

RAW this means a mystic using a discipline shows no outward sign that they are doing so, so there is nothing for the person casting Counterspell to see that can trigger the reaction needed to cast Counterspell.

So RAW Counterspell cannot be used on Psionic Disciplines.

Are acknowledgements used in CSMA/CD?

To provide context, I have read that CSMA/CD does not rely on acknowledgements and relies on collision signals to check for successful or unsuccessful transmissions (from what was explained in the book “Data Communications and Networking” – Forouzan, 5th edition).

I have come across the following question (“Computer Networks” – Tanenbaum, 5th edition),

A 1-km-long, 10-Mbps CSMA/CD LAN (not 802.3) has a propagation speed of 200 m/μsec. Repeaters are not allowed in this system. Data frames are 256 bits long,including 32 bits of header, checksum, and other overhead. The first bit slot after a successful transmission is reserved for the receiver to capture the channel in order to send a 32-bit acknowledgement frame. What is the effective data rate, excluding overhead, assuming that there are no collisions?

So are acknowledgements used in CSMA/CD ? If not, then what does the above emboldened sentence mean ?

Can this AC chart be used in DPR calculations?

Inspired by this, I just processed this list of monsters to get the average AC in monsters, by CR. It comprises all the SRD monsters, I believe.

enter image description here

Can this graph be used in DPR charts?

One way would be to consider the character’s level to match the CR of enemies. So, for example, a level 10 character would calculate its accuracy against an average of 18 AC. With a +7 to hit, it would mean 50% hit chance, so an average damage of 30 per round would equate to 15 average DPR.

If a CR=level matching isn’t adequate, what would be? Can we use standard rules for encounter creation to build such a chart?

Should we allow email invitations sent to an email address to be used with another?

Let’s say I have a SaaS platform, like a B2B platform where there are company accounts.

In this platform users can invite other users to join the company account by sending them an invitation link in an email with a secure token (à la Google Drive or GitHub).

Should we then let the invited user subscribe using a different email from the one where they received the invitation ?

That question regards primarily UX experience, although some security concerns might also be raised (I couldn’t find a more appropriate site for that kind of questions).

What happens when the new UA Bait and Switch Maneuver is used on a grappled ally?

The recent Unearthed Arcana Class Feature Variants includes the Bait and Switch Fighter Maneuver (page 5) which states:

When you’re within 5 feet of an ally on your turn, you can expend one superiority die and switch places with that ally, provided you spend at least 5 feet of movement. This movement doesn’t provoke opportunity attacks […]

The grappled condition states:

The condition also ends if an effect removes the grappled creature from the reach of the grappler or grappling effect, such as when a creature is hurled away by the thunderwave spell.

Assume a monster with a 5-foot reach is grappling an ally and the Fighter is adjacent to the ally 10-feet away. What happens if the Fighter tries to use Bait and Switch on the grappled ally?

For a picture format, F is the fighter, A the ally, and M the monster

FAM 

Should visitors see all the links and buttons (which can be used only by registered users)?

We are developing a website which requires registration to use some features.

My friend thinks visitors (non-registered users) should not even see the links for those features, because it is confusing.

I think they should see the links and upon clicking they should be redirected to login/registration page, because it will encourage them to register.

What is the best way to handle this?

Can Nystul’s Magic Aura’s False Aura option be used on creatures?

This question was inspired by a question on whether detect magic can sense feign death. I believe it would, which raises the question of how you could foil detect magic in this case. The obvious solution would be use to Nystul’s Magic Aura (also known as Arcanist’s Magic Aura), which is designed for concealing magic.

However, as I read the spell more closely, I noticed an issue. Magic Aura can be used on both creatures and objects. Magic Aura has two options: False Aura and Mask. Mask is used to disguise a creature’s type or alignment. False Aura is used to disguise whether or not the target is magical and the school of magic of its aura. Therefore, if I want to make my creature under the influence of a spell appear to not be under the influence of a spell, I would want the False Aura option.

But there is a problem. False Aura starts by saying

You change the way the target appears to spells and magic effects, such as detect magic, that detect magical auras.

Great, that’s exactly what I want to do. However, the rest of the paragraph refers to this option’s effects on objects, not creatures. One could read this as meaning that the False Aura option has no effect on creatures and is meant to be used only with magic items. However, Magic Aura also says

When you cast this spell, choose one or both of the following effects.

Mask clearly applies to creatures and has no benefit for objects (since they have neither type nor alignment). Thus, if False Aura only worked on objects, they would have no reason to let you use both Mask and False Aura on a single object (save for some extremely niche cases where the target could alternate between being an object and a creature). This implies that maybe False Aura can work on creatures, and they just used the object case as an example.

But there’s another complication. Even if I can use the False Aura option on a creature, it is unclear whether False Aura will conceal spells which are affecting the target or whether it only disguises magic which is intrinsic to the target (such as from any creature summoned by a conjure spell). I am interested in the former case, where the target is not intrinsically magical but is under the effect of spells.

Can I use Magic Aura to conceal or disguise magical effects on a creature?

Is there any Security issue if we not used SSL between AWS Cloudfront and AWS ALB?

I have an application that is hosted on AWS. It has an Application Load Balancer in its front and it is also attached to the Cloudfront to handle a heavy load. In my case, I have enabled SSL only on Cloudfront and haven’t had SSL on ALB. Now the application works fine without any issue. It is showing a secured lock symbol on all browsers. But I had a feeling that the communication between the CloudFront and ALB is not secure. Anyone who tries to intercept the traffic between them can achieve it.

Is there any security risk like that? Can anybody intercept the traffic or all communications inside AWS are secured?

I heard about the SSL offloading feature of AWS ALB where we are not enabling SSL between ALB and EC2 servers behind it. I thought this case is also applicable between Cloudfront and its origin ALB. Is that correct or is there any security issue if we doesn’t enable SSL between Cloudfront and ALB.

What symbol can be used to denote “contains”

Our UI has a table of data, with the first row containing input fields in each column for searching based off the data in that column. We want to add a dropdown that determines how that search text is used. We want to be able to do the following comparisons:

  1. Greater than (only retain rows that have values greater than the value specified)
  2. Less than (only retain rows that have values less than the value specified)
  3. Equals (only retain rows that have values equal to the value specified)
  4. Contains (only retain rows that have values that contain the value specified. For example, if the search text was “ee”, the values “beet”, “eel”, and “fee” would match, but “beat” would not))

Space is at a premium, so ideally, each value in the dropdown would be one character. For the 1st three above, we would use “>”, “<“, and “=”. However, I’m not sure what character could be used for “contains.” Ideally, it would be a single character, but I could live with 2 or maybe even 3 characters. I just don’t want to have use the word “contains”. Is there any symbol that a user would intuitively recognize as meaning “contains”?

Also, we’re considering being able to do a “starts with” and “ends with” search, so, if there are symbols that would tie in these 2 with the “contains” search, that would be of great help.

I should also note that the users probably won’t know more than basic mathematical symbols. I’m hesitant to use some of the symbols mentioned in the current answers (, ), because I’m not sure many users would recognize what they mean.