Is the Pit from a Robe of Useful Items permanent and can it be dispelled?

If you place the Pit from the Robe of Useful Items, will it remain there forever, as if it was dug? RAW, I assume so. The RAW on the Robe of Useful Items doesn’t say anything about the items being temporary, so we should assume they are not.

I’m less convinced on Dispel Magic, and I know I will have to make a ruling on this, likely in a session or two, but I am leaning toward no. If the patch has "become the object or creature", then this is a normal, everyday, non-magical pit. The magic was in it’s creation, not it’s essence. As such, dispel magic would have no effect, right?

Or am I perhaps overlooking something?

Does the player know exactly what the items depicted on a patch from the Robe of Useful Items are?

I am aware of this question detailing whether a character can tell what is depicted on a particular patch on a Robe of Useful Items.

It makes complete sense for the user to be able to tell what type of item they are activating otherwise it wouldn’t really deserve the moniker of useful.

What I want to know if there is any rules one way or another explaining whether the character would know the exact properties of the item the patch will create. For example when picking the random patches rolling a 31-44 determines a patch of a Wooden Ladder (24 feet long). Unless this patch has the words 24ft (or similar) written on it would the character know this was any different to the 10ft ladder available in the PHB list of items?

I have considered asking for an Arcana check to determine how much of the item’s nature the character wearing is able to establish but I also don’t want to be handicapping the player if there are rules that detail this scenario.

Which magic item of very rare or lower rarity is most useful to protect a group of ordinary soldiers?


Background

I’m playing a mid-level artificer (artillerist) who’s a disgruntled veteran with a missing limb who, disillusioned by the leaders’ willingness to send soldiers to their deaths, has retired from the army and opened a shop. An adventure hook has people steal his work-in-progress masterpiece and now I need to find a fitting item he was trying to create.
Because of this background, the item he would be most interested in would be something that helps ordinary soldiers without magic powers survive the horrors of the battlefield. It might be something that protects a group of people from hostile spells or something that provides healing to them, similar to the artificer’s Protector cannon.

Criteria

  • I am trying to find an officially published item before resorting to homebrew (UA is probably fine, as is basic refluffing)
  • The DM has ruled that the item should be below legendary rank, so very rare at most
  • I probably won’t be held to strict prerequisites such as being able to cast every spell going into the items myself, but the item should still basically fit the artificer flavour
  • The item should be usable by someone who cannot cast spells
  • The item should be able to affect a group, not just the carrier
  • The item should be defensive in nature

My own research

I’ve gone through the "warding" and "healing" categories of magic items on D&D Beyond and found very little. There are almost no items that work on groups and those that do tend to be musical instruments or magic staves that need the user to be a spellcaster.
In general it seems that antimagic items aren’t really a thing in 5e. An item that can cast Antimagic Field on he regular would probably be in the legendary category and a Ring of spell Storing would again require a (powerful) spellcaster to be useful.
An ideal solution would be something like a banner of protection or an Eldritch Cannon: Protector that doesn’t need an artificer to be present. I’ve also considered something like a Ring of Regeneration, but that’s again a one-person item.

Mechanically speaking what makes a item more useful, a raw bonus or advantage? [duplicate]

I’m looking at D&D 5e to homebrew a specific item and I’m debating what would be better. Advantage or raw bonus. The item is a coin that you toss it before a ability check or a attack roll. If the coin lands on the heads, you gain a boon. If the coin lands on the tails, you get a penalty.

I was considering making the boon a raw bonus of +3 to the subsequent roll if it’s a boon or -3 if it is a penalty. But it was brought to my attention that giving advantage/disadvantage could potentially be more balanced. So here’s my question, what would be better mechanically for the player?

Can message length be useful information?

Suppose a packet is encrypted and sent via an insecure channel so that it is intercepted by a malicious third party as well as the intended recipient. As long as a suitable encryption scheme is used, the message should be (practically) uncrackable.

However, assuming that encryption preserves message length to a certain degree, the third party will gain some info about the size of the message. Is there any context in which knowing only a message’s length could be useful to a hacker? If so, what are some examples?

What questions are useful to scope a mobile app pen test?

When arranging a pen test it’s common practice to ask the client a set of questions, and use the answers either as the basis for further discussions, or to directly provide a test plan and quotation.

For a mobile app specifically, what questions are helpful to include? For example:

  • What platforms does the app support? e.g. iOS, Android
  • Was the app developed using a cross-platform framework? e.g. PhoneGap, Kivy
  • Does the app connect to it’s own back-end service? e.g. bespoke REST, Firebase
    • Do these connections use SSL pinning?
  • Does the app provide additional UI secuity? e.g. PIN, FLAG_SECURE
  • Does the app provide IPC interfaces? e.g. URL handler, intent
  • Does the app interface with hardware? e.g. bluetooth card reader
  • Is the app obfuscated?
  • How is the app delivered? e.g. public store, private app in store, alternate store, sideloading
  • What authentication is used? e.g. pairing, user name & password, connect with Facebook
  • How many views/pages does the app have?
  • What permissions does the app request?
  • Does the app make arbitrary network connections or listen on ports?

If you have any other ideas, please let me know!

What properties of a discrete function make it a theoretically useful objective function?

A few things to get out of the way first: I’m not asking what properties the function must have such that a global optimum exists, we assume that the objective function has a (possibly non-unique) global optimum which could be theoretically found by an exhaustive search of the candidate space. I’m also using "theoretically useful" in a slightly misleading way because I really couldn’t understand how to phrase this question otherwise. A "theoretically useful cost function" the way I’m defining it is:

A function to which some theoretical optimisation algorithm can be applied such that the algorithm has a non-negligible chance of finding the global optimum in less time than exhaustive search

A few simplified, 1-dimensional examples of where this thought process came from: graph of a bimodal function exhibiting both a global and local maxima

Here’s a function which, while not being convex or differentiable (as it’s discrete), is easily optimisable (in terms of finding the global maximum) with an algorithm such as Simulated Annealing.

graph of a boolean function with 100 0 values and a single 1 value

Here is a function which clearly cannot be a useful cost function, as this would imply that the arbitrary search problem can be classically solved faster than exhaustive search.

graph of a function which takes random discrete values

Here is a function which I do not believe can be a useful cost function, as moving between points gives no meaningful information about the direction which must be moved in to find the global maximum.

The crux of my thinking so far is along the lines of "applying the cost function to points in the neighbourhood of a point must yield some information about the location of the global optimum". I attempted to formalise (in a perhaps convoluted manner) this as:

Consider the set $ D$ representing the search space of the problem and thus the domain of the function and the undirected graph $ G$ , where each element of $ D$ is assigned a node in $ G$ , and each node in $ G$ has edges which connect it to its neighbours in $ D$ . We then remove elements from $ D$ until the objective function has no non-global local optima over this domain and no plateaus exist (i.e. the value of the cost function at each point in the domain is different from the value of the cost function at each of its neighbours). Every time we remove an element $ e$ from $ D$ , we remove the corresponding node from the graph $ G$ and add edges which directly connect each neighbour of $ e$ to each other, thus they become each others’ new neighbours. The number of elements which remain in the domain after this process is applied is designated $ N$ . If $ N$ is a non-negligible proportion of $ \#(D)$ (i.e. significantly greater than the proportion of $ \#(\{$ possible global optima$ \})$ to $ \#(D)$ ) then the function is a useful objective function.

Whilst this works well for the function which definitely is useful and the definitely not useful boolean function, this process applied to the random function seems incorrect, as the number of elements that would lead to a function with no local optima IS a non-negligible proportion of the total domain.

Is my definition on the right track? Is this a well known question I just can’t figure out how to find the answer to? Does there exist some optimisation algorithm that would theoretically be able to find the optimum of a completely random function faster than exhaustive search, or is my assertion that it wouldn’t be able to correct?

In conclusion, what is different about the first function that makes it a good candidate for optimisation to any other functions which are not.

Is Group Theory useful in Computer Science in other areas but cryptography?

I have heard many times that Group Theory is highly important in Computer Science, but does it have any use other than cryptography? I tend to believe that it does have many other usages, but cannot find out where and how to apply Group Theory to other areas in CS, such as algorithms, data structres, graphs, complexity and so forth.

How useful is the 5e ‘Wish’ spell (‘Basic Use’ version) for spell research?

The 5e Wish spell does, literally, whatever you wish, but for a price. The Basic Use version may be useful for instant spell research without the usual time / gold costs. Logically, one could use this Basic Wish to learn all the wizard spells lvl. 8 and lower. But what are the limits? To quote:

The basic use of this spell is to duplicate any other spell of 8th level or lower. You don’t need to meet any requirements in that spell, including costly Components. The spell simply takes effect.

Here are some possibilities:

  1. Casting ‘Wish’ may allow one to have a version of any existing / official spell (found in Player’s Handbook, Volo’s &/or Mordenkainen’s manuals). This exists as a memorized spell ‘slot’, uncast, in one’s mind. Wizards (class) could then write-scribe this spell, providing this was a wizard’s (spell-list) spell in the first place. This learning technique may also extend to some ritual spells, q.v.

  2. As the Basic Use of a ‘Wish’ spell does NOT require material components. As such, the caster of this spell can automatically gain one (1) fully transcribed non-magical version in a book (or scroll / carved tablet / scribed on a skull / whatever suits your fancy). Should this be a ‘wizard’ spell, the caster could then use this written version as though they had transcribed this themselves. Other wizards would need to endure the usual transcription-study-cost process from this origin material, as normal.

  3. This Basic Version of the spell vetoes any and all requirements! As such, any spell imaginable (of less than 8th level value) can be instantly scribed into a book. If it were considered a ‘wizard’ type spell others of that class could make use / transcribe it as usual. If it were a spell for any other list, those of the appropriate class could use this written spell to re-establish a new relationship with their deity, patron or other spell-delivery creature.

Off the cuff, the first one seems reasonable. The second version seems to be pushing boundaries a little (not sure why). The last one, drafting out Brand New Spells every day, seems totally implausible for a mere Basic Wish (perhaps a FULL wish could do this?) – yet i have no known RAW defence on this. It just seems like a bad idea to let a CR 11 ‘arch-mage’ pump out 300+ spells (of any class / up to 8th lvl) in any given year, risk free. But… why not?

Gathered Exchangers of Stackings… what say ye?

Are Javascript closures a useful technique to limit exposing data to XSS?

I’m wondering if using Javascript closures is a useful technique to limit exposing data to XSS? I realize it wouldn’t prevent an attack, but would it reliably make an attack more difficult to execute, or would it only make my code more irritating to write and read (a waste of time)?

I got the idea from the Auth0 documentation regarding storing OAuth/OIDC tokens. It reads:

Auth0 recommends storing tokens in browser memory as the most secure option. Using Web Workers to handle the transmission and storage of tokens is the best way to protect the tokens, as Web Workers run in a separate global scope than the rest of the application. Use Auth0 SPA SDK whose default storage option is in-memory storage leveraging Web Workers.

If you cannot use Web Workers, Auth0 recommends as an alternative that you use JavaScript closures to emulate private methods.

I can see how this is better than just putting the token or other sensitive information in localstorage. In localstorage an XSS attack needs only to execute localStorage.token to get the token.

Now, if you’re not familiar with tokens just apply this reasoning to any sensitive to information. In my case I want to build a client-side cache mapping user IDs to usernames for an administrative interface, but I realize that client IDs and usernames are somewhat sensitive, so I wondered if I could "hide" the data.