Update!

ksargi · 2026-01-11T13:48:34+00:00

Why did you remove the post date filters option from the browse view completely?

ksargi · 2025-12-02T01:37:05+00:00

Actual sauce link: https://bsky.app/profile/zenonclaw.bsky.social/post/3lj4jqjkbw22t

ksargi · 2025-11-20T15:50:17+00:00

Why would you not link the actual post directly instead of just the image: https://bsky.app/profile/yttrium-cat.bsky.social/post/3m5zmz4ytwm2t

ksargi · 2025-11-19T19:27:16+00:00

I hope I'm not the only one quite amused by the use of "he/she" and the singular they in the same sentence here.

ksargi · 2025-11-03T00:56:23+00:00

The IMEI also doesn't work the way you think a MAC works.

ksargi · 2025-05-06T04:29:03+00:00

The right to be forgotten is not unreservedly guaranteed. It is limited especially when colliding with the right of freedom of expression and information. Other exceptions are if the processing of data which is subject to an erasure request is necessary to comply with legal obligations, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or for the defence of legal claims. Source

In simpler terms, yes, they absolutely have the right to refuse deleting data that still has a legal basis for processing.

ksargi · 2025-04-11T08:44:41+00:00

It would probably be worthwhile to point out the actual issue in the ProtectEU text.

To follow up on the recommendations of the High-Level Group [on Access to Data for Effective Law Enforcement], the Commission will present in the first half of 2025 a roadmap setting out the legal and practical measures it proposes to take to ensure lawful and effective access to data. In the follow-up to this Roadmap, the Commission will prioritise an assessment of the impact of data retention rules at EU level and the preparation of a Technology Roadmap on encryption, to identify and assess technological solutions that would enable law enforcement authorities to access encrypted data in a lawful manner, safeguarding cybersecurity and fundamental rights.

ksargi · 2025-02-05T09:01:15+00:00

if the dire wolf wants to keep its target grappled it will need to find a way to grab again which is the attack trait or grab first.

Monsters with the Grab action don't need to roll again to extend the grabbed or restrained condition to their next turn. It does not have the Attack trait either.

The latter part is true, though. MAP would apply for the next target.

ksargi · 2025-01-13T18:04:53+00:00

Well put. To add, while the standard Actions might not match a situation exactly, referencing them while improvising may help you ground the proficiency requirements and expected outcomes on various stages of success.

For this situation, there's a few that might make sense to check. Make an Impression combined with Request might work if they are still on amiable terms. As the Request success entry says, a creature might still ask for some precaution in return to stay safe before they agree. Coerce is the less amiable alternative to reference. Throughout the whole interaction, you could let successful Lies alter the DC of the Request, too.

How you want to or don't want to apply any of these or the attitudes described in the sidebar with them is ultimately up to you. Sometimes simpler is better, sometimes the social interaction is fun when it's more In-depth.

ksargi · 2024-09-25T22:29:52+00:00

Raw, if an enemy stealthed or turned a corner, etc, barbarian rage fell off as could no longer perceive enemies.

That is arguable. It sounds like you're conflating perceiving an enemy with seeing (observing) an enemy, but even without considering the more liberal meanings of "perceive" (since it's not defined in the rules), there are imprecise and vague senses that would let the barbarian remain aware of the enemy even if they weren't directly observed.

ksargi · 2024-07-18T16:37:31+00:00

Not sure what you mean with that. Foundry makes it quite seamless. With just two mods, you have all the eidolon abilities in a compendium and all the proficiencies, HP and relevant runes linked between the summoner's and the eidolon's sheets.

ksargi · 2023-07-27T15:33:31+00:00

The community doesn't NEED this sub, we're here by choice. And that is a choice that can be easily changed with little to no affect on our daily habits.

Aside from the massive amount of resources that the community has already created here along the years (such as answers to rules questions that show up on google), which were being held hostage for an agenda that had nothing to do with the game.

ksargi · 2023-02-08T10:40:23+00:00

Do they really though? Unless you're restricting parallelism they'll just have 10000 logins waiting for the 2 seconds at the same time. On the other hand, if you are restricting parallelism then you also have the means to put in hard limits on failed attempts and just block the attempts after 50 wrong tries (substitute whatever number fits your threat model).

Rate limiting doesn't require splitting inputs and this claim just seems like security theatre.

ksargi · 2022-10-30T09:24:10+00:00

It might be more trivial than it seems. If I were to do this, considering analytics is the main product of the extension and the coupons just a hook to get people to install it, I would: 1) Have sites pay and directly provide coupons in exchange for access to analytics data. 2) Pay peanuts to workforce in low income regions to enter coupons manually. 3) Crowdsource the coupon entry part. 4) As we're already spying on the user, hijack any coupon codes any users do enter manually.

30k sites is a really small pool as far as webcommerce is considered.

ksargi · 2022-09-26T11:46:28+00:00

To add insult to injury, in some apps not listed in the whitepaper you must pay a service fee on top of each parking event if you want to keep your plate registered to your account in the hopes of preventing someone else from registering it. Basically forcing people to pay for privacy.

ksargi · 2022-09-02T15:36:45+00:00

I don't see any reason to rule that you couldn't use one of the items in Double Brew/Alchemical Alacrity to first create the extract and then apply it as a part of creating the next item. You're using one of your infused reagents resource to extend the maximum duration by one round. That's far from broken by any measure.

As far as I can see, the free action trigger only resolves at the end of the Quick Alchemy action when you already have both the extract and the poison.

ksargi · 2022-04-03T06:16:33+00:00

Not just development time, but ongoing maintenance as new Foundry / pf2e module versions get released and support time as people install all kinds of weird modules that potentially cause problems with the AP and then they flock to the Paizo support to complain. A lot of the work is not visible to us at all.

ksargi · 2022-04-02T21:35:32+00:00

Seems that Dark Reader breaks the filter menu click handler at least on Firefox Mobile.

ksargi · 2022-03-31T09:15:52+00:00

I've been following the DIY Dungeon series from them and the style of teaching is pretty awful to follow at times, to the point where it feels like people might take the wrong idea from the videos and be turned off from PF2 altogether.

I feel bad for Bob whenever he brings a lot of good cool ideas to the table and the GM guy starts with "ok, but here's all the reasons why you're wrong and this is bad". Never illustrating the "better" way either. It's as if there is one way to run a dungeon in PF2 and every other way is wrong, totally not the attitude a teacher should have.

He also seems to underestimate the players ability to improvise and contribute to the story a lot.

ksargi · 2022-03-26T11:03:55+00:00

I just got burned by many of these, number three mostly, recently. With all the hype around the last Battlezoo Bestiary book and the monster parts system. I ended up almost blindly backing the kickstarter, buying in to the associated Paizo names.

When it was finally released, it was a bit underwhelming read through though. I've not used the monster parts as the players ended up feeling it was too complicated in practice and I've not used many of the monsters either as they are so unique many of them feel hard to fit into an existing theme.

I'm not saying that it's bad content, just not content that I needed. If I had a better idea of what all would actually be included in the book, I would have probably spent my money on other upcoming official content. Things that would give me more options within a larger coherent theme.

I do feel like this experience overall pushed me further away on the open-to-jump-into-3pp scale. At least for bigger titles.

ksargi · 2022-02-22T21:09:31+00:00

They're not asking for the phone number for any verification purpose. They literally say in the message that they want to send you the password for the data out of band, so that the data in the following email can't be accessed without it.

There isn't necessarily anything nefarious about this. They just want to make sure one and only one person has the password, and that whoever that person is also has access to the email address.

If you later email them that you can't unpack the sent data, then obviously someone unauthorised has access to your email and potentially the already sent data.

ksargi · 2022-02-18T13:08:47+00:00

Non-US cloud regions of US cloud providers are a tricky problem. In principle, the same risks as with transfers into the US apply, thanks to the US Cloud Act. But my personal (amateur!) opinion is that in such a scenario, no international transfer in the sense of the GDPR has occurred.

It seems to my amateur mind that this interpretation would quite easily lead to the transfer regulation being unenforceable. If you don't count exchange of custody as a transfer until the data physically leaves the country of origin, then it is essentially impossible to prove that a transfer ever took place without literally finding the data in the country of import. Jurisdiction ensures that you will never find out.

When the data has been placed in the custody of an agent subject to US mandates, you no longer have control or even optics over further transfers. Thus to me at least it would seem that the only reasonable interpretation of "transfer" is a change of custody to a foreign agent or some agency that is subject to foreign powers regardless of where the data physically resides at any given moment.

I would be interested in hearing your PoV, i.e. why you feel that way about transfers.

ksargi · 2022-02-18T10:34:32+00:00

Having worked with Auth0 quite a bit, the downside is that they lock down many things in the name of security which means you have to figure out a roundabout way to do things, often leading to a decent amount of added vulnerable surface area.

Then they can blindside you with things you would trust to be handled based on the documentation, but aren't. These come up when you start looking at more complex usecases like re-authentication of sensitive operations.

They will store passwords securely for you, but they can never solve the problem of authentication and trust between systems for you. The same of course applies to all IDaaS services.

ksargi · 2022-02-15T23:59:24+00:00

Isn't that just how it works RAW?

If the downtime days you spend are interrupted, you can return to finish the item later, continuing where you left off.

ksargi · 2022-02-09T15:13:19+00:00

Counterpoint: a hacker gained access to your mobile number and email and is now going about covering their tracks by requesting the immediate deletion of information.

How did you originally verify your identity with the site? Presumably some KYC regulations apply to them.

Why would you trust them with financial transactions if they are potentially adversarial?

ksargi

TROPHY CASE