## mysql – Storing User Information in DB

Currently, we have Mysql User Data with around 20 million entries in our DB.
We are not using any sharding mechanism. This table is used for all purposes like login, and various other queries based on Userid / EmailId.

Now the rate with which it is growing we will have around 50 millions by end of 2022. Should we keep using Mysql?
I mean since we are not sharding, I think it will start creating disk issues, not to mention queries will start becoming slow.

What do you guys think? What is the correct source of truth for the user DB. We cannot have eventual consistency over here so we cant keep Cassandra.

If Sharding with MySQL is the answer, what should be the Sharding key so no multi shard join should be there and equal traffic distribution

Any thoughts.

## statistics – Can Mutual Information based feature selection be used when the input variables are numerical and the output is categorical?

I am working on a machine learning project for a classification problem. In the dataset the input variables are numerical and the output is categorical. Is it appropriate to apply the Mutual Information based feature selection approach here? I am confused as I have gone through some articles and they have suggested applying ANOVA/ Kendall’s rank correlation coefficient while using numeric inputs and categorical output.

Selecting Feature Selection Method

## Windows firewall and ports – Information Security Stack Exchange

I have some questions regarding Windows Firewall and Ports

1.

How do I best close Ports in Windows?

With the Outbound / Indbound firewall rules?

2.

Deleting a rule is that the same as if is not activated?

Or does it get activated when the App requests it?

3.

League of Legends app is neither in Outbound or Indbound rules

How can I still connect to their servers and play?

4.

Hearthstone was deactivated in both Inbound and Outbound rules

I could still connect to it

How can that be?

I have the same Firewall profile as this:

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ics/images/wfas.jpg

Best regards

## web application – how much security measure information is safe to publicize?

I am working on writing the privacy policy of a web-app I programmed.
I want to tell users about the security measures I have in place (e.g. sha512, variable-length unique salts, and more) but am worried that in the case of data-breach such information would provide additional ammunition for a hacker.
Obviously on the one hand if I said “We store all your passwords in a separate file at /etc/pleasedontpwnme” you would be helping nothing and compromising your security.

On the other end of the spectrum if you tell the user “Passwords are not sold to third parties.” You have given him virtually no information about your practices.

I want to be as transparent as possible. Indeed, if I open source the code, it will all be transparent. At the same time, I am worried that by describing my defenses I have taken a lot of the hackers work away from him and made his life easier.
I am also thinking of the Enigma machines, and how the fact that it didn’t encode a letter as itself shows that sometimes “security measures” backfire, and if you tell a hacker up front “we do X Y and Z” the hacker could also notice that Z actually compromises security and use that to breach defenses.

Where I am currently leaning is “We do not store your password, rather we store a ‘hash’ that is derived from your password, but cannot be turned back into your password. All hashes are salted.”
It seems pretty safe, except that in worst case, hackers would know not to use a dictionary attack. I would prefer to be as transparent as possible. Users like myself might like to know that the passwords are SHA512 and that they have a unique salt for each password.

TL;DR:
How much information about security measures is too much to release to the general public?

This is different from How much security information to publicise?
as mine is concerned with how much information is “safe”, not how much is best from a readers perspective.
It also differs from Correct terminology when describing password security to layman for similar reasons. I am not asking about a specific wording for understandability, rather I am asking for a transparency/security balance.

## reference request – Video lectures about Information Theory and Thermodynamics!

I’d like to know if there is any video courses that relate information theory and thermodynamics, e.g. courses cover laws of thermodynamics, Shannon’s entropy, Kolomogorov Complexity, Landauer’s Principle, and anything related to them in one course.

Thank you!

## statistics – Fisher information of joint distribution of transformed Normal distribution

Suppose $$X_1=theta+epsilon_1$$ and $$X_i=sqrt{gamma}X_{i-1}+sqrt{1-gamma}epsilon_i+theta(1-sqrt{gamma})$$
Where $$gamma in (0,1)$$ and $$theta$$ is the parameter of the model. Also $$epsilon_1,epsilon_2,…epsilon_n$$ are iid $$N(0,1)$$.

What is the Fisher information of this model and for what values of $$gamma$$ does it tensorise. I’ve tried using the Jacobian to find the joint distribution but I’m not sure, especially when determining for which values we have tensorisation. Any help would be much appreaciated.

## when to destroy PII – Information Security Stack Exchange

when to destroy PII – Information Security Stack Exchange

## jquery – What is the correct way to send information to other server from WordPress?

Actually I don’t work with WordPress, but I have this unique task to complete. So, what I’m trying to do is to send a form information to an other server.

In my WordPress, I have installed Elementor, and in one specific page (full of forms) I’m adding an Html element and including my jQuery script in which I collect all data from fields and try to send them to somewhere else. The end of my script looks like this

``````var data = JSON.stringify((data1, data2));

jQuery.post( "my_url", data);
``````

But I don’t even know if this is the correct way to do it. For now, I’m getting the CORS error, and before I make changes to configuration files, I want to ask this question.

## dnd 5e – What Information Can I Use If I Want To Publish My Own D&D 5e Module?

You’re somewhat confused, which is understandable since intellectual property rights and D&D is a confusing issue.

### OGL

The OGL is a specific license with specific terms. D&D 3e/3.5e was made open for others’ use under the OGL and the open portion was published as a SRD, or System Reference Document. Other games derived from the d20 SRD (like Pathfinder and Mutants and Masterminds) and totally unrelated games, like FATE, use the OGL. 4e used a non-open license called the GSL, and previous versions had no available user license except under contract with TSR. You can read the blog post Open Gaming for Dummies to understand these very specific legal terms.

There are some “retroclones” that use the OGL and actually pull the OGL 3.5e information from the d20 SRD into something that looks more like an older version of D&D. See also What content can I reproduce from Pathfinder? that has a similar discussion specific to Pathfinder. Some people use the OGL to put out modules for various other non-OGL D&D versions, but that’s actually somewhat complex and you need to understand the rest of what’s going on in IP land to know how and why.

Wizards has also released 5e – or at least some of it – under the OGL as well. You can download it and the SRD on their site. Be careful, the SRD only has a subset of the game’s content, and it’s all that can be used under the OGL.

### Intellectual Property

Let’s talk about using game IP in other games outside the scope of the OGL. The more general discussion in Can I use existing game mechanics in my own designs? has a lot of relevant details for you here, as well as Is it legal to “use” (reference) copyrighted material in a way that requires ownership of its original publication? You have three main areas of IP concern to contend with – copyright, trademark (including trade dress) and patents.

First of all, “fair use” does not apply in this case. At all. It’s one of those phrases people like to use on the Internet but don’t understand. If you up and use text from another work in your work, and it’s not part of the very limited scope of fair use (educational, review, journalistic, etc.) it’s illegal.

Secondly, game mechanics cannot be copyrighted. “Copyright does not protect the idea for a game, its name or title, or the method or methods for playing it. Nor does copyright protect any idea, system, method, device, or trademark material involved in developing, merchandising, or playing a game.” (United States Copyright Office, “Copyright Registration of Games”).

However, “the text matter describing the rules of the game” may be protected by copyright “if it contains a sufficient amount of literary or pictorial expression”. For example, a passage describing character creation for the Clans of the Sun and Moon, explaining their society and why they tend to have the skills they do, would probably be protected by copyright. A section merely describing the steps involved in rolling a number of dice or expending a number of points on X attributes would probably not be. (rpglibrary.org) Note that this means even charts and tables can be copyrighted. Everything’s copyrighted, there’s not a registry or list or anything (well there is, but stuff not on it is still copyrighted).

In general, this is the escape clause some people use to put out supplements/modules that simply have “goblins” and “skeletons” in them which may have “HD: 2+2” or “a DC 12 Perception check” outside the scope of the OGL. If it’s “mechanics” and not “expressive” that’s legal. But head onward and read about trademark…

However, various aspects of the game rules may also be trademarked. Several D&D monsters are, and in general things that would usually be Product Identity in an OGL game can be. Characters, game worlds, etc. Without a more specific license allowing it, you absolutely cannot set your module in the Forgotten Realms and have Elminster fighting a beholder in it. The reason many of the retroclones do use the OGL is so they don’t have to fret over whether somewhat unique terms like “Hit Dice” end up getting trademarked or not, since as a term you’re explicitly allowed to use it if you are using the OGL.

You will note that many products/publishers, out of fear of trademark won’t say they are “compatible with Dungeons & Dragons Fifth Edition” but instead say circuitous things like “for 5e!” Normally, expressing compatibility with something is an OK use of trademark, Hasbro themselves lost a lawsuit on that v. RADGames about a company claiming Monopoly compatibility for an add-on pack. But the OGL giveth and the OGL taketh away, the OGL says you can’t claim compatibility in its terms so those using it can’t legally say “D&D”.

Note that trade dress also means you can’t use graphics/art/logos/etc that make your product look “too much like” products from an existing publisher.

You can do trademark searches to look for trademarks, see the discussion in Are the names of the more generic planes copyrighted under the OGL as Product Identity?

### Patent

Game mechanics can be patented, since processes can be patented. I do not believe there is a patent on file for RPGs or D&D but I’m not an IP lawyer. You can do patent searches as well. At least one RPG publisher applied for a RPG patent, check it out here (article on it). Just wanted to mention this for completeness.

### Dungeon Masters Guild

Speaking of more specific licenses, Wizards has come out with one! Their “Dungeon Masters Guild” program is designed to specifically allow publishing of 5e material with a number of restrictions, primarily that such content may only be distributed through their online storefront and they get a 50% cut of the sales (though you can make it free – although you can’t distribute it other than through their site). The upsides are that (a) you can use the Forgotten Realms as a setting and (b) you can use all of5e rules/content, not just the subset provided in the SRD.

### Bottom Line for Modules

“I am not an IP lawyer and this is not legal advice blah blah” but in general you have three paths open to you. All require a nontrivial amount of legal understanding, so taking a RPG.SE answer and going forth to publish would be the height of folly.

But the first is to use the OGL, limit yourself only to things found in the SRD, and don’t claim D&D compatibility. Most folks do this, for example Frog God as you note. For an adventure, with a little oversight, you are probably fine with just writing general scenario content with pure rules references.

Or, you can not use the OGL, navigate the copyright/trademark waters yourself (and/or hope Hasbro doesn’t care), and even claim compatibility. KenzerCo did this with some products; their owner, David Kenzer, is a lawyer so he knew what he was doing and figured he could hold his own. Since modules usually don’t contain large amounts of rules content with the exception of stat blocks, the problem space is pretty narrow.

Now, profit vs it’s a freebie on the Web doesn’t change most of the legal factors, but it does change immensely the likelihood you’ll get in trouble over it, so if you’re not really looking to publish for sale, go ahead. If you’re starting out and looking to publish for sale, it might be a good idea to do that through an established third party company (like FGG) that can help you navigate these waters.

Or, you can use the Dungeon Masters Guild program, if it suits your needs.