What is the most damage that can be done in one round on your turn?

I was surprised that this question has not been asked.

I want to find out what the most damage that can be done in a single round?

Here are the rules.

  • Rules from Official Hardcover books only.
  • Any official playable race can be used.
  • No optional rules, other than those listed here.
  • Multiclassing and feats are permitted.
  • Characters can be up to LV 20
  • Standard point buy for stats.
  • No Magic items.
  • No infinite loops we are not trying to break the system. We are trying to find the maximum damage in a reasonable setting.
  • Consistent effects only. Random elements like wild magic cannot be used.
  • Epic Boons are permitted if you use the Aberrant Dragonmark feat.. You can choose the boon you would like.
  • No outside help. Permanent summoned creatures are permitted, and considered to have already been summoned.(find steed, familiar, homunculous.. etc..) Their damage can be added to yours in the calculation.
  • Assume one average target with no unusual defenses.
  • All attacks hit.
  • All saves are passed.
  • Polymorph is allowed, but I suspect there are better methods.
  • Any attack or combination of spells and attacks can be used provided you are following the rules.
  • Include the Maximum rolled damage as well as the average damage, where average is calculated using min+maximum /2 to calculate it.

I understand that a lot of you don’t like optimization questions. But try to leave me a comment before you give me a negative vote. I will address the issue and fix it(If possible).

This post is for people who do enjoy the theory craft and challenge. I think it will be interesting to find out what the damage limit is.

Tor Browser: Could a website or ISP detect modification to DOM done by users if Javascript is disabled?

I have Tor Browser (which is basically Firefox ESR) on "Safest" setting (Javascript disabled). We’re generally scolded about using extensions in it, as they can alter web traffic patterns to or from your browser, adding another fingerprinting vector by distinguishing you from other Tor Browser users.

If JS is turned off even in vanilla Firefox, and I apply modifications to the DOM (like CSS mods, zooming in etc.) after the website has finished loading, I can’t see how a website or ISP could detect what the user is doing in the DOM.

I know if you, for example, hide an element in CSS before it is fully loaded (such as the sidebar), the browser may skip downloading resources (such as icons) associated with the element. This would distinguish your web traffic patterns from other users. That’s why I wait till the page is fully loaded. I’m also careful to not trigger CSS media queries which can be set up to connect to a remote URL if triggered (or remove them first if they will be triggered).

I think the above should be enough to avoid distinguishing myself by my web traffic. Do you see any way I could be distinguished with only CSS & HTML?

What is the most damage that can be done in a single melee attack without features that double damage?

I’ve been trying to come up with builds that maximise burst damage recently, but I’m not much of an optimiser, usually preferring themes and/or roleplay.

I’d come up with something along the lines of a Paladin 3/Warlock 5/Bard 12, which could combine Eldritch Smite, Divine Smite and Psychic Blades (assuming College of Whispers) for a total of 9d8+8d6+7 damage (assuming maxed out CHA, Hexblade warlock to use that on the weapon, Dueling Fighting Style from Paladin, a maul as the Pact Weapon, and that Hex had been cast beforehand). This is before I started considering races and other aspects, then that’s when I started to feel out of my depth…

I looked up this question for inspiration: What is the most damage that can be done in a single melee attack?

However, I am disappointed with how many of the answers rely on an Assassin rogue’s Death Strike and/or a Grave Domain cleric’s Path to the Grave feature to double the damage; I mean, don’t get me wrong, they’re good answers, and I’ve even upvoted some of them, but they’re not what I’m looking for today. Given that I do not want to use those routes of doubling damage or getting reliable critical hits via Assassinate, I thought I’d ask the question again, but with a few extra restrictions.

So, what is the most damage that can be done in a single melee attack, within the following restrictions:

  • No features that flat out double damage, so the aforementioned Assassin rogue’s Death Strike and Grave Domain cleric’s Path to the Grave features are considered invalid for this build.
  • Nothing that relies on critical hits, so although it might be interesting to know what the damage would be on a natural 20 as an aside, I otherwise don’t want the build to optimise for critical hits, such as an Assassin rogue’s Assassinate or a Champion fighter’s Improved Critical; hence assume the hit is not a critical hit.
  • No Unearthed Arcana or third party or homebrew; only official 5e material.
  • Multiclassing, feats and Epic Boons are allowed.
  • No help from allies, this should be the damage that can be done by yourself.
  • No polymorph/wild shape, the damage must be by a playable race in its true form.
  • Any class, race, feat, spell or magic item is allowed so long as they are from official 5e material.
  • Assume that the build is for a 20th level character.
  • You can assume infinite convenient luck on things like Wild Magic, but nothing that can be used in an infinite loop to create infinite damage, as that defeats the purpose from my point of view.
  • You can have a round to prepare, so if you needed to cast a spell on the previous turn to set yourself up, that’s fine, so long as it doesn’t have a "flat out double damage" effect like Death Strike, Path to the Grave, etc.

Certificate validation details. How it’s done? [closed]

I’ve read this post where it says:

"…an attacker can still take the whole signed content and present it to you but won’t be able to change any details or the signature won’t match."

  1. How does the browser validate the details of a certificate and see its content like domain name, etc.?
  2. If a MITM wants to change anything, he would need to decrypt the cert, which is impossible, or simply change what he wants but then fail at the browser because, as mentioned above, the signature won’t match?

Have the D&D 5E designers ever done an official commentary about why they have designed certain rules the way they did?

I’m not asking for speculation or why people think the designers made the decisions they did. I’m looking to see if there’s evidence that they’ve ever done a developer commentary or something of the sorts that went into detail on their design decisions, or addressed popular questions from the community relating to that topic. Specifically, I went into this looking into official developer commentary addressing the design rationale for the true strike cantrip, but I couldn’t even find developer commentary of any kind while doing some searches with Google.

I know there’s a bit of issue with these types of questions, but I feel this is completely objective both in question and the types of answers it requests.

What is the damage done by Deflect Missile when deflecting a Crossbow Bolt?

Similar to this question, but way simpler.

The Monk Deflect Missile feature states:

If you catch a missile in this way, you can spend 1 ki point to make a ranged attack with the weapon or piece of ammunition you just caught, as part of the same reaction. You make this attack with proficiency, regardless of your weapon proficiencies, and the missile counts as a monk weapon for the attack.

The question is: assume a Monk is hit by a Crossbow Bolt and manages to nullify the damage. The same Bolt can be used by three different Crossbows (Hand, Light or Heavy), to deal 1d6, 1d8 or 1d10.

Does the damage used by the Deflect Missile depend on the weapon that was used to attack the Monk in the first place? That seems very weird, since the difference is pretty much only the speed that the crossbow fires the bolt – which is meaningless once the Monk has stopped the shot.

In particular, the text states the missile counts as a monk weapon for the attack. Does it mean we should use the damage from the Monk Dice?

You can roll a d4 in place of the normal damage of your unarmed strike or monk weapon. This die changes as you gain monk levels, as shown in the Martial Arts column of the Monk table.

The problem here is that it says you can replace the weapon damage for the Monk Dice (this is how I call the dice from the column), but not necessarily has to.

So, what dice do I roll?

What to do with players who have done something very stupid, but unwittingly?

I’m starting a new campaign. All fresh players.

In the first session I gave them a very shoddy, small barge, which I planned to have them trade for a ox-drawn carriage, as the ship itself didn’t have much life in it. The NPC that was going to trade this to them lowballed and offered 5 platinum pieces (50gp). The players, instead of objecting to this price, accepted. This, of course set them up to fail in the travelling aspect. I do feel bad punishing them for something they did not know of, but I don’t want to give them a sweet 16 and have a carriage magically appear.

How do I resolve a situation where players’ decisions prevent me from moving forward? How do I prevent situations like this happening in the future?

What can be done with Credit or debit card informations asked by websites?

Many websites ask for payment by entering information from Credit card such as VISA card/ Mastercard etc. Now, till date I knew that I should never tell anybody about these numbers. Then why these websites ask for credit card details and if (suppose) any of them have a malicious intent, then what can they do with these numbers?

Basically my question is, how it is being ensured that they will take the specific amount of money/ cost upon my consent; and without my consent they will not take money? Will the bank send me some verification code to my phone?

I never yet used online transactions and I am very confused to understand its steps, do’s and don’ts etc. I have searched Google and Quora but I didn’t find anything helpful.

I would be thankful if anyone can explain how this specific online transaction mode (by entering credit/debit card number) works and how an without-consent-transaction is prevented, preferably via a flow chart.

Many thanks in advance.