Does Freedom of Movement allow one to use their Fly speed Underwater?

Our party is about to have a water battle next session and we plan to cast Fly and Freedom of Movement on a few of our party members to deal with a Blue Dragon attacking the ship.

My question is whether someone affected by both spells is able to use their Fly speed Underwater since the effects of Freedom of Movement states that swimming imposes no penalties to movement and attacks while benefiting from the spell.

I can’t find anything that says I can or can’t so I’m wondering which way to lean on this. Any advice is appreciated.

Can the Bandit Captain make a multi-attack after they used their ranged multi-attack?

The Bandit Captain has the following Multiattack text:

Multiattack. The captain makes three melee attacks: two with its scimitar and one with its dagger. Or the captain makes two ranged attacks with its daggers.

There is no amount of daggers mentioned, but usually the official adventures usually consider a bandit captain has one scimitar (cutlass?) and two daggers.

I read it as the following: the captain can either…

  1. perform two melee attacks with its scimitar and one melee attack with its dagger

or

  1. perform two ranged attacks with its daggers

Now, if the captain performs two ranged attacks with its daggers, I guess that they are thrown and that they subsequently have lost those daggers. And therefore they have two less daggers at their disposal.

When the Bandit Captain has no daggers anymore, can they perform any of their Multiattack? Can they still attack twice with their scimitar or are they restricted to a single attack with their scimitar?

Where is the line drawn for ethical hackers using stolen credentials in their paid services?

The very interesting question I have is when “ethical” hackers/pen testers harvestthese repositories of stolen credentials to then use them in pen testing for paying clients what ethical boundaries are broken? What laws are broken? If a lazy hacker leaves their captured credentials out on un insecure, public facing server and then an “ethical” hacker grabs them for their own paid services, it seems to me that it’s stealing already stolen goods.

What about a penetration tester taking credentials gathered from a paid/contracted job and adding them to a database to be used in future client jobs?

How is Telegram encryption is poroprietary, yet their client is open-source?

It is often noted (for example in this question&answer) that one of the major flaws of the Telegram messenger is that it uses ‘proprietary‘ encryption instead of peer reviewed and open-source one. At the same time the source code of the app is open-source.

How is this possible that encryption algorithm is ‘proprietary‘ (i.e. close-sourced and can not be reviewed) and yet open-source client is somehow is able to decrypt received messages. To explain what I mean (assuming end-to-end encrypted secret chat): message sent from device A to device B, in order to be end-to-end encrypted must not left device A before it encrypted and must not be decrypted until it reaches device B (at least that is my current understanding), if so – algorithm of encyption/decription must be contained in the client itself, so, how then such encryption algorithm could be considered ‘proprietary‘? What am I missing here?

Does a patron have to know their warlock?

Somewhat related to this question but in reverse. I want to know if a warlock’s patron actually has to be aware of their warlock. Could the warlock be, for example, siphoning power from their patron without them even noticing? The only one that specifically mentions this one way or the other is the GOO patron.

The Great Old One might be unaware of your existence or entirely indifferent to you, but the secrets you have learned allow you to draw your magic from it.

So is is possible for a warlock to know who his patron is but not vice versa? If it varies on a case-by-case basis the patron type I’m most interested in is The Undying.

Risks associated with developers using their own domain for development services

We have some development and test environments being served of our canonical domain, e.g. dev.example.com. We also have some services using obscure domains names from 3rd party providers like xjkhasdkjvhas.dns.ashdfb.3rdparty.io.

The canonical domain is maintained strictly by our sys admins.

Furthermore some services are not served on port 80 which means any new instances need to be opened on our company firewall. And also some of these services have dynamic IP which also causes our firewall to need updating/scripting.

To clean it all up I’d like our developers to use their own public dns, e.g. dev.ex.io. They can then standardise easily memorable names for services, create reverse proxies with certbot for dynamically changing services on obscure ports and also clean up our canonical DNS so it’s only used for production services.

Are there any real risks associated with this? The only thing I can think of is a public domain will provide clues as to our company and what services lie behind the domain (but that’s already an issue with dev.example.com). As long as developers don’t use this domain for production services is there a problem with this approach?

I’m going to play D&D as twins who had their minds’ merged. Any tips on playing two characters as a singular? [on hold]

So I’m going into a new campaign in D&D 5e as twins who were caught at a young age by mind flayers. Instead of being assimilated, they were found to be immune of the Illithids powers. Long story short, twins play as one character, does anyone have any tips for playing two characters as one in D&D? Advice on character creation is mostly what I need, I have an idea on how to play.

What are the ways my non-monk character can improve their unarmed damage?

My Goliath Barbarian / Fighter / Rogue hybrid killed somebody accidentally in a rage in their past, and has sworn an oath to never again wield a weapon to prevent accidentally killing somebody again if they fly of the rails.

Problem is, this is still D&D, and punching people for 1+strength mod+2 while raging is hardly going to impress anybody. He’ll primarily be a grappler, so it’s not that big a deal, but I’d still like to find some ways to improve his damage.

There’s a caveat however, I can’t take any feats, considering my classes are spread all over the place and I need the few attribute increases I can get.

These are the requirements:

  • Increases can come from magic items. I’ve found the Insignia of Claws in Hoard of the Dragon Queen, but that’s the only one I’ve found so far.
  • Can’t change my race into something else. I know Tabaxi, for example, have improved unarmed damage, but that doesn’t help my Goliath.
  • Can’t multiclass into monk or any other class. I just don’t have the levels left to start multiclassing into a 4th class, nor would I meet the wisdom requirement.
  • No feats. I know tavern brawler will increase my damage to 1d4, but I don’t have room for feats in this build because of its multiclass nature.