Concrete example of how can Access-Control-Allow-Origin:* cause security risks?

I have done some research but have not found an absolute answer to my specific question. I understand the basic concept of how this header will allow or disallow website A from sending request and viewing response to resources on website B.

However, suppose website B set the header Access-Control-Allow-Credentials to false, and Access-Control-Allow-Origin: *, can this cause any concrete security risk to the user who is browsing website A (suppose website A is malicious)?

Proving a Greedy Algorithm is Incorrect by Providing Counter Example and Coming up with another correct algorithm

I want to come up with a counter example that proves the following greedy algorithm doesn’t work and give an alternative correct algorithm. The problem is I have an array of numbers and I want to reach the last element of the array in the minimum number of steps. At each step, I can move to any element with the same value, move forward one, or move backward one. The greedy criterion is to move furthest to the right as much as possible. For example, if we have array {1,2,3,4,1,5}, the algorithm will start at 1 move to 1 before the 5 then moves to 5 with number of steps of 2.

An an example of input instance that proves the given greedy algorithm wrong might be {1,2,1,3,2} where the given algorithm crosses the array in 3 steps whereas there is an optimal solution of moving from 1 to the second 2 right to last 2 in two steps. Now, what is a correct algorithm for solving this problem ?

Can a druid who is wild shaped into an ape cast non-verbal & non-material (somatic only) spells, example thunderclap? [duplicate]

Similar questions do not deal with “somatic only” spells (they only say “no” due to lack of access to verbal or material components, see the link)

Wild Shape states:

You retain the benefit of any features from your class, race, or other source and can use them if the new form is physically capable of doing so.

Could a druid wild shaped into an ape still cast non-verbal & non-material (somatic only) spells, for example:

Thunderclap: [..] Components: S [..]

My logic: Ape has hands = can clap?

Is Kenabres an extreme example for the view on Tieflings and demons at the worldwound?

In an answer to my question: Status of Tieflings with the worldwound defenders? Kenabres was used as an example for how tieflings were viewed.

While creating chars for a worldwound campaign one of my players and I came into a discussion about this. With how much Kenabres itself was mentioned there he thinks that Kenabres is absolutely extreme there while I’m thinking that it is more a typical city there with its views about anything Tiefling and Demonic.

Now my question is: Is Kenabres an extreme example for the view on Tieflings and demons at the worldwound?

Easy-to-describe example of uncomputable function

After teaching my philosophy of cognitive science undegraduates what a Turing machine is, I mentioned that there are functions that can’t be computing using a Turing machine. A curious philosophy major asked for an example of such a function. Most of the students in the class are not CS students and need not be mathematically adept, so I am limited as to what I can say, except to those students who want to hear more outside of class.

The only example of a particular function that is uncomputable that I could come up with off the top of my head was the halting problem, but that would have required a substantial digression, and it would seem quite obscure to most of the students if I walked them through it. It would also not be sufficiently useful to explain to the class why there must be uncountably many functions that are not Turing-computable. (First step: teach the countable/uncountable distinction.)

Is there an example of an uncomputable function that’s relatively easy to describe and understand–more so than the halting problem?

Understanding an example of an EXP-SPACE Problem

I am trying to understand the example given here of an EXP-SPACE time decision problem.

They write :

An example of an EXPSPACE-complete problem is the problem of recognizing whether two regular expressions represent different languages, where the expressions are limited to four operators: union, concatenation, the Kleene star (zero or more copies of an expression), and squaring (two copies of an expression)

Here is what I understand. Supposing I have some alphabet $ \Sigma = \{a,b,c…,z\}$ , then a regular expression is a pattern in order to specify the set of strings that belong to some language.

So for instance if I have two regular expressions, say

$ aa+a^{*}+bb^2$ then any string that satisfies this expression is in $ L_1$ (language 1),

$ abc$ then any string that satisfies this expression is in $ L_2$

Why does determining if these languages are the same in the worst case take exponential space. Further what is the size of the input ? I imagine it could be the sum of lengths of the two reg-expressions, but I am not sure.

Edit: If the Kleene star criterion is dropped, then I could see that we could simply create a set with all possible strings (the power set), and then compare the two sets.

What is an example of a completed player background?

I am looking for an example of a completed player background that conforms to the instructions / rules provided in the players handbook.

Hoping to find something that could be used as a kind of reference to help in constructing a background. Would be a background you imagine could be accepted into most campaigns in a mainstream D&D sense if there is such a thing.

Your character’s background reveals where you came from, how you became an adventurer, and your place in the world. PHB p.125

Direct mapped cache example

i am really confused on the topic Direct Mapped Cache i’ve been looking around for an example with a good explanation and it’s making me more confused then ever.

For example: I have

  • 2048 byte memory
  • 64 byte big cache
  • 8 byte cache lines with direct mapped cache how do i determine the ‘LINE’ ‘TAG’ and “Byte offset’?


  • i believe that the total number of addressing bits is 11 bits because 2048 = 2^11

  • 2048/64 = 2^5 = 32 blocks (0 to 31) (5bits needed) (tag)

  • 64/8 = 8 = 2^3 = 3 bits for the index

  • 8 byte cache lines = 2^3 which means i need 3 bits for the byte offset

so the addres would be like this: 5 for the tag, 3 for the index and 3 for the byte offset

Do i have this figured out correctly?

Is there a difference between editing HTTP messages manually or with burp for example? (WebGoat HTTP intercept exercise “problem”)

I am diving now into WebGoat, there’s this little exercise in the “general” tab calle d “http proxies” which asks you to use zap/burp to intercept and modify a request, this is what is being us asked.

enter image description here

I understood what is being us asked to do, but I don’t understand why if I change it manually it doesn’t work, whereas if I use the burp button “change request method” does, as it’s the same text at the end, am I missing something?

This is the original request

And here after I modify it with the button

The only difference is that I write that GET string manually and then add the ?changeMe=Requests+are+tampered+easily I don’t understand why it won’t work and it’s driving me nuts.

Oh and another thing, if I enter the x-request-intercepted:true below Cookie sometimes wont work, is it being considered body or what? (there isn’t a break line)