Origin of “Cookie” in Computing?

"Cookies" are a user-facing computing construct. They are codified in many technical specifications, including the earliest reference in an HTTP spec, RFC 2109, published February 1997.

Many claim the use in HTTP followed from UNIX "magic cookies." Eric Raymond provided a definition of what a "magic cookie" is:

Something passed between routines or programs that enables the receiver to perform some operation; a capability ticket or opaque identifier […]

OK.

But why did the UNIX community start using the phrase "cookie" to begin with? Is it because you put cookies into a jar, and take them out? When did this whole thing begin? Does anyone have a citation of the first usage?

What is the origin of the Leadership concept in D&D?

In 3.5 D&D there is a Leadership Feat. It allows you to gain a cohort and some followers, a whole bunch of followers if your score is high enough.

But, what is the origin of this Leadership concept in D&D, where did this idea of leading a whole group of people come from, and why is this even an option given that most games seem to revolve around only the player characters rather than characters + groupies? That would be a whole lot of people to keep track of if every player character was a leader!

I would like to know about the background and history of this concept in D&D, or is it new to the 3.5 edition?

Cross-Site Request Forgery from another origin

I’m trying to solve one of the challange of owasp juice shop. After some attempts, I started looking for a solution (this) and it’s exactly what I did, but it doesn’t work.

I’m running on a local docker the app (tried also online, but same problem).

On the console I get

Uncaught DOMException: Permission denied to access property "document" on cross-origin object

and it’s ok since that’s what I’m expecting to see, but when I go in the user profile the username didn’t change. In the network panel of the console I can see the packet being send (for the SOP I can’t see the response), so I don’t know what the problem can be.

What I’m doing wrong?Is my understanding of the attack wrong or is just a problem with the implementation of the webapp?

Enemy explosion offSet is displaced away from desired point of origin

In the game, when the enemy is hit and explodes the explosion animation appears offset to the bottom right corner of the dead enemy’s center point.

I ran tests to adjust the explosion positioning with no luck. The debugger says that “this.offSet.y” & “this.offSet.x” are -100. I can’t seem to know how to adjust that as well.

Image example:

enter image description here

Here are the code snippets & CSS for bonus:

Explosion JS

class Explosions {     constructor (assetName) {         this.count = 0;         this.offSet = undefined;         this.setOffSet(assetName);      }      setOffSet(assetName) {         let asset = GameManager.assets[assetName];         this.offSet = new Point ((asset.width/2)*-1, (asset.height/2)*-1);     }  createExplosion(position) {     let div = document.createElement("div");         div.classList.add("explosion");         let divId = 'explosion_' + this.count;         div.id = divId;         console.log(position);         div.style.left = (position.x + this.offSet.x) + 'px';         div.style.top = (position.y  + this.offSet.y) + 'px';         $  (GameSettings.gameAreaDiv).append(div);         setTimeout(function() {             $  ('#' + divId).remove();         }, GameSettings.explosionTimeout);          this.count++; }  } 

Explosion CSS

@keyframes explosion {     0%   {background-image: url("../../assets/explosion/smallexplode1.png");}     10%   {background-image: url("../../assets/explosion/smallexplode2.png"); }     20%   {background-image: url("../../assets/explosion/smallexplode3.png"); }     30%   {background-image: url("../../assets/explosion/smallexplode4.png"); }     40%   {background-image: url("../../assets/explosion/smallexplode5.png");}     60%   {background-image: url("../../assets/explosion/smallexplode6.png");opacity: 0.9;}     80%   {background-image: url("../../assets/explosion/smallexplode7.png");opacity: 0.8;}     90%   {background-image: url("../../assets/explosion/smallexplode8.png");opacity: 0.5;}     100%   {background-image: url("../../assets/explosion/smallexplode9.png");opacity: 0.3;} }  .explosion {   width: 100px;   height: 100px;   position: absolute;   left: 500px;   top: 300px;   animation-name: explosion;   animation-duration: 0.8s;   background-repeat: no-repeat;   z-index: 20; } 

Any indication what the cause is?

Let me know if there are any other snippets that needs adding, and if you can please be patient with me since I’m student programmer that is still learning.

Thank you

What is the origin of the term ‘quantum ogre’?

As I understand it, a ‘quantum ogre’ is a piece of game content that the party will be unable to avoid encountering. It’s a way of saving on prep time for the game master but that subtly removes player agency.

For example: when the party comes to a fork in the road, will they go left or right? This provides the players with the illusion that there is a meaningful choice to be made. However, the reality is that, whichever direction the party chooses the game master will decide that the ogre is (and has effectively always been) lying in wait on that path.

How long has the term ‘quantum ogre’ been in use and from where did it originate?

What is the origin of the goliath race in the Forgotten Realms?

I’ve always assumed that the goliath race are half-giants or pygmy giants or something like that. Something related to giants.

In the descriptions of the goliath race in 5e (in Volo’s Guide to Monsters and Elemental Evil Player’s Companion), it doesn’t actually mention the race’s origins, nor does it mention their relation to giants at all. It mentions that they know the Giant language and they are described physically as per the following:

Their bodies look as if they are carved from mountain stone and give them great physical power.

The rest of the description largely concerns their society and how they tend to think and act, etc, but does not elaborate any further on what they are or how they came to be. This may be because the descriptions are attempting to be setting-agnostic, so they don’t want to tie the race to their origins in the Forgotten Realms, but that leaves me with not much to go on regarding what the goliath race actually is.

I have heard that they are specifically related to stone giants, but since 5e doesn’t mention this, I’m unsure if this is derived from older editions of D&D or what? The Forgotten Realms wiki page, at least, mentions this under the “History” section:

It’s unclear how old the goliath race was or where they originally came from, but it was commonly believed that they were somehow related to stone giants or earth genasi.[8] Another origin story claimed that the first goliaths were humans who sought answers from their gods. These individuals climbed the Columns of the Sky mountain range to seek parley with their gods. It was said that the journey to the peaks turned the seekers into the first goliaths.[28]

Basically, what actually are goliaths? What is their race’s origin? Do they have any relation to giants in terms of “genetics†”? I’m interested in in-universe Forgotten Realms lore from any edition of D&D, not out-of-universe explanations for what might have inspired the designers to come up with the race.

† Note that “genetics” isn’t exactly the right term to use for magical fantasy universe races, but I use the term to make it clear that I’m not interested in the “relationship” between goliaths and giants from a social point of view; I don’t care what they think of each other, I’m only interested to know if goliaths are somehow derived from giants or not, in-universe.

With the existance of CORS, what further purpose does same origin policy serve?

I’ve been using CORS for a while and I think I understand it. But as far as I can tell, because the allow-origin header is provided by the server being called, which an attacker can control as they see fit, same origin policy cannot prevent an injected script from calling an attackers server.

Furthermore, by using my own server as a proxy, and spoofing headers, I can essentially make any HTTP call to any server in the world, regardless of their CORS settings.

Assuming an attacker can do whatever they want with their server, does this mean that same origin policy is dead?

What Same Origin Policy related risks are there with static pages?

I am wondering what risks there are if you have static pages on the same host that don’t trust each other. A key concept of Javascript and web security is the Same Origin Policy (SOP), which is also the reason why we need to avoid XSS. If there’s e.g. a blog on example.org with an admin interface on example.org/admin and an attacker can place some javascript on example.org/foo then the attacker can execute javascript that e.g. will create a new admin account or perform other actions on behalf of the admin. I generally understand how this is happening.

However I wonder the following: If the pages on example.org are all static, i.e. no forms that perform actions or endpoints that act on POST requests, does the SOP still matter?

I was thinking of attacks like: Can example.org/foo/ open example.org/bar/, but with manipulated content? This could be useful e.g. if example.org/foo hosts downloads that an attacker can manipulate or redirect. I have tried a few things, but I wasn’t able to perform such an attack. (One way might be ServiceWorkers, but they are path constrained, which limits possibilities quite a bit.)

And are there other attacks that one should care about in purely static scenarios?