How can I trace/debug the origin of a specific POST/JS variable in JavaScript in Firefox?

Premise: I’m trying to automate posting on Stack Exchange. Not for abuse, but to have my own interface instead of having to bookmark and use the various “StackSites” and being subjected to the insulting “Viewed 1 times” bug which is never fixed no matter how many times it’s reported.

I have everything ready except for one small detail: the POST variable “i1l” is only set through JavaScript, in an extremely convoluted manner, to the point where I’m convinced that it is specifically done to stop any kind of automation. (Also, to make it clear, SE prevents any client that doesn’t have JavaScript enabled from posting at all.)

I asked about it previously here:

One of the comments mentions Stack Exchange apparently being open source now, and links to a GitHub URL, but I searched all over it and found no mention at all of this variable. It’s only present in the (heavily minified/obscurified) JavaScripts loaded on the actual site. So clearly it isn’t open source after all, at least not fully.

As it’s a complete mystery to me how this variable is determined, and it needs the right value or else it doesn’t let you post, I’m wondering if somebody can tell me how to “debug”/trace this specific variable in Firefox.

I cannot use their API because it requires you to have an account and only use that, which is not good for privacy. I want to be able to “ask as guest” for the StackSites that support it, and the API doesn’t let you do that.

I frankly doubt it would help me much even if I could follow this variable around, step by step, because the JS code I have dug up seems absolutely nonsensical to me. The very name is extremely cryptic and nothing indicates what it would be used for if not to prevent people from posting.

Note: Even if I were to abuse this, which again I’m not, the “one post per IP address per 90 minutes” limit, as well as the constant “too much abuse from your network, sorry” messages make it nearly impossible to abuse anyway. I get those constantly when trying to post perfectly legitimate questions.

Is it possible too exploit CORS with double Origin value?

I found a website that has a well implemented CORS configuration, but for some reason i am able to insert 2 Origin headers in a POST request, and both of this values are reflected in the reponse.

so if i try:

Host: Connection: close Origin: Origin: 

The response will be:

HTTP/1.1 200 OK  access-control-allow-origin:, access-control-allow-credentials: true 

Is there any way to set this in a payload to be able to exploit this? How could i set the origin value for both of this to exploit it?

How does a CDN actually prevent DDoS attacks, when an origin server accepts direct connections?

I am trying to understand how a CDN (like Cloudflare e.g) does protect against a DDoS attack.

I would think that the internet traffic is routed through a CDN’s reverse proxy, then filtered. This assumes that the DNS record of the website in question points to a CDN reverse proxy of course.

Now, should I / must I have a Firewall at my orginal server that only allows connections from a CDN-related IP?

Note: In this support article, when under attack, Cloudflare suggest to change the origin IP and update some routing:

If an attacker is directly targeting your origin web server, request your hosting provider change your origin IPs and update the IP information in your Cloudflare DNS app. Confirm all possible DNS records are orange-clouded and that your name servers still point to Cloudflare (unless using a CNAME setup) before changing your origin IP.

Why do they not recommend using a Firewall? Now, their solution will have a short term effect, but can be circumvented easily.

Is changing only the IP bad advice? Am I understanding something wrong here?

Origin of ‘Air-Breathing Mermaid Charm’

The ‘Air-Breathing Mermaid Charm’ is a useful descriptor for a certain kind of negligence in writing of RPG books, and particularly their rules. The usual explanation of the phenomenon is that a mermaid write-up says nothing about breathing (making it easy to assume that mermaids, being half-humanoid-half-fish, can breath both in air and water), and then later a Charm says that it enables air-breathing for mermaids.

But I would like to know whether this is an actual race in some of the books and an actual Charm, or is it a purely ‘fictional’ example that is very loosely based on various less catchy-sounding Charms in the game? If the former, what book(s) is the example from?

Discrepancy regarding AoE point of origin between English and German PHB

I own both the English and German version of the D&D 5e Player’s Handbook. On pages 204 and 205 it talks about area of effect spells and whether or not the point of origin is included in it.

The English PHB states:

A [cone,cube,line]’s point of origin is not included in the [cone,cube,line]’s area of effect, unless you decide otherwise.


A [cylinder,sphere]’s point of origin is included in the [cylinder,sphere]’s area of effect.

While the English version differentiated between two types of point of origin, the German version states the same sentence for all 5 types. Which is a translation of the sentence used in the English version for the cone, cube and line.

Der Ursprungspunkt [des/der] [Kegels,Linie,Sphäre,Würfels,Zylinders] ist nicht Teil [seines/ihres] Flächeneffekts, es sei denn, du möchtest, dass er es ist.

Both the Basic Rules PDF and the System Reference Document use the same wording as the English PHB.

My English PHB says its version is:

Tenth Printing: October 2018.

While my German one says:

  1. überarbeitete Auflage, 2019

Is this a mistake in the translated version? If so, who can I report this too?

Origin and Actual Meaning of ‘Stress and Consequences are Not HP’

Over the course of my interactions with the fate community, I’ve repeatedly encountered the mantra that Stress and Consequences are not HP and should not be treated as such. The comparison can be split into two easily analysable bits:

  • Stress is not HP, in that, unlike HP, Stress is a fuzzy abstracted thing not necessarily mapped 1:1 to the concrete state of a character’s health.
  • Consequences are not HP, in that, unlike HP, they can affect the narrative, ability to act etc.

For a long time, I thought they’re contrasts against D&D, which supposedly treat HP as a measure of concrete medical facts about the character’s state. Because describing the system in contrast to D&D seems to be a big trend in the communities. But recently I’ve encountered a definition of HP in D&D, and found that it isn’t all that concrete, and largely shares many degrees of abstraction and fuzziness with Stress:

D&D 5e:

Hit points represent a combination of physical and mental durability, the will to live, and luck. Creatures with more hit points are more difficult to kill. Those with fewer hit points are more fragile.

D&D 4e (predating release of the current edition of fate):

Over the course of a battle, you take damage from attacks. Hit points (hp) measure your ability to stand up to punishment, turn deadly strikes into glancing blows, and stay on your feet throughout a battle. Hit points represent more than physical endurance. They represent your character’s skill, luck, and resolve—all the factors that combine to help you stay alive in a combat situation.

And even the way things were written initially:

Anyway, keep in mind that the OA/D&D systems were never meant to be combat simulators, and all wise DMs ignored the few portions that lead in that direction. Damage and hit points in any game are most probably based on game considerations that have nothing to do with actual human or animal frailties, if you will. […] In a game, details of such things are pretty well minor considerations, never to be dealt with in any sort of mechanic that is based on actuality, or else the whole reason for the game form, adventure on an onging basis with a heroic game persona, is lost.

(Emphases mine.)

Even our own tag wiki for hit-points states outright that they’re an abstraction.

So these descriptions of what HPs are seem to be invalidate my assumption that the former statement is based on overgeneralising HP from D&D to the understanding of RPGs in general or on assuming that the meaning of HP implies D&D HP.

But that, in turn, complicates my understanding of where the second statement originates from. If one isn’t to read ‘HP’ as ‘D&D HP’, then one can quickly discover that, for example, HP in GURPS or Health Boxes in Storyteller (WoD) do provide effects that affect the narrative, such as making it harder to perform certain actions, just as much if not more than Consequences can.

So it seems to me that neither the contrast to D&D, nor to the broader umbrella of the concept of HP in RPGs in general in its many implementations, can account for the origin of the mantra.

Thus I’d like to know: How did it originate? Was it a result of a misreading of the D&D definition at the time of publishing of fate-core, or is it based on comparison to HPs in a game where they simultaneously are concrete and yet don’t provide the effects that concrete state of being wounded would entail? Or is there perhaps another explanation for what the statement is meant to compare them to? Or is it a case of trying to oppose to a DeadUnicornTrope of HP?

Because to understand what ‘X is not Y’ actually means, one needs to understand what is meant by Y.

Intersection of O(n) expanding circles with line from the origin

I am interested resolving a programming challenge problem, but I’m struggling obtaining an efficient solution.

Consider yourself as a point located on the origin $ (0,0)$ of an infinite two-dimensional flat world. There are $ n$ sea waves surrounding you, each one modeled as a circle with center $ (x_i, y_i)$ , initial radius $ r_i$ , and propagation speed $ s_i$ , so that the radius of wave $ i$ as a function of the time $ t ≥ 0$ is $ r_i + s_i \cdot t$ . You choose any fixed direction and run “forever” at speed $ p$ . Will you be able to scape?

Some helpful restrictions given as assumptions are provided:

  • $ 1 ≤ p ≤ 1000$
  • $ 3 ≤ n ≤ 10^4$ [the number of circles $ c_i$ ]
  • $ −1000 ≤ x_i,\;y_i ≤ 1000$
  • $ 1 ≤ r_i ≤ 1000$
  • $ 0 ≤ s_i < p$
  • Except for $ n$ , all numbers are real, with at most three digits after the decimal point.
  • Initially, you are strictly outside all the waves.
  • There are not precision errors.

My solution so far is quite simple (I have programmed it in C++):

  • Each “fixed direction” to run forever is solely determined by the angle of that line with the X axis, namely $ 0 \leq \theta < 2 \pi$ .
  • For each $ \theta \in [0, 0.001, 0.002, \dots, 2\pi)$ :
    • Recall that the map is within the square $ [-1000, -1000]$ to $ [1000, 1000]$ , and the furthest distance between $ (0,0)$ and any point in the map has distance $ 1000\sqrt{2}$ . We advance at $ p$ speed, so at most we will compute $ 1000\sqrt{2}/p \approx 1414/p$ iterations.
    • For each $ t \in [0, 0.001, 0.002, \dots, 1414/p]$ :
      • My position at time $ t$ in line $ \theta$ is $ pos_t = (\cos \theta \cdot t \cdot p, \sin \theta \cdot t \cdot p)$ .
      • Check whether $ pos_t$ is inside any sea wave at moment $ t$ . Basically, check if the distance between $ pos_t$ and the center of each circle is less than that circle’s radius at moment $ t$ , namely $ r_i + s_i \cdot t$ . If so, bad luck; we’re done with this $ \theta$ and we continue the search.
      • If not, try with next $ t$ .
    • If no intersection is found after iterating all $ t$ s, then you will be able to scape (through line with angle $ \theta$ ).
  • If all $ \theta$ s got some intersections, then we are not able to scape.

This solution has cost $ \Theta(6000 \times 1400 \times n)$ , which is impractical for $ n \leq 10^4$ . Informally, and without being precise, the multiplicative term may be $ O(n^3)$ if $ n \leq 10^4$ is considered. Plus, it may not be correct, as I am assuming that $ \Delta t = 0.001$ is fine; same for the angle.

I have thought about another idea, which is reducing systematically $ \theta$ . For instance, let’s imagine that we’ve got a circle at $ C = (5, 5)$ (in the line of $ \theta = \pi/2$ ) with some small radius. From the beginning, we know that angles $ \theta = \pi/2 \pm \alpha$ will never be an option, being $ \alpha$ determined by tangent lines from $ (0, 0)$ to $ C$ and $ t$ ; the more time passes, the higher $ \alpha$ will be and thus the wider will be this range of restricted angles.

So, at moment $ t$ we have a set of ranges of possible $ \theta$ s, and that range is reduced as long as $ t$ increases (unless all waves have speed 0, for sure).

But how to continue from there? I see the same problems as with my implementation: determining $ \Delta t$ and $ \Delta \theta$ .

I ask for your help to find a better algorithm. I suspect that there may be an algorithm that is just $ O(k n)$ or $ O(k \cdot n \log n)$ with $ k$ being reasonably small.