cors – Difference between `Access-Control-Allow-Origin: *` (wildcard) and specific origins

I have a mostly public API with some parts of it “credentialed” behind cookies, similarly to e.g. how WordPress’ REST API works. (In our case, it’s a GraphQL API but that shouldn’t matter.)

I want to enable CORS for it and am considering two options:

Option 1:

Access-Control-Allow-Origin: <dynamically return the incoming `Origin` header>
Access-Control-Allow-Credentials: true

Option 2:

Access-Control-Allow-Origin: *

(Plus other headers like Access-Control-Allow-Methods in both cases.)

For what I know, both are secure – no matter what the CORS headers say, browser’s cookie policy will apply and since we only use SameSite cookies, I think even if we serve this to https://evil.com, all should be OK:

Access-Control-Allow-Origin: https://evil.com
Access-Control-Allow-Credentials: true

There’s no real problem – the evil site will be able to read the public parts of the API (which they can already do via curl, for example) but they won’t be able to abuse a browser of a specific user that would be “logged in” to the API – cookies for our “site” will not be sent.

WordPress also uses Option 1 (for many years) and it’s secure enough – see e.g. this Trac ticket.

Still, I wonder why not use a wildcard – it’s simpler code (no need to dynamically read the Origin header), no need to worry about setting related headers properly (Vary: Origin) etc. The wildcard just seems simpler.

So my question is, why would I choose Option 1 for our API? What useful scenario does it unlock that wildcard prevents?

troubleshooting – What is the difference between flash control and flash compensation?

In the Nikon D5600 , there is the usual flash compensation setting where you can set it from -3.0 to +1.0
But there is also a setting called flash control in the menu , where you can set the flash to 1/32, 1/16 … all the way upto full.

Do both of these achieve the same thing, or is there any difference between these 2 ?

I tried both on the same composition . For flash compensation, image was brighter as it changed it from -3 to 1.
And for flash control also image was brighter as i changed it from 1/32 to FULL.
So, is there any difference between the two. ?

Learning algorithms- difference between a learner (the algorithm) having continuous access to the samples (oracle) vs getting all at start

Is there any fundamental difference between learning algorithms e.g. variants of PAC which have continuous access to examples on which to train (i.e. these are obtained as the algorithm runs, when called for), versus those which get a lump of samples from the start which they have to utilise?

What is the difference between “Apply image” and “From” when generating a windows docker image?

Recently I have been examining the manifests of images on docker hub to verify the base image matches my hosts. I have noticed a large number of manifests (e.g. https://hub.docker.com/layers/rancher/configmap-reload/v0.3.0-rancher4-windows-1809/images/sha256-c192eb4dea0c6e5817757f21e0b393b23d864c69cb2e3b9e5d2c6c17307dece1?context=explore) start with “Apply image” (e.g “Apply image 20H2-amd64”) versus the documented FROM (e.g. “FROM mcr.microsoft.com/windows:20H2”).

“Apply image” appears nowhere in the documentation for dockerfiles (https://docs.docker.com/engine/reference/builder/) and I’ve not been able to find anything with a google search (the term is too generic).

As best I can guess, this is a new feature for Windows containers that allows direct referencing of the OS versus the full registry path from Microsoft. However it seems strange that this is not documented by Docker.

database design – Is there a difference between these two data models?

Let us say I want to store on a database a userID, their nationality and if they are from the UK their UK passport number.

I could model this by having one table with userID as primary key, nationality as an attribute and the Uk passport number as an attribute , which exists only when the nationality is UK.

enter image description here

As an alternative I could have two tables, one with the userID as the primary key and the nationality as an attribute and a different table with UserId as the primary key and the Uk passport number as an attribute .

enter image description here

Is there a different between these two designs given I use a document oriented schema-less database ? Both approaches have a O(1) query complexity and the only difference I can see is that on the first one if you want to retrieve the passport number you have to fetch the whole object. Is there another reason I should prefer the second approach which also seems a bit more complex to develop ?

I am interested in arguments on maintainability and scaling as well .

What is difference between START WAL LOCATION, STOP WAL LOCATION, and CHECKPOINT indicated in the backup history file?

I am a bit confused about these locations. Could someone give a short definition for these locations.

enter image description here

rt.representation theory – Representations of $U_q(mathfrak{sl}(2))$ as differential / difference operators

$mathfrak{sl}(2)$ (over $mathbb{C}$) with basis $E_pm, H$ with commutation relations
$$
(H,E_{pm})=pm 2 E_pm,quad (E_+,E_-)=H
$$

admits the well-known representation on $mathbb{C}(x)$ with
$$
E_+ = partial_x,quad E_- = -x^2 partial_x + s,x,quad H = -x partial_x – s
$$

where $partial_x = frac{d}{dx}$. This representation is highest-weight with highest-weight vector given by $1in mathbb{C}(x)$. The parameter $s$ is free to take any value in $mathbb{C}$. Furthermore this differential operator realisation can also be used if one changes the space of functions on which we act. For example, the principle series representations can be realised in this way.

Question: Can highest-weight representations of $U_q(mathfrak{sl}(2))$ be realized in this way? I am aware that $U_q(mathfrak{sl}(2))$ admits a representation on the quantum plane $mathbb{C}_q(x,y)$ – this is not the representation I am looking for since that has a direct counterpart for usual $mathfrak{sl}(2)$.

I am familiar with the textbooks by Chari and Pressley and by Kassel but have not come across such a representation.

I have tried to construct it directly, granted using a rather naive approach and substituting the differential operator $partial_x$ with the $q$-differential operator $D_q$. This did not work due to the fact that the Liebniz rule for q-differentiation involves a multiplication by $q$ in the functions which are not differentiated. q-derivative

Does such a representation exist? If so please provide a reference – I am also interested in the generalisation to higher-rank cases.

focal length – Is there a difference between taking a far shot on a 50mm lens and a close shot on a 35mm lens?

Do you have a selection of lenses (or a zoom lens) now?

Shoot a table-top test with different focal lengths, repositining the camera to get tye same view of the foreground object. Then look carefully at the photos to see for yourself.

If you’re one of those peopke where this doesn’t just scream at you, it’s good to develop your eye to seeing the perspective.

For example, my wife takes still-life photos of food, and I say “too close! Back up!” and had to teach her to use the numbers (e.g. don’t use a focal length shorter than 40), as she doesn’t “see” the perspective when framing the shot. Even if she can “see” it in the final picture on a full-size screen, it’s too late.

In particular, the background (table and room beyond) becomes a sweeping expanse that dominates the composition, or even looks unnatural.

The other day, my Mom showed draft/concept of product shots she wanted, and knew that they didn’t look good but didn’t know why. I explained “because you were too close.” The bottles looked fatter on top and thinner at the base, because the distance was different and that distance was significant compared to the individual distances.

A person’s face will look bad if you shoot from closer than you would normally view a face. Percepually, you actually need a longer lens to look best because you view a photo as if seeing someone on stage or otherwise at a distance, beyond a normal personal conversation distance. So portrait lenses are longer again than the “normal” lens below which it simply looks bad.


I have an Alpha 6000 as you do, and use it for social events including getting pictures taken with people at an event, parties and gatherings, etc.

I use the 35mm f/1.8 OSS prime lens.

In real real situations, I still have a bit of a chore getting far enough away to frame a shot. The pictures look good. The 50mm would be too long, making it difficult to back up enough.

On the other hand, for portraits (close up to show just the face) the flatter perspective of the 50mm would look better, all else being equal. But I think that’s not the primary use for an ultra-portable camera. (Note that the 35mm is a normal perspective and ok enough for such shots, and great for anything that shows more than just the head. You can avoid crowding in and shoot the head-only by cropping the result, as you hace 25 megapixels to start with!)

So unless you have something completely different in mind, get the 35mm. Also lookmat renting first if you are not sure.

What is the difference between `fastboot reboot bootloader` and `fastboot reboot-bootloader`?

fastboot provides two methods for rebooting a device into the bootloader:

  • fastboot reboot bootloader
  • fastboot reboot-bootloader

How (and whyyyyyy) are these two commands different and when is it appropriate to use each?

Difference between ComputeBuffer and GraphicsBuffer in Unity?

At first I thought that ComputeBuffer‘s could only be used in compute shaders and that GraphicsBuffer‘s could only be used in materials. But Unity provides overloads for setting ComputeBuffer and GraphicsBuffer to both compute shaders and materials. So how do they differ?