When I was a teenager we had some natural disaster and the highschools had to share sites, the way they did it was we did school 12-6. We would eat dinner togeather after school I think we enjoyed it despite not being the norm
I love these HiSilicon boxes, take a look at the OpenIPC project if you want to secure your device. It's open source firmware for these boxes, I want to give a big shoutout to Igor Zalatov and Flyrouter for all their support when working on these boxes http://openipc.org
@thu2111 He's giving you an attack chain.
If you rebind the dns server of the modem with a snmp/tr069 exploit you could redirect/inject into the http traffic a page that contained the javascript payload to exploit the Cable Haunt vulnerabiliy against the Spectrum Analyser endpoint. Because websockets doesn't use CORS to restrict the requesting hosts domain to the modem, you could execute code on the gateway modem from the internet with the combination of a client on the remote network running a http request from a browser combined with an alternative dns rebinding attack against the gateway and a server hosting the malicious websockets payload on a http server.
I recently had the frustration of trying to use a Vodafone ISP Supplied modem. It had a propietary interface which didn't allow using the modem as a bridge to a network not on a vlan. Along with the help of the awesome team at hack-technicolor we managed to find a command execution exploit in the dyndns updater which allowed us to free the Vodafone UltraHub Technicolor DGA0130VDF modem along with others. The device is a cool box running a Dual Core Broadcom 400MHz CPU with 256MB DDR3 RAM it's a DSL/WAN router with ADSL/VDSL, Wi-Fi 11b/g/n/ac 5GHz/2.4GHz, And SIP support for two phones. Also now a working WAN port to a non-vodafone gateway. The device was running openwrt; We also figured out how to keep persistance on the device after a firmware update to an unexploitable version meaning you can even have SSH running on the latest kernel from Vodafone too. In all had a great time working on this box and feels awesome to free an otherwise awesome device from the trash-heap!
https://github.com/kevdagoat/hack-technicolor/issues/68
The New Zealand Nuclear Free Zone, Disarmament and Arms Control Act 1987 is arguably the strongest anti-nuclear weapon domestic legislation in the world. It bans nuclear weapons and propulsion from New Zealand's land, sea and airspace out to the country's 12-mile territorial limits.
How is this related? Are you quibbling with the 10 mile figure in GP's comment? Or suggesting that NZ is some substantial portion of the hypothetical target market for GP's hypothetical nuclear cruise ship? Something else?
Nuclear-powered US military vessels (subs and aircraft carriers, at least) already sail all around the world. I guess they don't enter NZ's 12 mile zone, or get some exemption when they do.
I'm more getting at the facy that this is a link to reading an article
Not a link to a who-can-get rid of the popup the best contest
We're the people that build these systems and this is about design and usability and when you open a can of cola you would be upset if it were worms because it said cola on the front
I wonder how many hours of peoples lives are lost to trying to control the computer to get it to do what it said it was doing on the tin, rather than what is in the interests of the politics or the profit
I correlate it to the same level as clickbait and I'm sure their are other humans out their that get the same taste in their mouth when using the internet, and then go on to do other things instead, which means that they are potentially missing out on learning something vaulable in the future, because of an impression your design made in the past.
People should think more about the psycology of design and what the goal of the message of the content their sending is and try not to give into logic like this:
I publish my papers online, they are academic and educational; I want more money. I add ads or political messages onto the website that was before purely educational because it will help me aquire money. You are no longer selling a delicious can of cola but a terrible can of worms
Stock firefox, default tracking protection. I received a single nag about free articles that was easily dismissed. One first-party subscription ad at the bottom of the right column, another at the bottom of the article. No other ads of any kind.
I got two. For those that don't know, a good portion of these nagging modal windows play nice in the sense that pressing ESC closes them - good to be able to instantly dismiss them without having to hunt for the close button. The first one I saw could be closed with ESC, the second one required clicking "Close".
I wonder if anybody at Harpers ever looks at the numbers to decide if the popups should stay? They should have a minimum success rate that, if signups drop below, they get rid of the popups.
I'm not sure what you mean. For every thousand times it's displayed, how many times does the person viewing the page just close it and not act on the offer? If it's less than some very low number (maybe 30%), don't show it.
Or maybe show it after the article has been scrolled all the way to the bottom. It's a long article and at that point you know the reader might be interested in seeing more from you.
You're assuming Harpers is optimizing for not nagging people. That is not the case at all. They are optimizing for collecting email addresses. If you do not want to enter an email address and bounce they lost nothing, you weren't going to provide an email anyway.
In most javascript sandboxes if you request a domain from an site you are restricted by the same content policy. This makes it harder to do things like make requests to sites for example that don't use https when your on one that does use it.
I work with chromium using chromes debug protocol (CDP) to do automation. You'd be suprised how much of the browser your dealing with as a facade- they sell things like a headless browser that don't oblige by the most basic of requests given to the browser e.g hide all the scrollbars
that in addition to using double the resources and taking twice as long to preform any operations
I tell you that thing looks shiny on the surface but their is nothing their
I think the work should be done on building and making webkit, blink and gecko better as the referece implementations before we try and yet again make something shiny that can barely do the job it should be
also no support for plugins web interfaces on chrome headless meaning every time you want to test a plugin you have to bring up a virtual X11 server to deal with it
