hantsowl
Member of DD Central
Posts: 672 
Likes: 546
|
Post by hantsowl on Jan 3, 2017 1:08:46 GMT
I have been using FilterLoans on chrome for a few weeks now and all has been good.....until yesterday 😢 I suddenly had loans showing that were not included in my filter list. Checking the script I noticed that it had somehow upgraded itself to version 1.8 and of course wiped out my config changes. Is this auto upgrade expected, and it so is there a way to run it manually instead? I didn't know this auto upgrade was on by default. I'd hate to lose my settings too. I believe the best thing is to turn off the auto upgrade. I believe this setting may do the trick: Tampermonkey settings tab
Option: "Check Interval" Never. See picture below:I didn't find the option to disable update on a script-by-script basis. Thanks for that.
|
|
|
|
Post by wonder on Jan 3, 2017 8:46:10 GMT
Hi. Thanks! Before hitting F5, it read: "Failed to load resource: net::ERR_BLOCKED_BY_CLIENT". After hitting F5 it reads: "GET s.adroll.com/j/roundtrip.js net::ERR_BLOCKED_BY_CLIENT", and when I hit the little arrow-tab thing, I see: Kf @ gtm.js?id=GTM-WMXL92:36 r @ gtm.js?id=GTM-WMXL92:37 __asp @ gtm.js?id=GTM-WMXL92:11 sf @ gtm.js?id=GTM-WMXL92:35 (anonymous) @ gtm.js?id=GTM-WMXL92:104 ag @ gtm.js?id=GTM-WMXL92:106 jg @ gtm.js?id=GTM-WMXL92:43 a.push @ gtm.js?id=GTM-WMXL92:112 (anonymous) @ gtm.js?id=GTM-WMXL92:112 Lf @ gtm.js?id=GTM-WMXL92:38 (anonymous) @ gtm.js?id=GTM-WMXL92:113 (anonymous) @ gtm.js?id=GTM-WMXL92:115 What strange magic is this??? None is issued by the script. I have those "BLOCKED BY CLIENT", and I believe it is the Adblock extension. No problem there. But this gtm.js may be interfering. It seems something like Google Tag Manager. Do you have any extension with the name resembling Tag Manager or GTM ? Try disabling it to see if that's the issue. Hi. I've now turned off all extensions, except for Tamper Monkey. Now, when I hit F5, I get: roundtrip.js:42 'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead. window.__adroll.m.getEmailVar @ roundtrip.js:42 window.__adroll.m.findAndSetEmailVarCustomData @ roundtrip.js:43 (anonymous) @ roundtrip.js:33 window.__adroll.m.addLoadEvent @ roundtrip.js:7 window.__adroll.m.render_pixel_code @ roundtrip.js:31 (anonymous) @ roundtrip.js:51 (anonymous) @ roundtrip.js:51 and: 'webkitIndexedDB' is deprecated. Please use 'indexedDB' instead. window.__adroll.m.getEmailVar @ roundtrip.js:42 window.__adroll.m.findAndSetEmailVarCustomData @ roundtrip.js:43 (anonymous) @ roundtrip.js:33 window.__adroll.m.addLoadEvent @ roundtrip.js:7 window.__adroll.m.render_pixel_code @ roundtrip.js:31 (anonymous) @ roundtrip.js:51 (anonymous) @ roundtrip.js:51 Huh??? Help me Obi Wan Orisky! You're my only hope!!!
|
|
|
|
Post by wonder on Jan 3, 2017 9:27:39 GMT
Hey 0risk!
Now, your script seems to be doing something! The Force is strong with you! Thanks!!!
Of course, being a techno-idiot, I still have questions.
The main reason I want to run your script is so that I can work on other stuff, and then be alerted when a nice loan comes up that I can buy. What is the definition of "a loan to buy" for purposes of the beep? How do I set it if, for example, I want to buy any loan for which £50 or more is available, and it is overdue by less than 100 days? Do I need to go through the list of live loans, and input the loan number for each one I want to buy?
Also, I notice that auto-refresh seems to work if the Saving Stream tab is in background, or if my cursor is up in the bars at the top of the screen. If the Saving Stream window is in the foreground and the cursor is in the middle of the page, then the auto-refresh seems not to work consistently. Not a major problem, but I thought I'd mention it.
Thanks for your excellent work on this!
|
|
0risk
Member of DD Central
Posts: 217
Likes: 202
|
Post by 0risk on Jan 3, 2017 11:48:00 GMT
Hey 0risk! Now, your script seems to be doing something! The Force is strong with you! Thanks!!! Of course, being a techno-idiot, I still have questions. The main reason I want to run your script is so that I can work on other stuff, and then be alerted when a nice loan comes up that I can buy. What is the definition of "a loan to buy" for purposes of the beep? How do I set it if, for example, I want to buy any loan for which £50 or more is available, and it is overdue by less than 100 days? Do I need to go through the list of live loans, and input the loan number for each one I want to buy? Also, I notice that auto-refresh seems to work if the Saving Stream tab is in background, or if my cursor is up in the bars at the top of the screen. If the Saving Stream window is in the foreground and the cursor is in the middle of the page, then the auto-refresh seems not to work consistently. Not a major problem, but I thought I'd mention it. Thanks for your excellent work on this! I'm glad to see it's working now. So was it a conflicting extension? Most of the settings are only for purposes of highlighting (bold) and hiding loans: available amount (minValue), good term, minimum rate, invested amount, good and bad loans. They don't do any action to buy. You have to use the buyLoans option if you want the script to open a new window and fill the amount you're willing to buy (there's no problem to bid more than what's available). And yes, you have to go through the list of all live loans once, selecting them and editing the configuration (make a copy somewhere, you may lose this configuration setting). You can then run on background, and when a loan which is in the list is found, a new tab is opened, and a beep alerts you. When you use the mouse or keyboard on the SS tab, the autorefresh timer resets. That's a feature not a bug :-)
|
|
sikas
Posts: 11
Likes: 11
|
Post by sikas on Jan 3, 2017 12:29:29 GMT
this is awesome, thank you!
|
|
|
|
Post by wonder on Jan 3, 2017 12:51:38 GMT
Hey 0risk! Now, your script seems to be doing something! The Force is strong with you! Thanks!!! Of course, being a techno-idiot, I still have questions. The main reason I want to run your script is so that I can work on other stuff, and then be alerted when a nice loan comes up that I can buy. What is the definition of "a loan to buy" for purposes of the beep? How do I set it if, for example, I want to buy any loan for which £50 or more is available, and it is overdue by less than 100 days? Do I need to go through the list of live loans, and input the loan number for each one I want to buy? Also, I notice that auto-refresh seems to work if the Saving Stream tab is in background, or if my cursor is up in the bars at the top of the screen. If the Saving Stream window is in the foreground and the cursor is in the middle of the page, then the auto-refresh seems not to work consistently. Not a major problem, but I thought I'd mention it. Thanks for your excellent work on this! I'm glad to see it's working now. So was it a conflicting extension? Most of the settings are only for purposes of highlighting (bold) and hiding loans: available amount (minValue), good term, minimum rate, invested amount, good and bad loans. They don't do any action to buy. You have to use the buyLoans option if you want the script to open a new window and fill the amount you're willing to buy (there's no problem to bid more than what's available). And yes, you have to go through the list of all live loans once, selecting them and editing the configuration (make a copy somewhere, you may lose this configuration setting). You can then run on background, and when a loan which is in the list is found, a new tab is opened, and a beep alerts you. When you use the mouse or keyboard on the SS tab, the autorefresh timer resets. That's a feature not a bug :-) Hi. I don't know what the problem was. I fiddled with various extensions, etc., and then it just started working! It is very cool. You are a Hero!
|
|
|
|
Post by solicitorious on Jan 3, 2017 18:26:52 GMT
Thanks for the effort, but accessing a large part of my life savings through something called TamperMonkey?
I think I'll pass...
[@mods, do you have a policy on these things? I'd get one, pronto...]
|
|
twoheads
Member of DD Central
Programming
Posts: 1,089
Likes: 1,192
|
Post by twoheads on Jan 3, 2017 22:32:05 GMT
Thanks for the effort, but accessing a large part of my life savings through something called TamperMonkey? I think I'll pass... [@mods, do you have a policy on these things? I'd get one, pronto...] Don't let the name put you off. I agree it sounds  but this package allows users to customise an existing site and, in this case, make it better.
I don't think mods are required. You have clearly been able to make your choice without them.
|
|
lobster
Member of DD Central
Posts: 636
Likes: 467
|
Post by lobster on Jan 3, 2017 23:07:35 GMT
Thanks for the effort, but accessing a large part of my life savings through something called TamperMonkey? I think I'll pass... [@mods, do you have a policy on these things? I'd get one, pronto...] It can only be a couple of decades ago when plenty of folks were saying : "... accessing a large part of my life savings through something called the "World Wide Web" ??
I think I'll pass..."
|
|
|
|
Post by solicitorious on Jan 3, 2017 23:18:11 GMT
There are risks, and then... there are RISKS.
Why try to accumulate them?
"Faites vos jeux, messieurs, dames!"
|
|
registerme
Member of DD Central
Posts: 6,624
Likes: 6,437
|
Post by registerme on Jan 3, 2017 23:40:13 GMT
This is under active discussion by the mod team at the moment. We have yet to reach a conclusion but there are valid reasons to be concerned.
* How is the integrity of such tooling guaranteed going forwards?
* What could the (perceivable?) promotion of such tooling mean for the forum, and, of course, lenders' funds and the platform itself?
Absolutely the best solution would be for the platform to provide functionality that rendered such "third party tools" redundant. savingstream , any thoughts on this?
|
|
twoheads
Member of DD Central
Programming
Posts: 1,089
Likes: 1,192
|
Post by twoheads on Jan 4, 2017 0:20:30 GMT
This is under active discussion by the mod team at the moment. We have yet to reach a conclusion but there are valid reasons to be concerned.
* How is the integrity of such tooling guaranteed going forwards?
* What could the (perceivable?) promotion of such tooling mean for the forum, and, of course, lenders' funds and the platform itself?
Absolutely the best solution would be for the platform to provide functionality that rendered such "third party tools" redundant. savingstream , any thoughts on this? I look forward to your published conclusions.
If this browser extension was my work, I would be proud of it and more than happy to share the benefits.
It is something that any sufficiently able programmer can make and it is credit to it's originator, 0risk, that it has been shared in order that all may gain the advantages it provides.
If there are those who do not wish to use this extension then that is their decision. I do not use it because it is not compatible with my browser of choice. I have made something similar for myself but I have not shared it because it is not so easy to use.
The point is: this extension is freely available. Banning enhancements such as this on this forum will have no effect. The sources will simply move to other arenas for distribution and thus the advantages they provide will be restricted to the few who know where to look.
At least if these software enhancements remain on this forum, then the users here may make their own choice rather than have that choice made for them.
|
|
|
|
Post by solicitorious on Jan 4, 2017 9:06:44 GMT
I tried but didn't find a good article about the safety of Tampermonkey/Greasemonkey scripts. You couldn't have tried too hard, "0risk", and "twoheads" may not always be better than one.... "We describe the architecture of Greasemonkey and perform
a large-scale analysis of the most popular, communitydriven,
script market for Greasemonkey. Through our analysis,
we discover not only dozens of malicious scripts waiting
to be installed by users, but thousands of benign scripts
with vulnerabilities that could be abused by attackers. In
58 cases, the vulnerabilities are so severe, that they can be
used to bypass the Same-Origin Policy of the user’s browser
and steal sensitive user-data from all sites. We verify the
practicality of our attacks, by developing a proof-of-concept
exploit against a vulnerable user script with an installation
base of 1.2 million users, equivalent to a “Man-in-the-browser”
attack." [p1]www.securitee.org/files/monkey_asiaccs2014.pdf[This article goes into great detail - I've removed any direct posting per the copyright instructions]
uk.sans.org/reading-room/whitepapers/forensics/analyzing-man-in-the-browser-mitb-attacks-35687
"Man-in-the-browser attack uses Trojan horse to manipulate the communication between the user and the browser. It is unlike the common type of web application attack in which an attacker manipulates the communication between the user and the web server. The Trojan horse takes advantage of a browser vulnerability to launch the attack against the two factor authentication. In this case of attack, the two factor authentication wouldn’t be able to protect the information of the user."
"The man-in-the-browser attack depends on the Trojan horse; so, the first step in launching the man-in-the-browser is to target the victim’s computer. An attacker may use several ways, including social engineering techniques, to target the victim’s computer. There is a difference between targeting the specific victim and creating a plan that can target a massive amount of computers (like creating a Trojan horse and spreading it via extension)"
"The bank server has received the transaction from a legitimate and authenticated user so it performs the desired task; and at the end of the transaction, the web server releases a receipt. The Trojan horse can modify the receipt, too; and then it displays the receipt of the original transaction to the user. From the user and the bank server’s point of view, everything is good; but the man-in-the-browser attack has been completed and the money successfully stolen."
"So the man-in-the-browser attack is a very dangerous attack because neither the bank server nor the user can detect it. This is the point where the powerful authentication (two factor authentication) has failed."
"The man-in-the-browser attack is a very dangerous attack because the Trojan horse that has been designed to perform the attack has a very low detection ratio."
"Your anti-virus and firewalls are not enough to protect your computer from the latest challenges, and hackers are always trying different and new techniques to hack into your computer. Security awareness and user education are important steps that really help to prevent most of the online attacks. Do not trust third party software and extensions."resources.infosecinstitute.com/two-factor-authentication/#gref
|
|
spiral
Member of DD Central
Posts: 967
Likes: 486
|
Post by spiral on Jan 4, 2017 9:13:43 GMT
We just need to be concerned when the code says var loggedin = [0risk]; // check if 0risk is logged in var sell = [ALL]; // Place all of my loans on the market  |
|
bababill
Member of DD Central
Posts: 529
Likes: 245
|
Post by bababill on Jan 4, 2017 10:47:22 GMT
Mods please consider removing p2pindependentforum.com/user/647 post above as he has not complied with the permission to quote as per the first page of the first sentence of the introduction in the referred to link. Even if it is very interesting. |
|
but this package allows users to customise an existing site and, in this case, make it better.
