In the end, how King Aella died is irrelevant. According to historian Roberta Frank, however, the notorious “blood eagle” is actually a sensationalist misreading of Viking poems gloating on the birds of prey picking over the defeated Aella’s corpse. The Saga tradition, however, begs to differ and has the Northumbrian King taken alive for the son of Ragnar to torture him to the Viking version of death by a thousand cuts. York fell to the Vikings in 866 and King Aella himself died six months later in an unsuccessful attempt to retake the city. English sources identify an Ingwar as a leader of the “Great Heathen Army”, but it’s the sagas that take us that tantalising step back to Ragnar himself by identifying this Ingwar as one of the sons of Hairy Breeches himself – Ivar the Boneless. If the saga version of Ragnar’s death is fiction, then the Viking capture of York is undisputed fact. With the venom entering his bloodstream, the dying man then made a terrifying prophecy – that his sons would descend on York to avenge their father’s death.ġ9th century artist’s impression of the execution of Ragnar Lodbrok How lucky then that he was still wearing the same protective clothing and King Aelle’s snakes proved powerless against him! But the magic left as soon as Ragnar was stripped of his clothes and the snakes crowded in for the kill. Stories have him fighting a dragon as a young man, and surviving only because he boiled his clothing in pitch beforehand. If we can believe the sagas, this wasn’t Ragnar’s first encounter with a serpent either. So the king was in no mood to offer hospitality to any stranded Vikings and when Ragnar refused to give his name, Aella threw him into that most unlikely of Yorkshire settings – a pit full of snakes. But he ruled a kingdom that was politically unstable: for several generations, it had suffered from Viking raids, starting back in 793 when the longships swooped down on Holy Island ( Lindisfarne) the spiritual powerhouse of Northumbria. Aella was a full-blooded historical figure whose rule of northern England was attested by the Anglo-Saxon Chronicles. Ragnar’s time was up when he was shipwrecked off the Yorkshire coast and fell into the hands of King Aella of Northumbria. The verdict is still out on whether there really was a historical Ragnar, but the lurid account of his death was enough to put York on the map as far as the Viking Sagas were concerned. The first to die was Ragnar Lothbrok (or Shaggy Breeches). Not one of them survived to make the journey home. Towards the end of their careers, each man sailed his longships upriver to Jorvik, or York. Ragnar Lothbrok, Erik Bloodaxe and Harald Hardrada are a trio of legendary Viking warriors.
0 Comments
The fusion reactionįusion reactions constitute the fundamental energy source of stars, including the Sun. This article focuses on the physics of the fusion reaction and on the principles of achieving sustained energy-producing fusion reactions. For more detailed information on this effort, see fusion reactor. Meanwhile, the potential peaceful applications of nuclear fusion, especially in view of the essentially limitless supply of fusion fuel on Earth, have encouraged an immense effort to harness this process for the production of power. For a detailed history of this development, see nuclear weapon. The vast energy potential of nuclear fusion was first exploited in thermonuclear weapons, or hydrogen bombs, which were developed in the decade immediately following World War II. In cases where the interacting nuclei belong to elements with low atomic numbers (e.g., hydrogen or its isotopes deuterium and tritium), substantial amounts of energy are released. Nuclear fusion, process by which nuclear reactions between light elements form heavier elements (up to iron). SpaceNext50 Britannica presents SpaceNext50, From the race to the Moon to space stewardship, we explore a wide range of subjects that feed our curiosity about space!.Learn about the major environmental problems facing our planet and what can be done about them! Saving Earth Britannica Presents Earth’s To-Do List for the 21st Century.100 Women Britannica celebrates the centennial of the Nineteenth Amendment, highlighting suffragists and history-making politicians.COVID-19 Portal While this global health crisis continues to evolve, it can be useful to look to past pandemics to better understand how to respond today.Student Portal Britannica is the ultimate student resource for key school subjects like history, government, literature, and more.This Time in History In these videos, find out what happened this month (or any month!) in history.#WTFact Videos In #WTFact Britannica shares some of the most bizarre facts we can find.Demystified Videos In Demystified, Britannica has all the answers to your burning questions.Britannica Classics Check out these retro videos from Encyclopedia Britannica’s archives.Britannica Explains In these videos, Britannica explains a variety of topics and answers frequently asked questions.More detailed descriptions of the experimental and analytic procedures are given for hydrogen detection using radiography and tomography on iron and steel samples. The examples are taken from the works of researchers dealing with titanium, palladium, zirconium, and iron or steel. In this contribution, the authors give a short historical overview of neutron imaging and show examples that demonstrate the spatial and temporal resolution of the neutron radiography and tomography methods in order to visualize and quantify hydrogen accumulations, absorption processes, and diffusion. Further, this method is nondestructive and provides local information in situ and in three dimensions with a spatial resolution of 20 μm to 30 μm. This new quality of the information on a micrometer scale allows new insights for the analysis of hydrogen-assisted damage mechanisms. This allows, e.g., the in situ measurement of hydrogen mass flow inside cm thick metal samples with a temporal resolution of at best 10 s using neutron radiography as well as the quantitative measurement of hydrogen accumulations, e.g., at the crack’s inner surfaces in hydrogen embrittled iron samples with neutron tomography. The necessary contrast between hydrogen and these metals stems from the high difference in the total neutron cross section of both elements. Neutron cameras allow visualizing hydrogen distributions with radiographic or tomographic imaging methods in iron (and steel) and many other metals. You can also upload and share your favorite grid autosport wallpapers. You can set it as lockscreen or wallpaper of windows 10 pc, android or iphone mobile or mac. Download grid autosport, codemasters racing, race driver wallpaper for free in 1366x768 resolution for your screen. Grid autosport wallpaper background download from the above widescreen, hd, mobile, iphone, normal, 4k, 5k, 8k ultra hd resolutions wallpapers for desktop, laptop, tablet, mobile phone and iphone background. 26 grid autosport hd wallpapers and background images. Grid autosport hd wallpapers in compilation for wallpaper for grid autosport, we have 19 images. Download this grid autosport grid grid autosport desktop wallpaper in multiple resolutions for free. Desktop, tablet, iphone 8, iphone 8 plus, iphone x, sasmsung galaxy, etc.įeel free to send us your andretti autosport wallpaper, we will select the best ones and publish them on this page. Grid autosport, sports car, cars is part of games collection and its available for desktop laptop pc and mobile screen. 2 phone wallpapers 2 art 2 images 2 avatars. At the end of this article, we hope that you will have plenty suggestion around grid autosport wallpapers so that you can use it as a basis for making current and afterforward decisions.Ģ6 grid autosport hd wallpapers and background images. Starting from counsel to grid autosport wallpapers and some example of pict nearly it. In this writing, we'll provide anything you want for grid autosport wallpapers. Our website frequently provides you with suggestions for refferencing the maximum quality video and image content, please kindly hunt, and find more enlightening video content and graphics that match your interests. The Ones with the more red and darker looking sky are the vanilla screens.If you are finding for grid autosport wallpapers pictures suggestion connected with to your interest, you have to come to the right blog. Most of the Screenshots are from Version 1.0. Credits for Codies for the nice fun racer, but the cockpits are a shame for me. If you have a lower system copy the system files of your backup or the files from the low midware folder in your system folder of your Game Directory.Ĭ:\program files\Steam\SteamApps\GRID Autosport Copy all the mod files in your Game Directory of Grid Autosport Ambient Occlusion for Global Illumination skymap changes for a more natural looking sky higher drawing distance with reduced fog terrainmaps and grass changes for better looking grass colours on brands hatch, hockenheim, istanbul, bathurst, spa, jarama francorchamps and Washington reworked tonemapping for all vanilla tracks reworked lighting for all Vanilla Tracks gammacorrection slider can be changed in 0.025 steps The Engine looks like Alpha Version and not like a new graphics engine. Look at the new Dirt Rally this engine is better for good car games as the new engine. I don´t know why codies use this engine for F1 2015. The Gridteam do a better job with the engine. The Egoengine of Grid Autosport is a lot enhanced as the engine of the F1 series. I began with the mod in the year 2014 and updated the most files for newer hardware specifications now. This is a huge very good racing community on racedepartment. I´ve released the mod for two days in a german forum. The Most of the Screenshots are from version 1.0. If you do not see the dates and current status, then this means that they are either not announced, or the game has already entered the release stage at the time it was added to the game database. Party Animals events, when there will be CBT, OBT and the release date of Party Animals in Russia or around the world you can find out on this tab. When to wait for the next stage of testing? What can the game boast about? Who is developing? When released? It’s all here. On this page you will find all the news, reviews and articles published on the game Party Animals. First of all, these are announcements, test dates, important details, first images and videos from the game. MMO13 is not chasing the amount of news, because our main specialization is new projects, including Party Animals, as well as everything related to them. Party Animals publications, latest news, reviews and articles on Party Animals. The game is available on PC (Steam) and has controller support. The Party Animals PS4 and PS5 release date hasn’t been announced yet. The fighters in Party Animals are common animals like puppies, kittens and dragon, which, although they look cute, can give a thrashing to anyone who encroaches on their treat. The project offers multiplayer battles in various arenas and in various modes: from dragging a gummy bear to full-fledged “battles” with dropping the enemy out of the level. You may have to select a menu option or click a button.Game review Party Animals Party Animals is a colorful arcade action game from Recreate Games and publisher Source Technology. Follow the instructions for disabling the ad blocker on the site you’re viewing.You may have more than one ad-blocker installed. You’ll usually find this icon in the upper right-hand corner of your screen. Click the icon of the ad-blocker extension installed on your browser.
Maximize Rewards From Your Business Purchases.How to Apply For a Small Business Credit Card.Top Reasons to Get a Business Credit Card.Business Credit Cards for Shipping Purchases.Business Credit Cards for Advertising Purchases.Best Credit Cards for Rental Car Insurance.Credit Cards with Airport Lounge Access.Keeping your footwear clean will help to extend their life so that they can continue providing you with exceptional protection for those epic hikes. Store them in a dry place and clean with a cloth to remove any stains or debris. Treat your shoes or boots with appropriate treatments to maintain their high quality. HOW CAN I CARE AND MAINTAIN MY HIKING SHOES AND BOOTS?Īftercare provides a longer life for your footwear, so keep them clean and treat them well. We support major brands and quality products that include sleeping bags, dry bags, duffel bags, travel bags, swags, hiking tents, hiking packs, gazebos and much more for all-round camping and hiking satisfaction. While exploring hiking shoes at Anaconda, take the time to investigate other high-quality gear and accessories that will enhance your outdoor experience. The hiking boots, hiking shoes, snow boots or even thongs you wear should suit your outdoor purpose, whether you are a day-tripper, overnight camper, hiker or mountaineer. The midsole and outsole should provide ample cushioning on rocky terrain, and hard-wearing, waterproof and breathable materials all improve Hi-Tec hiking boot performance. The material that is used affects the footwear's weight, breathability, robustness and water resistance. Hi-Tec Boots are made from top quality materials, which have been chosen with your safety and protection in mind. If you are not quite sure which of our Hi-Tec hiking boots and shoes would be right for you, then there are a few things that you should consider. There are lots of different hiking boots and shoes to choose from, and the ones that you want will depend on the conditions that you plan to hike in, how far you intend to go and what you find to be the most comfortable. WHAT DO I NEED TO CONSIDER WHEN CHOOSING FOOTWEAR FOR HIKING? Our extensive hiking boot, hiking shoe, walking boot, snow boot, water shoe and sandal range is second-to-none, and guaranteed to inspire you. We offer free delivery, afterpay, gift vouchers and our famous lowest available price guarantee on all stocked items.Īlternatively, visit your nearest Anaconda retailer and experience superior Hi-Tec cushioning and fit first-hand. Simply make a wish list, add products to your online shopping cart, and proceed to fast checkout. If you know the style and fit of hiking boot you are looking for, our online platform is a cinch to negotiate. Purchasing Hi-Tec Altitude boots or other hiking shoes from Anaconda is easy online or in-store. HOW DO I BUY HI-TEC PRODUCTS FROM ANACONDA? Waterproof hiking boots or hiking shoes are an essential component of outdoor apparel, and Hi-Tec provides highest quality at affordable prices. Anaconda best sellers include Hi-Tec Altitude VI, Lima Sport II, Altitude Base and Wild-Fire Low hiking shoe styles. The Hi-Tec range includes waterproof hiking shoes, hiking boots and walking boots suitable for Australian and international conditions. Hi-Tec are hiking shoe specialists, making the company a perfect fit for Anaconda. We get an in-depth look at the world’s political struggles through warring animal factions, splashes of colorful folklore passed down between generations, and the spiritual side of these creatures. There’s a real sense that the planet has naturally rebuilt itself into something new following humanity’s collapse. Biomutant is packed with narrative details, lore, and charming characters. The game uses that setup to create some rich and creative world building. Players control a foxlike creature who must save the Tree of Life by defeating giant predators known as Worldeaters that gnaw at its roots.īiomutant is a gorgeously designed game full of vibrant colors and awe-inspiring landscapes. The human race is seemingly dead, but animals have evolved in the aftermath. The Earth as we know it has been destroyed by a man-made ecological disaster. Starting overĭescribed as a “kung fu fable,” Biomutant is an action RPG that’s as adorable as it is morbid. It bites off more than it can chew when it comes to its scale, but it’s a promising start for a new franchise with a refreshing vibe. There’s still a high-stakes plot, crumbling buildings, and resource scavenging, but it’s all more of a fantasy slice of life.īiomutant is a delightful experience complete with inventive world building and strong RPG hooks. There are no people in the game, just mutated animals living their best lives. The long-awaited open-world game is set in a future where humanity has been wiped out entirely and nature has reclaimed the Earth. Biomutant’s lush and vibrant gamescape, spanning everything from snowy tundras to rocky deserts, serves as the backdrop to an epic fable of one creature’s journey to save his broken world.”īiomutant is now available worldwide on the PlayStation 4 and Xbox One, PlayStation 5 and Xbox Series X/S via backward compatibility, as well as PC. Players can look forward to unleashing these powers against surprise attacks from some of the most outlandish enemies ever confronted. “Biomutant’s ever-evolving hero has been called a raccoon, a red panda, and even a cat, but what remains most important is its unique, martial-arts-style combat system that mixes melee, shooting, and mutant abilities. If you are unfamiliar with Biomutant, here’s how THQ Nordic describes the gameplay. Tribes are divided and lacking proper leadership, and it all falls onto the player to make the hard choices to get through this survival story ends. Already racking up massive gains for Emracer Group, which could be a great indication for those who itching to get a sequel someday.īiomutant is an RPG open-world game that takes place in a post-apocalyptic fable world, where a plague is ruining the land and the tree-of-life is bleeding death from its roots. During the Embracer Group’s Q1 financial report, it has been revealed that THQ Nordic’s Biomutant has recouped all developmental costs within its first week on sale, and has so far sold more than 1 million copies.ĭuring the report, it was also revealed that Biomutant’s first week on sale was so successful that it not only recouped its developmental costs but also its marketing costs as well as the money Embracer Group has spent in acquiring the Biomutant IP and its developer Experiment 101.īiomutant was announced all the way back in 2017 and was released just 3 months ago on the 25th of May. It has a siren to alert you to the presence of an intruder and scare them away. This device sits somewhat in the middle of the others in terms of price but has a few features that are not common with the other cameras on this list.įor starters, the camera is on a 360-degree swivel base, so you really can get a complete view of your front or backyard, and it can tilt up or down. Note that this camera only works on the 2.4GHz Wi-Fi spectrum. But the slider can cover the camera lens and disable the microphone for those who may want to use it in a nursery or a room where you don't want constant surveillance. I don't use the built-in privacy slider in my particular use case. The 1080p camera produces fine images and has built-in two-way audio so that you can communicate with whoever may be on the other side of that lens through the Cync app. It is nice that if you want cloud storage, GE's Cam Cync offers a 30-day trial to see if you like it. Sure, I wish I could put a larger microSD card than 32GB in it, but it hasn't been an issue yet. I've been using this camera on my indoor porch to keep an eye on it, and this GE Cync camera has been great. Then there's the GE Cync Smart Indoor Security Camera, which offers a fast and easy setup with only the essential features.ĭon't mistake simplicity for bad. Some cameras are built with loads of AI features and require fine-tuning just to get started. But to avoid too many notifications, you can set custom activity zones so you won't be bothered by false notifications from trees swaying in the breeze. The loud motion detection alarm can scare away any intruder, but you can also carry on a conversation with visitors thanks to its two-way audio capability. While you can put up to a 256GB microSD card in the device, you can check out their cloud service with a 30-day trial of Kasa Care, should you wish to try out that option before committing to a subscription plan. This has proven a wonderful feature and is why I love using it on my patio. The camera also has an integrated LED spotlight that you can trigger manually or set to turn on when a person or motion is detected. The Kasa Outdoor Security Camera camera offers a pretty robust experience, with the ability to set up alerts and view live and on-demand video. This affordable security camera comes packed with a ton of great features, including IP65 weatherproofing, crisp 2K image resolution, color night vision, two-way audio, and up to 256GB microSD card capacity for a ton of on-device, local storage. Kasa makes some of the best smart home devices at both excellent prices and quality. I know this is a tough question to answer, but you really want to be ready with something specific when they ask this. If not, mention whatever work you’ve done that’s most similar. If you worked in data entry in the past and have a track record of succeeding in this type of role, mention that. In your answer, try to highlight one or two key qualifications you bring to the role. Why should we hire you for this job?Įmployers get a LOT of applicants for the average data entry job, and some employers might ask you directly in the interview, “why should we hire you?” Make sure you’re prepared if they ask this, and be ready to give a confident, clear answer without rambling on. If you want more help with this, I wrote a full article on handling the greatest strengths interview question HERE. You’d want to be able to continue quickly and confidently if they ask for an example, and say something like, “In my most recent job, we had a situation where _”… Be prepared to give an example of whatever strength you name. So you could say your greatest strength is your attention to detail, or your ability to work in a fast-paced environment while maintaining the accuracy of your work. If they ask you about your strengths in the interview, you should try to name strengths that are related to the type of job you’re interviewing for. So expect some data entry job interview questions about the industries you’ve worked in and the types of data you’ve dealt with in the past. This isn’t always a “hard” requirement, but is almost always seen as a plus. So it’s better if you’ve worked with similar types of data, or done data entry in a similar industry. In general, employers want to see as much similar past work as possible. If you’ve done data entry in the past, you’re likely to be asked for specifics about the type of data you worked with. I wasn’t in a dedicated data entry role, but we were a small start-up and I was the primary person responsible for this.” 4. “No, but I did manage customer records and transaction data in Excel at my last job, and I had to make sure it was entered promptly and accurately at the close of each month. If you have, you can say, “yes, I did this at ”Īnd then share what you’ve done that’s most similar. Be ready to answer directly and don’t try to avoid the question. They might directly ask you if you’ve worked in data entry in the past. Have you ever worked in data entry before? Then you can “tailor” your interview answers to highlight what they care most about! 3. The absolute best place to gain clues about what the employer is looking for is by studying the job description. If the job description mentions attention to detail, talk about how your past jobs required attention to detail. Well, even if you didn’t do data entry in the past, you’ll want to point to other jobs you’ve held that were fast-paced and required you to work accurately and quickly. And try to make everything sound as relevant as possible to data entry, if you didn’t hold this type of job in the past.įor example, maybe you saw in the job description that you’ll be working in a fast-paced environment. So be ready to go into more detail about past accomplishments. (Even if it’s listed on your resume already). Whether you held a data entry job before your current interview or not, employers are going to want to know what you did most recently. But I can say with 100% certainty – employers ALWAYS want to hear a reason why you want their specific job). (A lot of job seekers are surprised when I tell them that just saying, “I need a job to pay the bills” isn’t good enough. Then confirm that you’re interested in this type of work, and if possible, talk about one or two of your key skills or past experiences that you feel will help you succeed in this role. When they ask questions like this, you want to show you’ve done your research and know what their job involves. Expect to hear at least a few questions on this topic.Īnother variation you might hear is, “ why did you apply for this position?” Or, if this is going to be your first data entry job, they’ll ask why you want to do this type of work. This is one of the main types of questions you’ll hear in a data entry interview… Employers will want to know why you got into data entry or what you enjoy about it. Let’s get started… Top Data Entry Job Interview Questions To Practice 1. In this article, we’ll look at some of the top data entry job interview questions and answers to help you prepare to get hired! Common data entry interview questions include questions about your attention to detail, your ability to work in a fast-paced environment, why you want to work in data entry, and more. You drag it to the to-do bar or the tasks icon in the navigation pane. Creating a task out of any item like email, contact, calendar entry, or note is easy.You can even create multiple calendars and link and share to others’ calendars in your team. Outlook Calendar easily creates meeting requests and adds appointments and other events.For more advanced options, you can code macros (not too convenient). You can manage multiple email accounts with a unified inbox and add rules.Setup on its own (and the entire suite) could be more intuitive and clear-cut. For multiple accounts management and contact integration, Outlook is strong. It integrates with the Microsoft Office suite and provides a practical option for those who like having the whole package. Organization and customization are decent in Outlook but could be better. You can download this desktop client for Windows 10 or other versions, but there is also the option to use the virtual suite on its own. Outlook has been around for ages, with a reputation as a functional email program. Reviews PriceĪfter a free trial, plans start from $3.25 per month. Mailbird has dozens of third-party integrations to boost your productivity even more: Dropbox, Slack, Google Docs, Evernote, Asana, Google Drive and Calendar, and more. (You may start playing with the tones and can’t stop.) Parakeet email generator speeds up your communication and puts a smile on your face.Migration from any client is quick, simple, and reliable.The 24-hour responsive support services are free for all users!.Color coding helps distinguish different accounts in your inbox.Email tracking enables instant control over your message reading status.The first-ever speed reader saves time on reading emails by half and many others!.A rich unified calendar helps you easily juggle your tasks and appointments.Snooze helps you reach zero unread messages.Unified inbox helps you check and manage ALL your emails from virtually any email provider in one stream or switch between separate email accounts with one click.When you open a PM task and open the associated email message, it will open in Outlook and not Apple Mail. msg files, without asking every time.Īt this point, Microsoft Outlook should be your default email provider for composing new emails, and also for opening preexisting messages. Also, if you’re using Google Chrome as your default web browser, you can tell it to automatically open your. msg extension, which is proprietary to Microsoft Outlook. eml files, are opened via Outlookĭepending on your system, you may want to also repeat the steps above for the. ALSO, select “Change All” then click “Continue”, so that not only this file, but all.Change the “Open with” option to Microsoft Outlook.Find the email saved on the desktop, and right click it.Download the email message, so it appears on your Desktop or Downloads folder.Go to the files section of the task, and you will see the attached email file.Drag and drop an email message into a Priority Matrix project to make into a task (or just save as an.eml file extension with Microsoft Outlook, as follows: How do we do this? Simple: We associate the. Awesome! Then, you open the email from the task, and it opens in Apple Mail, but you want it to open in Outlook. So, you understand how to drag and drop emails from Outlook, and even create them as Priority Matrix tasks. Setting Outlook as the default app to open email files Once you do that, the next time you open a mailto link like the one above, it should open Outlook automatically. Click the “Default email reader” option, and select Microsoft Outlook.Open the Preferences menu, then select General.If you are able to open the Apple Mail app (most people do since it comes preinstalled with macOS), the steps to configure Outlook as your default email app are as follows: Making Outlook the default email composition app Additionally, you may want to make Outlook the default app to open email files, which normally end in an. If you want to use Outlook as the email app on your macOS computer, so that when you click on an email address like it opens Outlook automatically, you need to configure it first. You will be governed by the privacy rules and regulations of the host server service provider when using this client app. We do not ask or collect any personally identifiable information directly or indirectly as a condition for using this app. Chat with other users during the meeting.Lock-protected rooms: Control the access to your conferences with a password.Rejoin previous meetings by browsing the meeting history.Join meetings easily using the meeting code.Create meetings and share the meeting code directly from the app.There are no artificial restrictions on the number of users or conference participants.Jitsi promises better quality and lower latency. Meet Guru uses the free and open-source Jitsi Server in the backend to process and encrypt all the communication between users. Instant video conferences, efficiently adapting to your scale. Meet Guru is a free video conferencing and video meeting app that lets you stay in touch with all your teams, be they family, friends, or colleagues. How To: Install Jitsi Server Crosstalk Solutions 332K subscribers 127K views 2 years ago This video is a complete walkthrough of how to install and properly secure a hosted Jitsi video. Useful for conferencing, meetings and class room studies online from home. July 2, 2020: Version 2.3.Free video conferencing & meeting app that allows you to communicate anywhere.June 28, 2020: Vulnerability discovered and reported to June 30, 2020: Developers implement fix in commit ca1eb702507fdc4400fe21c905a9f85702f92a14.The fix was released in version 2.3.0 on July 2, 2020. Props to the Jitsi developers who implemented a fix just a few days later, on June 30, 2020, by filtering the URLs that may be passed to shell.openExternal() to only allow HTTP(S) URLs (see the fix commit). I confirmed that it worked using the latest release of the app at that time, version 2.2.0. I reported the vulnerability to the developers on June 28, 2020. As there were no uses of the exposed function in the code, I included a recommendation to remove it in my report. However, if an attacker somehow managed to achieve XSS in the renderer process, they could use this to escalate it into RCE. This was not a critical problem as the remote site is only loaded in an and thus doesn’t have access to the app’s window object. An attacker could use a link like this to lead a user to use their server without having to set the server URL in the app preferences.Īdditionally, the app exposed the shell.openExternal() function on the window object which could be accessed from the renderer process as context isolation is disabled. The attack surface was further extended by the recent introduction of a protocol handler that allows linking to rooms on external servers (using jitsi-meet:///dangerous-room). Below is a video demonstrating the exploit: desktop file on a remote server allowed for RCE on Xubuntu 20.04, as described in the other post. However, all the other protocols could still be used as discussed. In the case of this app, the attack surface was somewhat limited insofar as the external server is loaded through an and opening file: URLs was thus blocked. I have already written another blog post that goes into the details of the security problems with shell.openExternal(). As such, it is possible for an attacker to inject a malicious call to window.open() into the pages of their Jitsi Meet instance that will then allow them to pass arbitrary URLs to shell.openExternal() when a user uses their server with the app. These popup targets are however only used to handle windows that should always stay on top (see here) and are thus not a security check.Īs mentioned before, the app can be used with third-party servers. This hooks the creation of new windows to instead pass the URL to shell.openExternal() unless a popup target other than browser is registered for the URL and frame name of the new window. on ( 'new-window', ( event, url, frameName ) => ) |