actually yes. My last gf was a model and the one before that could have been. My only problem is shyness - the girls I've gone out with have asked me out, not the other way around.
Whats eerie, though, is the number of gay men that have hit on me. Yikes. I don't know why that happens, I'm not interested in the least.
I've wanted to see this for a while. My current hobby projects consist of learning assembly, learning how to make a compiler, and trying to get a good understanding of what happens behind the scenes when using a higher level language.
I would love to be one of those guys who can eyeball compiler-generated assembly and quickly identify parts that can be optimized. Since I can still easily bring the fastest machine to its knees in terms of processing I think optimizing techniques and assembly are far from obsolete.
One good reason for using ASP(and one thing that separates ASP from PHP) is that you get to use ActiveX Data Objects(ADO). ADO is a layer built on top of ODBC that simplifies programming. It will work with any ODBC aware database such as Oracle or mySQL. In my opinion, this makes for a very clean way to do database programming.
You can execute any SQL commands or stored procedures with ADO, in addition you get a Recordset model that lets you do things like test for the beginning or end of recordsets, use the MoveNext-MovePrevious-MoveLast methods, and lets you do paging easily. You get the use of cursors, and you can choose the type of cursor depending on whether you are reading, updating, inserting, or deleting records(a read-only cursor is fastest of course).
I have yet to see as clean of a database programming model as ADO.
I'll be getting to try Chilisoft as soon as my new RS6000 running AIX gets here. Since I've written a lot of ASP code already, I'm interested in trying this. However, I use lots of COM components, so it may not work very well. But I can see offloading some mundane tasks to UNIX servers running Chilisoft.
Well, as one who is at times mildy amused by the trolls around here(such as qpt) I was a bit disturbed with the story of a certain slashdot poster, Ryan Koppenhaver or something like that.
Basically, he was an annoying guy and there were a few fake accounts ala Signal 11 or OlympicSponsor making fun of him. He managed to get ahold of one of these fake accounts by finding the password to it in one of the troll forums/sites. When he went to change his password, Slashdot dutifully emailed his IP address to the troll who made the fake account. They then did some basic tracking. They were able to glean his email address, his school, and finally his home phone number. Needless to say his website was DOS'd and his answering maching was left strewn with messages being the aural equivalent of goatse.cx.
You can read all about it on geekizoid.com, a slashdot copy/troll site. Yep, its enough to make you want to be careful.
only reliable ways to guard the integrity of TCP sessions are cryptography...
Meaning that most sensitive information is safe, since it is already encrypted by SSL/PGP/SSH. Anyone who wants to safeguard their communications is already doing this. And most of us sending things over the net non-encrypted realize that someone can intercept and read the data if they wanted to.
As far as your comment on hijacking the current session, I believe the vulnerability is in impersonating a separate session entirely by guessing the ISN.
Either way, since everyone is already encrypting important data, this is NO BIG FUCKING DEAL.
Question: I have been pondering implementing one-click on my bookstore website, page1book.com(apology for the gratuitous self-promotion).
I am a single developer, and have yet to complete my bachelors. Yet, I believe I can implement this feature on my site in less than a week. The only reason I have not done so yet is because I am the sites sole developer and have not yet had the time to get around to this feature.
Wouldn't a feature that could be completed by a single non-degreed programmer in less than a week qualify as 'obvious'?
if the ISN is not chosen at random or if it is increased by a non-random increment in subsequent TCP sessions, an attacker could guess the ISN
OK, so there is a random number known only by either end of a TCP session. If the number is not random, then a hacker could guess the number and spoof packets.
Two questions - 1) if this "problem" has been around since the mid-80's why has it never been exploited?
2) How hard can it possibly be to generate a random number, even for a simple OS installed in a router?
This problem to me seems to be a non-problem, but you networking gurus might have a different story.
C'mon, its a freakin 486, and the site is running on it. Of course its slashdotted. Think firewall or DNS/DHCP server, possibly a static web page server for an intranet.
Doesn't Oracle do exactly the same thing? AFAIK, you have to get permission to publish benchmarks. So what. Its in the licence.
Something is definitely fishy with their hardware if Win2K is twice as slow as NT4. I've run both servers with SQL7 intensively. You couldn't pay me to move back to NT4. 2000 isn't all that much faster, but it is much more stable and its a lot easier to use and administrate.
Want some real benchmarks? Try here. Notice a pattern? SQL Server is the fastest database server in the world. Not only that, but Win2K is in the top four slots. 2nd place is a DB2 server on Win2K. Here are real, industry standard tests performed by an independent organization, not a company with an agenda to promote or magazines to sell.
I'm not sure what the point of this article is, other than to stir up more mindless MS-bashing. Well, Timothy, maybe you should try SQL Server or another real database. Pretty much every day around noon we get the same problem because Slashdot can't handle displaying stories while lots of people are posting. A real database would do wonders to fix that.
Read to the end of my comment. I know you are only supposed to pass the ProductID and Quantity in form/hidden field/querystring values. Thank you for the lesson, but I've been doing this for years. All I was trying to do is explain why this is common. You had a lot of inexperienced developers being rushed, and they made some stupid mistakes.
thank you. I know that. My shopping cart does this exactly, if you'll read the whole of my comment, you'll see that. I was just trying to explain why this is common.
actually if you read my comment past your "blah blah blah" you'll see I said exactly the same thing. I was just trying to explain why this was so common.
All shopping carts that I have ever seen specifically allow the user to update data. They almost universally allow you to change the quantities and to add and remove items to a cart. This involves an update to the database usually(exceptions being a file-based cart or a cart stored entirely in memory).
Additionally, HTML does not keep state - meaning all data values in the cart must be passed somehow - usually either a cookie, a hidden form element, or in the query string(everything you see after the ?).
Compounding all this is that many dot-com sites were rushed to market. Speed was the ultimate requirement dot-com developers had, not security, not soundness of algorithms used. Yes its stupid, but add all this up and you have a lot of insecure websites. (Mine however only allows price input to the cart from values in the database itself and is additionally protected by an OpenBSD firewall:) )
I agree completely. And the funny thing is, they do that because all the usability gurus like Jakob Nielsen say you should never make your user scroll - break up that text into several pages.
Makes you wonder how they figured that was more usable, because its not.
I've been thinking about the whole P2P-as-replacement-for-Napster issue lately, and its my understanding that P2P programs such as Gnutella have major scaling problems to be a wholescale replacement for Napster should it be legislated out of existence.
However, if Napster simply opened their code and their database, we would see Napster mirrors spring up all over the place.
I think thats the solution, rather than pure P2P, which is flaky at best given the current internet protocols. Unless someone comes up with a P2P replacement for basic things like TCP/IP and DNS, file sharing will continue to be handled best by servers.
So I say, mirror Napster. But would they open the code to allow the technology to survive. If so, we should embrace them. If not, I say the solution lies in mirrored servers, not P2P per se.
This is interesting. Just yesterday our beloved Shoeboy was commenting on how Linux needed a VB like language to quickly assemble quick apps.
Would this fit the bill? Being that I can almost directly translate PHP to ASP and vice versa, and that ASP is the web language descendent of VB, does this mean we now have a VB for Linux? If so, cool!
I mean really, does it have to be one or the other? Or even better yet, how about one that could dual boot WinCE and Linux. Now if they did that, I'd have to buy it.
Slashdot Mirror
Whats eerie, though, is the number of gay men that have hit on me. Yikes. I don't know why that happens, I'm not interested in the least.
I would love to be one of those guys who can eyeball compiler-generated assembly and quickly identify parts that can be optimized. Since I can still easily bring the fastest machine to its knees in terms of processing I think optimizing techniques and assembly are far from obsolete.
You can execute any SQL commands or stored procedures with ADO, in addition you get a Recordset model that lets you do things like test for the beginning or end of recordsets, use the MoveNext-MovePrevious-MoveLast methods, and lets you do paging easily. You get the use of cursors, and you can choose the type of cursor depending on whether you are reading, updating, inserting, or deleting records(a read-only cursor is fastest of course).
I have yet to see as clean of a database programming model as ADO.
I'll be getting to try Chilisoft as soon as my new RS6000 running AIX gets here. Since I've written a lot of ASP code already, I'm interested in trying this. However, I use lots of COM components, so it may not work very well. But I can see offloading some mundane tasks to UNIX servers running Chilisoft.
Basically, he was an annoying guy and there were a few fake accounts ala Signal 11 or OlympicSponsor making fun of him. He managed to get ahold of one of these fake accounts by finding the password to it in one of the troll forums/sites. When he went to change his password, Slashdot dutifully emailed his IP address to the troll who made the fake account. They then did some basic tracking. They were able to glean his email address, his school, and finally his home phone number. Needless to say his website was DOS'd and his answering maching was left strewn with messages being the aural equivalent of goatse.cx.
You can read all about it on geekizoid.com, a slashdot copy/troll site. Yep, its enough to make you want to be careful.
only reliable ways to guard the integrity of TCP sessions are cryptography...
Meaning that most sensitive information is safe, since it is already encrypted by SSL/PGP/SSH. Anyone who wants to safeguard their communications is already doing this. And most of us sending things over the net non-encrypted realize that someone can intercept and read the data if they wanted to.
As far as your comment on hijacking the current session, I believe the vulnerability is in impersonating a separate session entirely by guessing the ISN.
Either way, since everyone is already encrypting important data, this is NO BIG FUCKING DEAL.
Granted, they don't call them post-it notes, but they're exactly the same thing! Now, are you really a lawyer? Care to continue the conversation?
I am a single developer, and have yet to complete my bachelors. Yet, I believe I can implement this feature on my site in less than a week. The only reason I have not done so yet is because I am the sites sole developer and have not yet had the time to get around to this feature.
Wouldn't a feature that could be completed by a single non-degreed programmer in less than a week qualify as 'obvious'?
http://uptime.netcraft.com/up/graph?mode_u=off&mod e_w=on&site=www.ebay.com&submit=Examine
That link is current as of right now.
if the ISN is not chosen at random or if it is increased by a non-random increment in subsequent TCP sessions, an attacker could guess the ISN
OK, so there is a random number known only by either end of a TCP session. If the number is not random, then a hacker could guess the number and spoof packets.
Two questions - 1) if this "problem" has been around since the mid-80's why has it never been exploited?
2) How hard can it possibly be to generate a random number, even for a simple OS installed in a router?
This problem to me seems to be a non-problem, but you networking gurus might have a different story.
C'mon, its a freakin 486, and the site is running on it. Of course its slashdotted. Think firewall or DNS/DHCP server, possibly a static web page server for an intranet.
Oh, and you "wondered what was Slashdot's viewers' thoughts on 'Hacktivism'"? We like it.
Let's just say they're slightly better than MySQL on Linux.
Something is definitely fishy with their hardware if Win2K is twice as slow as NT4. I've run both servers with SQL7 intensively. You couldn't pay me to move back to NT4. 2000 isn't all that much faster, but it is much more stable and its a lot easier to use and administrate.
Want some real benchmarks? Try here. Notice a pattern? SQL Server is the fastest database server in the world. Not only that, but Win2K is in the top four slots. 2nd place is a DB2 server on Win2K. Here are real, industry standard tests performed by an independent organization, not a company with an agenda to promote or magazines to sell.
I'm not sure what the point of this article is, other than to stir up more mindless MS-bashing. Well, Timothy, maybe you should try SQL Server or another real database. Pretty much every day around noon we get the same problem because Slashdot can't handle displaying stories while lots of people are posting. A real database would do wonders to fix that.
Read to the end of my comment. I know you are only supposed to pass the ProductID and Quantity in form/hidden field/querystring values. Thank you for the lesson, but I've been doing this for years. All I was trying to do is explain why this is common. You had a lot of inexperienced developers being rushed, and they made some stupid mistakes.
thank you. I know that. My shopping cart does this exactly, if you'll read the whole of my comment, you'll see that. I was just trying to explain why this is common.
actually if you read my comment past your "blah blah blah" you'll see I said exactly the same thing. I was just trying to explain why this was so common.
Additionally, HTML does not keep state - meaning all data values in the cart must be passed somehow - usually either a cookie, a hidden form element, or in the query string(everything you see after the ?).
Compounding all this is that many dot-com sites were rushed to market. Speed was the ultimate requirement dot-com developers had, not security, not soundness of algorithms used. Yes its stupid, but add all this up and you have a lot of insecure websites. (Mine however only allows price input to the cart from values in the database itself and is additionally protected by an OpenBSD firewall :) )
no I didn't. thanks!
Did he ever live up to his statement("I'll leave the U.S. if GWB becomes President"). Man, someone should have made him eat his words. ;)
Makes you wonder how they figured that was more usable, because its not.
However, if Napster simply opened their code and their database, we would see Napster mirrors spring up all over the place.
I think thats the solution, rather than pure P2P, which is flaky at best given the current internet protocols. Unless someone comes up with a P2P replacement for basic things like TCP/IP and DNS, file sharing will continue to be handled best by servers.
So I say, mirror Napster. But would they open the code to allow the technology to survive. If so, we should embrace them. If not, I say the solution lies in mirrored servers, not P2P per se.
Would this fit the bill? Being that I can almost directly translate PHP to ASP and vice versa, and that ASP is the web language descendent of VB, does this mean we now have a VB for Linux? If so, cool!
I mean really, does it have to be one or the other? Or even better yet, how about one that could dual boot WinCE and Linux. Now if they did that, I'd have to buy it.
lowrider metros, civics & corrollas are quite common.
Even his sig is a troll. Kind of funny actually, its gotten lots of responses. See below.