Sorry but I can't resist posting a response:
If customers dealt with a construction company the way they deal with a software company:
February 3:
We decided that our business needs a new building. We called a construction company and said to them, "we need a building, please build us one."
They started asking us a bunch of ridiculous technical questions like "how many rooms do you need." We informed them that we are not a construction company, so DUH obviously we don't know the answer to stuff like that. Why would they even ask us those questions??
February 8:
The construction company asked us to write down exactly what our requires are for our new building. This is so exciting! We have identified the following requirements:
1. the building should be blue
2. we want visitors to be impressed by the size of our building
3. the building should be white
February 11:
Our first meeting with the construction company went terribly. These guys don't seem to know anything at all! They kept asking about rooms. We kept telling them that we are not a construction company. Finally, in exacerbation, we told them we needed 13 rooms.
February 25:
The construction company has produced some detailed drawings. Our building actually looks pretty nice! This is so exciting. Our business is really going to grow. Construction will begin on May 1st. We don't understand why this construction company is so lazy that they can't start building today.
March 3:
The construction company gave us an estimate of the cost of our building. It is absolutely ridiculous! Where do they get off charging that much when all they are doing is putting one brick on top of another brick. My nephew does that all the time. He builds beautiful things out of Legos.
April 1:
Someone from the construction company called to ask about a "lot." I didn't understand what they meant. I told him we only needed one building, not a lot of them. He clarified that he was talking about "property." I said that yes, our business would be storing property in our building. He then asked about "land." I told him that we didn't own any helicopters, but it would be great if the building had a place for them to land because we know that our business is growing. I suspect that this whole phone call was some kind of April Fools joke.
April 5:
I AM SO MAD! THE CONSTRUCTION COMPANY SAYS THAT IN ADDITION TO PAYING FOR THE BUILDING, WE ALSO HAVE TO BUY A PLACE TO PUT THE BUILDING. THIS IS GOING TO COST US A FORTUNE!
May 1:
Construction has finally begun. We are starting to get very frustrated with this whole process.
May 14:
We got a tour of the construction site today and saw the foundation for our building. That afternoon, we had a meeting amongst ourselves and we all decided that the building is being built too close to the street. We will email the construction company tomorrow and ask that they move it.
May 16:
Oops, I forgot to email the construction company to move the building. I called them today though but they actually laughed (very unprofessional) and told me it is too late to move it. That is ridiculous! Just because I waited one extra day, now they claim it is too late!
May 20:
They have started laying bricks for our building. In the time it has taken to make this building (not our fault, they are ones who have delayed) we have changed our mind and decided that we want glass walls. We want the entire building to be made of glass, but we also want it to be hurricane proof, and we want the glass to be self-cleaning. The construction company told us we are crazy - and that is the last straw. We fired them!
June 1:
My nephew has agreed to build our building for 1/10000th the cost of that stupid construction company. I KNEW that they were over charging us! In our first meeting, he confirmed that making a building is pretty easy. Just as I suspected, it's just putting bricks one on top of the other.
June 2:
My nephew is so smart. He came to this meeting with his legos and actually showed us what our building is going to look like! Why couldn't the other company do that.
July 10:
We haven't heard from my nephew in a while, so I called his house. His mom said he was playing with his xbox and didn't want to come to the phone.
tofu
@tofu
Best posts made by tofu
-
RE: If the software developers were construction workers
-
Bumping Threads WTF
I signed up for a forum three years ago. I had completely forgotten about it. I just now got an email saying that someone had replied to a thread I subscribed to.
What idiot replies to a three year old thread??
-
Do you have lots of pictures of yourself?
There's this chick that I've been dating and I just got to see her
apartment last night. The thing is, she has pictures of herself all
over the place. I don't mean pictures of herself and friends as a
group in the same picture. Oh no. She has framed pictures
of herself hung on walls in her house. There's one on her
TV. "is that you?" I ask. "Yeah, that's when I graduated
college." There's one on the wall about 5 feet from the TV.
"uh, is that you?" I ask. "Yeah" she says, apparently not getting
that I'm asking for a freaking explaination.
anyway, the only thing I could think was, WTF?? -
RE: If the software developers were construction workers
@asuffield said:
we pay a construction company to do the work and supply them with dubious specifications.
oh yes. Same here. I actually played little tricks on the company that built my house, though it was mostly flirting with the property manager chick. after the foundation was poured I actually told her, and pretended to be serious, that I wanted the house moved. So that's why I used that little bit in the story above. Before they poured the foundation, they marked it with wooden pegs. I picked one up that had been left out in the street and walked into her office in the house on the corner and asked if I could throw it in her garbage. She said sure, then noticed what it was and asked about it. I said, "somebody nailed those into the ground all over my lot - probably some kids playing a game - I pulled them all out of the ground so that they wouldn't get in the way of the construction crew."
They got me back for all the jokes though. I had the house prewired with cat-5 and they put a drop right next to the stove. I mean like, two inches away. I actually didn't notice that until it was too late to change it (it was supposed to be out in the dining area). So it's covered now, but it's still there. If there's ever an internet-ready oven I'm all set. Otherwise, I have a wire that I'll never possibly use. heh.
-
RE: Do you have lots of pictures of yourself?
@GoatCheez said:
Has anyone ever thought that this poor girl might suffer from some form of mental retardation?
It's certainly fair to suspect this of anyone who dates the likes of me.
-
Bumping Old Posts - w-t-m-f?
On this other forum that I frequent, there is this idiot who constantly
find threads that have had no activity for literally years and he bumps
them just to say, "me too" or some crap like that. Here is the
latest example:
The last post to that thread was feb. 2002! WTF?
WTMF?? I hate this guy! The mods wont do anything
either. In fact, I'll probably get yelled at for calling him an
idiot (in the most polite way possible).
It makes it really hard to keep up with the board when I have to filter
through all this old crap in order to find the new stuff.
-
RE: Do you have lots of pictures of yourself?
@foxyshadis said:
Does the notion that ladies an have sexual
urges as strongly as men make you feel sick and dirty?
Can you point to any part of plazmo's post, or any of my posts, that suggest we believe that?
@foxyshadis said:Does the idea that men can love and cherish
their families and stabilty seem old-fashioned and lame?
Can you point to any part of plazmo's post, or any of my posts, that suggest we believe that?
-
Example buffer overflow
I have to give a short (well, three hour) presentation on computer security issues to non-tech-guru people. I thought it'd be fun for me to have a VM on the machine where I do the presentation and demonstrate some of the things I'm discussing. I don't want to do actual hacks like, "here's something I downloaded, now I'm running it, and it's over" because I don't think that'd be interesting.
What I would like to do is to show some C code (or any language I guess) and point to it and say, "see this? this is an unchecked buffer" then I'd compile it, then overflow it. Ideally, I'd love to run this compiled program as nobody and then when I exploit it, it would dump me to a shell and when I run whois it'd say I'm nobody.
One problem here is that modern operating systems don't allow execution on the stack, right? So what do you guys think? Is this just a pipe dream? Is it more trouble than it's worth and I should just forget it? Can you recommend anything else I can do that'd be cool?
Thanks.
Latest posts made by tofu
-
RE: Example buffer overflow
good idea! I was making it needlessly complex. Thanks.
-
RE: Example buffer overflow
@LoztInSpace said:
Surely the way to approach this is to first actually exploit a system then document & present how you did it.
I don't think so. There are two ways that I could do that:
1. OK everyone, here's a VM running a LAMP stack. And here's a script that I didn't write. I'm now running the script... wow! Do you see that? I have root access! See what happened is that the script exploited a vulnerability in MySQLs zlib compression library and used it to upload a PHP file. Then we execute that file and it does some other stuff, and (snip) step 10 is where we drop to a root shell. Any questions?
Option 2. OK everyone, here's some real live code!
void *ptr;
if (sl) ptr = kzalloc_node(nr * sizeof(*desc->kstat_irqs),GFP_ATOMIC, node);
else ptr = alloc_bootmem_node(NODE_DATA(node),nr * sizeof(*desc->kstat_irqs));
if (ptr) { desc->kstat_irqs = ptr;}
(snip about 500 more lines)Now, none of you are programmers. You're taking this class because you might manage programmers and you only have that one programming class you took in college. So we're going to have to spend the next two hours stepping through this code in order to set up the exploit. Hey! Where did everybody go??
Neither of those options work. What works is for me to show less than five lines of C. All it has to do is strcpy into an array.
-
Example buffer overflow
I have to give a short (well, three hour) presentation on computer security issues to non-tech-guru people. I thought it'd be fun for me to have a VM on the machine where I do the presentation and demonstrate some of the things I'm discussing. I don't want to do actual hacks like, "here's something I downloaded, now I'm running it, and it's over" because I don't think that'd be interesting.
What I would like to do is to show some C code (or any language I guess) and point to it and say, "see this? this is an unchecked buffer" then I'd compile it, then overflow it. Ideally, I'd love to run this compiled program as nobody and then when I exploit it, it would dump me to a shell and when I run whois it'd say I'm nobody.
One problem here is that modern operating systems don't allow execution on the stack, right? So what do you guys think? Is this just a pipe dream? Is it more trouble than it's worth and I should just forget it? Can you recommend anything else I can do that'd be cool?
Thanks.
-
Would you hire this guy?
This was posted on another message board. The guy claims to be a security expert. Just look at these quotes and tell me if you think he's for real or just faking it:
I've taken Linux I and Linux II, and am in Linux III (they call it that for some reason, it's a hacking/security class that uses a cool ass Linux program my teacher created to do everything) and I can't for the life of me enjoy Linux. Yeah you can do a lot with it, and it's free, but it takes forever to do anything, and tons of things don't have Linux support.
Installing Linux is a bastard as well.I have shiatloads of windows classes. Windows XP, Windows Server 2008, Exchange, etc. I have classes called "Linux I" and "Linux II" for a reason, it's teaching me linux but linux isn't popular at all, so just get the basics. Linux III (hacking/security) is teaching me a shiatload, like how to hack every version of Windows, Linux, and Mac, and how to stop them.
I know which hacks work, and don't work, on every version of Windows, Mac, and Linux. I know how they work, and I know how to stop them (if you're able to stop them).
-
RE: Okay there is no way in hell this guy did this all is there?? Jumping off this cliff with camera???
@td888 said:
The camera is panning, so who's doing that?
probably done digitally, the same way you can have a still image and pan or zoom on it. At youtube's resolution, you wouldn't notice.
@td888 said:
And that guy is creepy as hell.
That's what I came here to say. If you make a movie "for the girl you love" and more than 90% of that movie features shots of your own ass, you have some kind of personality disorder, or you're gay. A *normal* person would have had 50% still shots of the girl and 50% of the guy moving tires and shit, then switch to still shots of the two of them together and pan back on the I love you message. Total running time, about 2 mintes, but it would have been a nice video.
This retard filmed shots of himself apparantly humping an ATV. Honestly, what could he possibly have been thinking? "for this part of the film, my ATV has stalled and I'm trying to restart it." Yeah, maybe you can just sort of edit that out dude.
-
RE: How much of a WTF is this interview?
The difference between what this company is trying to do, and what most companies do (namely, a probationary period) is that at the end of the week, this company can (probably will) let you go without needing to offer any explanation. Maybe you didn't buy into the office xmas fund or maybe the secretary doesn't like you, who knows. With a normal company, they go through the full hiring process and then they hire someone, but with a specified probationary period that let's them waive the normal, lengthy terminaton process for a specific cause, like if you can't actually program. But what they can't do is fire you without any cause at all. At best, this company is trying to bypass that. At worse, they're looking for a week's free work.
I suggest that you be very nice about it, because maybe they aren't trying to rip you off, maybe they're just clueless, but explain to them that this is very unusual and off-putting and at this stage in the hiring process, you're looking for a certain amount of commitment from them.
-
RE: THE I-HATE-COLDFUSION CLUB?
@BeenThere said:
ListContains will actually take an item "ab" and find it in a list "dd,aabc,ee" etc. Annoying if you want to see if a list actually contains a value.
RTFM. The documentation for the listContains() function makes it very clear that it finds an item in a list that contains the SUBSTRING you pass as input.
From your complaint, it sounds like you're unaware of the listFind() function. listFind("dd,aabc,ee","ab") returns 0. That's what you wanted, right?
-
RE: THE I-HATE-COLDFUSION CLUB?
@bighusker said:
as of CF7, <cfqueryparam> will not work if you want to cache your query
Just to be clear, cfqueryparam automagically caches the execution plan for the query. That's what most people want. It sounds like what you're wanting to do is to cache the output of the query. In that case, I suggest that you dump the output into an application or session scope variable. Option 2: you can do what cfqueryparam does but you do it manually. Meaning, replace this: <cfquery>select lastname from person where age > <cfqueryparam value="9000"/> </cfquery> with this: <cfquery>declare @param int = 9000 select lastname from person where age > @param</cfquery>
That should result in a query that caches its execution plan and lets you use coldfusion's built in output caching. Of course, you have to guard against sql injection on your own now.
Full disclosure: I don't know for sure if that will work in mysql. With MS sql server though, I've found that caching the execution plan has always been good enough, and I didn't actually gain anything by caching the output. YMMV
-
RE: THE I-HATE-COLDFUSION CLUB?
@Nelle said:
couple of hours later i discover that the timeout parameter for cfhttp was changed from msec to sec in the cf8.
Here's the documentation for version 7. According to this, the timeout was always seconds: http://livedocs.adobe.com/coldfusion/7/
And here's the documentation for version 6. It also says seconds: http://livedocs.adobe.com/coldfusion/6/CFML_Reference/Tags-pt154.htm#1632966
-
RE: THE I-HATE-COLDFUSION CLUB?
@EJ_ said:
My original post (as I said) was about ColdFusion 4
oops. Sorry. Just poor reading comprehension on my part. I can see how it would suck to maintain old, poorly written code like that.