My boss will regularly click the "Sponsored Link" in his google search result thinking that it's a legitimate search result.

It's not out of the question that people click that Sponsored Link thinking it's a real result, finds that it is the solution to whatever problem they were having (albeit not the best or most cost-effective solution), and make the purchase.

"So *THAT'S* what it looks like!"

He used two. Web browsers tend to reduce anything with more than one space to a single space.

Two spaces:
Blah. Blah.

Single space:
Blah. Blah.

To be fair, they meant to test this very issue, but the guy they sent out to test this in the real world lost his phone while barhopping.

The point was more along the lines that it's pointless to associate a post with a user's real name for datamining purposes on the forums - Blizzard ALREADY HAS that information and can already link your post to your real name.

Just so you know, Blizzard already has my real name if they want to sell it. No redundant forum changes necessary. They have my credit card number too!

Remove the tinfoil hat or at least think about what you're saying instead of just throwing out paranoid gibberish.

Hi.

I'm just calling to inform you that your car's warranty is expiring soon. Please call (800)555-1234 and we can renew your warranty for the low low price of $200.

They're still using the property. There have been recent releases of Lemmings for both the PSP and the PS3 in the past year or two.

Yeah. Google Wave really needs the ability for a user to host their own server. They should really develop an underlying protocol and open-source it so people would be able to host (or write) their own server.

Bonus points if the (hypothetical, because it seriously really really doesnt exist yet) protocol would be federated so the different servers could talk to each other.

Jet Grind Radio, as long as they don't touch the soundtrack.

While we're at it, where's my Wii version of Space Channel 5?

Just as a followup to this, it's not actually a fault or exploit in MSSQL or IIS; just that the SQL being injected is specific to MSSQL and completely valid. This can and will happen in any future version of IIS or MSSQL unless specific action is taken by Microsoft to prevent the underlying technique used to do it, which is unlikely as it will break a large percentage of perfectly legitimate applications.

The same attack could probably be modified to hit Oracle, MySQL, or other DBMSes with minimal effort. I don't even really know why IIS is even mentioned as the actual server software is irrelevant. This attack would just as easily hit MSSQL databases with website front ends hosted on Apache or pretty much anything else, no code changes needed. This isn't even the first time this has happened. A couple years pretty much the exact same script was used to deface sites on about the same scale as this one did.

The blame should be placed on the developers of the poorly written 3rd party software that doesn't sanitize its inputs or (preferably) use parameterized queries and stored procedures.

As a web developer, I've always used the history window in Firefox as a base for my time tracking - gives me a pretty good idea of how many hours I spend browsing Slashdot and how many minutes I spend on customer websites.

Seriously. Don't have a cow.

It's an online multiplayer beta.

This.

Google Wave has to actually be forwards and backwards compatible with e-mails if it ever stands a chance of replacing it. That means people seamlessly being about to send e-mails to myaddress@googlewave.com and having them appear in my inbox, and having my replies (as waves) send out e-mails as replies if any of the participants in the wave is an "e-mail" participant.

And bots really don't count. It has to be tightly integrated into the system.