Thanks for that reminder. After I implemented the server side validation, we stopped getting bad CC number typos, but did have a few irate customers when their "orders" didn't show up. I even considered disabling the server side validation while I was working on the building the client side validation.

The javascript actually checks the card number as soon as cc field in the form looses focus, onBlur="testCreditCard();", so that the user, (with javascript enabled,) doesn't even get to the submit button before an alert box is displayed if they didn't enter their card number correctly. I kept the other code on the server in the event that someone who has javascript disabled will still get an error message if they enter an invalid card number.

I do like the idea of disabling the submit button if an invalid card number is entered. I may add that in, along with a message by the submit button indicating that the card number is invalid.

Never underestimate the lack of attention that the users will pay to those messages when you do punt them back to the same form and let them know what the problem is. I have a shopping cart that checks to see if the credit card number entered is a valid card number. If the card does not pass it's check digit, the user is returned to the payment form to fill that in again, with a message that the card number was invalid.

While this does prevent running up lots of transaction charges for trying to charge something on a non-existent card due to a typo, many people wouldn't notice the message and would just go off to whatever else they wanted to do without completing the order. We were getting several incomplete orders in the shopping cart each week due to this. After I implemented a little bit of javascript to run the check digit in the browser and throw up an alert for an invalid card number, the problem with incomplete orders in the system vanished. We do still have the number checked on the server as well, just in case someone has javascript disabled.

Yeah, no stress at all when you start getting tons of overdraft charges/notices from your bank because some asshat emptied your bank account without your knowledge. Oh yeah your rent/mortgage/whatever is due a couple of days after you find out, and at the start of a holiday weekend at that.

At least with a regular burglary, or hell even a bank robbery, I know that the money I have in the bank for taking care of rent, bills, fixing/replacing shit because of the burglary is still there. Now if I was home at the time of the burglary, then I would be more worried about cleaning up the bloody mess made when dealing with the intruder, (yes, it is perfectly legal to shoot home invaders where I am at).

She probably clicked on one of the sponsored links. Go ahead, google it and click on all the sponsored links. Most lead you to some insane sign-up requiring your name and e-mail address before allowing you to go any farther. One of them even had "Payment Information" as the 3rd step. One actually did disclose charges up-front, reasonable charges and they actually send CD's in the mail.

Come-on people, you know you want to google it and click on the sponsored links. Each click on the sponsored link costs the advertiser money, and a slashdotting will quickly run these scam sites' ad-words budget past their limits or cost a small fortune.

But the machines whose drives were erased "hadn't been cleaned yet". That would also be good for the repair shops getting paid to reinstall the OS and setting up firewalls to help prevent such a thing from happening in the future. Sounds like a win-win-win situation, machines get removed from the botnet, techs get paid, ISP's have lower bandwidth utilization.

A simple little primer could also be given to people getting their machines fixed:
1. That is not a nude picture of <Hot Celebrity Name Here>, it is a virus.
2. You do not need to update your flashplayer or whatever to view that video you got a link to in your e-mail from some random stranger. The video does not exist, the update they are trying to push on you is a virus. If you truly need to update your flashplayer or whatever, you will be provided a link to the official site, but google for the correct site anyway.
3. Their is no rich prince in Nigeria that needs your help, it is just some scammer trying to get your money.
4. Your bank is not e-mailing you wanting you to update your account information, if you really think that it is your bank, look up their number in the phone book and call them first to verify.
...

<sarcasm>But don't you know, all those people with zombie machines will suddenly start complaining when their computers start running faster and they have better internet connection speeds.</sarcasm>

I do have to agree, so what if it runs foul of the law. If the relevant laws were effective, we wouldn't have the botnet problem in the first place.

Just how many people will complain once they get better performance from their machines that are no longer owned.

1. Check out your state's telemarketing laws.

2. Send Lexus a certified letter telling them to stop.

3. Call the FTC to find out who you can file a complaint with.

4. File the complaint.

5. CC the complaint to your congress critters, and the congress critters of the location you send the complaint, and any other congress critter that you think may be interested.

The only point in needlessly harrassing someone for taking pictures of trains, or undersides of aircraft is worthless security theater. If you are doing covert surveillance, you aren't going to have a nice, noticeable camera rig with you, you are going to have a camera phone, and will look like you are texting someone, or holding your phone waiting for an important call, when you are taking your images.

Sure, it's not the best quality... be right back, someone's at the door

I've had a customer like this as well. He was in the early stages of Alzheimer's. He would often times have problems getting his documents to print, claiming the printer drivers were the problem. Every time I saw his machine, he had at least a dozen identical drivers installed for his printer. I typed up the instructions for what I did to his machine each time I saw it for him. That reduced the number of visits to the shop for his printer problems.

He was great fun to talk with about the old times. He was an engineer that worked on designing some of the first punch card readers. Tragic the way that knowledge can be taken away from someone like that.

If I recall correctly, we only charged him on his first visit, before realizing what the true nature of his problem was.

No, it wasn't better than open source, it was worse. Had VCL been open source, then it could have been fixed by the community, rather than abandoned. By now, we could not only have the source code for the viruses, but could also have *.vcl files that would allow your copy of VCL to quickly reproduce the original virus with you own copy of VCL.

Imagine the possibilities of taking the vcl file for your favorite/least favorite virus. Loading it up and tweaking it to your very own needs. All without having to do any heavy coding. Tired of that virus ridden spam bot filling your inbox, create a computer "bacteriophage" that targets the spam bots and wipes their hard drives.

I know, I know, you ask why not just remove the spambot and let the machine live on. That would be just treating the symptoms of the larger problem. The larger problem being the computer running the spambot. If you wipe the hard drive often enough, the physical owner of the machine will eventually learn to better secure their machine and not let the problem return. Sure, they will probably still have no clue that they were spamming the world and will only have taken the steps to keep the bacteriophage from wiping their hard drive, but the end result will be the same. That and a lot of us here will profit from the lusers bringing their machines in for repairs. It's a win-win situation for us.