1. The Most Expensive Car

The most expensive commercially available car is the Bugatti Veyron with the hefty price tag of $1.25 million USD. With all-wheel drive, a W-16 engine with 4 turbochargers, the Veyron clocks in at 1001 hp, hits 60 mph in 2.5 seconds and tops out at 253 mph in just 55 seconds. As such it’s not only the most expensive car in the world, but the fastest and most powerful too. Since it’s also 100% street legal you can also use it to go pick up your groceries. Though, due to the Veyrons excessive consumption of fuel, you’ll probably spend more on getting there than you will on anything else.

2. The Most Expensive Pen

It looks like something you’d buy your aunt Jemima for Christmas, from the “Everything Else” category of e-Bay. Despite its strange appearance, the “Limited Edition Mystery Masterpiece” is actually worth a staggering $730,000 USD.

It was a joint creation between the Montblanc and Van Cleef & Arpels companies to celebrate their credentials in 2006, designed to show their expertise and three version exist; one set with Rubies, one set with Sapphires and one set with Emeralds. Each pen contains 20 carats of the gemstone of choice as well as no less than 840 diamonds!

3. The Most Expensive Watch

The Swiss watchmaker Vacheron Constantin marked its 250th anniversary in 2005 with the “Tour de l’Ile, Vacheron Constantin” which weighs in with a price tag of $1.5 mil USD.

A limited edition, only 7 were ever made, it’s complicated double face shows horological complications and astronomical indications composing a list of sixteen different points including a minute repeater, sunset time, perpetual calendar, second time zone, a tourbillon device, the equation of time and the representation of the night sky.

4. The Most Expensive Chess Board

The Royal Diamond Chess is an exsquisite chess board designed by Charles Hollander made in 14 carat white gold and set with an astounding 9900 black and white diamonds. It was crafted by 30 artisans who spent more than 4500 hours completing it.

Several more astounding pictures are available on the website (www.charleshollandercollection.com) and are worth checking out.

5. The Most Expensive Domain Name

Business.com was resold in 1999 for $7.5 million USD and had a place in the Guinness Book of World Records until it was dethroned on January 19, 2006. At that point the three letter domain Sex.com took its place when it sold to Boston based company Escom LLC for $12 million USD (other sources report it was as much as $16 million). The former owner stated that he wanted out of the adult entertainment business and as such decided to sell it.

If you’ve ever designed a user registration script, a membership site or any script that creates or stores user passwords, there are some practices which every good developer should be aware of. While most small scale applications are not in danger of being targeted by anyone with malicious intent (simply due to the fact that they don’t have enough user accounts to make a blip on the radar), there is a point in the life of any good script whereby it becomes large enough that people can and will target your password list and security will become an issue. By implementing a few simple measures and understanding how password security is compromised you can limit the possibility of your password list being compromised and minimize the potential damage caused.

1. Hash & Salt

One of the most commonly committed cardinal sins of password storage is plain text- that is, storing passwords in plain text. This is frightfully common and I even remember one shocking instance of a fairly popular web application storing password and username combinations in a .txt file. Storing passwords in plain text is not only lazy, it’s a huge security risk. The most common method of storing usernames and passwords is within a MySQL table via PHP. This article explains the fundamentals of password hashing in such a setup, how it works, why it works and how easy it is to implement.

But, in a nutshell, hashing is the process of performing a one way algorithm on a user-supplied password so you can store it as a value which is useless by itself. Any potential hacker would also need to know your local hashing algorithm before they stood even a chance of brute forcing their way in to that account. Furthermore, brute force and dictionary attacks can also overcome by the simple salting method whereby you generate a unique salt for each password locally and store this with the hashed password.

The article linked provides PHP code to hash, salt and store passwords in a secure manner and provides much more information than I could hope to.

2. Passwords Will Be As Secure As You Require Them To Be

People are like lightning; they take the path of least resistance. In the realm of passwords, this means people will magnetize towards the shortest and most easy to remember possibility. In short, what this means is that if you have no restriction on the number of characters or types of characters allowed in your passwords, you will end up with passwords like ‘abc’, ‘123′, ‘password’ and ’secret’. This is not an exaggeration for dramatic effect, people will actually choose and use these types of passwords.

By enforcing some, if not all, of the restrictions below you can ensure the security of your password list will greatly increase:

Minimum character length. Require at least 8 characters. It is generally accepted and confirmed that 8 characters is the minimum required to generate a secure password. You may be scared to enforce long passwords in the fear that people will simply not sign up, but this is a misguided fear. If someone wants to sign up for your site the password field requiring an extra 2 characters on top of their existing password is an unlikely deterrent.

Other password enforcement policies should include:

• Password must contain characters and numbers.
• Password must contain uppercase and lowercase characters.
• Password must contain at least 1 symbol (outwith a-Z 0-9).
• Password must not be based on a dictionary word.

The Password Meter is an excellent resource to test the strength of a password while having a look at how it’s being analyzed. The script is free to download for use with your own applications. While there are pros and cons of making password strength a requirement, there is absolutely no reason not to show strength to the user in a system like this.

As a side note, never require passwords to be too strong. An 8 character password that someone remembers is much more secure than a 16 character password which has to be written down or saved on a desktop (and is therefor susceptible to being hijacked).

3. Retrieval/Reset Mechanisms

Password retrieval is part of password management which, in the field, commonly has vulnerabilities and programmer induced pitfalls. The most common mistake made, bar none, is to send out the users current password upon request. I.e. the user forgets password, clicks the ‘forgotten password’ link and enters their email. The script sends out a copy of their password via email and they get access to their account again. The problem here lies in the fact that hashing is one way. If you store the users password as a hashed value there is no way to send out a plain text version.

Therefor, any site or service you are registered with which sends you a copy of your existing password upon request is not maintaining your password securely. This is a useful tip to know, especially if you are using the same password on more than one site.

Instead, when someone clicks ‘forgot password’ and enters their email, the savvy programmer will have his script generate a new password, send it to the specified email, then store it in his database using hash & salt. This means the user will need to take the extra step of changing their password to something memorable again, but vastly improves the security of your password system and keeps the user safe.

4. Lockout Mechanism

An importantly overlooked part of maintaining a secure password system is having a lockout mechanism. This is a system whereby someone can report their account as hijacked or compromised which, upon review, will be temporarily locked. This prevents compromised accounts being used for malicious purposes. For example if someone gets access to Mrs Bloggs account, logs in as her and sends a message to Mr Blogg asking for his email address password or bank account details so she can “make a payment to the Jones’ next door” (better thought out rouges involving other personal info have been used successfully in the field). It’s uncommon, but it does happen and having a lockout mechanism limits damage caused and protects your users from each other.

An additional lockout mechanism which virtually negates the possibility of brute force attacks is password lockout. Include a simple script to count login attempts. If there are more than 3 failed login attempts, per minute for example, then lockout login attempts for that account for an hour. This makes it very unlikely for dictionary or brute force attacks to succeed and/or go unnoticed.

Having had a few hours free last night and being part of a rather quirky IRC server I decided to code up a clone of Bash.org’s quote database system. My script replicates and clones bash.org almost entirely and has the following features:

• Stores an almost infinite number of quotes or comments.
• Allows users to rate comments up or down and has minimal duplicate voting protection.
• Optional captcha system on ‘add a quote’ page.
• Search, Random, Browse & Other Bash.org features.
• Admin/moderation option to delete quotes.

The script is also surprisingly simple and is all contained within one file. After running the SQL within that file you can drag and drop it into anywhere on your server and it will work immediately.

You can see a demo of it in action here (be warned: this section of the site is NOT safe for work and contains offensive material).

You can download the IRC quotes database script here. To install simply run the SQL statements within the php file in MySQL, edit the settings and upload. It’s extremely simple to setup and use and you can customize the look, feel and layout all from the .php file.

If you use this script on your site please let me know and I’ll put up a link to you here or leave a comment with your URL. Feel free to remove the ‘powered by’ but if you do, please consider making a small donation to make it worth my while.

For no specific reason whatsoever, here are a collection of PHP Jokes and puns. Most of which are terrible.

Q: Why do PHP programmers dislike ASP programmers?
A: ASP programmers only write basic code.

if($girl['looks'] == "hot"){
if($beer == "cold"){
$life = "Sorted!";
}elseif(function_exists($girl_get_beer) == true){
if(msg_send ($girl['job_que'], 1, 'Get me a beer out of the fridge!') === false){
$life = "Get a new girl!";
}
}else{
array_push($girl['functions'], 'get_beer');
}
}else{
$life = "Get a new girl!";
}
echo $life;

?>

Q: Why is PHP freddy krugers language of choice?
A: addslashes();

What did the PHP script say to the server?
Pass me a bottle of water, I’m parsed.

if(crack_check($woman, $dirty)) { ob_clean(); link("/home/me", "home/her"); }
?>

Yo mamma so easy, PHP developers confuse her with Ruby on Rails.
Your momma so fat I called her and got a stack overflow.
Your momma’s so fat, she needs preg_replace() just to make her fit in a page.

One of the most common methods for making money online is in making and selling websites. Setting up a customized WordPress or static site is easy to do and costs almost nothing and selling it on after a few weeks of work is an excellent way to make some residual cash. However, there is an equally easy method which takes exactly the same amount of time and effort to complete but is VASTLY more profitable. This article is a length look at a simple business model you can adopt immediately and start making three times as much income from making websites as everyone else does.

The basic overview and idea is to create a niche website with some content, build some incoming links and traffic flow just as you would with any regular site, then get in touch with and pitch to businesses offering different plans which they can rent and then use the influence and benefits of your site to help grow their existing business.

Let’s take Massage as an example niche. First we spend a few weeks or a few months building a nice Massage site with WordPress or XSitePro or perhaps just HTML and PHP, however you create websites already, this method will slot in. Typically I will build a WordPress site, because it’s what I’m good at. So I install WordPress and style it with a nice Massage image header and add some colours that fit into this category. I’ll install all my standard plugins which help SEO, communication, link building and more. I’ll install a wordpress forum and create several massage related topics in there. All these steps take me a total of around 30 minutes to an hour.

I then find some common Massage questions people are asking in massage forums and on massage sites. I’ll use these questions to write 40 or 50 articles which people are genuinely interested in in this area and are searching for the answers to. Once I have close to 50 articles I use WordPress’ built in future-scheduling feature to make it post one article every week, thus giving me a years worth of articles being posted to my site on autopilot. I can hire someone to write me 50 articles for around $200, depending on how important the quality is. If I’m short on cash I’ll write them myself in 3 or 4 days and gain the benefit of ensured high quality.

While my first few articles are publishing I’ll spend the first couple of weeks building incoming links for free from directories, forum signatures, commenting, article submission and Social Bookmarking. This takes a bit of time and effort but gets the site on the radar and usually to pagerank 3 for free. Next I’ll spend a few hundred dollars for some advanced SEO, buying links, a Yahoo! directory listing, some press releases and more.

In most circumstances I’ll spend a month and around $400 on the site and I’ll end up with a good massage site with pagerank 4 and a few hundred visitors per day. This is a pretty common strategy and at this stage most people would sell the site for shy of a thousand dollars and repeat the process. So next is the twist that earns me at least three times as much as everyone else.

I rent the site out. I spend a good chunk of my time getting in touch with massage businesses from around the world. These can be local massage parlors, a masseuse house in Germany, a site online that sells massage oils, or just about any business that is related to my niche. I tell them that I have an excellent and well positioned (in terms of SEO) website that revolves around their business and would be excellent at generating them leads, traffic or an advertising platform. Like most cold calling, I’ll get a response from around 10-20% of the people I contact and I’ll have to work pretty hard before someone will rent from me. But once they do I’m generating $50-$250 per month for virtually no extra work. If I can put together a PDF file as a report which details my growth details (in terms of traffic and SEO over the past month or two) and show examples of how I can use my site to generate them more business, they’ll be interested and buy in.

A good way to market this is offer different packages. Package A. at $50 per month offers them their own company logo or banner and a method for collecting customer details (a registration system you can export and give them contact details & leads), Package B. is $100 per month and offers them the same with their company colours styling your site and various links pointing to their existing site. Package C. is $200 and allows them to edit the content of your site, put up their own info and company details, write up articles, etc.

One of the beauties of this model is that once you have the basics down pat and know what you’re doing you can duplicate it with a new niche within a few weeks and start making cash within a month. If one of your contacts decides they no longer want to rent your service (though typically once they start seeing the benefits this doesn’t happen) you can contact someone else and bump up your prices as your sites rankings and traffic increase.

Another very cool benefit is that while you’re setting up your site or while you’re transferring to a new client you can sell affiliate products, paste in your AdSense code or sell advertising space for some extra pocket change. If you run out of clients or get fed up with it, you can still earn cash.

Yet another awesome incentive for adopting this business model is that if at any time you need an extra cash boost you can sell a few of your sites. Since your sites will be earning you cash each month over a period of time they’ll grow as you add to them and build more incoming links. After a year you could have a majorly profitable website on your hands and since you have a huge list of business contacts in your niche you will have no shortage of businesses wanting to buy your website. Depending on how well you do you can easily earn $5,000 or more from selling a reasonably sized website.

The numerous side benefits and possibilities from this business model are truly staggering and at no stage will you be short of new ideas. Since you have the ability to kick your clients each month and offer it to new businesses for increasingly larger monthly sums you’ll soon have a very low maintenance, very high income, always growing business model with huge room for experimentation so you’ll never get bored.