Been toying with ubuntu the last few days (wubi is teh secks).
Second or third time I've tried it already.

Unfortunately, I have horrible apt usage habits, and I simply ctrl-z halfway through downloads. Naturally, apt/dpkg doesn't release the lock (/var/lib/dpkg/lock). So, I usually delete the lock (rm /var/lib/dpkg/lock), and aptitude works again.

Unfortunately, me being the linux newbie cum careless one, I type sudo rm /var/lib/dpkg. Try installing, gives me shit load of errors. Scroll up, see the last comment, and I go "oh shit."

So, I'm locked out of aptitude right now,with no idea how to fix it. I'm considering simply deleting ubuntu or reinstalling again. Damn.

Developing Web Applications today - learnt about ASP.NET - code-behind of VB.NET. Was really interesting.

Classmate asked a question about how ASP.NET stores session state. Piqued my interest as I've successfully performed session hijacking proof-of-concept on a ASP classic page. ASP classic simply stores a session cookie, and simple javascript will be able to access it. (type javascript:alert(document.cookie) as a url)

Didn't work for a asp.net app I knocked up,however (*insert sad face here*). A bit of searching revealed that asp.net uses HttpOnly cookies, which means that the cookie cannot be read clientside (ie. via javascript - no wonder javascript:alert(document.cookie) turned out blank).

Apparently, HttpOnly cookies are sent with the headers with a XMLHttpRequest request though. Interesting vector :D

And cookieless sessions via url is one of the stupidest idea I've heard in a long time. For chrissakes just use a hidden form?

Blogspot's gadget-based layout is really useful and cool at the same time.

And dammit.

I gotta improve on a blackjack program I wrote for Windows Application Design. And I practically did everything in one day. Without any comments/documentation of any sort. And the whole protocol is. Urgh. Trust me you have no idea how bad it is.

*headdesk*