how they interact). Its been a year now since I offered that
code and I haven't gotten so much as a comment on it. Maybe its time
to wander over and give it a look?
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now
caching API.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly,
she's not for you. She was cheap, she was stupid and she wouldn't
load -- well, not for me, anyway. -Holly
[1] I'd love
[EMAIL PROTECTED] wrote:
The 5th is confusing. What's the situation with *BSD like ports where
the source code is patched right before compiling? What is the date of
change in that case?
In that case the ZPL'd program isn't being redistributed modified, so
the 5th clause doesn't apply.
Ken Manheimer wrote:
All the actions are verbs, won't fix is not a verb.
How about 'bikeshed'
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
Chris Withers wrote:
I suppose it's still one step up from CVS where you have to specify
the binary-ness of each file you upload rather than being able to
put a mapping i na config file...
CVSROOT/cvswrappers
___
Zope-Dev maillist - [EMAIL
removes dependance on MessageDialog - that really
had no bearing on the issue at hand and I only include that portion of
the patch because in my fork I removed all reliance upon MessageDialog
(a class I really loathed) and I'm too lazy to add it back for the
purposes of this patch.
--
Jamie
here's the patch I'd have attached to
http://zope.org/Collectors/Zope/1217
if the collector could collect
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear
.
The culprit in this case is likely in manage_tabs.dtml
I've never been able to reproduce the content_type bug.
--
Jamie Heilman http://audible.transient.net/~jamie/
Most people wouldn't know music if it came up and bit them on the ass
the
relevant files and post followups to the bugs.
--
Jamie Heilman http://audible.transient.net/~jamie/
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding
, and thats exactly what happens in a
lot of these large add-on frameworks.
--
Jamie Heilman http://audible.transient.net/~jamie/
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts
the collector that puts
the ball squarely in ZC's court.
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you better when you weren't
know the risks.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly,
she's not for you. She was cheap, she was stupid and she wouldn't
load -- well, not for me, anyway. -Holly
, so there's no harm in writing them. Its convincing people to
actually use the damned things thats the problem.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly,
she's not for you. She was cheap, she
as everybody is the mode of learning new a
process.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution
, but the
stylesheets themselves should remain static. As such, generating
style in ZPT is a complete waste of time and effort. The File object
is a much better fit.
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
it does open
the dynamisim flood gates.
Thats doing the work in the wrong place. If you have a one-time
translation job, which is basically what you're asking for, then
you should do it once before the object is placed into the zodb.
--
Jamie Heilman http
Scripts are better for dynamic plain text, simply because
they're less magical and don't have all the stupid namespace problems
that DTML does.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next
or your product is worthless.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly,
she's not for you. She was cheap, she was stupid and she wouldn't
load -- well, not for me, anyway. -Holly
pretty awkward. But anyway, thats a
digression from the main thrust of your let them eat producer
proposal, which I think is a good idea in general.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly,
she's
Shane Hathaway wrote:
On Wed, 24 Mar 2004, Chris Withers wrote:
That sounds mighty handy. What needs to happen for that to happen?
A voluntary volunteer needs to volunteer voluntarily.
I'll probably tackle it, but not before next month due to more
immediate fires.
--
Jamie Heilman
a guarded
interator is the Right thing, yes?
--
Jamie Heilman http://audible.transient.net/~jamie/
Most people wouldn't know music if it came up and bit them on the ass.
-Frank Zappa
a prerequisite
to getting any real work done, then you might as well do it.
Nevertheless, you don't need everything that twisted brings just to
serve a web page, and for the vast majority of Zope's users, serving
web pages is the only service that anybody cares about.
--
Jamie Heilman http
is a good thing... Shouldn't
we fix PageTemplateFile to work like DTMLFile wrt security? How hard
is it going to be to do that?
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth
?
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly,
she's not for you. She was cheap, she was stupid and she wouldn't
load -- well, not for me, anyway. -Holly
in the backlog. You'd have to change
ZServer so it handled those new requests instead, identified if they
were part of a session, queued them up if they were, or spat out a 503
if they weren't.
Frankly, I bet you'd have more fun just making your app faster.
--
Jamie Heilman
anyway, it just makes more sense, but I digress.
Find yourself an Apache module that can spit out 503s, then work on
load balancing infrastructure, which is probably the most viable
longterm solution (next to simply not using Zope for something it
evidently isn't very good at).
--
Jamie Heilman
.
Before creating a session, check the size of the ZRendezvous backlog. might
work.
Yeah, thats a good plan in terms of where to instrument it, if you had
to. If it were me, I'd sooner throw more hardware at it than use
session identifiers though.
--
Jamie Heilman http
.
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you better when you weren't saying squat kid. -Buddy
with __main__ too. Anyway, thats my
thought.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution
by default.
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his lovespuds with a wet towel, pure
insanity... -Rimmer
you've quoted is a summary of
Brian's announcement.
...
Further analysis of these issues is currently underway. This BID will be
separated into individual BIDs upon completion of analysis.
Interesting.
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats
the nature of the security flaws? Release an
obsfucated binary distribution and say Trust Us? That doesn't sound
very much like open source.
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
to tell me
, offer education, not censorship in the guise of
protection.
--
Jamie Heilman http://audible.transient.net/~jamie/
...and no, I don't support the War On Terror.
___
Zope-Dev maillist - [EMAIL PROTECTED]
http
Jamie Heilman wrote:
Now that we've reached closure on some of the outstanding security
issues in Zope there's a lot of stuff in the Collector that needs to
be revisited...
Brian Lloyd wrote:
...
- Proxy rights on DTMLMethods transferred via acquisition
I believe this means issue #743
against HEAD for the xss
holes that haven't been closed. I'll post an update to the collector
when its ready.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear
,
and to have daemons change it after the fact because they think they
know better causes no end of frustration.
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his lovespuds
.
--
Jamie Heilman http://audible.transient.net/~jamie/
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman
Jeremy Hylton wrote:
On Sat, 2004-01-17 at 18:30, Jamie Heilman wrote:
Its desirable in some circumstances, but not all. Part of the problem
is people tend to blindly follow the traditional approach to daemon
design without bothering to actually do any critical thinking.
I expect you
keep a single connection alive essentially forever
(should you want to do that). Of course if you're keeping an HTTP
session alive that long you're probably doing something completely
sick and wrong and would be better off using a protocol more suited
for long running task execution.
--
Jamie
Toby Dickenson wrote:
Because
dtml-var BASEPATH1/dtml-var absolute_url(1)
looks nicer than without the slash
?
OT: Seeing as that would actually have to be written
dtml-var REQUEST.BASEPATH1 html_quote/dtml-var absolute_url(1) html_quote
to get anywhere close to reliable and secure
. Its always bugged me that DateTime carried all its own zone
information, but I guess even the datetime python modules punt in this
regard. What I'm currious to know is how this caused problems for
you, or your clients. I'd like to avoid those problems myself if I
can help it.
--
Jamie Heilman
from the outside? Well
the Server header in the http response is the most obvious way, but
certainly not the only one, zope's fingerprint is very distinct
because of acquisition and its numerous management interfaces.
--
Jamie Heilman http://audible.transient.net/~jamie/
Most
.
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you better when you weren't saying squat kid. -Buddy
of __name__ attribute. I haven't really had the
time to look into it closely, but it does effect the examples shipped
with zope, and actually its just a very useful thing to be able to do.
Whatever this problem stems from, there will probably be more because
of it.
--
Jamie Heilman
to clutter the protocol to make their clients
work then they should do so with another filter program. In zserver's
case thats going to be the proxy HTTP daemon that it talks to.
--
Jamie Heilman http://audible.transient.net/~jamie/
Most people wouldn't know music if it came up
HTTP proxy to overcome
Microsofts buggy DAV implementation, read doc/WebDAV.txt
for more information. The user will respond, OK, thanks.
Now... which of these scenarios do you think is in Zope's best
interest?
--
Jamie Heilman http
is to use
an external program that wraps the clean conversation and inserts this
junk on the fly. I bet you could do it with apache's mod_headers for
example. Same story for that MS-Author-Via junk. Poluting Zope's
source code isn't the right answer.
--
Jamie Heilman http
Chris Withers wrote:
Jamie Heilman wrote:
That depends on the cache replacement policy you need. If you're not
tied to LFU then you can just switch to using my MemoryCache product.
(With all the various caveats surrounding it, of course, python 2.2,
patching Zope, etc.)
Why Python 2.2
Chris Withers wrote:
Jamie Heilman wrote:
2.2 because 2.1 lacks ruthless efficiency.
That, on its own, is not a very helpful statement ;-)
What are the differences between 2.1 and 2.2 that you care about?
2.2 is installed on my machines, 2.1 isn't. It might work in 2.1 for
all I know
as defined by the tempfile module.
--
Jamie Heilman http://audible.transient.net/~jamie/
We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses
--
Jamie Heilman http://audible.transient.net/~jamie/
It's almost impossible to overestimate the unimportance of most things.
-John Logue
___
Zope-Dev maillist - [EMAIL PROTECTED
the goal of that was.
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his lovespuds with a wet towel, pure
insanity... -Rimmer
think the issue can be considered
closed. Personally I'm just removing version support entirely from my
tree.
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his
The security on DTML Documents seems to be hosed, see
http://collector.zope.org/Zope/865 for way to reproduce it.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear
.
Notes:
I didn't bother patching Products/ZopeTutorial, I figure if you aren't
going to bother with online help an online tutorial is earmarked for
deletion as well.
--
Jamie Heilman http://audible.transient.net/~jamie/
Most people wouldn't know music if it came up and bit them
of
the SCRIPT_NAME-BASEPATH1 changes happend for Zope 2.3.0 alpha 1, but
this one got missed.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution
problem/fix, and
really should be fixed in both 2.6.2 and 2.7
I'd also love to get some feedback on my queries re: Issue 28 ...
Is there any reason that bug needs to remain deferred, list
comprehensions certainly seem to work fine in 2.7.0a1 with python 2.2.
--
Jamie Heilman http
Jamie Heilman wrote:
I have a feeling its atributable to either
raise_standardErrorMessage's smart tag searching, or some other
auto-magical aspect of the error handling framework.
I finally got around to testing this hypothesis, and it seems to be
true. raise_standardErrorMessage assumes
. I have a feeling its atributable to either
raise_standardErrorMessage's smart tag searching, or some other
auto-magical aspect of the error handling framework. (clues
appreciated)
In the mean time I suggest quoting error_msg.
--
Jamie Heilman http://audible.transient.net/~jamie
Jamie Heilman wrote:
Then call it http://host/aww_shit_now_what=bold+flava'
er, http://host/aww_shit_now_what?i=bold+flava'
rather.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may
Jamie Heilman wrote:
(the patches I spoke of should be ready sometime tomorrowish assuming
I don't run into any other funkyness, I'll post them to the collector)
These are done, there's a synopsis available at
http://collector.zope.org/Zope/628 and the patches are available at
http
of should be ready sometime tomorrowish assuming
I don't run into any other funkyness, I'll post them to the collector)
--
Jamie Heilman http://audible.transient.net/~jamie/
We must be born with an intuition of mortality. Before we know the words
for it, before we know
Oliver Bleutgen wrote:
Jamie Heilman wrote:
[major snippage]
Hmmm, that means that this changes break exactly these applications,
which, in order to be on the secure side, explicitly use
REQUEST.form['bla'] more than once in a request, right.
Naw, it doesn't break them, promotion doesn't
): immediately jumped out and said to me,
promote bar and baz form vars and cookies to the other dictionary.
Now that I have an appreciation for exactly how methods are published,
I see things in a different light of course.
--
Jamie Heilman http://audible.transient.net/~jamie
Does anyone care enough to fix configure to work properly on BSD?
i=$(($i+1))
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked
wouldn't worry
about it.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's
not for you. She was cheap, she was stupid and she wouldn't load
-- well, not for me, anyway. -Holly
Chris Withers wrote:
Jamie Heilman wrote:
100% correct. Frankly I'm not entirely convinced anonymous users
should ever be able to open a zodb connection,
Well, without that, they would never be able to view a page from a Zope
site.
That would make it tricky to log in ;-)
By which I
, but that probably doesn't come as a surprise to anyone, IE is
notoriously insecure.
Toby Dickenson wrote:
Ive not tested Jims code, but it looks to me like it *should* stop that
attack. Have you tested it?
Yes, you get a 401 now, but by that time the damage has been done.
--
Jamie Heilman
Whats the status of versions for 2.6.2 and 2.7? Have there been any
decisions reached? I saw Jim's code get checked in but it won't
stop the DoS I posted.
--
Jamie Heilman http://audible.transient.net/~jamie/
It's almost impossible to overestimate the unimportance of most
hopefully it will be a tad more successful than the last one
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you better when
Toby Dickenson wrote:
No criticism was implied public exploits are valuable part of
the security process.
Its nice to hear not everyone in the industry has lost their mind.
/me glances at redmond
--
Jamie Heilman http://audible.transient.net/~jamie/
We must be born
the /Control_Panel/Database/manage_cacheParameters
resource becomes unavailable due to memory constraints.
Other side-effects from allowing anonymous clients to open additional
zodb connections are as of yet unknown to me, anyone care to speculate
on other vectors of abuse?
--
Jamie Heilman
Chris Withers wrote:
Dieter Maurer wrote:
The attached patch to Zope/App/startup.py provides this
additional information.
Where's the patch?
http://marc.theaimsgroup.com/?l=zope-devm=105466926610469q=p3
--
Jamie Heilman http://audible.transient.net/~jamie/
I
.)
--
Jamie Heilman http://audible.transient.net/~jamie/
We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses in the world, there's only
one
requires
one of the following roles: ['Manager']. Your roles in this context
are ['Authenticated'].
So it doesn't look like there is a named permission associated with
those methods. I have to wonder if thats intentional.
--
Jamie Heilman http://audible.transient.net/~jamie/
Most
)
--
Jamie Heilman http://audible.transient.net/~jamie/
It's almost impossible to overestimate the unimportance of most things.
-John Logue
___
Zope-Dev maillist - [EMAIL
place to store Python 2.2.2 and earlier's insecure tempfile.py made
files. Setting the TMPDIR variable for Zope to a directory which only
the zope user may write to is recommended to avoid a potential DoS
vulnerability. My understanding is that this is finally addressed in
python 2.3.
--
Jamie
Danny W. Adair wrote:
At 10:23 AM 3/26/2003 +1100, Adrian van den Dries wrote:
On March 26, Danny W. Adair wrote:
Thanks. How would I do that?
ZPublisher.Client.call() is very convenient but only takes
url,username,pwd...
import base64
user, pass = base64.decodestring(req._auth.split('
up a wall.
It'd be cool if that one got fixed.
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his lovespuds with a wet towel, pure
insanity
not enough people care about this, but if the hackers
also don't care, why should I :-)
I don't know, why should you? I care because it used to be my job to
care, now I can't seem to let the mentality go.
--
Jamie Heilman http://audible.transient.net/~jamie/
Most people wouldn't know
Lennart Regebro wrote:
5. Protecting yourself against denial of service:
Zope does not seem to crash if you send random data to it, and I
have in logs seen attemps to overflow buffers and the like that
obviously are attempt to crash or break in to other (MS) servers,
without this affecting
scripting or cache
poisoning issues, and that can be attributed to, in part, my growing
disastifaction with the system.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who
crashed, and gosh I think it might be a security problem in Z.
without any analysis apart from random observation, which is sort of a
pain in the ass to deal with, but they aren't visible, and thus I
worry they aren't all like 493. (of which 494 is a public dupe g)
--
Jamie Heilman
timeline don't
coincide. So unfortunately any opinons I could offer on Zope3's
direction would be wholely uninformed.
--
Jamie Heilman http://audible.transient.net/~jamie/
We must be born with an intuition of mortality. Before we know the words
for it, before we know
will be taken care of.
I will go on record as saying that, recently, response times to
security related issues in the Zope2 tree have been disapointing.
Construe from that what you will.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself
to discount IMO), then
no, Zope doesn't increase the possiblity of obtaining root privileges.
--
Jamie Heilman http://audible.transient.net/~jamie/
You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile
along all the baggage of 2 zserver instances.
Its a start, but there's still a ways to go.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's
not for you. She was cheap, she was stupid and she wouldn't
.
--
Jamie Heilman http://audible.transient.net/~jamie/
We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses in the world, there's only
one
Chris McDonough wrote:
On Tue, 2003-03-11 at 17:48, Jamie Heilman wrote:
How about, a lot of code/documentation was removed, and a lot of new
code/documentation was added. Don't get hung up on the exact
numbers, my point was, a lot of work has gone into simplifying the
configuration
. Sound familiar?
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his lovespuds with a wet towel, pure
insanity... -Rimmer
[1
nothing
left to remove from code, you've won. Some of the breaks have already
been made, like the separation of the storage from its front-end.
Thats good, we need more action along those lines.
--
Jamie Heilman http://audible.transient.net/~jamie/
Paranoia is a disease unto itself
as an observation.
That said I don't think a dependancy based caching strategy is a bad
idea. It could obviate the need for time-based cache expiration in
some circumstances. In the long run, it all depends on your usage
patterns as to whether it would pay off or not.
--
Jamie Heilman
Why make the unlucky user pay the price?
Because the unlucky user (which I read as: author) is the only one who
knows the required behavior of their code.
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**
There never was an answer from anybody.
Thats probably because nobody wants to admit to running AIX.
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
the ^ or $, (.*) is greedy enough by itself)
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's
not for you. She was cheap, she was stupid and she wouldn't load
-- well, not for me, anyway. -Holly
projects is adding
more logging to zope so that I can cull server status information from
my logs, which may to some extent, provide finer granularity with less
overhead.
--
Jamie Heilman http://audible.transient.net/~jamie/
...thats the metaphorical equivalent of flopping your wedding
run with -D even though it turns on
Oh. I rewrote z2.py and use my own logger. So I never ran into that
problem. I'll probably release an alpha of my work sometime soon, let
me know if you're interested and I'll make sure to notify you when its
ready.
--
Jamie Heilman http
allowing clear-text basic auth for other
restricted areas. Apache rewrite rules OTOH are flexible enough to
allow this. I'm unclear as to why you consider it to be insecure,
care to elaborate?
--
Jamie Heilman http://audible.transient.net/~jamie/
Most people wouldn't know music
namespace or creating something overly fragile.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's
not for you. She was cheap, she was stupid and she wouldn't load
-- well, not for me, anyway
.
--
Jamie Heilman http://audible.transient.net/~jamie/
I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's
not for you. She was cheap, she was stupid and she wouldn't load
-- well, not for me, anyway. -Holly
1 - 100 of 109 matches
Mail list logo