.webp?x=8 "Fedora (Red Hat Enterprise Linux) - Reminds me of 2004")
(probably a 
) makes 'TempleVPN', sets up ad for it on /g/, is instantly mogged by a 'teen because dipshit didnt sanitize inputs
I setup 16 OpenVPN servers
No you didn't, you're using Surfshark's servers.
t. VPN Fren
This shit glows.
Also nice security, cute twink. Parameterise your SQL queries.
fricking L M A O 
thread: https://archived.moe/g/thread/95091081
EDIT: 
deleted thread xd, desuarchive: https://archived.moe/g/thread/95091081
!codecels a lesson you must learn, but dont learn it like this r-slur
tech/science swag. 
On-Topic: Anything that good slackers would find interesting. That includes more than /g/ memes and slacking off. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual laziness.
Off-Topic: Most stories about politics, or crime, or sports, unless they're evidence of some interesting new phenomenon. Videos of pratfalls or disasters, or cute animal pictures. If they'd cover it on TV news, it's probably lame.
Help keep this hole healthy by keeping drama and non-drama balanced. If you see too much drama, post something that isn't dramatic. If there isn't enough drama and this hole has become too boring, POST DRAMA!
Please do things to make titles stand out, like using uppercase or exclamation points, or saying how great an article is. It should be explicit in submitting something that you think it's important.
Please don't submit the original source. If the article is behind a paywall, just post the text. If a video is behind a paywall, post a magnet link. Fuck journos.
Please don't ruin the hole with chudposts. It isn't funny and doesn't belong here. THEY WILL BE MOVED TO /H/CHUDRAMA
If the title includes the name of the site, please leave that in, because our users are too stupid to know the difference between a url and a search query.
If you submit a video or pdf, please don't warn us by appending [video] or [pdf] to the title. That would be r-slurred. We're not using text-based browsers. We know what videos and pdfs are.
Make sure the title contains a gratuitous number or number + adjective. Good clickbait titles are like "Top 10 Ways to do X" or "Don't do these 4 things if you want X"
Otherwise editorialize. Please don't use the original title, unless it is gay or r-slurred, or you're shits all fucked up.
If you're going to post old news (at least 1 year old), please flair it so we can mock you for living under a rock, or don't and we'll mock you anyway.
Please don't post on SN to ask or tell us something. Send it to [email protected] instead.
If your post doesn't get enough traction, try to delete and repost it.
Please don't use SN primarily for promotion. It's ok to post your own stuff occasionally, but the primary use of the site should be for curiosity. If you want to astroturf or advertise, post on news.ycombinator.com instead.
Please solicit upvotes, comments, and submissions. Users are stupid and need to reminded to vote and interact. Thanks for the gold, kind stranger, upvotes to the left.
Be snarky. Don't be kind. Have fun banter; don't be a dork. Please don't use big words like "fulminate". Please sneed at the rest of the community.
Comments should get more enlightened and centrist, not less, as a topic gets more divisive.
If disagreeing, please reply to the argument and call them names. "1 + 1 is 2, not 3" can be improved to "1 + 1 is 3, not 2, mathfaggot"
Please respond to the weakest plausible strawman of what someone says, not a stronger one that's harder to make fun of. Assume that they are bad faith actors.
Eschew jailbait. Paedophiles will be thrown in a wood chipper, as pertained by sitewide rules.
Please post shallow dismissals, especially of other people's work. All press is good press.
Please use Slacker News for political or ideological battle. It tramples weak ideologies.
Please comment on whether someone read an article. If you don't read the article, you are a cute twink.
Please pick the most provocative thing in an article or post to complain about in the thread. Don't nitpick stupid crap.
Please don't be an unfunny chud. Nobody cares about your opinion of X Unrelated Topic in Y Unrelated Thread. If you're the type of loser that belongs on /h/chudrama, we may exile you.
Sockpuppet accounts are encouraged, but please don't farm dramakarma.
Please use uppercase for emphasis.
Please post deranged conspiracy theories about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email [email protected] and dang will add you to their spam list.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, report it and our moderators will probably do nothing about it. Feed egregious comments by replying instead of flagging them like a pussy. Remember: If you flag, you're a cute twink.
Please don't complain about tangential annoyances—things like article or website formats, name collisions, or back-button breakage. That's too boring, even for HN users.
Please seethe about how your posts don't get enough upvotes.
Please don't post comments saying that rdrama is turning into ruqqus. It's a nazi dogwhistle, as old as the hills.
We reserve the right to exile you for whatever reason we want, even for no reason at all! We also reserve the right to change the guidelines at any time, so be sure to real them at least once a month. We also reserve the right to ignore enforcement of the guidelines at the discretion of the janitorial staff. Be funny, or at least compelling, and pretty much anything legal is welcome provided it's on-topic, and even then.
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
Jump in the discussion.
No email address required.
How is this still a thing in Current Year?
Jump in the discussion.
No email address required.
If he hired sexy Indian dudes to code for him, I'm not surprised. Or maybe he hired Null.
Jump in the discussion.
No email address required.
More options
Context
Watch CIA recruiting media to understand how shit like this happens.
Jump in the discussion.
No email address required.
How's your daughter
Jump in the discussion.
No email address required.
Still refuses to change in front of me after i got drunk and bragged about how hot my daughter was to fricking my friends. Kids these days.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Diversity hires
Jump in the discussion.
No email address required.
More options
Context
cashgrab and/or r-slur
Jump in the discussion.
No email address required.
More options
Context
For real, neighbor should've rerouted the auxiliary encryption to the dedicated network processor first and foremost lmao
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
I'm not a codecel, what does this actually mean?
Jump in the discussion.
No email address required.
Basically a SQL query gets (or puts) data from your database.
A query might look like
SELECT FIRSTNAME FROM USERS WHERE USERNAME = 'drumpf'
If you take data from a user (like in a username field on a page) and pass it straight over to the database a malicious user might be able to frick up your database. In my above example 'drumpf' would be ok. But if I instead said my username was drumpf'; drop table users; I could chain multiple commands together and cause trouble.
Parameterizing queries prevents that and is so elementary that it's shocking to see people neglect to do it. Basically it would prevent me from chaining the above commands and treat the whole thing as my username, which wouldn't find any matches but it wouldn't break anything either.
Jump in the discussion.
No email address required.
More options
Context
Databases use Structured Query Language which is text to do things like look up values. You write out what you want to happen. Quite often you're taking user's input and using it in your searches. But critically bear in mind that it is, at the end of the day, a big line of text. When dealing with inputs, there are two ways of doing things:
You build up a string of what you want to run on the database filling in the inputs as you go
You use a sort-of "template" and pass the template and the inputs in separately.
The problem with (1) is that you're not in control of what's inside the input, I am. So instead the username "bob" that the programmer expected, it is "bob';" and that extra quote-semicolon tells the database that the query is finished. You then tack on whatever you want and it'll be run. So things like "add GenocideMaxxer to the list of people who can log in to the management console" are popular to use. You then finish off by adding "--" and those two dashes tell the database to ignore the rest of what was sent. For example "find users called 'bob' whose id is 123" becomes "find users called 'bob' and then also do this thing"
The second method is method superficially similar but critically different in the way that inputs are used. You pass "find all the users called $1 whose id is $2" and then you pass that along with the inputs separately. The way that the query parser/planner operates means that by the time the parameters are read then the database request isn't a string that can be injected in to at that point, it's been broken down in to bits and the values/inputs that I enter can't be used for anything other than being a value/input in the process.
The vulnerability expressed in the former case is notorious and has been widely exploited since the late 90s when the Interwebs were taking off. You can more about it here, but that's the gist of it. https://en.wikipedia.org/wiki/SQL_injection#Incorrectly_constructed_SQL_statements
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context