@prologic@twtxt.net There have always been and there will always be people who have absolutely no clue what they’re doing. I’ve been 100% one of them when I started. Guaranteed, heaps of new SQL injections are born every single day, numbers rising.

That doesn’t justify all the WAF crap in the first place, though. In my opinion it’s just a filthy plaster applied to an injected wound. The software itself must be secure. Otherwise, don’t put that shit on the internet. Probably not even operate it at all. Nowhere. Fix it or throw it in the bin.

One thing about my design here is that it would no longer incorporate “regex”-based rules like OWASP, mostly because my experience thus far has taught me that these rules are kind of overly sensitive, produce false positives and I’m not sure they are really very effective. For example, why is the point of performing SQL injection detection at the Edge using a WAF if you already handle SQL properly in the first place? (seriously does anyone still construct SQL queries by hand with effectively printf?!)

Abusing DuckDB-WASM by making SQL draw 3D graphics (Sort Of)
Comments ⌘ Read more

Today is the day where everything is falling apart. Suddenly, I get: SQL logic error: cannot start a transaction within a transaction

I was trying to optimize the SQL query used for the Compact FrontPage (anonymous view for Discovery when the Admin/Operator chooses “one twt per feed”).

Show HN: Query GPT: Transform Natural Language into SQL
Comments ⌘ Read more

SQL scares me i tweaked a bash script that pulled from a DB and the bash part was easy even if i was just going off of the code in there that i didn’t write (like i understood it at least) but the SQL parts had me suffering

The other day, after a discussion online, we came to the conclusion that using awk+sed+tr could replace much of the development that requires a database. However, using SQLite to have a SQL syntax isn’t a bad idea either. What do you think?

@lyse@lyse.isobeef.org OK. So how I have worked things like this out is to have the interface in the root package from the implementations. The interface doesn’t need to be tested since it’s just a contract. The implementations don’t need to import storage.Storage

• storage/ defines the Storage interface (no tests!)
  
  • storage/sqlite for the sqlite implementation tests for sqlite directly
    
  • storage/ram for the ram implementation and tests for RAM directly
    
• controller/ can now import both storage and the implementation as needed.
  

So now I am guessing you wanted the RAM test for testing queries against sqlite and have it return some query response?

For that I usually would register a driver for SQL that emulates sqlite. Then it’s just a matter of passing the connection string to open the registered driver on setup.

https://github.com/glebarez/go-sqlite?tab=readme-ov-file#connection-string-examples

Learn SQL by solving crimes. I want to highlight it as a teacher and a developer, it’s extremely well done.
https://www.sqlnoir.com/
#sql

@kat@yarn.girlonthemoon.xyz I approve! That’s how I learned HTML (version 4 at the time and XHTML shortly after) and making websites, too. Some of them are still made like this to this day. Hand-written HTML. Hardly any <div> and class nonsense. I can’t remember with which editor I started out with, but I upgraded to Webweaver (later renamed to Webcraft) quickly. Yeah, this were the times when there was just a single computer for the whole family.

Free hosting on Arcor, Freenet and I don’t know anymore how they were all called. Like this author, I uploaded everything via FTP. Oh dear, when was the last time I used that? And I had registered plenty of free .de.vu domains.

Being on Windows at the time, everything was ISO-8859-1 for me. No UTF-8, I don’t think I’ve heard about it back then.

Later, I wrote my own CMSes in PHP. Man, were they bad in retrospect. :-D Of course, MySQL databases were used as backends. I still exactly know the moment I read the first time about SQL injections. I tried it on my own CMS login and was shocked when I could just break in. The very next thing I did was to lock down everything with an .htaccess until I actually fixed my broken PHP code. Hahaha, good memories.

I swear by Atom or RSS feeds. Many of my sites offer them. I daily consume feeds, they’re just great.

I share I did write up an algorithm for it at some point I think it is lost in a git comment someplace. I’ll put together a pseudo/go code this week.

Super simple:

Making a reply:

1. If yarn has one use that. (Maybe do collision check?)
   
2. Make hash of twt raw no truncation.
   
3. Check local cache for shortest without collision
   
   • in SQL: select len(subject) where head_full_hash like subject || '%'
     

Threading:

1. Get full hash of head twt
   
2. Search for twts
   
   • in SQL: head_full_hash like subject || '%' and created_on > head_timestamp
     

The assumption being replies will be for the most recent head. If replying to an older one it will use a longer hash.

@prologic@twtxt.net, are you running Gitea with an SQL backend, or using sqlite? Any reason have haven’t moved to Forgejo?

Como diría mi abuelo “Dándole al SQL nuestro de cada día”

Bueno, lo decía a su profesión, aunque me entienden.

On the topic of Programming Languages and Telemetry. I’m kind of curious… Do any of these programming language and their toolchains collect telemetry on their usage and effectively “spy” on your development?

• Python
  
• C
  
• C++
  
• Java
  
• C#
  
• Visual Basic
  
• Javascript
  
• SQL
  
• Assembly Language
  
• PHP

@abucci@anthony.buc.ci Where did I hate on SQL databases? 🤔

@eldersnake@we.loveprivacy.club Several reasons:

• It’s another language to learn (SQL)
  
• It adds another dependency to your system
  
• It’s another failure mode (database blows up, scheme changes, indexs, etc)
  
• It increases security problems (now you have to worry about being SQL-safe)
  

And most of all, in my experience, it doesn’t actually solve any problems that a good key/value store can solve with good indexes and good data structures. I’m just no longer a fan, I used to use MySQL, SQLite, etc back in the day, these days, nope I wouldn’t even go anywhere near a database (for my own projects) if I can help it – It’s just another thing that can fail, another operational overhead.

I’ve never liked the idea of having everything displayed all of the time for all of history.

And I still don’t: Search and Bookmarks are better tools for this IMO.

From a technical perspective however, we will not introduce any CGO dependencies into yarnd – It makes portability harder.

Also I hate SQL 😆

it uses the queries you define for add/del/set/keys. which corrispond to something like INSERT INTO <table> (key, value) VALUES ($key, $value), DELETE ..., or UPDATE ...

the commands are issued by using the maddycli but not the running maddy daemon.

see https://maddy.email/reference/table/sql_query/

the best way to locate in source is anything that implements the MutableTable interface… https://github.com/foxcpp/maddy/blob/master/framework/module/table.go#L38

Trying to figure out what sql query maddy does to change user passwords, but first, i’m looking for the subcommand that actually does that… on the source code