I Do Want Something (Anxiety Poem that reflects my current status now)

I do want Something
By GhabXPH (c)

My mind is unclear
The goal is unknown
I do not know

I really hate myself
I never reached anything
My mind have something

A task to do
That I must do
But I didn’t do

Because I didn’t know
If it is worthy
To spend some time

And if it’ll succeed
Or will not succeed
I do think that
It will not succeed

Because of some reason
Like it is infeasible
Or I lack budget
To execute the project
That my mind have

Anxiety is a killer
Dreams that are better
But it turns bitter
Because I’m not better

I’m writing a poem
Inspired by my boredom
Reflecting the four words

But nobody will care
Like if I care
This is the end

I wish to write something on this blog, but I cannot think of topic to write.

Ah. My mind is blank. But the stream of thoughts are just keep going and going without any direction. I am fully aware that I am writing some full nonsense, and it has no inherent quality nor value. I wish to write something. I wish to write everyday. My topics can be anything. Focusing on technology, focusing on politics, focusing on life, focusing on advices, everything. And this one is… a post, byproduct of my anxiety.

I wish to share this to everyone. This is a picture of me, when I am anxious. I am criticizing myself. I wish to write, but since I am attacking myself, there is no any product. Somewhat, I am looking for someone who experience the same thing, and from that, I think that I should write this. I should write this stuff, so that, other people feel the same, would understand that they are not the only one.

If you are looking for a solution as you read this post, I will tell you now. You will not see a solution here. I am struggling as of the moment, and I am just sharing this to you. This wordy nonsense.

I feel relieved as I write this. At least I shout my nonsense mind to the world, but there’s a problem. Humans like me can always be like this, and I do not want to write a blog that covers this kind of thing every now and then. I want to write some meaningful things.

My expertise? I am a programmer. I am also a hacker. I could share those things. But the mood kills me. I wish to write with full of self, but my self is disconnected to me, and it feels hard like this.

Do you experience the same thing as I am? Comment below.

[Linux] add-apt-repository not found

I’ve experienced this problem on my Elementary OS setup in the middle of setting things up my working environment

sudo add-apt-repository <some repository>
Command add-apt-repository not found

Have you encountered this kind of problem? You want to add a ppa repository but the following command is not recognized by your linux distro. Try the following fix. This might work for you if you are using debian-based operating system including ubuntu.

sudo apt install software-properties-common

I’m using Elementary OS, and so far, this solution worked for me. Hope this works on your Linux distro ūüôā

Reference: https://elementaryos.stackexchange.com/questions/7507/how-can-i-add-a-ppa-in-loki

What is SQL Injection

Are you a student? Simply copy the text below.

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution.

(from wikipedia).¬†Stop here. Don’t copy me, or everything after this paragraph. Don’t be a dummy kiddo.

Nonsense Intro

Are you a wannabe hacker? Probably you are, because if you are a hacker, then there’s no point of you to read this nonsensical blabber of mine.

Probably, you have a hacker friend, and you have always heard from him that one way of hacking into someone’s website is through SQL Injection. And now, we have a question. What is SQL Injection?

Defining SQL and Database

First, let us define what is SQL and introduce to you the use of it for us to understand more the topic. SQL stands for “Structured Query Language” and it is a language used to retrieve data from a database. Just imagine¬†database is a storage medium where all the vital information of a certain website including user authentication, blog posts, personal infos, credit card info, or any other vital (and probably sensitive) information relevant to a certain kind of system.

WordPress as an Example of a System and How it is being Related from a Database

Systems such as WordPress that I am using now to relay my blabbers to all of you uses database to store this blog post that you are reading. Also, in order to prevent anyone from posting and pretend to be me, a login page is needed, and when I log-in to that login page, my inputs will be verified across the information stored from the database. If my username and password matches from my actual username and password stored in the database, then it must be me, and therefore, wordpress will allow me to do the admin things like creating a post like the one I’m writing here.

Uhm. So Gab, what is SQL Injection then?

I said a lot. Basically, SQL Injection is a type of code injection, wherein you inject a partial SQL syntax with a typical malicious intent.

Let’s take a look on this SQL Query:

$sQuery = "SELECT COUNT(*) FROM `users` WHERE `username` = '$username' AND `password` = '$password'";

As a legitimate user, I logged in on this website using the following credentials:

Username: GhabXPH
Password: SomeSecurePassword9123

The backend will generate a query like this:

SELECT COUNT(*) FROM users WHERE username= 'GhabXPH' AND password = 'SomeSecurePassword9123'

Given that my username is GhabXPH and my password is SomeSecurePassword9123, the query will return 1. The backend validation checks whether the query is not zero.

// some codes above ....
// This code checks whether the count from the query returns 0 or not
if ($iCount !== 0) {
    // credential is valid. log the user in!!!
} else {
    // Invalid credentials
}

But then, a naughty hacker attempts to login in my website using the following credentials:

Username: GhabXPH’;–
Password: YouAreOwnedHueHueHue

Since our query is deliberately insecure (no filters or does not use parametized query), then our query will then look like this:

SELECT * FROM `users` WHERE `username` = 'GhabXPH';--' AND `password` = 'YouAreOwnedHueHueHue';

What the query does is it finds a username = GhabXPH.¬†The password check is rendered useless because the malicious hacker closed the string literal using single quote character, ends the line with a semicolon (;), and ignores the rest of the query using comment/double dash (–).

Since the query above is valid, it will pass the validation check ($iCount is not zero), and thus, logs the user in as GhabXPH.