Tim Holloway

Saloon Keeper
+ Follow
since Jun 25, 2001
Tim likes ...
Android Eclipse IDE Tomcat Server Redhat Java Linux
Long-time moderator for the Tomcat and JavaServer Faces forums. Designer and manager for the mousetech.com enterprise server farm, which runs VMs, a private cloud and a whole raft of Docker containers.
These days, doing a lot of IoT stuff with Arduinos and Raspberry Pi's.
Jacksonville, Florida USA
Cows and Likes
Cows
Total received
180
In last 30 days
2
Total given
32
Likes
Total received
2715
Received in last 30 days
18
Total given
275
Given in last 30 days
7
Forums and Threads
Scavenger Hunt
expand Rancher Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Tim Holloway

Bill Babbitt wrote:Thank you for your help. As for SQL Injection Attacks, this is not a web-based application and is only meant for local networks. That said, I am certain using prepared statements is likely a good practice.

Thank you for clarifying the quoting. I have struggled with what, where, and how to format a statement correctly for the JDBC to convert to something PostgreSQL will recognize. PostgreSQL seems unnecessarily complex, but the licensing is what I need for this application. Is there any post/site/book that clarifies the quoting?


Yes, PreparedStatements are a good habit to form. Plus, you can never tell when you might want to recycle some code into a webapp!

PostgreSQL is a full-featured professional DBMS. In fact, when Amazon ditched Oracle, they moved to PostgreSQL, although these days I believe that they've got their own custom version of PostgreSQL. So it's powerful, and therefore complex. However, there are some good books available on it and of course the online docs.

Quoting varies from DBMS to DBMS. While SQL quotes are always single-quote (apostrophe) marks, meta-quotes such as those for column names are generally either double-quotes or back-tick (reverse apostrophe) quotes. As I said, you only need them when you have potential ambiguities such as when referencing reserved words in a non-reserved context or if your DBMS is particulary stubborn about upper/lower case table/column/schema names. The exact rules for PostgreSQL quoting should be in the online PostgreSQL documentation and they're basically the same regardless of which version of PostgreSQL you're looking at.

Note that if you look at generated SQL from a Java Persistence Architecture (JPA) fine-grained (SQL) log, they usually generate qualifications and quotes to the high heavens, but that's because they take the worst-case possibilities and it's simpler for the SQL generator to keep the redundancies than to remove them (since ordinarily you wouldn't see them anyway).
15 hours ago

Campbell Ritchie wrote:Unfortunately, that is what cert exams test.


And why I don't value most certs. It's not practical competence, just remember-and-regurgitate combined with Hunt-the-Wumpus.

The Cisco and Red Hat certs tested real-world competence. The original RHCE, so I understand, gives you about 4 hours to take a cold iron machine and turn it into a functioning server and that's about what it took me to do the job professionally. Though thse days on my own domain, provisioning is automated to the point where I can spin up multiple servers in parallel at the cost of having spent more time setting up the provisioning profiles.

I said leak "objects", but that was sloppy in that it covered more than just Java Objects, and didn't allow for the fact that a lot of things like network connections are not formally-structured OOP objects. So going out of scope on a Connection object immediately makes it subject to garbage collection (as opposed to immediately being garbage collected), but the associated network connection isn't going to get closed untill the GC actually destroys the garbage object, if then.

Because of the innate trickery involved in exam questions as opposed to the professional environment, I usually spend a lot of time that I wouldn't spend on real-world code just trying to figure out where the hidden traps are. Of course in the real world, I'd also be vetting the code by A) ensuring it could even compile and B) attempting to run a test case - modern systems are powerful enough that it's faster to let the machine do the high-level checking for me, not like back in school where I'd have to queue up to use the card punch, queue up again to load a deck into the remote job entry terminal and hope that the operator downtown wasn't away at dinner while someone else's program was looping (IBM's mainframe DOS couldn't cancel jobs from remote terminals). I fortunately never had to use a computer system where jobs were metered and billed by CPU seconds and I/Os at least.

However, I do believe that you're doing exactly what I said - leaking an open file handle when an Exception occurs. And that, indeed is a test-worthy question if you can phrase it in a way where multiple selection answers don't give it away too easily.

Rob Spoor wrote:

German Gonzalez-Morris wrote:Maven dependencies declaration order does not impact the Java classloader (it is indeterministic).


It does if there are multiple versions of the same JAR. If dependency X has a dependency on BC version A, and dependency Y has a dependency on BC version B, then the order of declaring X and Y will change which BC version is used.

Jiri, we've had a similar (or possibly the same) issue 3 weeks ago: Issues with bouncycastle upgrade. Maybe you can find something useful in there.



Transitive Maven dependencies are what can lead to the Java version of "DLL Hell".  Many IDEs have graphical tools that highlight dependencies and dependency conflict in addition to Maven's own ability to list them from the command line.
1 day ago
As Junilu says, public is the schema name in this statement, and it's redundant here, since it's the default schema name.

As is the quoting of column names. It makes things unnecessarily messy. You only need to quote column names if the column name is an SQL reserved word or otherwise cannot be automatically resolved. And I don't recommend using reserved words as column names, since it can cause all sorts of trouble.

I also don't recommend using capital letters in column or table names. Different databases deal with such names in different ways. Some ignore case, some take case verbatim, some require quoting or the cases won't match. Again. it's a formula both for inherent trouble and for reduced portability.

Last, but not least, DEFINITELY use a PreparedStatement. SQL Injection Attacks are no joke!
1 day ago
"First" in an SQL database is a meaningless concept. As far as SQL is concerned, a simple "SELECT * FROM citytemps" could return a different result every time - all the rows, but not all in the same order. In fact, I saw something very like this years ago when using PostgreSQL. I think it was returning whatever order the last sort was done in.

So you need context. A more meaningful query would be something like this:

If you don't give an ORDER BY, you will just get some random row and possibly not the same row every time. Usually that's not what you'd want.

Also, if you want the temperature closest to, but not equal to 0, this is one way:

(ASCENDING is the default, so I didn't use it in the first example).

Campbell Ritchie wrote:The cert exams, as Jeanne has said, don't so much test your ability to write good code as your ability to navigate bad code.



Unfortunately, I don't get hired to navigate bad code and definitely not to produce bad code, so knowing obscure coding atrocities doesn't translate well into demonstration of practical competence. Plus, the most common bad coding I've run into tends towards leaking objects, not wierdly-formed classes. Inherited one system where the original programmer didn't realise that simply de-referencing filestreams and network connections didn't immediately close them. And he wondered why the app would crash every couple of hours.

Then again, I've always favored the old-time guild system if you really want to demonstrate competence. To advance to Journeyman or Master status, you had to submit a tangible proof of your quality of professional work, which is not something you can do in a 3-hour test session. The original "masterpieces" were in fact the works submitted to demonstrate that one deserved to be granted the rank of Master by other Masters and only secondarily as subsequent exemplary works by Masters.

The downside of guilds, as in labour unions is that politics often features and considering that software developers are stereotypically bad ad social skills, that can distort the actual competencies or lack thereof of applicants is not inconsequential, but I'll virtually guarantee that no one this week will ask me in a professional capacity to specify any of the various JVM assertion modes without reference to the language documentation. One of the old test questions I hated most.
Welcome to the Ranch, Idan!

I've never heard of "frontend containers" as a formal concept. As others have said, the true "front end" of many modern web applications resides in code running on the client. And you should absolutely never trust data coming from a client directly to a back-end database. That's how the infamous SQL Slammer incident happened so many years ago.

The application client talks to the application server (which may be in a container). The application server may then talks to one or more backends which may be database servers, message routers or other independent applications and the backends might each be in a container of their own separate from the application server container. The application server code cannot be directly called from the client, thus it's harder to stuff damaging content into it, and in fact,  one of the functions of the application server-side code is to reject bad data being sent to it.

It's common these days for appserver and backend containers to communicate with each other via shared virtual network, which helps isolate traffic not only from the outside world but also from other unrelated containers that aren't on that network.
3 days ago

Lloyd Hatch wrote:If I can re-direct the discussion a bit, would someone mind telling me when an anonymous class would be useful?   Back in my original question I missed it because I didn't recognize that the question was declaring an anonymous class, and I see that now, and I've been looking up anonymous classes.  What I don't get still is why?   What is the use case for them?

Let me know if this should be a separate thread.


Well, the big one would be Anonymous Inner Classes, which were extensively used by things like GUI frameworks to instantiate one-shot class definitions as event handlers.

Fortunately, we have lambdas these days, so anonymous inner classes are no longer essential.

That's different from a non-anonymous inner class such as the class that links a key and value inside a Map implementation, Which has a name, but isn't intended to be referenced by code outside of its containing class.
OK, I'll buy that. Although creating what amounts to an anonymous outer instance just to get an inner instance from an external context seems to be a questionable practice to me.

It's on a par with doing direct access to member properties instead of using accessor methods, but even more likely to have consequences when maintenance time comes around.
That was the complete method.

No, it didn't make sense to me either, but then traditionally, neither would new Foo().new Bar(). As I said previously, new is a unary operator and therefore should not strictly speaking be usable in method-call form, as it would have no base object/class to be defined for. Thus either someone slipped over some new language-foo when I wasn't looking (it happens - unlike Campbell, I don't read myself to sleep with the latest specs), the compiler has something seriously wacky with it, or there's a subtle semantic effect (meaning that it doesn't actually do what it appears to be doing).

Stephan van Hulst wrote:

Tim Holloway wrote:"new" is a unary operator and thus new Host().new Spirit() makes no more sense than a. + b would.


The Java designers seem to disagree. The following is the correct syntax for creating an instance of an inner class when your current lexical scope is outside of the enclosing class:



Hmmm. I see that Eclipse will allow new Foo().new Bar() and new Foo().Bar();

Perhaps Campbell can explain what the virtues of these constructs are versus the more traditional/simpler new Foo.Bar();
"new" is a unary operator and thus new Host().new Spirit() makes no more sense than a. + b would. You should code something like new Ghost.Spirit();

Extending final classes being another matter.
Absolute pixel co-ordinates and layout managers are pretty much conceptually exclusive. Again, I'm relying on memories that are probably faulty/crossed with other GUIs and I'm too lazy to check, but I think there's an AbsoluteLayout for that kind of stuff. What rules exist to make it co-exist within a resizeable container/layout, I don't know, as, again, I'm too lazy to check.

Most GUI systems prefer not to use absolute physical pixels but instead to use Device-Independent Pixels, which may or may not correspond to physical pixels depending on the display.

Since you're using the term "sprite", I'm going to assume you're looking to implement something that behaves like a video game, and it would be good therefore to find a good guide on video game programming for Java. But when you're going to implement a real-time motion display (such as moving sprites) in a resizeable container, you have 2 choices: make the enclosing container be a viewport that may end up resized to the point where it can see only a section of the overall co-ordinate space or scale the viewport (which DEFINITELY rules out absolute pixel addressing).
4 days ago

Tim Cooke wrote:Get yourself a half decent IDE such as Eclipse or IntelliJ and you'll never write another getter or equals method again either without the overhead and risk of a third party library.


Mike Simmons wrote:
Well yes, but the problem here is that I still have to read those auto-generated methods, and update them when new fields are added.  This can lead to errors.  I definitely prefer to have those methods built in by default.


If you define new properties using Eclipse, there are snippets to automatically generate the get/set methods. I use them very frequently when tweaking JPA database entities. You can also do much the same regarding the update of constructors, though I'm not myself in favor of 100-argument constructor methods.

Eclipse "snippets" are basically typing-time macros, complete with substitution capabilities that can be invoked via shorthand keys. Type "sou" and hit Ctrl+SPACE and a prototype System.out.println() will be generated with the cursor aimed at the argument list part of the statement. You can define your own snippets and/or customize the stock set.

Generation of getters, setters, and constructors is an option of the "Source" menu.
4 days ago
I can't recall offhand for Swing in partiicular, but a lot of frameworks (CSS, for example), have "padding" and "margins". The difference is that margins are the space around elements, whereas padding is the space between elements.

If you have a special background image, pattern, or color, I think in most cases it will show in the padded/margin areas, but you might need to set the background to "transparent" or "0% opacity" (which is the same thing, only fancier) if there's already a background color in effect for the element in question.
4 days ago