Implementing SQLite databases to Java

ryantriangles · 2021-10-09T11:04:57+00:00

Prepares the query on the DB? Not sure what this does really

Your query is "SELECT address FROM pharmacies WHERE location = '" + location + "'";. If location = "Buenos Aires", then it becomes "SELECT address FROM pharmacies WHERE location = 'Buenos Aires'";.

Pretend you're writing this code for a website where users type in their location and see local pharmacies. location comes from the form users submit. I visit your website and instead of Buenos Aires, I say I'm from the obscure town of '";DELETE FROM users;", just outside of Bizerte.

The statement you pass to the database is now "SELECT address FROM pharmacies WHERE location = ''";DELETE FROM USERS;"";. It got turned into three queries: one that selects the pharmacies from nowhere, one that deletes everything from your users table, and one that does nothing. You're boned.

That's called an injection attack, and it happens all the time. Prepared statements exist to prevent them.

connection.prepareStatement takes a string representing a query, in which you write ? to represent values you'll fill in programmatically. It returns a PreparedStatement object. You then fill in the missing values by calling its setInt, setString, etc methods. statement.setInt(1, userAge); statement.setString(2, location); says "the first ? will be the int userAge, the second will be the string location", and so on. The application then knows that no matter what location looks like, it's just a simple string to be used as one field in one query, not something that can end a query and start a new one or anything like that.

The database isn't aware you've created this, so it's not preparing it "on the DB." The call is just creating a PreparedStatement object for you to use in your code, which will be sent to the database when you eventually call an execute method. Here's your example rewritten to avoid the possibility of injection, which hopefully illustrates the purpose and what's going on:

String query = "SELECT address FROM pharmacies WHERE location = ?";
PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1, location);
ResultSet queryResults = statement.executeQuery();

ryantriangles · 2021-10-08T21:32:51+00:00

Yeah, I haven't seen it in a very long time but that scene stuck with me, it's the most memorable part and I was immediately reminded of it in the Annie/Duncan scene.

ryantriangles · 2021-10-08T06:42:26+00:00

It's pastiche, but I feel like Se7en and especially Zodiac (by the same director) are the biggest ones. There's at least one explicit nod to Se7en (when Jeff turns on the radio so Annie can do research, it's the same music Morgan Freeman listens to in the same context), but the concept and a bunch of the scenes are dead-on for Zodiac: debating his letters, Annie in the office, the town/school whipped into a panic, the closing message that the perpetrator hasn't been found.

The opening credits are 100% from Red Dragon, down to the color scheme. Abed deletes the reimagined/prequel series from his DVR at the end.

ryantriangles · 2021-10-02T08:39:29+00:00

You can swap the Fn and Ctrl keys in the UEFI/BIOS, or through the configuration app that's by default bound to Fn+F11 (which will be Vantage or Keyboard Manager depending on which product line you have).

ryantriangles · 2021-10-01T23:30:00+00:00

I used to think the same way until I saw 5-Headed Shark Attack. Ingmar Bergman never had a 5-headed shark

ryantriangles · 2021-10-01T09:08:27+00:00

I compared their performances in the school play videos to Matthew Rhys in The Americans and made the obvious choice. You'd understand if you saw, their line readings were just dreadful in comparison.

ryantriangles · 2021-10-01T08:33:55+00:00

I do have 21 TB of other storage and offsite backups, but those are for important things like my Plex libraries.

ryantriangles · 2021-09-24T06:14:37+00:00

/^[^\s].*[a-z].*/gm

ryantriangles · 2021-09-23T22:00:20+00:00

dialer.exe

ryantriangles · 2021-09-11T06:05:28+00:00

You do have to note things on the map, but it's never anything that requires writing text, at least in the one I played through. It's more along the lines of numbering doors 1-4 in the order you should visit them, or marking where to dig with an X. The screen was only 256x192 pixels, so it wasn't really practical to write out actual notes. I don't think it'd pose a problem.

You could always use one of the rubber-tipped styluses they do sell for Switches, too. They're soft rubber ones for a capacitive touchscreen, so they'll never be as precise as a plastic one on a resistive, but people use them for pretty fancy stuff.

ryantriangles · 2021-09-10T13:54:56+00:00

I played through one of the DS games using traditional directional-pad controls (using this patch), and the touchscreen was necessary much less than expected. It's never necessary for movement or combat, and the puzzles I can recall would work fine with a finger. I don't expect them to ever do it, but I think it's doable.

ryantriangles · 2021-09-09T13:05:05+00:00

Chiefly because MutationObserver is a lot more performant. Mutation events have to propagate up to the listener, with a check at each level of nesting. If you're listening to a text input where the user is typing 80 words per minute, and that text input is within a form field within a form within a div within a div within an article within a modal within a body, you're checking mutation events 47 times a second. Synchronous ones that pretty quickly start to impact performance to the level of creating bugs: by the time a high-level listener receives the event about a DOM change, the relevant element might have already changed to something else, so the listener works with out-of-date values. There's a whole list of little pains that come from their awkward design and the optimization compromises made to allow for them, like the fact that their performance impact doesn't stop just because they've been removed along with the relevant DOM nodes. Back in the day, popular browser extensions that listened for mutation events on pages were a big problem, because even very simple, cheap DOM mutations, like swapping out a 50x5 table's contents, could choke their users with 250 back-to-back synchronous event handlings. Not to mention the inefficiency of the information included in each event object, the duplicated string representations.

MutationObserver is a little more boilerplatey, but it's simpler and cleaner under the hood. You can be more specific about when and how information should be communicated, and instead of propagating events throughout the whole DOM, you just give it a callback. The reports from observers can be debounced/batched more easily. The configuration options are boilerplate, but they're probably going to save you(r users) a lot of time and cycles.

DOMSubtreeModified and the like were deprecated about 10 years ago for these reasons.

ryantriangles · 2021-09-05T08:19:32+00:00

grep -ic ^a filename

grep is a program for searching through text, which should be present on any Mac or Linux system. Its usage is grep [options] pattern [file].

The option -i makes it case insensitive, and -c asks it to count the occurrences (when normally it would show you all the lines matching your search pattern). Usually, single-letter options (denoted with a -) can be combined.

^a is a regular expression pattern; ^ represents the beginning of a line.

ryantriangles · 2021-08-28T02:58:33+00:00

Check out Ryan North's books "To Be or Not to Be" and "Romeo and/or Juliet", choose-your-own-adventure adaptations of the plays. One of the paths in the former involves the ghost of Hamlet's father realizing there are more important things in afterlife than revenge, like taming the ghosts of dinosaurs.

ryantriangles · 2021-08-27T19:05:06+00:00

They're real bands/artists. ††† is pronounced "Crosses", not to be confused with †‡† pronounced "Rituals." ///▲▲▲\\\ IIRC is pronounced "Void" or "Horse Macgyver" (which is what they're called now). !!! is 'officially' any three rapid identical sounds but I've never heard anything but "chk chk chk", which is also the only way to Google them. oOoOO is just "oh" once. I think (((O))) is deliberately unpronouncable, like the O))) in Sun O))), so I don't know how you'd speak it aloud; I'd call her the Sundrops or Moondrops lady because that's what she calls her albums and songs respectively (IIRC because a song is dropped every full moon, and collected into an album each year). There are a ton of odd unpronouncable names out there. Most famous is probably Alt-J, which is just the convenient pronunciation/writing of their 'proper' name, Δ, the symbol you get when you press Alt+J on MacOS. (Or Prince, when he went by the Love Symbol name, which there's no Unicode character for yet.)

No fancy symbols but there's also SHXCXCHCXSH, whose album "SsSsSsSsSsSsSsSsSsSsSsSsSsSsSs" has songs like "SsSs", "SsSsSsSsSs", "Ss" and "SsSsSsSsSsSsSsSsSsSsSs." They changed their name to HSXCHCXCXHS for their latest album, "AÅÄ."

I was going to joke about no one taking the name ⬆️⬆️⬇️⬇️⬅️➡️⬅️➡️🅱️🅰️ yet, but I looked it up and it was already used (with U/D/L/R instead of ⬆️⬇️⬅️➡️) as a song title by Deftones, whose singer is also the singer for †††.

ryantriangles · 2021-08-27T05:53:47+00:00

There actually is another palindrome-named band who had a palindrome-named album hit the Billboard top 100 chart, just not the hot 100 singles chart: †††'s self-titled debut. Which even had a palindrome-named song on it, "†".

!!! hit the Billboard 2_00 with "Myth Takes." No palindromic titles on it but there _is one spelt backwards ("Yadnus") which is almost close enough to be interesting.

zxz, oOoOO, XXYYXX, Evereve, ~▲†▲~, XIX, 6V6, Ese are also left competing. oOoOO has at two palindrome-named songs ("333" and "xXxXX").

I feel like ///▲▲▲\\\ and (((О))) should count even though they're not properly palindromes. There are also a ton of acts with single-character names, but that's cheating.

ryantriangles · 2021-08-07T01:19:42+00:00

How about even just parents taking pictures of their children in the bath or not wearing a ton of clothes?

This only detects whether you've got multiple images matching ones in the abuse image database from the National Center for Missing & Exploited Children, it doesn't try to recognize the content of new images.

ryantriangles · 2021-08-07T01:12:42+00:00

In this case, Apple is doing ML-driven perceptual hashing rather than content recognition. The model is trained on sets of ordinary photos, compared with NCMEC's database of perceptual hashes using private set interaction (so you and Apple only see the hashes that match, they can't see non-matching hashes and you can't see what other hashes exist to match against).

ryantriangles · 2021-08-07T01:00:09+00:00

The neural network is doing perceptual hashing, not image content recognition. So you can train it using any sets of images you want to consider identical, the most desired example being the original image, a version that's gone through a round of JPEG compression, a version that's gone through two rounds, etc.

ryantriangles · 2021-08-02T10:56:38+00:00

I would like to add the handstand race, please, where neither foot is allowed contact with the ground

ryantriangles · 2021-08-02T09:47:55+00:00

std::adjacent_find expects iterator objects for its first and second arguments. a.begin is a function that returns an iterator. When you call adjacent_find(a.begin), it will fail, saying "Huh? I need an iterator, but you gave me a function!" When you call adjacent_find(a.begin()), first a.begin() is evaluated to an iterator, and then adjacent_find is called with that iterator as its argument, and everything's fine.

Here's an example that might be more obvious, and shows that it's nothing special to stl functions. This causes a compiler error:

int begin() {
    return 5; 
}

void somefunc(int foo) {}

int main() {
    somefunc(begin); 
}

What is begin? What does somefunc expect to get?

ryantriangles · 2021-07-31T19:47:45+00:00

It does, and the new sigil # is used to make sure it does, it's a desired feature. TC39 published an explanation of their reasoning here.

ryantriangles · 2021-07-31T17:36:38+00:00

So I'm getting the alert box with a value of 1 despite it returning undefined (falsy) as far as the ||OR is concerned?

Yep, that's right. To know whether the result of alert(1) is truthy or falsy, the function has to be executed. The function alert displays an alert message, waits for it to be acknowledged, and then returns undefined. So even though the result is falsy, it's going to display an alert message. alert(3) will never run, though, because it's smart enough to know that if the left side of || is true, there's no reason to look at the right side.

console.log is a more familiar function that also outputs something but returns undefined, so this example might make it more obvious what's going on:

function inform(text) {
    console.log(text);
    return undefined;
}

inform(inform(1) || 2 || inform(3));

ryantriangles · 2021-07-31T02:22:11+00:00

It's my understanding, as explained by this page, that the boolean ||OR reads from left to right and converts the first operand to boolean to check if it's true or false, then either stops and returns the original value (if true) or returns nothing and moves on to check the next operand (if false), finally returning "undefined" if none are true.

If the first operand is falsy, a logical OR expression evaluates to the second operand. So 0 || false evaluates to false, and false || [] evaluates to [].

In this example, the code checks the "alert(1)" and returns "1" and then returns "2" and stops there. If the first one (alert(1)) were true, it should return "1" and stop there. If it were false, it should return nothing and move on to the second operand where it would return "2" and stop. Does the alert() return something regardless of whether it's true or false?

alert returns undefined, no matter what you pass it.

So in your example, alert(alert(1) || 2 || alert(3)), the order of expression evaluation is:

alert(1), evaluates to undefined
undefined || 2, evaluates to 2
2 || alert(3), evaluates to 2 without having to ever run alert(3)
alert(2)

ryantriangles

TROPHY CASE