Category Archives: programing

Quick note on Java time

The analog timer, From
One of the things I dislike most in Java is… unfriendly. DateTime manipulation is a typical example. I think at least one time, a Java developer will encounter this message: getYear() is deprecated.

Such a simple and often-heavily-used function is deprecated. So programmers must walk around by the Calendar class.

Calendar localCalendar = Calendar.getInstance();
Calendar utcCalendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
Date date = new Date();

TimeZone localTimeZone = localCalendar.getTimeZone();

System.out.println("Year: " + localCalendar.get(Calendar.YEAR));
System.out.println("Month: " + localCalendar.get(Calendar.MONTH) + 1);
System.out.println("Day: " + localCalendar.get(Calendar.DATE));
System.out.println("Day of week: " + localCalendar.get(Calendar.DAY_OF_WEEK));
System.out.println("Hour: " + localCalendar.get(Calendar.HOUR_OF_DAY));
System.out.println("Minute: " + localCalendar.get(Calendar.MINUTE));

System.out.println("Timezone: " + localTimeZone.getDisplayName());
System.out.println("UTC Hour: " + utcCalendar.get(Calendar.HOUR));
System.out.println("UTC Minute: " + utcCalendar.get(Calendar.MINUTE));

Although Java big heads all have valid reasons for this inconvenience – which is the complexity of time manipulation, I still think this way is over-killing. Yes, no computer is accurate enough to calculate the correct solar time. But we are no astronomy expert, who cares if the time lacks one or two leap seconds*? Daylight saving stuffs is still necessary, but shouldn’t be too much of a problem.

In the end, I think Java powerful libraries should also make it easy to do simple tasks, instead thinking ahead too much for easy enlargement later**. With the Internet as popular as today, I think we can safely calculate “simple” time only, leaving the task to do additional astronomy calculation for the big servers, and cover the gaps by synchronizing.

(*) Like leap year, a leap second is sometimes added to our current timeline to cover the gaps between solar year & normal year. Because a leap second is too small,  people seldom notice. Reference:

(**) Java has the reputation for easy scaling, and this is very true in my experience. On the opposite, small application is suddenly heavy at their very first cradle time, because a fair amount of efforts are put in “making room” for future changes.

Lorem Lipsum

Lorem Lipsum


“Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.”

Do you find the above passage familiar? If yes, can you guess what language it’s written by?

“Lorem lipsum” is simply a dummy passage which often appears on mocking website. Since the first appearance at 1500s, it soon become the standard text for printing and typesetting industry. Surprisingly, such an old standard still survive till today.

There are 3 reasons to use “Lorem lipsum”. First, it looks more like natural English than “Content here Content here …” text. Reading it give the customers a more accurate image of how the text look like when the site is complete. Second, the content on mocking website shouldn’t be uP/nderstandable, because many studies have point out that people are inclined to be distracted by readable text. And finally, since it has become a standard, it’s a shared background for any content layouters.

And… in case you don’t know, the content of “Lorem lipsum” actually has a meaning. It’s a Latin text taken from ”de Finibus Bonorum et Malorum” (The Extremes of Good and Evil) by Cicero, written in 45 BC – a popular book during the Renaissance.

I have been developeing website for more than a year, and such simple things always make people surprised…

P/s Thanks bro Lai Huu Nhon – a senior from my company (Evolus) – for this piece of knowledge. And by the way, I think his layout is cool.


Force refreshing second level cache in Hibernate

/** Vietnamese: cách xóa second level cache bằng code trong Hibernate**/

Hibernate second level cache is helpful, but only if using wisely.

In the ordinary context, if you delete an object in database by Hibernate, Hibernate will know and update its cache. But if the object/ tube got deleted by other programs (or by cascade delete set up in database itself), Hibernate won’t know and won’t update anything. Hence the deleted objects may remain in the cache for quite a time, and your code may throw an exception or two when trying to get items related to that object.

It’s a good practice to do every database-related thing through Hibernate. But in reality, sometimes we must do the other way around:

private void evict2ndLevelCache() {

  try {"Evicting all Entity Regions of 2nd Level Cache");
    Map classesMetadata = sessionFactory.getAllClassMetadata();
    for (String entityName : classesMetadata.keySet()) {"Entity from 2nd level cache:" + entityName);
  } catch (Exception e) {
  log.error("Error evicting 2nd level hibernate cache entities: ", e);


The solution provided here is an alternate of the solution in this question. Thanks brother Tinh for this information.

JMeter – Simulate multi-users scenario with counter

/** Vietnamese: bài viết trình bày về cách dùng JMeter Counter để  giả lập nhiều user truy xuất hệ thống cùng lúc **/

In load testing field, JMeter is a powerful tool, and powerful tool often means high learning curve. The fact that JMeter document is not so well-written caused programmers lots of troubles getting around with it. If you know how things to be done, it’s very simple. If not, you are going to spend several hours searching for the solution.

The situation: I need to simulate 1000 users to login in my system, using different username (ofcourse). After logging in, each user must input their activation code, gotten from the database. Then they go for the site functions as usual.

The interesting thing is that the activation code are random strings: I have no control how it be. But I must do mapping accurately from user to activation code. To do that, I write bootstrap code to generate  1000 users (user1 -> user1000) and their activation code. Next, export them to a CSV file to be read by JMeter.

  • user1,12345
  • user2,52341
  • user3,12534

But how to get those information to  JMeter? Using bean shell script, I managed to put these values in custom variables CurrentUser and CurrentUserActivationCode. But I must only put one pair of different value for each thread. Since JMeter have no global variable, I can’t tell it to increase each time a new thread start!

I searched for global variables for a while and try some suggestion (properties and the likes) without success. And then I remember that I only need a counter, because it simply doesn’t matter if the users log in in a order or not.

Solution: It’s JMeter Counter Config Element(actually I have no idea why a counter is a Config Element).

Why is Facebook so fast?

It has been a time since my last post.

Truthfully, even now, I have been too busy to make a come-back. But I think a little writing will help this blog doesn’t seems as an abandoned castle.

Well, for sometime, I come across this question on StackOverflow:

Why Facebook performance is so good?

500 millions user, split for america, europe, asia. It means there’s more than a millionpeople viewing pictures, chatting with friends or update status at a time. How can they make it?

The main language of Facebook is PHP & MySQL, which doesn’t have reputation to scale well. AFAIK, people tends to use compiled language(like Java, .NET) for big enterprise application. Those languages enforces good practice like refactoring habit, good architecture,… while PHP does not. Moreover, scripting language can not run faster than compiled one, right?

There’s no single reason, but a whole lot of reasons:

  1. Heavy usage of caching (APC and memcached), which drastically cuts processing time. Slide 12 compares load time with APC (~130 ms) versus without it – 4050 ms. That’s 30x faster!
  2. Usage of HipHop, which converts PHP into C++ code (which is then compiled into much more efficient machine code than actual PHP).
  3. Facebook uses PHP and MySQL, but that’s not the only thing they use. For example, they useErlang for their chat, Hadoop clusters for some of their storage. If you go visit their careers page, you’ll see they are hiring developers with experience in C++, Java, Python, and others.
  4. Facebook has data distributed across many, many servers. In June 2010, FB had 60,000 servers. (think that’s too much? Google had half a million… 5 years ago)
  5. Facebook sends as little traffic as possible: they use static CDNs to deliver static content. Gzip to compress data. Cookies, Javascript, HTML – everything is cut back to reduce the number of bytes sent over the network. They use a technology they call “BigPipe”, which sends partial content rather than the whole page.

to mention a few…

Good comments, Bad comments

/* Vietnamese:
/* Đôi điều suy nghĩ về cách thức ghi chú (comment) trong mã nguồn.
/* Nếu bạn là một lập trình viên từng bực mình đến phát điên vì ai đó code “chuối”,
/* có lẽ bạn sẽ quan tâm đến những điều tôi viết dưới đây

Not too long ago, I came across an “interesting” question on StackOverflow. It was “What is the best comment you have ever seen?“.

The answer list is very very long with thousands of comments. The highest-voted answer is a comment “placed far, far down a poorly-designed God Object“:

* For the brave souls who get this far: You are the chosen ones,
* the valiant knights of programming who toil away, without rest,
* fixing our most awful code. To you, true saviors, kings of men,
* I say this: never gonna give you up, never gonna let you down,
* never gonna run around and desert you... /*a lot more here*/

Well, it seems all of us developers need a little humor to spice up our steady (sometimes tedious) work. In a work environment with lots of tension, laughs are always loved.

But the thing that caught my eyes in that SO question is not humor. I mean dirty code, which smell through the comments.

// somedev1 - 6/7/02 Adding temporary tracking of Login screen
// somedev2 - 5/22/07 Temporary my ass

From that comment, you see how long a hotfix can live.

#define TRUE FALSE //Happy debugging suckers

If you quit your job, at least don’t treat the maintainers like that.

//Dear future me. Please forgive me.
//I can't even begin to express how sorry I am.

You may think it’s funny. Actually, to me it’s not. Please remember that 60% of developing effort is put on, not coding, but debugging.

Bad code along with poor comments is truly a nightmare to developers. Do you want days in & days out fix bugs caused by comments like this, please go on:

/** * Always returns true. */
public boolean isAvailable()
return false;

So the question is that: how good a comment should be?

Accoring to Robert C. Martin, comments don’t make up for bad codes. In stead, code should speak for itself, by good naming & structure. For a very simple example, the following code doesn’t have a comment, but it should be fine by itself:

      User currentUser = userService.getCurrentUser();
      if (currentUser != null) {
            if (urlOnlyAllowAnonymousAccess(requestUrl)) {
      "An authenticated user try to access a non-logged-in link. Redirect to homepage");
                httpServletResponse.sendRedirect(contextPath + "/account/");

            if (urlNotAllowNonActivatedTVAccess(requestUrl)) {
                TVTracking tvTracking = currentUser.getAssociatedTV();

                if (tvTracking == null) {
          "A non-activated user is trying to access settings. Redirecting to activation page");
                    httpServletResponse.sendRedirect(contextPath + "/account/");

Upper case, lower case: SVN case-sensitive troubles

phong lan/** Vietnamese: Suy nghĩ về vấn đề phân biệt chữ hoa chữ thường khi làm việc với SVN **/

When it comes to source code control, it seems natural that SVN (Apache Subversion) is the most popular. Its opponent is not in good condition: Git is hard to learn and CVS is too old.

But tools can’t be always perfect, and SVN is no exception.




You upload file “a_File.html” to server, then access it as ““. It returns a 404 – file not found. After some effort, you realize that your Linux server think “A_File.html” is different to “a_File.html”.

Fair enough. You are going to rename your file to “A_File.html”. And “bang”, Tortoise SVN shout out the red message: repository folder is locked, please execute clean up command.

You may even try some other tricks, like delete the folder and do “update” again – but things won’t change.


Like mention above: the Linux server is case-sensitive, but Windows does not. Changing file name from “a.txt” to “A.TXT” make the conflict popout


1. If you want to change SVN file name on Windows, use the rename function of Tortoise SVN. Even in that case, changing from “a.txt” -> “A.TXT” often requires a “median” file name:(“a.txt” -> “b.txt” -> “A.TXT”).

2. If you don’t want to use that work-around, you can use “browse the repository” to rename that file (remoting) on the Linux server. Then delete your local file and do an update. If the errors persist, do a new checkout.

It’s kind of surprise to me that this kind of problems persist too long. Many know about it, many work-around were proposed, but no elegent way are made to solve the problem. Take a look around StackOverflow and I found dozens of related questions.

People seems to be busy with other big things.

Gotchas of Authentication Flow for application on Facebook – OAuth 2.0 (2)

Facebook logo


Vietnamese: bài viết này trình bày tiếp một số điểm có thể gây nhầm lẫn trong quá trình chứng thực Facebook OAuth 2.0.


Following the first article, this one continue presenting about the cases that can make developers confused.

3. Big Facebook logo prevent redirection:

According to Facebook documents, the server must redirect users to “authorization page”  to grant permissions.

But every redirect command sent from server leads to a blank page with a big blue Facebook logo instead!
If the same URL is put directly in a browser, then it goes to the correct page.

In short, Facebook has stopped the redirection from a third-party server. The user needs to redirect themselves, or we can help them by redirecting with javascript.

4. Tricky privacy settings:

One thing developers should know is that Facebook give full privacy control to the users. A user can change permissions any time they want. It means after a user approve your application, they still can:

  • Change their email, personal information
  • Choose to not provide you their real email, but a proxy email of Facebook
  • Remove some permission of your application (for example, publish feeds on wall)

Ofcourses, Facebook provides callback functions when those permissions change. However I don’t think it’s worth the efforts to handle all of these events, at least for a quick prototype application.

5. De-authorization callback

The authorization callback is the URL that Facebook will call if a user remove your application. At that time, the application should remove all user data that they save: access token, personal information…

At first glance, this seems to be a moral requirement. But in practice, obsolete data should not be kept anyway. Believe me, Facebook data flow is fragile, and you are asking for business logic troubles if not following the rule.

Gotchas of Authentication Flow for application on Facebook – OAuth 2.0 (1)


Vietnamese: bài viết này trình bày một số điểm có thể gây nhầm lẫn trong quá trình chứng thực Facebook OAuth 2.0


The Facebook Authentication Flow is rather complicated than it seems, and not very well documented. Here are some tips that maybe helpful if you are trying to make things work:

1. Notice parameters returned from Facebook:

  • code: When Facebook returns “code” parameter in Http request to your redirect URI, it means you need to use that code to request for access token.
  • signed_request: Signed request has several children parameters. An usual presumption is that this signed request always has Facebook ID of the current user. In fact it does if your application has already been authorized by that user. If not, you need to redirect the user to the giving-permission page.
  • request_ids: is used if your application has the “invite friends” functions. This is a comma-separated string (for example: “158187550924606,158187550924608,158187550924614″). Each number in that string is ID of an invitation sent (maybe by > 1 user). So we can say that a new user can accept the invitation of more than 1 Facebook user. In fact it is, since the app request may appears like “Viet X & Nam Y has invited you to use this app“. People often find it confused because they presume that a user can only be referred by only 1 user.

2. Always ask Facebook if your access token valid:

Even if you ask user to give “offline_access” right to your application, there’s a good chance that your stored access token will get expired. How do you know? Well, the only way available now is using your access token to request something, and if it fails, ask for a new one. That’s the way it works.

sometimes it’s hard to say a thing, though simple.

(to be continued)

Fav-icon – the simple trademarks of website

Facebook Favicon

God is in the details, said the architect Ludwig mies van der Rohe. Our world is built from billions of tiny elements, which is impossible to recognize if we just look on the surface. But coming closer, even a dust may have its history.

And a fav-icon has a history itself, too.

Did you ever notice that tiny icon which appears on top of your browser page/tab, whenever you visit a website? Yes, it has a name – a favicon. I’m not going to tell you about how the standard established. I’m going to tell you what I feel: about how it’s easy to miss these icons.

As a young web developer, I did not too much, but at least some real website. And yet it’s unbelievable that I doesn’t know about the favicon until recently. Maybe my teachers in university have mention it while I’m sleeping? Don’t know.

And one beautiful day, I suddenly realize how difficult to move among my chrome tabs without seeing their icons. Then I learn about favicon and how to make them. All that costs not more than 15 minutes. Now I know how to make a favicon myself.

@sagisou: this post is for you.