Tag Archives: web-programming

Coding in 1990s – The email Wild West

Creating an email isn’t hard. Creating a good one is.

That statement is very true, especially for HTML emails.

It has been a while since the first time I worked in creating campaign emails. Looking back, it’s a journey of many surprises, even pains, and of courses, lots of interesting experiences… Those are what I’m going to share here.

Email is a strange thing in our technology world. While almost everything get changed day by day, emails we get today are nearly the same as the time they were invented. And not for any good reason.

I guess there are some interesting facts about emails that many developers don’t know:

1. You can’t check if an email address is actually a real email,without sending a confirmed email.
2. Anyone in this world can fake your email address fairly easy. And currently, there’s no reasonable way to tell that an email is actually from an address or not.

3. HTML emails are poorly supported. They have none of the good enhancement that HTML achieved in recent years.

Well, first point first. Currently, the only way to check that an email is valid is: send some “secret message” to it, then if you receive that “magic message” from someone, he/she must be the owner. That’s exactly how confirmation emails work. Remember the last time you register to a forum/website ? Now you understand why.

At first it seems reasonable, but it leads to a funny similarity: you can only check if an address is valid only if you go there. With our advancement in GPS technology, this fact is quite a fun story.

Didn’t the email creators realize this restriction? No, they knew it from very soon. At first, every email server has a utility to check if an email which has domain address belongs to that server is eligible. But with the movement called SPAM MAIL, they one after one turn that function off. A step back in history, IMHO.

Point 2 WILL make many people shocked. Any email can be faked? Yes, I confirm this fact again and I mean it. That means I can send you an email with the address of Obama, Clinton, Bill Gates or Nelson Maldela… you can never tell it out,at least with the current state of our technology.

The reason is that our current email protocol has no reliable method to tell where an email come from. If an email server receive an email which tells that it’s from stevesjobs@apple.com, the server believe it right away. Some email clients may try to check, but what they do are purely heuristics, like checking the sender server in blacklist or not… In my experiments, even yahoo and Google didn’t realize the “faked email” and consider them “valid” emails!

Only recently,Gmail makes some improvements and “detect” the fake emails ONLY IF the sender is also gmail.com. But it can’t give strong confirmation either, since in some forwarding mail case, the syndrome are same.

Point 3,HTML. In our “modern” email clients, the HTML headers are often striped off. That means no css file AND no header css. So what? Hundreds, no, hundreds of thousands lines of inline styling, which is the nightmares to normal web developers. They are not only duplicate, ugly, but also take lots of our precious web bandwidth. Moreover, table layouts are very popular in html emails, since the html parser in current email clients are just old and can’t parse div layouts accurately. Quite funny, Mr. Table tag found a hide out, after becoming history in the mainstream web development.

That’s just several holes in the design of our email technology. Surprisingly, people seem to be happy with patches, but not a re-design. They continue making marketing emails which looks very good at interface, but unstable in their bases. Running around popular email clients (Gmail, for example), they put enormous effort into beautiful email templates, without noticing that they are encourage for a bad practice.

Emails, as a protocol, should be valid and easy to use, to everyone.

Above problems are also the reason why some senior developers tell that we should always use plain text emails. I would prefer that approach as a developer, but I understand that in business reality, we usually need more than text.

And don’t forget, in near future, mobile’s emails would be a hot topic.

Made by my androids.
For the upcoming birthday

Lorem Lipsum

Lorem Lipsum

Source: http://www.lipsum.com/

“Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.”

Do you find the above passage familiar? If yes, can you guess what language it’s written by?

“Lorem lipsum” is simply a dummy passage which often appears on mocking website. Since the first appearance at 1500s, it soon become the standard text for printing and typesetting industry. Surprisingly, such an old standard still survive till today.

There are 3 reasons to use “Lorem lipsum”. First, it looks more like natural English than “Content here Content here …” text. Reading it give the customers a more accurate image of how the text look like when the site is complete. Second, the content on mocking website shouldn’t be uP/nderstandable, because many studies have point out that people are inclined to be distracted by readable text. And finally, since it has become a standard, it’s a shared background for any content layouters.

And… in case you don’t know, the content of “Lorem lipsum” actually has a meaning. It’s a Latin text taken from ”de Finibus Bonorum et Malorum” (The Extremes of Good and Evil) by Cicero, written in 45 BC – a popular book during the Renaissance.

I have been developeing website for more than a year, and such simple things always make people surprised…

P/s Thanks bro Lai Huu Nhon – a senior from my company (Evolus) – for this piece of knowledge. And by the way, I think his layout is cool.


Gotchas of Authentication Flow for application on Facebook – OAuth 2.0 (2)

Facebook logo


Vietnamese: bài viết này trình bày tiếp một số điểm có thể gây nhầm lẫn trong quá trình chứng thực Facebook OAuth 2.0.


Following the first article, this one continue presenting about the cases that can make developers confused.

3. Big Facebook logo prevent redirection:

According to Facebook documents, the server must redirect users to “authorization page”  to grant permissions.


But every redirect command sent from server leads to a blank page with a big blue Facebook logo instead!
If the same URL is put directly in a browser, then it goes to the correct page.

In short, Facebook has stopped the redirection from a third-party server. The user needs to redirect themselves, or we can help them by redirecting with javascript.

4. Tricky privacy settings:

One thing developers should know is that Facebook give full privacy control to the users. A user can change permissions any time they want. It means after a user approve your application, they still can:

  • Change their email, personal information
  • Choose to not provide you their real email, but a proxy email of Facebook
  • Remove some permission of your application (for example, publish feeds on wall)

Ofcourses, Facebook provides callback functions when those permissions change. However I don’t think it’s worth the efforts to handle all of these events, at least for a quick prototype application.

5. De-authorization callback

The authorization callback is the URL that Facebook will call if a user remove your application. At that time, the application should remove all user data that they save: access token, personal information…

At first glance, this seems to be a moral requirement. But in practice, obsolete data should not be kept anyway. Believe me, Facebook data flow is fragile, and you are asking for business logic troubles if not following the rule.

Put Tomcat in Eclipse



Vietnamese: bài viết hướng dẫn về cách cấu hình để tích hợp Tomcat vào Eclipse


Since most of the step-to-step-guide about this problem (at least the guides I found) are a bit out-dated, I think I had better create a guide here. In fact, this guide is taken from my brothers at Evolus. Special thanks to bro Trương Xuân Tính and bro Lê Hồ Bá Phước for this piece of knowledge and their patience to repeat-and-repeat this damn process for me.

Notice: this guide is not a complete guide, just some kind of a checklist. I’ll add more details over time. Please feel free to ask if there’s something you don’t understand.

0. Download & install Tomcat & Eclipse.

1. Find the Tomcat sysdeo plugin for eclipse. I found a download source here, but the location can change in the future.

2. Install the plugin (taken from the official guide). Extract the plugin file (in my case, its version is 3.3.0). Copy the plugin to:
- “Eclipse_Home/dropins” for Eclipse 3.4, 3.5 and 3.6
- “Eclipse_Home/plugins” for Eclipse 2.1, 3.0, 3.1, 3.2 and 3.3

Plugin activation for Eclipse 3.x :

  • launch eclipse once using this option : -clean
  • if Tomcat icons are not shown in toolbar : select menu ‘Window>Customize Perspective…>Commands’, and check ‘Tomcat’ in ‘Available command groups’

Set Tomcat version and Tomcat home : Workbench -> Preferences, select Tomcat and set Tomcat version and Tomcat home (Tomcat version and Tomcat home are the only required fields, other settings are there for advanced configuration).

This plugin launches Tomcat using the default JRE checked in Eclipe preferences window.

  • To set a JDK as default JRE for Eclipse open the preference window : Window -> Preferences -> Java -> Installed JREs. This JRE must be a JDK (This is a Tomcat prerequisite).
  • The plugin sets itself Tomcat classpath and bootclasspath. Use Preferences -> Tomcat ->JVM Settings, only if you need specific settings. Often, I set the variable -Denv=dev to use different config file for development & production.

3. Finalize

Go to the plugin folder, you will see 2 files: “DevLoader.zip” & “DevloaderTomcat7.jar”. As their name implies, you will use “DevLoader.zip” for Tomcat with version less than 7, and “DevLoaderTomcat7.jar” for Tomcat 7.

  • If you are using Tomcat 7, copy “DevloaderTomcat7.jar” to <TOMCAT_HOME>/lib
  • If you are using other Tomcat 6, rename “DevLoader.zip” to “DevLoader.jar”, then put it in <TOMCAT_HOME>/lib.

Create a web project (I’m using Maven to manage the builds). Go to the properties of your project, go to “Tomcat/Class Loader/”, un-check “servlet-api.jar” and other libraries that are already provided by Tomcat. This is for preventing conflicts among duplicate libraries.

Also in “Project/Properties”,  set the context name and web application root. Context name is the name that you use to access the web-app, for example, if the context name is “test”, your server url may be like: “localhost:8080/test/”. Web application root is the place you put your web-application (it’s the folder that contains WEB-INF folder, often named webapp).

If you are using Maven, remember, all these eclispe settings will be removed if you do “maven eclipse:clean”, so don’t use that command unless you want to do config again. Only use “maven eclipse:eclipse” instead.

That should complete the task. Good luck!

Reference: http://www.eclipsetotale.com/tomcatPlugin.html

Giới thiệu sơ lược về công nghệ lập trình web “Groovy on Grails”

Có một điều tôi lấy làm thú vị là, mỗi khi nhắc đến một ngôn ngữ lập trình web, người ta thường nghĩ ngay đến những framework đi cùng với chúng. Dường như framework/language đã tạo nên một cặp song hành, khó mà tách khỏi. JSP, GWT đi cùng với Java; ASP. NET đi cùng với C#; nói đến PHP thì không thể không nhắc đến Zend, Cake PHP, CodeIgniter,… Với những cặp ngôn ngữ/ framework với tuổi đời khá trẻ, nhận xét này càng tỏ ra đúng đắn: “Ruby on Rails”, “Groovy on Grails”, “Django/ Python”…

Điều trên cũng dễ hiểu, khi mà càng ngày, các web-programming framework càng phổ biến, tiện dụng hơn. Những lập trình viên chuyên nghiệp hiếm thấy ai còn muốn viết một trang web bằng “tay không” từ đầu, để rồi xử lý vô vàn những rối rắm tẻ nhạt: thêm/xóa/sửa một đối tượng trong cơ sở dữ liệu, viết giao diện thể hiện việc phân trang, … Đã có các framework ra đời để “đỡ’ cho chúng ta điều đó.

Như tựa đề đã nói, bài viết này có hy vọng giới thiệu sơ lược về framework Grails. Dự án Grails được gây cảm hứng từ sự thịnh hành của “Ruby on Rails” – framework đã đem lại nhiều thay đổi mới mẻ trong cách thức lập trình web. Với Ruby on Rails (RoR), những công việc lặp đi lặp lại thường thấy được tự động hóa, một số mô hình và giao diện có thể được tự phát sinh, và môi trường lập trình được hỗ trợ tối đa. Tất cả những điều đó đã nhanh chóng đưa RoR lên một vị trí được trọng vọng trong thế giới programmer. Continue reading