I know they do, because it's in commercials and there are Halloween parties, but this is probably the 4th or 5th Halloween I've spent in London, and I've never seen a single trick or treater. Too bad, we'll just have to eat the candy ourselves.

OK, so I've pieced together some more of what's going on with my WAP SSL problem. It turns out that on old-skool WAP phones, SSL encryption does not happen from the phone, but instead is done between the WAP gateway, usually at the network operator, and the web(WAP) site. The connection between the phone and the WAP gateway is encrypted with WTLS, Wireless Transport Layer Security. This is a wireless version of TLS, which is a more general Internet standard.

But newer phones, the ones with their own TCP/IP stack, use regular TLS, which allows them to have proper SSL end to end, from the phone to the site.

This much I have confirmed from googling and foruming, but I still have not found any explicit mention of how this affects the MSISDN issue. It stands to reason the WAP gateway isn't going to be able to insert the MSISDN into the headers in this case, but this has some fairly serious implications for the way secure WAP applications are designed. Having the operator provide the MSISDN is a very useful thing, it gives you a fairly reliable way to identify people, and can even be used to authenticate them to a certain degree.

Well, it's good to be learning new stuff!

Our apartment is in this stately Victorian mansion in Putney. It's the one on the left.

It looks like Sun are working on a JSR to standardize portlets, and the Jakarta folks are talking about how it will affect their projects. It appears the standards committee includes people from Apache, particularly Jetspeed. The idea seems to be to define for app framework like Jetspeed, Turbine, Struts, etc. so these can be combined into pages. There is a proposal for a reference implementation for the spec on the Apache wiki.

Just got the O'Reilly book on Server Load Balancing. It focuses on network based load balancing, i.e. using routers and such to direct traffic to your server boxes, and it's got pretty hard-core details on how to do it. It's early chapters talking about different network designs to achieve this, and its later chapters talk about how to configure load balancing products from Alteon, Cisco, F5, and Foundry.

The main limitation is that it doesn't cover what happens on the server and applications: it views the servers as black boxes. So there's nothing on clustering servers using OS or server features, or how to design web applications to cope with different load balancing schemes. That doesn't mean the book is worthless, just that you should be aware it only covers part of the story - in fact, it covers that part of the story quite well, probably better than a book that tried to talk about everything would.

So I don't use an aggregator, here are my reasons.

I tried out Radio, but I found it awkward - I couldn't figure out how to update my feeds without reconfiguring Radio's update time to a minute from the current time. Radio runs a desktop server (yuck) which updates feeds once per hour, but like most Net users worldwide, I'm behind a single phone line with per-minute fees (albeit very low, less than $1/hour) for staying online, so I'd much rather have something I can fire up to grab the latest stuff whenever I go online.

Fine, I'm sure other aggregators would be fine for this, but the other problem I have is that I almost always read everything on my blog list anyway. I have a dozen blogs in a Mozilla Tab group which I read every morning, and I always read through all of the posts, even if I only skim some. If I aggregated these, I'm sure I would first read the summaries, then read all the posts, so I would only be adding to the time I spend in my morning blog reading routine.

Now that I think about it, it might be useful to aggregate my second and third tier blogs, the ones I read when I'm bored, waiting for things to compile/download, etc. Generally when I decide to check out one of these I read the whole thing then too, but if I had summaries of all of their content, I might spot them talking about something especially relevant to me right now, that would otherwise scroll off into their archives. I'll chew on this.

The other thing on my list of things I'll never have time to do is to play with the idea of aggregating into my blog pages. That is, it might be neat to list the headlines of posts on some of my favorite blogs in my sidebar or somewhere similar, sort of a super-blogroll.

Doh! I got an email from Jeff Winkler saying the URL to my RSS feed was busted - easily fixed by putting the absolute path in the template ("/index.xml" rather than "index.xml"). But then Brett pointed out that the feed itself was broken. Argh! The problem is that I don't use aggregation, so I just plopped in the default Movable Type templates and ignored it, and even though I had found and fixed problems with the permalinks on the other pages, it didn't occur to me to check the feed templates. An example of uneaten dogfood.

It's fixed now, and I took the opportunity to fix another problem I knew about, in that I had permalinks pointing to the wrong place. I'm using MT "category archiving" to build the page for Syslog, Turkey, etc. because this lets me use a single template for each category: otherwise I would have to make a separate "index" template for each one. This is an example MT's inflexibility, it's locked into a very specific model for website structure, and doing anything different requires some gymnastics.

So the permalinks were all pointing to the category pages, which were starting to get too big. Now I've changed permalinking to point to the date-based archives, which means my posts about Unix configuration and Java development tools will be rubbing shoulders with posts about learning Turkish, but there you go.

This will break permalinks that had been previously posted on other sites pointing here, but everything else should be groovier now.

Another change I made is putting links to both versions of RSS (or whatever) in the sidebar: the old RSS 0.91, and the newer RDF/RSS 1.0. I don't have any stake in the great RSS debate currently raging, these are just the templates that came with Movable Type. Hopefully someone will make a template for RSS 2.0, and I can offer that too.

Dr. J. Via Brett Morgan.

The Jakarta General list has been yakking about PMD, a tool that scans Java source for problems like unused local variables and parameters, empty blocks (if statements, catch blocks, etc), unused private methods and so on.

I ran it on some of the code libraries from Wild5, which I consider to be crusty old stuff, but it came out pretty clean, other than a couple blocks of duplicate code between superclasses and subclasses. Of course I didn't run it on some of the hairier packages .... I also tried it on a chunk of the Catalina source code, but there was too much. Better to run it on subpackages, I guess.

PMD runs standalone, or as a plugin for JEdit, JBuilder, Eclipse, and Emacs. Worth a look. No documentation, although it's fairly easy to figure out.

Peter Donald suggests that checkstyle is more mature.

This week Cebit Eurasia
was in Istanbul, the oriental offshoot of the world's biggest trade
show of any kind, and my pal Ercan and I went Friday to check it out,
particularly the Linux track. We caught 3 seminars, of which
Donald Karl
Rosenberg's talk about the economics of Open Source had the most
international angle.

Rosenberg reviewed a lot of what's going on with various national
governments and open source, including China, Peru, Venezuela, and
others who are trying to encourage open source as an alternative
to foreign-produced black box software. He listed a number of reasons,
including the FUDish implication that nobody knows what Microsoft
might have hidden inside Windows at the CIA's behest, although not
in so many words. Open source is also seen as a way to foster local
IT industry and keep government spending at home rather than pumping
it abroad.

One of Rosenberg's assertions that I disagree with is that companies
outside the US are less concerned with brand names and more interested
in engineering quality. My experience in Turkey is the opposite, the
"nobody got fired for buying [IBM/Microsoft/Oracle/HP]" mentality
dominates. He seems to have based this idea on Germany, whose culture
of engineering excellence is at the opposite end of the scale from
Turkey's, exceeding the USA by a good bit. (My favorite example
of this train platforms, where you can see a dozen clocks whose
second hands are in lock step). Developing countries are much more
prone to buying big name brands just for the prestige factor than those
in rich, self-confident nations like Germany.

Even Linux distributions suffer this, most Turkish geeks I know run
Redhat, and are only vaguely aware
of Debian. But the later seminar
by Debian project leader Bdale Garbee impressed Ercan enough that
he wants to give it a shot, so we're going to download and burn some
CD's and give it a go. I've used Debian before, but Bdale's talk
impressed me with the sheer quantity and quality of the work that goes
into Debian and its packages.

The other talk we attended was Don Marti from
Linux Journal talking
about good security habits. The title of the talk was "Linux security in one
hour a week", the idea being that practicing a few good habits in configuring
and monitoring your systems is enough to counter 99% of security threats.
Sound, basic advice like monitoring security announcement lists and keeping
your system patched, and disabling or removing unnecessary services. He shared
plenty of practical little tips; for instance, if you remove an unneeded app
by hand, your package manager might replace it later when an upgrade comes
out, so use the package manager to remove it instead.

I also heard that a certain major hardware maker who will be producing
a Windows tablet has got Debian Linux running on it, which answered something
I had wondered about before.

Another thing we did was check
out the new Nokia 7650
camera phone. This thing is advertised all over the place here in
Turkey, and I assume everywhere else too. Here's a picture of Ercan and
me at the show taken with the phone. I'm the one with the stupid look on
my face.

The quality is not as good as a full digital camera, just 640x380, but
if the camera feature is cheap enough (I don't know how much the 7650 costs)
it could be useful for spur of the moment shots - if you own one, you'll
always have a camera handy for a quick snap. The interesting feature for
me was being able to email the picture to myself, since it avoids the
hassle of local storage. Digital camera storage is getting better, but
it would still be handy to have a quality camera with the option to dump
its memory onto the Net.

A proper digital camera with bluetooth would be just the ticket, so you
could link with your phone to upload pictures, or link with a PC or laptop,
without having to remember to bring cables and connectors and such.