Michael Osinski is a guy who wrote software that turned mortgages into bonds, or more precicely Collaterized Mortgage Obligation (CMO). His tale is an interesting reading for anyone working in software industry, and reveals the part the computers played in the formation of the current Credit Crisis.

So, how does that guy feel now? Guilty? Ashamed? Depressed for the damage done? Actually a little bit of those, but he is also quite proud of his work, and says his creation was a beautiful piece of software engineering. I think that’s also similar to how Albert Einstein felt when he realized his famous formula E=mc² would eventually lead to creation of atom bomb.

Facebook is built upon open source software like PHP, MySQL and Memcache. There’s an interesting presentation about the Facebook technology at InfoQ. Facebook also has released all kinds of software they are using themselves as an open source. Finally, their engineering blog provides interesting insights into building one of the highest trafficked sites in the Internet.

I discovered in December, that my Gmail accounts (two of them) had been hacked. All mails sent to those accounts were actually forwarded to another (the hacker’s) email account. I only realized this after a few weeks or so, because emails in those accounts are normally redirected to my another email.

As always, there’s something to be learned here. I suspect the accounts got hacked, because I was logged in on those accounts in a browser tab, while browsing other web sites in another tab. This led them vulnerable to XSS, or Cross Site Scripting. Some malicious web site had a script, that automatically upon my entering tried to post form data to the Gmail account settings page, and make the necessary changes. There’s documented attacks on the large, so this is a serious problem.

I suspect Gmail and every other web based email is always going to be vulnerable to them no matter what they do. New vulnerabilities and exploits on them are constantly discovered. When they are patched, new ones appear later. It’s a cat-and-mouse game. That’s something to think about for everyone, who (like me) use Gmail for work and have sensitive information on them.

How to limit your exposure then? One solution is to logout immediately after you finished reading your emails and continue to browse other web sites. This is not always feasible, and sometimes you just forget it.

I came up with another solution for this problem. Dedicate a browser for email access only. In case of Gmail, you can take for example Chrome browser and use it to only access Gmail/Hotmail/your-email-of-choice, thereby substantially limiting your exposure to XSS attacks. Use something else, like Firefox, for day to day browsing.

After I received a dubious .docx -document from one client, I realized I might be in trouble. This was a new document format created by Microsoft’s Office 2007 Word. Why they chose to make it the default format is beyond me… I was almost certain OpenOffice wouldn’t be able to open that (I was still using 2.x OO), and realized I had to download a free Word document viewer and some compatibily packet before I was happily copy & pasting stuff from the document.

It seems that upcoming 3.0 release of OpenOffice is able to read the beast. Of course, they’re also advocating their own ODF document format. From what I understand, these standardised XML formats are supposed to “standardize” and create better interoperability between offices around the world. The start seems to be a bit jumpy though.

In an interesting interview, Ubuntu Linux leader Mark Shuttleworth talks about Ubuntu and Linux in general. Most interestingly he admits, that Linux user experience is not yet good enough, and he mentions OS X as a great example of good user experience. I can easily relate to what he is saying, Linux is my choice for server OS, but if I have a choice, I’d rather select something else for the desktop.

He also mentions Nokia and more specifically Trolltech Nokia acquired a while back. Nokia is in a position to influence QT licencing and that may even influence wider QT adoption in opensource software projects, for example Gnome.

One current issue is also the state of the desktop projects, Gnome and KDE. KDE has fumbled the release and development of their latest environment, KDE4. Interesting to read his takes on the matter, and what he hopes will become of the Linux desktop in the future.

Since the beginning of the Web, there’s repeatedly emerged a shiny, exciting and new break-through product or website, and before you know, everyone is using it. Almost as quickly there emerges competing products to grab a slice of the new platform.

In the Instant Messaging business, ICQ was the first and copycats soon emerged. Now there’s a slew of networks using their own protocols, some of them being proprietary, some of them not. The problem is the variety of protocols and networks. Since your friends usually are not at the same network, it requires you to either

a) use many different instant messengers

b) search for a solution that has them all combined

Integrating all of these networks in a one solution is not easy. And even if you develop a product that can boast having them all, making the product as usable as your favourite propritary client is even more difficult. My favourite IM client is Skype, and I must say it really is polished and user friendly client that does everything you need. Sadly, Skype is very closed protocol and so far I’ve only encountered few clients that can access it’s network.

Some solutions for the IM mess

• Fring is a mobile IM client, that can do most of the protocols, like MSN, AIM, ICQ, Yahoo,  Twitter and even Skype! Sadly, it’s ONLY mobile client. I’m really looking forward for them releasing a desktop version.
• Meebo is something really unique. It’s a website, that uses the advanced Web 2.0 techniques to bring the clients into your browser! Meebo also does MSN, ICQ and many others. Sadly, no Skype.

I’ve been exploring Meebo for a while now, and I really like the fact that it’s browser based. Wow, I never thought about that being possible with Javascript, Ajax and some server side magic. In a way, Meebo is a great example of Web 2.0 spirit. It utilizes the browser as an application platform, and does it with style and polished user experience. What’s even better, they are developer friendly and are offering the tools for people who wish to extend their platform. I hope they keep up the good job working towards the holy grail of integration.

Ok, this is the ultimate time killer for you bored office workers: Propilkki2! It’s an ice fishing game with nice graphics and realistic simulation of authentic Finnish winter environment. It includes lots of different fishes that have their own characteristics etc. Some of the modifiers that have an effect on your catch are time, time of the year, selection of bate, location, weather and technique of moving the rod.

Happy fishing!

Btw, here’s an interview of the producer of the game in Finnish.

Since I bought a laptop with Vista Home Premium preinstalled, I’m now a happy owner of Microsoft’s newest and finest. I must say, over all I think they’ve done a great job with this OS, it feels solid and polished. While tweaking around, I find some of the things work differently (not necessarily worse), and some things have changed so that I need help to get them done for the first time. I thought I’d share with you the links that I have found most useful:

• Howto enable ICMP pings? While using WLAN, most networks require you to respond to ping in certain intervals, otherwise they cut the connection and require you to re-authorize. Here’s how to enable ICMP echo requests (and almost anything else in Vista firewall).
• Say you need to start a program everytime Windows starts. You can no longer just put in the Start-folder and be done, because UAC requires you to authorize the program if it needs administration privileges. Here’s how to run those programs properly at logon (and set up other scheduled tasks).
• My new computer came with HD partitioned in two and Vista preinstalled. I wanted to merge those two partitions, but thought It would require me to reinstall the OS. Well, it doesn’t thanks to Vista Disk Management that let’s you delete, shrink and extend the partitions on the fly! This also means, that you can shrink your Windows partition to make room for, say, Linux, all without the use of third-party (sometimes unreliable) programs.

While reading the forums, some people seem to be doing stuff like disabling UAC while getting used to the new OS. “Why is this OS bugging me with these authorizations? Just do it!” I think it’s great Microsoft has decided to bring the security concepts found from other more technically oriented OS’s to end user OS like Windows Home, and kindly advice people how to get used to them and how to work with them. There’s a ton of great features out there in Vista, that I appreciate. Take a time to learn them and you’ll find you computing to get more safe and proficient.

Nice people from Microsoft decided to visit here at Lappeenranta on their tour of promoting Microsoft technologies and spreading the word on their partner programs and competitions. It was a pleasant show, and I must say I’m impressed of what they’re doing with .NET technologies. They gave several demonstrations about rapidly building useful C# stuff with Visual Studio 2008, and showcasing some of the features about Silverlight.

So, what do they have to offer to a web developer like myself? Silverlight seems really promosing, and if they get the development tools right (and I’m sure they will, they seem to be really good at that), it will offer Flash some serious challenge. I must confess, I’ve taken few attempts to get into Flash, but without much success. I guess there’s nothing wrong with Flash, the tools just make it seem really laborious and time consuming thing to do anything useful.

I’m Linux/PHP guy, but there seems to be a whole lot exciting stuff going on in the MS world too.

This blog might seem as a media for product promotion at times, but I can’t help praising one interesting life helper. So far, I’ve used only Wurfl for website handheld / mobile browser detection, and it is doing ok. ATT is running a poll for user software preferences, and it seems there are few alternatives to this wonderful database, basically it’s do the detection yourself, or use Wurlf.

Rant of the day follows. I’ve learned that some mobile browsers have a nasty habit of ignoring the CSS media declaration for handhelds, and use media type for “screen” (basically desktop/laptop computers) instead. This is just stupid. If the developer has chosen that the site he is developing is not suited to be presented in handhelds (with often have small screens) in same way as in desktop browsers, and chooses to include a separate stylesheet for smaller screens, still some browsers think they know better. This is the case at least on my Series60 3rd Edition Web Browser. Btw, S60 folks have cool website.