Every now and then you'll discover a couple or few smaller apps that work well together, or alongside each other. The type of situation where you get the 2+2=5 effect. Individually both apps are great, but when used together they becomes something even more. "Two great tastes that taste great together," to borrow an old marketing phrase.

That's been the case for me with two iPhone apps - Shazam (iTunes store page) and Pandora (iTunes store page). Today I use them alongside each other. It's my hope that someday they will be able to communicate with each other and share information.

I've written about Pandora here before. It's a web app that happens to have an iPhone client as well, where you can start with music you like and it helps you find more music that fits your taste and style. You create channels, or stations, and the Pandora service selects similar music for your to hear, and you can fine tune as you go.

Shazam is another of those magical "wow" apps for the iPhone. I use it in the car when I hear a song I like. Rarely do I know the name of the song, or even the artist. But as it plays, I just tell Shazam to listen to a 12-second portion of the song (a process called "tagging"). It uploads the resulting data to the centralized service, and back comes all the information about the song - Artist, title, album, everything. It's really amazing, and in my experience 100% accurate. From there you can also find YouTube videos and launch into the iTunes store to buy the music you've tagged.

I'll often take the name of an artist I discover from Shazam and plug the info into Pandora and start listening there. It's a great way to quickly and relatively effortlessly drill down into new music I have never heard before, but it's music that I really like.

Now imagine if you could use Shazam to identify a song and then inside Shazam choose an option to create a channel based on that artist in Pandora. That would be awesome, truly awesome. I have no idea how "possible" it is, but I can hope. :)

On a similar note - meaning various apps that work great together - ReadWriteWeb published an article this past week with a list of apps that complement each other well (including my Shazam/Pandora combination).

My title for this post sort of spins the title of the article I want to point you to, aiming for the positive side of the coin. The article, which is entitled "The Top 5 Reasons Tech Execs Fail," provides a set of bullet-pointed thoughts that can be read as a list of what tech execs need to do in order to succeed. I happen to agree with the authors' assessment.

Here's the short version of Marty Abbott and Michael Fisher's five points, slightly altered to read as a list of positive attributes of a successful tech leader:

5. Ability to Build World Class Team
4. Ability to Execute
3. Ability to Lead/Motivate/Inspire
2. Ability to Manage Operationally
1. Displays and Uses Financial Acumen

The authors point out in their article, "... when technology executives fail, it is not because they lack an individual skill. It is because they lack an an adequate balance of the many technical, operational and leadership skills necessary to make them a complete manager."

You should listen to your online friends. They often have great ideas, like in this case. I was recently turned onto a simple but effective alternative to bulky plastic cases and leather holsters for my new iPhone 3G. It's called the invisible SHIELD . The product, simply put, is pretty darned terrific. You hardly know it's there, and it protects like crazy. You can also get invisibleSHIELD for the iPhone first-generation device.

Now, let me tell you right up front that when it comes time to "install" the shield on your phone, you'll need a clean work surface, a little patience, 12 to 24 hours to let your shield "cure" on the phone,  and the ability to read and follow some simple instructions. If you make sure you have those few key things taken care of, all will go well.

In the video below I show and abuse my iPhone 3G (the only one I own...) with an Invisible Shield installed. In the video you can see that there are a couple scratches under the shield. Those came from a combination of iPhone and the keys in my pocket (before I ordered the invisibleSHIELD . In fact it was those exact scratches, which I got the first day I had the phone, that prompted me to find a real, working anti-scratching solution.



I can highly recommend the Invisible Shield.

Full disclosure: Zagg (the manufacturer of the invisibleSHIELD ) doesn't know I am doing this review. I found their product all on my own based on a real need, and clicking on the advertisement below takes you to my link on their product site - If you buy something there I'll get a small chunk of the change you spend. If you don't like that idea, no problem - just go to zagg.com and click through to the iPhone 3G page (or whatever product you want to cover and protect - For me, my MacBook Air is next).

  

I especially appreciated the Mojave Experiment that Microsoft recently shared with the world (where Vista-negative opinions were tested with a "new" version of Windows, code-named Mojave; it was then revealed to the participants after seeing the new version that what they were looking at was actually Vista). I've been using Vista since well before I came onto the market, and I can hardly stand to use WIndows XP computers anymore. Anyhow, check out http://www.mojaveexperiment.com if you haven't seen it, especially if you have a negative opinion of Vista today based on what you've heard from others. (Note: Scientifically speaking, the "experiment" would be badly flawed, but it's a marketing campaign and in that light it's pretty darned smart if you ask me. Plus, I've lost track of how may people who, never having seen Vista yet having a negative perception, decided to upgrade after trying for a couple hours (on my laptop) at my suggestion. With SP1 installed, for the record. Seriously, group think and manipulation goes both directions).

For those of us who are using Vista (or any other OS for that matter), it's nice to be able to fine-tune a computer system so it will perform the way we want it to. For Vista, Microsoft has released a document called Windows Vista Performance and Tuning as part of their Springboard series, which lets users know about a number of tweaks and decisions they can make to make the OS work well for their needs. It also effectively spells out in fairly plain language some relatively complex information.

Windows Vista and SP1 focus on delivering greater performance and overall system responsiveness. By striking a balance between speed and responsiveness, Windows Vista and SP1 deliver a level of performance that has the greatest positive impact on the system’s usability.This guide looks at the following areas of performance improvement:

• Making configuration changes that help a computer feel more responsive when you use it.
• Using hardware to boost the actual physical speed of a computer.
• Making configuration changes that help a computer to start faster.
• Making the computer more reliable may help increase performance.
• Monitoring performance occasionally so that you can stop problems before they get too big.

There are a variety of other guides out there as well, but this one hits a number of important nails on the head that the average computer user can easily understand and use.

Last week we published an interview that Richard and I did on RunAs Radio with my friend and former co-worker, Simon Goldstein. Simon's a real pro and is good at explaining complicated business relationships and processes.

We cover risk management for IT professionals: What is it, what do you need to know, and why does it matter? As with all of our weekly RunAs Radio shows, it's about 30 minutes long and we cover a lot of ground in that time.

RunAs Radio, Show 67 - Simon Goldstein on IT Risk Management (38 minutes)

Note: You can find all our podcast feeds in the table here, and you can also subscribe to get the show every week in iTunes by clicking here.

Over on the Internet Evolution site I recently wrote an article discussing the fact that MySpace is becoming an OpenID provider. Of note is the fact that they will be provider-only, and not a relying party, at least initially. This is a trend we've seen with other big companies like Yahoo!, and many of us are not-too-patiently waiting for these companies to start trusting and relying upon other organizations, so the utopia of user-controlled Internet single-sign-on can become a reality.

That begs the question, "What will it take to achieve the level of trust and confidence needed to make it easy for these big provider companies to join the relying-party crowd?" I'm certain there are plenty of detailed conversations and that things are being hammered out and actively discussed behind the scenes at all these major companies, but I tend to think about these things out loud anyhow.

So, I hope you'll read my article and thoughts over on Internet Evolution and that you'll take advantage of the opportunity to comment there. I'd be interested to know what you think.

The DNS vulnerability discovered earlier this year by Dan Kaminsky, and recently patched by DNS software providers in an unprecedented cross-vendor cooperation, has graduated from vulnerability to exploit-in-the-wild.

According to Kaminsky, 52% of the DNS servers on the Internet are still vulnerable, better than the number of exploitable systems just a few weeks ago when the patches were released by all the vendors.

Kaminsky has written up a plain-language helper guide to explain the problem to non-technical (read: management and decision-making) people. There's also a Black Hat webcast with Kaminsky available where he details the vulnerability and discusses the fixes.

Read more at Ars Technica.

On the Google blog, Jesse Alpert & Nissan Hajaj posted an article today called "We knew the web was big..." which indicates Google engineers recently noted that the number of web pages on the Internet passed the one-trillion mark. That's 1,000,000,000,000 pages. For those who don't process the impact of adding that many groups of zeros at a time, think about this:

• Take 1,000 pages.
• Multiply that 1,000 times and think about just how big that is.
• Multiply that amount another thousand times, and stop to think about how big that is.
• Now, again take that huge amount and multiply it by 1,000. Now you're at a trillion pages.

That's freakin' huge, really. If you started counting from one to a trillion and counted one number per second, it would take you almost 317 centuries before you were done (and by the way I asked google to help me figure that out). That's almost 32,000 years. It almost completely boggles the mind. That's a lot of web pages.

Google also notes that every day, the number of pages on the web increases by several billion.

Alpert and Hajaj have another explanation to try to explain the sheer size of the Internet today:

Today, Google downloads the web continuously, collecting updated page information and re-processing the entire web-link graph several times per day. This graph of one trillion URLs is similar to a map made up of one trillion intersections. So multiple times every day, we do the computational equivalent of fully exploring every intersection of every road in the United States. Except it'd be a map about 50,000 times as big as the U.S., with 50,000 times as many roads and intersections.

That's really just amazing to me. Wow. And now you know why we call this the Information Age. A lot of that information may be inaccurate, pornographic or otherwise useless, but some of it's good, and the sheer immensity of it is truly awesome.

TechCrunch has a slightly different take, calling the Google post misleading. The end of the TechCrunch post alludes to some news coming next week that might turn Internet indexing on it's head. Interesting - Is there some big search engine news in the works? Is it Microsoft's BrowseRank or something else? Stay tuned.

Apple has released a version of the iPhone 2 software (v2.1) to beta programmers along with an updated SDK. The firmware release supposedly includes additional core GPS features that allow computation and use of direction of travel and speed. This is good for those of us waiting patiently for turn-by-turn direction software for the phone.

Apparently there's also some functionality that enables apps to process push notifications in the background, as well. I, for one, hope for more background processing capabilities in general in the app arena. Would be nice to have Pandora keep playing music when exiting, or not to have to reload any of several twitter clients every time I click a Safari link and want to go back.

Read the story at Mac Rumors and Gear Live.

Dunno about twice as fast, but will it blend? Blendtec (of course) decided to find out. Found via the Google Mobile blog.

Over at OSCON just a short time ago, the Open Web Foundation was just announced. Eran Hammer-Lahav just blogged about it at the OWF site. This is great news, and should go a long way to enabling better community development of standards and specs in a non-proprietary fashion.

This morning at OSCON, David Recordon announced the creation of the Open Web Foundation. The Open Web Foundation is an attempt to create a home for community-driven specifications. Following the open source model similar to the Apache Software Foundation, the foundation is aimed at building a lightweight framework to help communities deal with the legal requirements necessary to create successful and widely adopted specification.

The presentation slides are also available in Eran's post.

What would Steve click?

It's not often you find advertising that doesn't just bother you. I try to keep the ads on this site relevant, minimalist and out of the way. But on a limited-size device like the iPhone, not to mention it's a device that has that "cool usability" vibe, the need for ultra-careful advertising design is critical. Acceptance is important.

Enter AdMob. They've created advertising blocks for the iPhone that are - well - pretty darn cool. Hopefully the advertisements that show up in them in practice will be relevant and cool, too. Check out the video.

First, a big congrats to the guys at jkOnTheRun for their acquisition by GigaOm and their continued full-time blogging careers. Great people, and a great deal.

Kevin at jkOnTheRun posted a preview article the other day that I somehow missed until now, describing the Microsoft Live Mesh client for the Mac. It's not available yet, but Kevin was able to try it out. Previously he'd reviewed the mobile client for Live Mesh.

I've been using Live Mesh for a few months now in a limited fashion because only one of my computers at home will work (meaning only one runs a Windows desktop OS). My other machines are a Home Server and Mac, and my mobile decide is an iPhone. But I like what I have seen in the Mesh system, including the UI. So, I am looking forward to the release of a Mac client.

Check out Kevin's preview of the pre-release Mac app here.

In the case of Terry Childs, a network admin who gained notoriety recently for locking the City of San Francisco and his managers out of their own critical network, comic-book style progress has been made, with Childs' attorney inviting the mayor of SF to a secret meeting at the jail, where Childs handed over the passwords he'd previously refused to disclose.

Childs' lawyer, again in typical comic book fashion, has also come out saying that Childs' actions were essentially noble and that he was acting to protect the network he built from his management and peers, whom he characterized as being neglectful and without the proper knowledge to support the network. About what you'd expect from a defense lawyer in a public case, I suppose.

But Childs is in no way a hero. Even if what he says is completely true, he's (allegedly) committed a real crime. He does not own that network even if he helped build it, and regardless of whether the management in his department was capable of exercising its responsibilities, when Childs locked everyone out he crossed a clear line. If it was to make a point, he simply went overboard. The whole unfortunate case just smacks of ego and manic behavior.

But from arm's length the city doesn't exactly look like a helpless victim, either. Any professional management team that creates an environment where one person can control a critical and sensitive network in the manner exercised in this case has missed some of the most crucial and common-sense aspects of IT and security design. In fact, most of the time when cases of one-man-too-much-power crop up, we find that the IT staff is also responsible for security with little or no separation of duties, no checks and balances, and no controls to ensure one bad apple doesn't ruin the whole barrel.

Was Childs right? Absolutely not. Was the City wrong? I don't see how you can argue otherwise.

You'd likely be surprised how many real-world computer networks - big and small, important and less so - are run on the concept of "we just trust that one guy." It's what we call a "Beer Truck" risk problem: If I'm that guy you trust, what if I get hit by a beer truck and killed, or alternatively what if I drink everything on that beer truck and go nuts and wipe out the network? What then?

Systems should be set up to ensure no one person holds all the keys. Over the past few days I've read comments made about this story, in many cases by angry IT-types who say if you hire someone you have to give them access to everything and you have to trust them to do the right thing. Otherwise they cannot do their job, you're a terrible person and your network and systems are doomed. That premise is simply and blatantly false, and in fact following that method puts you in the same boat the City of San Francisco has just found itself in. Please, don't listen to the old-skool IT admin crowd, telling you to hand it all over to them because you obviously don't know what you're doing. Fire those guys and find some real help.

If you want a healthier view of the situation, check out articles written by smart, thoughtful people, like this one by Paul Doyle. Also, Paul Venezia wrote an in-depth article about what went wrong, with some detailed inside information.

To be clear, no one person should control all the systems. Control and authority are not the same thing. Checks and balances are important. The Air Force doesn't allow one person to perform all the steps needed to launch a ballistic missile, right? Apply the same principles to your IT systems.

Case in point: I was the chief security executive at a major online financial services company. I had administrative access to nothing. I couldn't even get in the data center without an escort and records being kept. I had no account access to critical or sensitive systems. And no one person there could make changes in a vacuum. IT workers didn't have access to security systems. Security workers didn't have administrative access to anything by default. And we operated effectively, smoothly, with full knowledge of what was happening on the network and systems. No one person had control. Authority, sure. But actual control of systems? No. To operate otherwise would have been negligent.

I often preach the value of formalizing security management and putting proper process, technology and organization in place to ensure a good, stable system that can effectively support business. One of the pillars of an effective security management system is hiring good people (probably not ones who have been convicted of aggravated robbery in the past, sorry) and separating duties in a way that protects everyone involved - employees included. Doing so is not punishment, it's just good common sense.

If nothing else, lets hope businesses and governments all over learn from this embarrassing public spectacle. There are standards out there (my background and experience is in ISO 27001, an international security management standard), the very purpose of which is to make sure things like this don't happen. It's high time to start using them.

Google has opened up their beta of Knol, a web site written by people who know things for people who want to know more. In a nutshell, it's a place to share knowledge. And I like it.

I just finished reading "How to backpack, starting from scratch," by a software engineer named Ryan Moulton. He's in his 20s and has been backpacking since he was eight years old, so he has some real, personal knowledge to share. And it's very useful knowledge, at that. An added "plus" of the article is that it contains a number of very nice panoramas from backpacking locations shot by the author.

Toilet clogs, lawn care, a wide variety of medical topics, you name it: People with domain knowledge may have written about it. Where there's not an article (or two or three), someone who has the knowledge can sign right in with their Google account ID and start writing.

This is cool stuff, nice interface (with a few little flaws that I am sure will get worked out). Worth your time to check out.