According to the Xobni web site , Xobni is “the Outlook plug-in that helps you organize your flooded inbox.” I’ve been using Xobni for the past few days, and it’s much more than that. With apologies to Jose Canseco, it’s Outlook on steroids

Installing Xobni is a breeze. The first time you run Xobni, it will index the e-mails that are currently in Outlook. For me, this process took around 15 minutes. Once your e-mails are indexed, you don’t really notice the indexing of new e-mails that goes on in the background.

Once Xobni has indexed your e-mails, the main Xobni sidebar shows several things about the person that sent you the current e-mail selected in Outlook. The top panel contains the Person Profile. Xobni shows a histogram of e-mails received from that person across different times of the day. While the display is well done, the information itself wasn’t all that helpful to me. Most of the histograms followed a normal, bell-shaped distribution curve. In that same section, Xobni shows the number of incoming and outgoing e-mails to that user, as well as how popular that contact is (in terms of e-mails sent and received) vis-a-vis other contacts in Outlook. The last bit of information that Xobni shows about the contact is her phone number, which is pulled from Outlook contacts or e-mail from that contact. In most cases, the phone number is correct. In some cases, Xobni selects the wrong information. The nice thing is that it shows you the source of the phone number, whether it’s an Outlook contact item or an e-mail. You can change the information if it’s incorrect.

The next panel is the Network. In this section, people that are included in e-mail conversations between you and contact show in the Person Profile are listed. People listed in the top of the Network are those that are included most often in e-mail conversation between you and the contact. A nice touch is the color coding of people in the Network. An orange icon represents people you’ve contacted directly, while a gray icon represents people you’ve never e-mailed directly. In addition, distribution lists have a different icon.

The third panel lists Conversations. E-mails are displayed in a threaded style, very similar to Google’s Gmail. Xobni groups individual e-mails into conversations based on the subject of the e-mail and the people in the To and CC fields. Conversations are listed in descending chronological order, with the most recent conversations listed at the top.

The last panel, and the one I find most useful, is the Files Exchanged. How many times have you wanted to find the document that you sent someone six weeks ago? Xobni pulls out all attachments that you’ve sent to, or received from, the contact and lists them in descending chronological order in the Files Exchanged panel.

That’s a quick overview of the Xobni Sidebar. Xobni also provides analytics for your Outlook e-mails also. The analytics shows things like mail traffic by hour, response times (most helpful), and unique contacts. It’s nice eye-candy that can show some interesting trends and patterns visually.

The most impressive feature of Xobni is its search capability. It’s lightning fast and well-integrated in the Xobni sidebar. Xobni will search on e-mail addresses, names, e-mail content and attachment names. Unfortunately, it doesn’t search on contents of files (yet).

All in all, Xobni is a fabulous productivity tool that every heavy-duty Outlook user should own. Yes, there are a few things that Xobni doesn’t do yet, but the public beta shows tremendous promise and is worth the (small) investment of time and energy required to install and learn the product.

With the rise of SQL injection attacks recently we’ve started taking a look at ways to prevent them on the server level.  We host a lot of sites that we did not create or maintain.  A lot of our customers look to us when issues like this arise.

These attacks mask their payloads in HEX using the CAST() function in SQL.  In the IIS logs you see something like this.

DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440045004300...%20AS%20NVARCHAR(4000));EXEC(@S);

After thinking about the problem we found a pretty simple solution, that so far, has worked well.  We needed a way to intercept the URLs that pass in the hex code so we could deny access to the page.  IIS lacks a simple URL rewrite engine like apache’s mod_rewrite, so we had to look for a 3rd party tool.

We found a solution in Helicon Tech’s ISAPI Rewrite.  This is a comercial product that comes with a free Lite version.  The lite version doesn’t allow for per site rules, but in this case you probably want to protect all the sites with one global rule.  There are some other very useful things ISAPI_Rewrite can do (SSL redirects for one) and the paid version is well worth the $99.

Once ISAPI_Rewrite is installed you can simply add this rule to the configuration.  This rule blocks anything in the URL that contains a CAST( or EXEC( function.  These should never show up in a HTTP GET.

RewriteCond %{QUERY_STRING} (exec.*\()|(cast.*\() [NC]
RewriteRule .? - [F,L]

When a request matches this rule IIS returns a 403 Forbidden error back to the user/client.  Note this rule will not protect against SQL injections that use the HTTP POST method (Forms).  These require proper validation in the code.

No one, I repeat, no one, over the age of twelve should use MS Comic Sans Serif for any documents or correspondence. ’nuff said.

I came across this terrific article about Content Migration.  The article is especially relevant for organizations implementing a Content Management System for the first time.

Great article about what’s in the works for HTML 5. I wouldn’t hold my breath waiting for these features to be incorporated into the mainstream browsers anytime soon, though

I discovered Yaplet this morning.  It’s a lightweight applet that lets you add chat capabilities to your web site without anything to install or configure.  For now, you don’t even need to register to use the beta version of the software.

Many of the web design and development RFPs that come across my desk ask for chat functionality.  I’m not sure why some organizations are looking for chat capability — that’s a post for another day — but Yaplet looks like it can provide that capability easily.  Try it out now.

In the spirit of full disclosure, the company that I work for, American Technology Services, Inc., is a Microsoft Gold Certified Partner and I am one of the 1.8 million people worldwide who has achieved Microsoft Certified Professional status.  I have been using Microsoft products and application development tools for a long, long time.  I am a big fan of Microsoft and their products.  So, if you expect me to poke fun at Microsoft…  you would be correct

Earlier today, I was asked to take a look at the Excel Web Services functionality in Microsoft Office SharePoint Server 2007 and Excel 2007.  At the time, it seemed like a fairly straightforward request.  We had a development server with MOSS 2007 and a development workstation with Office 2007.  I’m all set, right?  Well, not really.  I discover that the Excel that comes in certain Office suites doesn’t have a particular feature — Publish to Excel Web Services — that I need to use the Excel Web Services functionality.  How many versions of Excel 2007 are there?  According to this chart, there are 8 — yes, eight — 2007 Microsoft Office system suites.  They are:

• Microsoft Office Basic 2007
• Microsoft Office Home & Student 2007
• Microsoft Office Standard 2007
• Microsoft Office Small Business 2007
• Microsoft Office Professional 2007
• Microsoft Office Ultimate 2007
• Microsoft Office Professional Plus 2007
• Microsoft Office Enterprise 2007.

FWIW, Microsoft Office Ultimate 2007 and Microsoft Office Enterprise 2007 are both labeled as NEW!

Here are some things that inquiring minds want to know:

• What on earth was Microsoft thinking in coming up with 8 different Office suites?
• Why does Microsoft Office Enterprise 2007 *not* include everything in the Microsoft Office suite?
• Why is Microsoft Office Ultimate listed between Professional and Professional Plus? 
• What’s next for Microsoft Office?  Microsoft Office Enterprise Minus 2007?  Microsoft Office Professional Plus Plus 2007?

Why should Microsoft stop at just eight?  Post your suggestions for future Microsoft Office System suites…

Last month, I took my family to Orlando, Florida for a week-long vacation.  This was the first visit to the Orlando area for my three kids, so we dug deep into our wallets and bought tickets for both Magic Kingdom and Epcot.  The last time I went to Epcot was in the early-mid 1990’s when I was in Orlando for the annual Powersoft Users Conference.  As an aside, PowerBuilder was pretty popular in its heyday.  I remember the rush I felt when I built my first PowerBuilder 3.0 application that leveraged the DataWindow control.  I liked PowerBuilder so much, I left a big IT consulting firm and started doing consulting work for a company called Janiff Software.  Janiff developed a third-party PowerBuilder framework called APOL (Advanced PowerBuilder Object Library).  APOL was ahead of its time.  Unfortunately for Janiff, Powersoft released its own development framework, the PowerBuilder Foundation Classes (PFC), and interest in APOL waned.  If you know what Herb Lester, one of the two founders of Janiff Software, is up to now, please drop me a line.  Anyway, back to present-day Disney…

While some of the rides, attractions and exhibits at Magic Kingdom and Epcot seem a bit outdated, it’s still a magical place to spend a few days (and $$$) with the family.  I was most impressed with two things at Disney.  First, Disney does a remarkable job training all of its employees, oops, I mean cast members, on how to provide high-quality customer service.  Every single cast member we dealt with, from restaurant wait staff to ice cream cart attendants to groundskeepers were extremely knowledgeable and very eager to help.  Impressive.  The second thing that impressed me was Disney’s FASTPASS system.  For those in the minority who haven’t visited Disney in the past few years, Disney’s FASTPASS is an automated ticketing/reservation system, introduced in 1999, that allows visitors to avoid long lines at certain rides and attractions.  The “user interface” for the FASTPASS system couldn’t be simpler.  There are FASTPASS machines next to the most popular rides (strangely, not all rides provide a FASTPASS) in the theme park.  You feed your park pass into the FASTPASS machine and it spits out a reservation ticket.  The reservation ticket gives you a window of time that you have to come back to the attraction.  Give the reservation ticket to the attendant and you avoid the main queue and wait in the much shorter, FASTPASS line.  There are a few rules with the FASTPASS system.  I won’t describe them here.  If you’re interested, check out this Wikipedia article about Disney’s FASTPASS.

So, what does the FASTPASS system have to do with IT consulting?  Well, Disney and its FASTPASS system is a terrific example of an organization using a non-bleeding edge technology to improve customer service and utlimately, deliver better bottom line results.  Those of us who work in the IT fields are often mesmorized by the latest [whiz-bang technology] and are too eager to throw out [older technology] (that still works and may also be more cost-effective).  In true Mad Libs style, you can replace [whiz-bang technology] and [older technology] with:

• Vista [whiz-bang] / Windows XP [older]
• Office 2007 [whiz-bang] / Office 2003 [older]
• Web 2.0 and AJAX [whiz-bang] / plain HTML web sites [older]

I’m not saying that the latest-and-greatest technology doesn’t have its place.  On the contrary, in certain situations adapting leading-edge technology is critical to an organization’s success.  There are benefits to being an early adpator or first-mover.  However, for the vast majority of organizations, using slightly older technology will not leave you or your organization at a competitive disadvantage.  It’s how well you apply the technology and how well your employees, customers and partners are embraced and included in the application of the technology that is more important than the technology itself.

IT consulting is a people business.  Knowledge and information, while still important, are not as important as whom you know and who knows, and trusts, you.  Factors such as the explosion of the Internet, the spectacular growth of search engines like Google and Yahoo!, the wave of outsourcing to countries in Eastern Europe and Asia, and the tremendous decrease in costs for computing power and storage have all led to more organizations offering IT consulting services on a playing field that is as level and transparent as its ever been.

So, what does this have to do with technical recruitment firms?  I have yet to find a recruiter or placement firm that understands that consulting is a people business.  I’ve been on both sides of the table with them.  I’ve worked with recruiters while I was looking for a job and I’ve worked with them while looking to find employees to hire.  I’m still in search of a long-term relationship with a technical recruiter.  I’m looking for someone who can do the following:

• Listen and understand my needs as well as the needs of my organization.
• Call me periodically to discuss my needs.  Don’t call me when you have the “perfect” candidate.
• Understand that an employee is much more than the sum of her technical skills.
• Understand what it’s like to work as an IT consultant or software developer.  It’s not necessary for you to have actually programmed yourself, but you should be familiar with basic terms like software development life cycle, agile development, database administration, and client-side scripting.  Bonus points for you if you understand (and can explain) the difference between Java and JavaScript
• Assign a single person to deal with me and/or develop better, internal systems to keep track of my needs.  Don’t have each of your recruiters call me asking me what skills I’m looking for or asking me the same questions repeatedly.
• Talk to your candidates and get to know what they want in a employer or in a job.  Discover their personal and professional goals.  Tell me something about the candidate that’s not on their resume or cover letter.

If you can recommend a firm that fulfills these simple requirements (or if you’re convinced that you’re the recruiter for me), e-mail me at james99 (at) networkats (dot) com or post a comment to this entry.  I look forward to hearing from you.  A recent photograph is not required…

One question that we (almost) always ask organizations that are considering our services is: Has money been budgeted for this project?  If so, how much has been budgeted?  As you can imagine, there are a number of different responses to the question; however, essentially there are two responses.  The more popular response goes something like this, “Well, um, yes, we have money in the budget for project XYZ.  No, I can’t reveal that amount to you.”  The less popular response sounds like this, “Yes, we have set aside money for the project in the budget.  While I can’t tell you how much has been set aside, our expectation is for proposals between $X and $Y.”

Why don’t organizations reveal how much they’ve budgeted for their project, or, at a minimum, what their expectation of how much the project will cost?  I can think of a couple of reasons.  They include:

• If we reveal our budget — let’s call it $X — to vendors, every last one of them will bid $X or $X - 1.
• It’s none of your business.
• We really don’t know what the project will cost and we’re using this RFP process to help us figure out how much to budget.

Let me address each of these reasons.

If we reveal our budget, every vendor will bid that amount (or close to it)

OK, I understand why someone would think this way; however, in today’s IT consulting marketplace, there is enough competition between far too many vendors chasing a limited number of clients and projects that I just don’t think it happens that often.  In an ideal world, we, as a IT consulting firm, would be able to convince you, the possible client, of the value of our services and justify the cost of our bid as a sound business decision.  The reality is that price does matter.  Organizations, especially those in our target markets — associations, non-profits, professional service firms, financial institutions — have a limited amount of money to deal with growing IT issues.

It’s none of your business

While I’ve never heard a possible client use these exact words, I’m sure there were more than a handful that were thinking it after hearing our request :-)  Yes, you do have a right to reveal or not reveal information about your organization, your staff and your requirements.  However, the more transparent and open the process is, the more likely that (a) you are going to find a vendor that fits and (b) the project will be successful.  Yes, we are in the business of making money; however, the best way for us to make money and to succeed as a service organization is to develop solid, long-term relationships with our clients and work hard to deliver quality service at a fair price.

We don’t know how much the project should (or will cost)

As a vendor, I think this reason is the most frustrating one to deal with.  If you’re not willing to invest the time and energy to figure out how much you think the project will cost, why should I, as a vendor, spend time and resources to develop a good response to your RFP?  Instead of issuing an RFP, perhaps the better approach would be to issue a Request for Information (RFI) instead.

I’m sure there are many other reasons.  Send me your feedback via the comment feature and I’ll post them.

Please see Five Things Every RFP Should Contain for other comments, as well as my disclaimer.