Do you choose a restaurant based on the latest restaurant review? Do you consider which doctor to choose based on the annual “Top Doctors” article? Of course you do. Everybody does it.

The problem with that is you tend to miss the restaurants and doctors who are not on the rating person’s radar screen, which means you can miss a lot.

In the IT world, most of us know about The Gartner Group’s Magic Quandrants (which are trademarked and copyrighted, by the way) and these can be useful for finding out about the market leaders for a certain topic. Generally Gartner makes these ratings available to their subscribers, but oftentimes the favorably rated companies will publish the results for their benefit. Makes sense. I assume that Gartner also charges clients hefty fees for evaluating the companies.

The problem is that Gartner’s ratings don’t look at all companies, and they can’t possibly evaluate every company, which means that they tend to look at the largest companies, the ones with the most marketing dollars, and the ones who pay them to be evaluated.

For a small business looking for a source of services, does the Gartner rating mean anything? Sure, but only to a point. For example – take the July 2009 Gartner report called “Magic Quadrant for Web Hosting and Hosted Cloud System Infrastructure Services (On Demand).” This is an excellent analysis of 15 companies in the cloud hosting business, and the top rated firms are AT&T, Savvis, Terremark, and Rackspace, with IBM trailing the frontrunners a bit.

Of course, if you are like most people, you do what I do and mostly just look at the pictures rather than read the details. In this case, you would just assume that those five companies in the upper right of the chart are the only ones worth considering if you had a big RFP to send out or you wanted not to get fired for choosing the wrong vendor. The problem with this of course, is that you might actually want a Niche Player, which on the Gartner Magic Quadrant charts, is in the left bottom corner, a position that we naturally assume to be BAD. But you may actually want a niche player because of their focus on your specific needs.

In fact, Gartner’s report is careful to point out,

“Smaller providers may do one thing extraordinarily well, but not have a comprehensive set of services that lets them serve a broad array of use cases. More than ever before, it is crucial to look beyond the Magic Quadrant Leaders when selecting a vendor.”

If I only ate at restaurants with the highest Zagat’s rating, I’d be poor and would never know about the dive barbeque place near my house.

This “Gartnerization” syndrome was publicized recently when a smaller firm sued for being marginalized by an RFP selection committee just because they were in the “wrong“ Gartner quadrant. It seems silly, but it does happen in people’s minds, that only the companies appearing in the Gartner ratings are worthy of consideration in the first place, and that among those, only the ones on the top right uppermost part of the quadrant should get their business. It is useful information but does not substitute for common sense and business value.

My new Amazon Kindle 2 arrived on Friday, but all I could do was take it out of the box and ooh and ahh over it - you have to charge it for three hours first.  At least I turned it on and let it register itself, but Day 1 really began Saturday morning.  Sort of like getting a new toy for Christmas, it was fun to look at it, play with the buttons, try to get it to work, read the user manual, etc.  But where I happened to be on Saturday morning is one of the few places in the world with no cell phone signal.  Without a cell phone signal, the Kindle can’t get new books.  First observation - it would be much better if it could use WiFi as well as the free WhisperNet network (read Sprint 3G cell phone network or slower regular cell networks).

So not having a live connection, I tried downloading some MP3 and Word files from my laptop with the Kindle USB cable.  That worked, but in order for the documents to show up, I found out I need to convert them to the Kindle format.  That happens via the WhisperNet connection (which I don’t have right now), or I can email them to a special email address and then copy them over via the USB cable.  The latter is actually free, the former is not free.  Second observation - I need to carry my laptop if I’m going to be out of cell service. Third observation - watch for the little hidden charges if I send documents to myself.

Next, I went into town “for groceries”, but really just to get a WhisperNet connection for my new toy.  The connected Kindle instantly downloaded the book I had selected (Dante’s Inferno, and a sample of a book on Hannibal in Italy).  The prices for the Kindle books are usually cheaper than the physical hardcover version - typically $9.99 for a lot of books, but all the free books are not that appealing - mostly they are from the 19th century.  There are some books that cost as much as $400 - reference books and such.  But, compared to a paperback, I can’t see paying $9.99.  Fourth observation - I won’t be buying a lot of books for my Kindle - they are still way too expensive. I’m inclined to spend $5.95 at the airport when I’m leaving for a trip, but not that interested in spending twice that much for the electronic version.  True that some books cost $0.99, but the fact is that the books you’d want to get are in the $10 range.

So at the end of the day, I had managed to get one book and a sample of another one, download an MP3 file, and impress the other members of my household with the new cool toy.  So far, this is still a toy.  But while fun, is it worth the cost to be able to read about Hannibal and Scipio while listening to Commander Cody’s “Hot Rod Lincoln”?  I couldn’t do that with just a paper version of the book, but I could with a paperback and iPod.  The jury is still out on this new gadget.

BTW - the quality of the type on the screen is as good as they said.

UPDATE - Six months later, I rarely ever use my Kindle.  I tried downloading documents and while it works, the quality of the rendering of images is not good enough.  I couldn’t read a diagram created in Visio and embedded in my Word doc as a WMF file.  I couldn’t read the diagrams or view the pictures in the PDF I downloaded.  However, I did use the web browser for directions to a church where a wedding was being held.  I just used Google map, and its directions - turns out the directions were slightly off and we went left instead of right, and were late for the wedding.  Kindle is not a GPS.  Who knew?

While the press gives us the view of the bailout of the Big Three and the Wall Street banks at the 20,000 foot level, let me tell you how the economy looks from the ten foot level.

This year started out like most other years, but it was pretty clear to us a year ago that the 4th quarter was going to tank.  In fact, as we recently prepared our 2009 budget and revenue projections, I pulled out the budget guidance from December 2007, and found that we said we should expect a major downturn in Q4 of 2008.  I don’t completely remember now why I thought that at the time, but I guess it was obvious to me that we were entering a recession and the economy was about to turn down, and would turn way down by October.  So what’s the forecast for 2009?  I’ll save that for another blog post.  This one is about how it looks at the moment.

What we noticed late last year was that a couple of clients that depend heavily on donations from financial firms and major computer firms were having problems raising money.  This was a strong indication of things to come.  Some of those clients essentially went out of business by June 2008.  Based on our experience in 2000/2001, we knew that the association and not-for-profit market would lag by about 9 months for seeing impacts of the business downturn, so I think we must have guessed that the early warning signs in late 2007 were going to hit us hard in late 2008.

What we didn’t really anticipate is the severity of the downturn in all sectors, particularly with banks.  Each year is a learning experience, and this one is a rare chance to watch and experience what happens in the severe recessions, which may be a once in a lifetime opportunity to learn.  (I remember the recession in 1974, the one in the late 80’s, and the more recent one in 2000, but don’t remember much about the others in my lifetime.)  This one is definitely different.

Our banking clients are helping us understand the impact of the recession on their business.  The crisis at the top end of the banking world is a very different scale than at the community bank level, and the bailout packages are not yet trickling down.  In simple terms, the recession is being seen in things like dramatically fewer transactions at the teller line, just like there are fewer sales in the retail stores.  People are getting laid off because there is simply less work to do, just like in a factory.

What compounds the problem for the community banks is the lending situation and real estate valuation situation.  Since banks have to “mark to market”, the value of loans in their portfolios drops with the decline of the real estate market, which creates a trickle-down effect.  For those banks with widespread loan problems, the story gets worse.  For those community banks that invested funds in the stock of Fannie Mae, that money is gone.  People are getting cut because you have to do it to slash costs, so that the institution can survive.  Nobody would have ever thought that this combination of circumstances would happen.

For the services firms we work with, the impact is mixed.  We have one client whose business is exactly dealing with complex and major problems with banks - this environment must be a golden opportunity for them.  For other services firms, like the average small law firm or the mid-sized consulting firm, they are all wondering how bad things will get and watching their pennies.  Fortunately - and we are all watching closely - but the services firms in this area seem to be doing better than OK so far.

For the retail firms we work with, business seemed pretty solid until about September.  Then October looked pretty scary for them, and then November was at first dreadful, but by the end, not so bad.  December is actually turning out to be better than last year, but not by a lot.  So, for the retail firms, it looks like the worst is actually over.  Let’s hope that is in fact the case.

For the construction businesses and developers we deal with, the smart ones saw this coming and hunkered down.  Those firms are doing pretty well right now.  For the not-so-prescient ones, time will tell.

For our own company, we are fortunate that we have a focus on different vertical markets so that the economic swings are smoothed out.  Yes, when all markets are swinging up, we do very well, but there has not been a time, in the last recession or in the current severe one, where all markets were swinging down on the same cycle.

What is also interesting to watch is the whip-saw effect of commodity prices and currency prices.  This is a new phenomenon for me to see, too.  The last thing I expected was a sharp rise in oil prices, followed by a rapid rise of the dollar versus the Euro, followed by a sharp drop in oil prices.  This is so crazy.  Now I’m thinking, “so what is the most ridiculous thing that could happen next?”  That’s how we’re approaching the 2009 budget.

In the course of marketing our services, occasionally I come across banks that host their web site with a hosting company that is a general hosting provider.  I have to shake my head when I find this out.  A couple of weeks ago, we were doing some business development with a community bank, and I noticed their web site was down.  When I asked about the problem, I learned that the hosting company they use had been hacked and therefore the bank’s web site was down.  This went on for more than a day.  How can a bank afford to let this happen?  If you are in charge of a web site for a financial institution, what possible reason can you have for hosting at a company that doesn’t host other bank or credit union web sites, and has the necessary security controls in place.

According to this Ektron knowledgebase entry , eWebEditPro is incompatiable with FireFox 3.

eWebEditPro is does not appear in Firefox 3.0. Do not upgrade to Firefox 3.0 . We will continue to monitor the development of Firefox and work with the maker of the Esker ActiveX plugin.

According to this post on the Ektron DevCenter forum, this problem has been known since early June.  For now, Ektron recommends delaying the use of FireFox 3 until further notice.  Subscribe to the RSS feed to be notified once this issue has been resolved.

According to the Xobni web site , Xobni is “the Outlook plug-in that helps you organize your flooded inbox.” I’ve been using Xobni for the past few days, and it’s much more than that. With apologies to Jose Canseco, it’s Outlook on steroids

Installing Xobni is a breeze. The first time you run Xobni, it will index the e-mails that are currently in Outlook. For me, this process took around 15 minutes. Once your e-mails are indexed, you don’t really notice the indexing of new e-mails that goes on in the background.

Once Xobni has indexed your e-mails, the main Xobni sidebar shows several things about the person that sent you the current e-mail selected in Outlook. The top panel contains the Person Profile. Xobni shows a histogram of e-mails received from that person across different times of the day. While the display is well done, the information itself wasn’t all that helpful to me. Most of the histograms followed a normal, bell-shaped distribution curve. In that same section, Xobni shows the number of incoming and outgoing e-mails to that user, as well as how popular that contact is (in terms of e-mails sent and received) vis-a-vis other contacts in Outlook. The last bit of information that Xobni shows about the contact is her phone number, which is pulled from Outlook contacts or e-mail from that contact. In most cases, the phone number is correct. In some cases, Xobni selects the wrong information. The nice thing is that it shows you the source of the phone number, whether it’s an Outlook contact item or an e-mail. You can change the information if it’s incorrect.

The next panel is the Network. In this section, people that are included in e-mail conversations between you and contact show in the Person Profile are listed. People listed in the top of the Network are those that are included most often in e-mail conversation between you and the contact. A nice touch is the color coding of people in the Network. An orange icon represents people you’ve contacted directly, while a gray icon represents people you’ve never e-mailed directly. In addition, distribution lists have a different icon.

The third panel lists Conversations. E-mails are displayed in a threaded style, very similar to Google’s Gmail. Xobni groups individual e-mails into conversations based on the subject of the e-mail and the people in the To and CC fields. Conversations are listed in descending chronological order, with the most recent conversations listed at the top.

The last panel, and the one I find most useful, is the Files Exchanged. How many times have you wanted to find the document that you sent someone six weeks ago? Xobni pulls out all attachments that you’ve sent to, or received from, the contact and lists them in descending chronological order in the Files Exchanged panel.

That’s a quick overview of the Xobni Sidebar. Xobni also provides analytics for your Outlook e-mails also. The analytics shows things like mail traffic by hour, response times (most helpful), and unique contacts. It’s nice eye-candy that can show some interesting trends and patterns visually.

The most impressive feature of Xobni is its search capability. It’s lightning fast and well-integrated in the Xobni sidebar. Xobni will search on e-mail addresses, names, e-mail content and attachment names. Unfortunately, it doesn’t search on contents of files (yet).

All in all, Xobni is a fabulous productivity tool that every heavy-duty Outlook user should own. Yes, there are a few things that Xobni doesn’t do yet, but the public beta shows tremendous promise and is worth the (small) investment of time and energy required to install and learn the product.

With the rise of SQL injection attacks recently we’ve started taking a look at ways to prevent them on the server level.  We host a lot of sites that we did not create or maintain.  A lot of our customers look to us when issues like this arise.

These attacks mask their payloads in HEX using the CAST() function in SQL.  In the IIS logs you see something like this.

DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440045004300...%20AS%20NVARCHAR(4000));EXEC(@S);

After thinking about the problem we found a pretty simple solution, that so far, has worked well.  We needed a way to intercept the URLs that pass in the hex code so we could deny access to the page.  IIS lacks a simple URL rewrite engine like apache’s mod_rewrite, so we had to look for a 3rd party tool.

We found a solution in Helicon Tech’s ISAPI Rewrite.  This is a comercial product that comes with a free Lite version.  The lite version doesn’t allow for per site rules, but in this case you probably want to protect all the sites with one global rule.  There are some other very useful things ISAPI_Rewrite can do (SSL redirects for one) and the paid version is well worth the $99.

Once ISAPI_Rewrite is installed you can simply add this rule to the configuration.  This rule blocks anything in the URL that contains a CAST( or EXEC( function.  These should never show up in a HTTP GET.

RewriteCond %{QUERY_STRING} (exec.*\()|(cast.*\() [NC]
RewriteRule .? - [F,L]

When a request matches this rule IIS returns a 403 Forbidden error back to the user/client.  Note this rule will not protect against SQL injections that use the HTTP POST method (Forms).  These require proper validation in the code.

No one, I repeat, no one, over the age of twelve should use MS Comic Sans Serif for any documents or correspondence. ’nuff said.

I came across this terrific article about Content Migration.  The article is especially relevant for organizations implementing a Content Management System for the first time.

Great article about what’s in the works for HTML 5. I wouldn’t hold my breath waiting for these features to be incorporated into the mainstream browsers anytime soon, though