According to the Xobni web site , Xobni is “the Outlook plug-in that helps you organize your flooded inbox.” I’ve been using Xobni for the past few days, and it’s much more than that. With apologies to Jose Canseco, it’s Outlook on steroids

Installing Xobni is a breeze. The first time you run Xobni, it will index the e-mails that are currently in Outlook. For me, this process took around 15 minutes. Once your e-mails are indexed, you don’t really notice the indexing of new e-mails that goes on in the background.

Once Xobni has indexed your e-mails, the main Xobni sidebar shows several things about the person that sent you the current e-mail selected in Outlook. The top panel contains the Person Profile. Xobni shows a histogram of e-mails received from that person across different times of the day. While the display is well done, the information itself wasn’t all that helpful to me. Most of the histograms followed a normal, bell-shaped distribution curve. In that same section, Xobni shows the number of incoming and outgoing e-mails to that user, as well as how popular that contact is (in terms of e-mails sent and received) vis-a-vis other contacts in Outlook. The last bit of information that Xobni shows about the contact is her phone number, which is pulled from Outlook contacts or e-mail from that contact. In most cases, the phone number is correct. In some cases, Xobni selects the wrong information. The nice thing is that it shows you the source of the phone number, whether it’s an Outlook contact item or an e-mail. You can change the information if it’s incorrect.

The next panel is the Network. In this section, people that are included in e-mail conversations between you and contact show in the Person Profile are listed. People listed in the top of the Network are those that are included most often in e-mail conversation between you and the contact. A nice touch is the color coding of people in the Network. An orange icon represents people you’ve contacted directly, while a gray icon represents people you’ve never e-mailed directly. In addition, distribution lists have a different icon.

The third panel lists Conversations. E-mails are displayed in a threaded style, very similar to Google’s Gmail. Xobni groups individual e-mails into conversations based on the subject of the e-mail and the people in the To and CC fields. Conversations are listed in descending chronological order, with the most recent conversations listed at the top.

The last panel, and the one I find most useful, is the Files Exchanged. How many times have you wanted to find the document that you sent someone six weeks ago? Xobni pulls out all attachments that you’ve sent to, or received from, the contact and lists them in descending chronological order in the Files Exchanged panel.

That’s a quick overview of the Xobni Sidebar. Xobni also provides analytics for your Outlook e-mails also. The analytics shows things like mail traffic by hour, response times (most helpful), and unique contacts. It’s nice eye-candy that can show some interesting trends and patterns visually.

The most impressive feature of Xobni is its search capability. It’s lightning fast and well-integrated in the Xobni sidebar. Xobni will search on e-mail addresses, names, e-mail content and attachment names. Unfortunately, it doesn’t search on contents of files (yet).

All in all, Xobni is a fabulous productivity tool that every heavy-duty Outlook user should own. Yes, there are a few things that Xobni doesn’t do yet, but the public beta shows tremendous promise and is worth the (small) investment of time and energy required to install and learn the product.

With the rise of SQL injection attacks recently we’ve started taking a look at ways to prevent them on the server level.  We host a lot of sites that we did not create or maintain.  A lot of our customers look to us when issues like this arise.

These attacks mask their payloads in HEX using the CAST() function in SQL.  In the IIS logs you see something like this.

DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440045004300...%20AS%20NVARCHAR(4000));EXEC(@S);

After thinking about the problem we found a pretty simple solution, that so far, has worked well.  We needed a way to intercept the URLs that pass in the hex code so we could deny access to the page.  IIS lacks a simple URL rewrite engine like apache’s mod_rewrite, so we had to look for a 3rd party tool.

We found a solution in Helicon Tech’s ISAPI Rewrite.  This is a comercial product that comes with a free Lite version.  The lite version doesn’t allow for per site rules, but in this case you probably want to protect all the sites with one global rule.  There are some other very useful things ISAPI_Rewrite can do (SSL redirects for one) and the paid version is well worth the $99.

Once ISAPI_Rewrite is installed you can simply add this rule to the configuration.  This rule blocks anything in the URL that contains a CAST( or EXEC( function.  These should never show up in a HTTP GET.

RewriteCond %{QUERY_STRING} (exec.*\()|(cast.*\() [NC]
RewriteRule .? - [F,L]

When a request matches this rule IIS returns a 403 Forbidden error back to the user/client.  Note this rule will not protect against SQL injections that use the HTTP POST method (Forms).  These require proper validation in the code.

No one, I repeat, no one, over the age of twelve should use MS Comic Sans Serif for any documents or correspondence. ’nuff said.

I came across this terrific article about Content Migration.  The article is especially relevant for organizations implementing a Content Management System for the first time.

Great article about what’s in the works for HTML 5. I wouldn’t hold my breath waiting for these features to be incorporated into the mainstream browsers anytime soon, though

Last month, I took my family to Orlando, Florida for a week-long vacation.  This was the first visit to the Orlando area for my three kids, so we dug deep into our wallets and bought tickets for both Magic Kingdom and Epcot.  The last time I went to Epcot was in the early-mid 1990’s when I was in Orlando for the annual Powersoft Users Conference.  As an aside, PowerBuilder was pretty popular in its heyday.  I remember the rush I felt when I built my first PowerBuilder 3.0 application that leveraged the DataWindow control.  I liked PowerBuilder so much, I left a big IT consulting firm and started doing consulting work for a company called Janiff Software.  Janiff developed a third-party PowerBuilder framework called APOL (Advanced PowerBuilder Object Library).  APOL was ahead of its time.  Unfortunately for Janiff, Powersoft released its own development framework, the PowerBuilder Foundation Classes (PFC), and interest in APOL waned.  If you know what Herb Lester, one of the two founders of Janiff Software, is up to now, please drop me a line.  Anyway, back to present-day Disney…

While some of the rides, attractions and exhibits at Magic Kingdom and Epcot seem a bit outdated, it’s still a magical place to spend a few days (and $$$) with the family.  I was most impressed with two things at Disney.  First, Disney does a remarkable job training all of its employees, oops, I mean cast members, on how to provide high-quality customer service.  Every single cast member we dealt with, from restaurant wait staff to ice cream cart attendants to groundskeepers were extremely knowledgeable and very eager to help.  Impressive.  The second thing that impressed me was Disney’s FASTPASS system.  For those in the minority who haven’t visited Disney in the past few years, Disney’s FASTPASS is an automated ticketing/reservation system, introduced in 1999, that allows visitors to avoid long lines at certain rides and attractions.  The “user interface” for the FASTPASS system couldn’t be simpler.  There are FASTPASS machines next to the most popular rides (strangely, not all rides provide a FASTPASS) in the theme park.  You feed your park pass into the FASTPASS machine and it spits out a reservation ticket.  The reservation ticket gives you a window of time that you have to come back to the attraction.  Give the reservation ticket to the attendant and you avoid the main queue and wait in the much shorter, FASTPASS line.  There are a few rules with the FASTPASS system.  I won’t describe them here.  If you’re interested, check out this Wikipedia article about Disney’s FASTPASS.

So, what does the FASTPASS system have to do with IT consulting?  Well, Disney and its FASTPASS system is a terrific example of an organization using a non-bleeding edge technology to improve customer service and utlimately, deliver better bottom line results.  Those of us who work in the IT fields are often mesmorized by the latest [whiz-bang technology] and are too eager to throw out [older technology] (that still works and may also be more cost-effective).  In true Mad Libs style, you can replace [whiz-bang technology] and [older technology] with:

• Vista [whiz-bang] / Windows XP [older]
• Office 2007 [whiz-bang] / Office 2003 [older]
• Web 2.0 and AJAX [whiz-bang] / plain HTML web sites [older]

I’m not saying that the latest-and-greatest technology doesn’t have its place.  On the contrary, in certain situations adapting leading-edge technology is critical to an organization’s success.  There are benefits to being an early adpator or first-mover.  However, for the vast majority of organizations, using slightly older technology will not leave you or your organization at a competitive disadvantage.  It’s how well you apply the technology and how well your employees, customers and partners are embraced and included in the application of the technology that is more important than the technology itself.

IT consulting is a people business.  Knowledge and information, while still important, are not as important as whom you know and who knows, and trusts, you.  Factors such as the explosion of the Internet, the spectacular growth of search engines like Google and Yahoo!, the wave of outsourcing to countries in Eastern Europe and Asia, and the tremendous decrease in costs for computing power and storage have all led to more organizations offering IT consulting services on a playing field that is as level and transparent as its ever been.

So, what does this have to do with technical recruitment firms?  I have yet to find a recruiter or placement firm that understands that consulting is a people business.  I’ve been on both sides of the table with them.  I’ve worked with recruiters while I was looking for a job and I’ve worked with them while looking to find employees to hire.  I’m still in search of a long-term relationship with a technical recruiter.  I’m looking for someone who can do the following:

• Listen and understand my needs as well as the needs of my organization.
• Call me periodically to discuss my needs.  Don’t call me when you have the “perfect” candidate.
• Understand that an employee is much more than the sum of her technical skills.
• Understand what it’s like to work as an IT consultant or software developer.  It’s not necessary for you to have actually programmed yourself, but you should be familiar with basic terms like software development life cycle, agile development, database administration, and client-side scripting.  Bonus points for you if you understand (and can explain) the difference between Java and JavaScript
• Assign a single person to deal with me and/or develop better, internal systems to keep track of my needs.  Don’t have each of your recruiters call me asking me what skills I’m looking for or asking me the same questions repeatedly.
• Talk to your candidates and get to know what they want in a employer or in a job.  Discover their personal and professional goals.  Tell me something about the candidate that’s not on their resume or cover letter.

If you can recommend a firm that fulfills these simple requirements (or if you’re convinced that you’re the recruiter for me), e-mail me at james99 (at) networkats (dot) com or post a comment to this entry.  I look forward to hearing from you.  A recent photograph is not required…

One question that we (almost) always ask organizations that are considering our services is: Has money been budgeted for this project?  If so, how much has been budgeted?  As you can imagine, there are a number of different responses to the question; however, essentially there are two responses.  The more popular response goes something like this, “Well, um, yes, we have money in the budget for project XYZ.  No, I can’t reveal that amount to you.”  The less popular response sounds like this, “Yes, we have set aside money for the project in the budget.  While I can’t tell you how much has been set aside, our expectation is for proposals between $X and $Y.”

Why don’t organizations reveal how much they’ve budgeted for their project, or, at a minimum, what their expectation of how much the project will cost?  I can think of a couple of reasons.  They include:

• If we reveal our budget — let’s call it $X — to vendors, every last one of them will bid $X or $X - 1.
• It’s none of your business.
• We really don’t know what the project will cost and we’re using this RFP process to help us figure out how much to budget.

Let me address each of these reasons.

If we reveal our budget, every vendor will bid that amount (or close to it)

OK, I understand why someone would think this way; however, in today’s IT consulting marketplace, there is enough competition between far too many vendors chasing a limited number of clients and projects that I just don’t think it happens that often.  In an ideal world, we, as a IT consulting firm, would be able to convince you, the possible client, of the value of our services and justify the cost of our bid as a sound business decision.  The reality is that price does matter.  Organizations, especially those in our target markets — associations, non-profits, professional service firms, financial institutions — have a limited amount of money to deal with growing IT issues.

It’s none of your business

While I’ve never heard a possible client use these exact words, I’m sure there were more than a handful that were thinking it after hearing our request :-)  Yes, you do have a right to reveal or not reveal information about your organization, your staff and your requirements.  However, the more transparent and open the process is, the more likely that (a) you are going to find a vendor that fits and (b) the project will be successful.  Yes, we are in the business of making money; however, the best way for us to make money and to succeed as a service organization is to develop solid, long-term relationships with our clients and work hard to deliver quality service at a fair price.

We don’t know how much the project should (or will cost)

As a vendor, I think this reason is the most frustrating one to deal with.  If you’re not willing to invest the time and energy to figure out how much you think the project will cost, why should I, as a vendor, spend time and resources to develop a good response to your RFP?  Instead of issuing an RFP, perhaps the better approach would be to issue a Request for Information (RFI) instead.

I’m sure there are many other reasons.  Send me your feedback via the comment feature and I’ll post them.

Please see Five Things Every RFP Should Contain for other comments, as well as my disclaimer.

One of my job responsibilities at NetworkATS is to interview technical candidates. Maybe I’m in the minority, but I really do enjoy interviewing candidates. Not only does it provide a short break from daily tasks such as coding, testing, dealing with clients, responding to RFPs, etc., I’ve gotten an inside view of other IT shops and learned how other organizations deal with their IT needs. One day I might interview a recent college graduate for an entry-level position. Another day I may talk with an experienced IT consultant who’s looking for a Project Manager position. Unlike the typical human resources person, I try to spend a few minutes reviewing each resume that comes across my desk. Regardless of the position you’re interested in, below are a few simple things that you can apply to your resume if you don’t want a job interview.

List Every Software Application, Language or Tool You’ve Ever Used

In today’s slow moving IT world, it’s critically important to list every software application, language or tool that you’ve ever used. You never know when someone’s going to have a project that’s going to require in-depth knowledge of CP/M, Windows 95. COBOL or Fortran. Let’s look at a two resumes I received last year in response to a job posting for Microsoft .Net developers:

OK, this candidate has both ASP.Net and VB.Net experience. Good. He also has VB 6. OK, that’s good to know. He has DOS, Windows 95, NT, 2000, XP and 2003 Server experience, too. Not too shabby. I’m also glad to see that we can count on him for both structured and object oriented analysis (What I need are people that can deal with un-structured analysis and change-oriented analysis!) Now, let’s compare this resume to the one below.

Now, this is an impressive resume for someone applying for a .Net developer position. He’s got 12 years of Visual Studio experience. Wow. Since this resume was one I received in 2005, that would mean that he started using Visual Studio in 1993. Impressive. Equally impressive is his 3 years of experience in Very Rapid Prototyping. I wonder how many years he spent Prototyping and Rapid Prototyping before being comfortable with Very Rapid Prototyping. What comes after a few years of Very Rapid Prototyping? Double Very Rapid Prototyping, perhaps? In case you were curious, his resume was a svelte seven pages long.

Use English in New and Innovative Ways

Here’s an example.

Here’s another example of using English in new and innovative ways.

Be Vague When Describing Your Previous Experience

It’s important to be vague when describing your previous job or educational experience. The less I know about what you’ve done in previous jobs, the more you and I have to talk about during the interview process. Also, if you also follow rule 1 listed above, List Every Software Application, Language or Tool You’ve Ever Used, why bother writing descriptive prose about what you actually did? Let the long list of technical skills speak for itself!

Here’s an example for your consideration:

This snippet below is a good example of two rules: being vague and using English in creative ways.

If your resume follows these three simple rules, I guarantee that you’ll succeed in not getting a job interview with me. Do you have other “rules” to add to my list? Post them in the comments section…

As an IT consulting firm providing network integration, web design and software development services to small to medium sized clients in the D.C. area, we receive lots of RFPs (both solicited and unsolicited).  Please note that most of the RFPs I deal with are in the area of web design and development, so some of my comments may not apply to RFPs for different services or products; however, in general, I think my comments apply across many kinds of RFPs and other formal (or informal) solicitations for products and/or services.

The RFPs I review vary greatly in terms of quality and quantity.  I’ve seen good proposals that are no more than a couple of pages.  I’ve seen not-so-good proposals that go on for 20 to 30 pages.  Quantity (or the thud factor) does not necessarily correspond to quality.  Since most of the proposals I read are related to web development, the discussion points and examples below will be geared towards that particular kind of RFP.  Here’s what I think all good proposals should include:

• What are the critical success factors and key requirements for the project?
• Who’s involved in the decision-making process?
• What criteria is being used to select a vendor?
• What internal (or external) constraints affect the project?
• How much has been budgeted for the project?

As a general rule, the more time and energy that the proposer invests in the RFP, the more likely we can either (a) propose a solution that we believe meets their requirements or (b) help them find a vendor that is better suited for their project or (c) decline to bid, which saves everyone time.

I’ll deal with these five discussion points in future blog entries.  If you have others you’d like to see added, please let me know.  The true power of a blog is not in the initial posts, but in the subsequent discussion that it provokes.

As always, I welcome your comments about this blog.  Post them online for everyone to view or e-mail them to me at james99 (at) networkats (dot) com.