Category: General

Today I learned that Joe Wells, one of the early pioneers in the antivirus space, has passed away.

Joe played a particularly important role in my life. Back in 2006, I was running a software company, Sunbelt Software, and we an antispyware product, CounterSpy. While we had good commercial success, it was clear it was time for a pivot.

Enter Joe Wells: At the time, he was chief scientist for Fortinet, and we asked him to come down to our offices in Florida.

The rest, I quote, from a blog post I wrote later (now archived):

On a chilly and blustery evening last January, Joe Wells, Eric Sites (our VP of R&D) and I sat outside overlooking the water at the Island Way Grill, a favorite local hangout. We were trying to recruit Joe from his position as Chief Scientist at Fortinet and the subject was along the lines of a re-invention of the anti-malware model.

In antivirus circles, Joe is a well-known figure. The founder of the Wildlist, he’s spent his life writing antivirus engines, getting antivirus patents and working for Symantec, IBM Thomas Watson Labs and Trend (and in his spare time, doing a complete translation of the Bible into the Sahidic dialect of the Coptic language as well as writing science fiction).

The rest of the blog was the introduction of our new VIPRE antivirus technology, and the essay represented a massive shift in our corporate strategy. (Fun fact: he even came up with the VIPRE acronym – “Virus Intrusion Prevention Engine”). It was also presaged a shift in how the world collectively thought about antimalware products, and I’d like to think we played a role in the development of the next-generation antivirus market (companies like Crowdstrike and Cylance).

It was Joe who said “we can do this”. And we did (and then three years later, we stupidly sold the business — that’s for another blog).

Joe was a big deal. I’m thankful to have known him, worked with him and to have counted him as a friend. He was our chief scientist and was the one who took us from being a small antispyware/antispam company to the big leagues (and what a run it was!).

Joe was a character in a world going bland: irreverent, quirky, massively intelligent and extraordinarily interesting.

Thank you Joe. You made a difference and you will be missed. RIP.

Since reliable records were kept, four major hurricanes have directly hit the Tampa Bay area. They are the Tampa Bay Hurricane of 1848, the 1921 Tampa Bay hurricane, the 1946 Florida Hurricane,  and the Storm of the Century of 1993.

All of these storms had one major attribute: They developed in the southwestern Caribbean or off of central America, rather than the Atlantic or eastern Caribbean. This fact is worth noting.

Commonly, major hurricanes in our part of the world come off the coast of Africa or the eastern Caribbean, and shoot off westward, affecting the US by hitting Florida or the southeastern states on the east, or going below Florida and shooting up to the Florida Panhandle or the various Gulf states (Louisiana, Alabama, Mississippi and Texas).

These storms rarely go up the Gulf, and then make an immediate jaunt eastward to Tampa. When in the Gulf, they just go straight up. Exceptions, such as Hurricane Charley (which came out of the central Caribbean), have not affected Tampa (but almost did, and it was a near thing indeed!).

The reason is that Tampa faces west, and the trade winds prevalent in our area move east-to-west.   In other words, the prevailing winds keep the storms pushed away from us.

Now, storms such as Elena, Irma and Frances have affected Tampa, but were not at the scale of a direct hit (although certainly not little storms – they all had an impact).

For me, the concern with Irma is that it would go further to the west, hitting us at an angle to hit Tampa Bay directly, causing a potentially massive storm surge. However, it was fairly clear by the 8th of September that it would be a major wind event – but not a big storm surge creator. Still, I took precautions.

What’s of great concern with a direct hit to Tampa Bay is that the region has a shallow continental shelf, with very warm water. That is a bad combination, creating a potential of a devastating storm surge. A big storm coming directly at us will be quite dangerous.

Remember, storm surges are where you see boats on top of trees 20 miles inland. Katrina. That kind of thing. Storm surge is the big problem in hurricanes.

So, I pay very close attention to tropical disturbances in the southwestern Caribbean, because these could hit Tampa directly. A direct hit creates the massive storm surge that is actually the major danger in hurricanes.

Now, that’s not to say that I am not wary of any major storms developing that could affect our area…

Disclaimer: I’ve lived in Florida, cumulatively, well over 20 years. I’m not an expert nor a meteorologist. But I have had to worry about the safety of my family in the face of big storms and I’m a bit of a nerd who has spent a lot of time studying the issue. This is only my viewpoint and observation. Feel free to disagree. Everyone fights about hurricanes, and the news doesn’t help by scaring the heck out of everybody, so the arguments tend to be between people who are scared witless – not the best combination. 

Goldman Sachs shares with its wealthy clients various views of the market. Here, they’ve taken on the election in terms of markets.

It’s an interesting read, here.

The competition.

It’s what drives us to create better products, and stay on top of our game.

But how do you find out the skinny on your competitors? You could hire a private detective to fish around, but most likely, they’ll find the stuff that’s publicly available anyway. Yawn.

You can do it illegally, and that’s a really bad idea.

However, there are plenty of ways to find out about a competitor, using perfectly legal methods.

Let’s start with a few tricks.

Glassdoor

Glassdoor is a bit of a cesspool, since it allows anyone to anonymously comment on their employer. And, while the intent is good, that is one of the great dangers of the platform: anyone could gang up on a company and write horrible reviews.

However, it’s still a very useful tool to get an understanding of the internal dynamics of a company. Put on a BS filter and read through the reviews and interview comments. You’ll often be surprised at how much you can learn.

Google dorks and advanced search operators

Get to really know Google’s advanced operators to turn search into a powerful intelligence tool. You can also use a number of Google dorks to find things like price lists and other interesting intelligence. It’s not necessarily that hard: I can’t tell you how many times I’ve just typed in the name of a company with the words “price list” and gotten great intel.

Surveys

I’ve done this with great success: Survey customers of competitors to get valuable information. Or, here’s a tip: you can simply create an inexpensive Google survey and get a quick NPS score on your competitors, and then track your NPS against theirs. Makes for a heck of a game.

Similarweb and Alexa

Unfortunately, you can’t find out what a competitor’s actual web traffic is without hacking into their system (again, no illegal stuff here!). However, you can get a feel as to how popular their sites are by using services like Similarweb and Alexa. And, if you have the bucks, pony up for ComScore.

Google alerts

Always set up a Google alert on a competitor to stay on top of what they’re doing.

Keep an eye on their keywords

Use tools like SpyFu or KeywordSpy to find out what keywords they’re buying.

Social

Track your competitors through Yelp, their Facebook pages, Twitter and Citysearch.

Customers and suppliers

Customers and shared suppliers are amazing sources of information. In fact, some of the most valuable intel I’ve learned is from customers. Pricing, product plans, release schedules… the works.

Watch who they’re hiring

You can learn crazy amounts about a competitor by watching who they’re hiring.

Call them

Yup, you can actually call your competitors and you’ll be surprised at how much you’ll learn. For example, call their tech support with a question, and then perhaps ask innocently “how many people do you guys have in support, anyway”. You get the picture.

Google Trends

Google Trends is useful to see what’s trending, whether in your industry, or with your competitor.

LinkedIn

LinkedIn, of course, is a weapons-grade intel system. Not only can you find who works somewhere, but you can also get a feel for employee counts, etc. Employee count alone can give you a feel for revenue.

Ex-employee interviews and hires

Ex-employees sure seem to like to talk…  ANd nothing is a better source of intel than a disgruntled former employee. This is sometimes a gray area; you don’t want to be in a position where you’re compromising the ethics of an employee’s own confidentiality. But a lot of what they will tell you is not confidential and very useful.

Trade shows

It’s lame to even write this, since everyone knows it and does it. But tradeshows and conferences are cesspools of leaked information. If you want it, chances are you can get it by just chatting away with people. Buying drinks helps.

It’s surprising that competitive “booth busting” is not done by more people.  And sometimes, your competitors will do astonishingly stupid things. Be on the lookout for these rare opportunities. For example, many years ago, I was a product manager for a disk utility. A competitor was coming out with a new version, and we were dying to know what features were in it. So I went to a trade show, and they were demonstrating the beta version at the booth. That was somewhat useful, but I really needed to (legally) obtain a copy of the product.

And then something amazing happened: Over the PA system, they announced that they were raffling off a beta version of the software. I couldn’t believe my ears. I ran to an ATM machine, took out $200 in cash and then waited. Soon, a winner of the raffle was announced. I walked up to him and bought it off of him for $200 and we had a beta copy of the company’s software. We were able to run it and find out what features were planned. Needless to say, it didn’t end well for them.

However, keep in mind the Golden Rule. Compete fairly and ethically.

But that doesn’t mean that getting out there and doing some basic reasearch won’t drive tremendous results.  You might be surprised at what you’ll discover.

A while back, I had a bad cold and was sitting at home with not much to do. So I decided to write a little ebook on avoiding common mistakes in writing.

I have no intention of making any money off of this, it’s just a fun little primer. It’s up on Amazon, and it’s free for the next several days.

Today, Microsoft announced its acquisition of BlueStripe Software. As an active board member of the company, I couldn’t be more pleased with the combination (although I will really miss working with the BlueStripe team).

BlueStripe has the mission to help IT operations teams map, monitor, and fix their distributed applications.

BlueStripe’s software, FactFinder, is a type of Application Performance Management (APM) product that is very unique, and very powerful. (The use of the APM label for BlueStripe is admittedly sloppy — it’s technically, per Gartner, Application-Aware Infrastructure Performance Monitoring, or AA-IPM. Nevertheless, the label “APM” sticks and even I can’t stop using it.)

Classic APM solutions help developers and IT managers spot and resolve problems with applications. Typically, this is done in the form of some code that is inserted into an app (kind of like a “barium trace”). This is what a company like New Relic does.

The problem with the code-centric solution is that it’s great for developers to debug their apps, but it doesn’t help IT or DevOps folks. So, the typical solution to an application problem is for enterprises to hold large “bridge” calls, where IT, DevOps, and app developers all get on long and often painful conference calls to determine where the fault lies.

FactFinder doesn’t rely on any code, and is a different type of APM. Instead of code, it relies on lightweight and intelligent agents (called “collectors”) directly installed on servers and desktop systems to monitor a broad set of applications. These agents then feed up into a map of all major applications, allowing an IT executive to immediately spot (and dig down to) where the problems are.

For example, let’s imagine an application in banking. When a person inserts their ATM card, a series of actions occur behind the simple ATM transaction, often involving a series of applications residing on various servers. And, let’s say that ATM transactions typically take under 30 seconds, but suddenly, start taking over 2 minutes. Something is wrong. It could be a failed connection, a configuration issue, bad code, DNS issues, rogue applications, mis-matched bandwidth, memory or storage — whatever. With FactFinder, the IT executive gets an immediate alert, and can visually determine where the problem is, dig down and fix it.

It’s wickedly cool stuff.

FactFinder can monitor pretty much anything. Windows, Linux, Solaris, and AIX servers, and even using containers like Docker. It can even monitor response times from other servers (mainframes, 3rd party services) that are part of an application. And, it monitors both packaged applications (SAP, PeopleSoft, Exchange, etc.) and custom-built applications.

Environments are becoming insanely complex

The problem of managing complex application environments is even more difficult because of two trends: virtualization (massively multiplying the number of servers and the complexity of the environment) and the move to the cloud.

It’s not unusual for a server to have 12, 20, 50 virtual machines — on one server. And the cloud… well, it’s not “the cloud”, it’s almost always hybrid deployments in enterprises. So you have a multiplication of complexity, because you have apps and data residing on the private cloud, and apps and data on the public cloud. You get the picture. Sucks to be an IT ops person.

And this is where FactFinder becomes intensely interesting. Because it can monitor the apps in these complex environments.

Which brings me to…

Where Microsoft fits in.

In my opinion, BlueStripe is a perfect fit for Microsoft. In fact, I can’t think of a fit more perfect.

To explain, Microsoft’s centerpiece in its systems management strategy is Systems Center Operations Manager (SCOM). SCOM provides IT managers with a total view of network operations.

FactFinder provides many advantages to SCOM environments, by discovering, managing and measuring application and platform dependencies.

IT managers can have FactFinder automatically build topology diagrams (not possible now in SCOM), map a dynamic application architecture, monitor dependencies and provide full coverage of dependency failures (you can see a 30 second demo at TechEd by Nick Burling to get a quick idea of how it integrates).

Simply stated, it “turns the light on” for IT, development and DevOps as to what is happening to with applications on their network.

In addition, BlueStripe Performance Center for Windows Azure Pack adds application management – and a single view for managing application service delivery, all tied directly into the Windows Azure Pack service management workflow.

Oh, that’s cool.

Well done, BlueStripe team (and the competent banking group over at Pac Crest).

And to Microsoft: You got a good one here.

Google has opened up the world, the moon, the constellations, and now… underwater. Soon to be part of Google Maps, you can see the basic design with images collected by the Catlin Seaview Survey.

Many years ago, I held a talk at one of my companies about email etiquette. We certainly had a problem.

But by putting in place some simple rules, it really made a difference in our internal culture.

More importantly, realize that your email is a broadcast of who you are. A well-written email really is noticed by the people who matter — those who will promote you, work with you, help you. Sloppy, crappy emails are very annoying.

Email is the prime communication medium for an organization. So I thought I’d share some lessons I’ve learned over the years.  Probably none of this is new to you, but you might find a reinforcement of your own viewpoint in this list.

1. Never vent or show anger in an email. It’s so tempting to write a blistering email that gives you the last word. But it’s incredibly toxic and unproductive (and I know, because I’ve done it!). Instead, cool off and talk to the person directly.

If you’re a manager and you are cc’d on an email with this kind of behavior, kill the thread immediately. Direct communication is the only way to resolve upsets.

2. Don’t ever say anything in an email that you wouldn’t like to see on the front cover of the New York Times. Privacy is an illusion and nothing is private anymore. I don’t even need to use examples of recent embarrassments. They are a dime a dozen.

(Peter Chung’s incredibly embarrassing leak that lost him his job.)

3. Always reply to an email within 24 hours. Ideally, sooner.

There is nothing more frustrating that sending an email, only to get zero response. When it spreads as a habit by many employees, it hurts corporate culture, something I’ve seen first hand.

If you can’t reply immediately with an answer, write something to the effect that “I’ve read this, and I’ll get back to you a bit later on this.”

Organizations rely on rapid communication, and those who ignore emails are actually hurting their own company.

It’s common to think that someone who doesn’t answer your email is ignoring you, lazy, not doing their job, or a whole host of other “reasons” for not replying, when all that might be happening is that the recipient is traveling and hasn’t gotten to their inbox. But you still have to try to reply in 24 hours. It is important.

4. Don’t use fancy formatting. Stay away from colors. Stay away from different types of fonts. No pictures of unicorns, rainbows, puppies or any other such happiness. Keep it very, very clean.

Keep your signature simple. No pictures of your kids, flowers, huge and unnecessary graphics and other clutter.

Also remember that graphics often just become attachments (and too many attachments can make a spam filter suspicious), so use them carefully – if at all. (Of course, your LinkedIn information and typical business contact info is totally fine and expected.)

And don’t use patterned or colored backgrounds.

5. Grammar: Write normal, full sentences. Don’t use “ain’t”, “gonna”, and other non-standard English words.

Be careful with emoticons — use them sparingly, if at all (and only if you have familiarity with the person). I saw an email once that had something like 10 emoticons in one paragraph. It looked, well, ridiculous.

Just because it’s an email does not mean it’s a free-for-all in casualness. The basic version of Grammarly is free. Or get my book. Or just be more careful.

6. Don’t write all lower case or all upper case. Write normally. Writing all in lower case means you have aspirations to be the next e.e.cummings or that you’re old or uneducated or can’t use a keyboard. And, of course, UPPER CASE MEANS YOU’RE YELLING (or old, or uneducated, or just can’t use a keyboard).

7. Punctuation: Don’t overuse exclamation marks (!!!!) or question marks (???). Separate your paragraphs. Don’t place a space between the end of your sentence and the period (surprisingly common).

Don’t overuse ellipses (ellipses show that some text has been removed). And if you do use them, remember that ellipses are always three periods…

8. Don’t overuse CCs and don’t abuse Reply All.

Be considerate.

I had to really drill this into my employees at one company. “You don’t have to worry about covering your ass and including me on a million emails. Think of who you’re including — it should only be the people who vitally need to know about what you’re sending.”

And the Reply All — don’t get me started. However, one thing that is important is to Reply to those who need to be on the thread. You can reply to the recipient and another person(s) who need to be on the mail, noting that you’ve removed the others.  If it’s important, you can also Reply All to the group, saying you’re taking the issue off-line with a few people, so that they know the situation is under control. Just don’t abuse Reply Alls.

Also, be very careful of Blind CCs. I’ve seen this bite people in the (you know what). They Blind CC me, I reply and then everyone knows there’s a Blind cc. Use it carefully, if at all.

9. Be considerate of the recipient’s device. Not everyone reads on a desktop. Realize that your beautiful HTML email, with your italics and boldface text, may just become plaintext. Or that the big attachment you’re sending might not be viewable on someone’s mobile device.

10. Write to be understood. Don’t use a lot of scientific jargon or big words that the recipient(s) won’t absolutely understand. Write at the level of a 15–year old.

In general, good writing (whether in email or in life) is:

• Pure
• Clear
• Precise

Pure means that the writing is in just correct English, without anything else added. Pure writing doesn’t include:

• foreign language words
• unnecessary technical words
• old, unused words
• slang

Clear means writing that uses normal, simple words, and does everything possible to avoid confusion. Words are not used that might be misunderstood to mean something else. Clear writing also does not show off, or use complicated terms that no one understands.

Precise means writing that intends to have the reader completely understand what is being communicated with as few words as possible. Precise writing has the goal of getting something immediately understood by the reader. It is writing that doesn’t use long, boring sentences. It doesn’t overuse words. However, it is not too short to be baffling.

The folks over at EmailTray have some more pointers.

What do you think? Are there any other items that should be on this list?

I routinely simply take pictures of things with my phone to catalog them — receipts, whiteboard discussions, etc.

Office Lens promises to do just that, with the power of OCR. Very useful. Link here.

Net Neutrality is a Good Thing (what is pretty mindblowing is how thoroughly the entrenched and very powerful vested interests — the telecommunications and cable lobby — got their posteriors royally kicked).

How it happened I’m not too thrilled about. But the devil is in the details. 

I think the best, most reasoned response comes from the EFF, an organization that you can put a high degree of trust in when it comes to internet policy.

So congratulations, Team Internet. We put the FCC on the right path at last. Reclassification under Title II was a necessary step in order to give the FCC the authority it needed to enact net neutrality rules. But now we face the really hard part: making sure the FCC doesn’t abuse its authority.