Congrats Google

OK – well its been about a month now since I made my prediction about Google…

My bet was that Google would not sustain a $100 price within a week of the IPO. On the technicality, I guess I was right – the auction went for $85. But, overall, I confess I was wrong. Its stayed above $100 since the opening bell, and now hovers at $113. Congrats to them!

Some of the traditional investment “experts” are still criticizing Google for having “flubbed” their IPO. While you may think I’d agree with them based on my previous blog on the subject, I absolutely do not.

What I do agree with is that they made the process too intimidating and scared off investors.

But I do not conclude that they did the wrong thing or flubbed. They absolutely did the right thing.

The Forbes article claims that “Google left money on the table” (as opposed to had they not used a dutch auction), and therefore they flubbed the whole IPO. But the real question is “who didn’t get their money”? If Google had used a traditional IPO, they would have received a fixed, negotiated price from their underwriter – which they would have been locked just a few hours before the IPO. As I mentioned before, Netscape negotiated $24 per share on their IPO. However, the shares immediately turned around for about $70 on the open market. Did they leave money on the table? Oh yeah – about 2/3rds of the money!

Had Google trusted the traditional investors, the same thing likely would have happened. Google may have seen as little $50 or $60 per share (far less than what they did retain for the shareholders), and the opening bell price would have been the same.

So, who didn’t get their money? The “traditionalists” didn’t. And they feel upset about it. Its just a case of sour grapes.

Google’s upcoming IPO

Here is just a random prediction I wanted to put out about Google’s upcoming IPO. I’m probably wrong; but I wanted to put this in ink before the IPO happens…

First of all, I really admire the guys at Google for doing their IPO differently. There is absolutely no reason to let the bankers and underwriters walk away with more money from the IPO than the company itself. When I worked at Netscape, I watched the Netscape collect $24 per share for IPO stock which the business guys then sold on the market for $70+ per share on that very same day. That means that for every $24 that went to Netscape, $46 or more went to the bankers, who never built any product or any value. What a shame for both Netscape the company and the investors in Netscape. Congrats to Google for having the power, foresight and courage to do it differently.

But, I’m a little worried for our friends at Google too. I’m not planning to purchase any of their stock myself (much too risky for me!), but I did check out their IPO site when you could still get a bidder ID. (You can no longer get a bidder ID now) What I saw was pretty daunting. The site was like most prospectuses – it outlined all the hazards, risks, and things which could go wrong. But on top of that, you had to click “accept” though about 4 pages of legalese and terms which were just really long. As an individual investor, I got scared halfway through the process and dropped out of my plan for getting a bidder ID altogether.

Now, consider how traditional IPOs go. If you want to invest, you call your broker, and say “I want to invest in Google”. He says okay, takes your request, and does everything else for you. Its so easy. If you were going to “invest on a whim”, he’s completely happy to take your money and help you do just that. All the legalese was signed and taken care of when you opened your brokerage account years ago; so there is no daunting process.

But Google really puts that process in your face. I think it will scare investors away. I’m not an expert in the field, so I don’t know how many people will be scared away. Will institutional investors be scared? Or just private investors? I don’t know. But I do understand supply vs demand, and the process simply can’t increase demand for their stock. Keep in mind, SEC regulations make it illegal to “pump up” your stock. So, disclosing all the bad stuff is the right thing to do. Arguably, your broker makes it too easy to gloss over the warnings in the more traditional IPOs.

On top of all the process just to get in on this IPO, the IPO is also closed to non-US persons. This further decreases demand for the stock. I don’t know how much, but it can’t be good.

Finally, there are all the recent publicity problems for Google – they forgot to register a bunch of shares they had issued, they accidentally spoke to the press during their quiet period, and they think its worth $100+ per share at the opening, which seems pretty high to a lot of people. Wow – thats a lot of bad stuff!

So, my prediction – I don’t think the stock will maintain a $100 price within 1 week of the IPO. The real question is “how low will the sellers go”. I do not think there will be very much demand to buy at that price, but sellers may be unwilling to sell immediately for less. So, I’m expecting lower-than-expected volumes of trading, and gradual decline of the price; settling around $60 per share in 3 months.

Well, I hope everything goes really well for them; but I won’t feel bad for them in any case. The fact is they built a great product, and they will have success. At some level, whats the difference between a $10, $20, or $30 billion IPO? The investors will whine about the difference, but to the employees that built Google, its a great success no matter what, and they should be proud.

Keep in mind that I have no idea what I’m talking about, and I am basically making all this up.

Can small businesses afford the .NET size?

This is a followup to my entry on May 06 about Managed code and C#. This may sound like I’ve bought into the Microsoft story; but its really based on my experience as an independent software developer. Decide for yourself though…

The question is – as a small business, can you afford the hit of .NET to develop your applications if some of your customers may not be able to install .NET? Will the 23MB download of .NET be so big that it limits your distribution and prevents your product from being a success?

The answer is pretty complicated. Is your target user a personal computer user? Or a corporate user? Do you expect the IT department to install the product or will the user install it directly? You should think about these options before you decide what to do. Unfortunately, as with many technologies, using .NET is almost an all-or-nothing choice.

As for me, I’m a wholehearted believer in C#/.NET at this point, and I think most companies should elect to use .NET, despite the download. Here is why.

First of all, .NET ubiquity is growing. Microsoft claims that they already have over 80million copies of the .NET framework installed. From the Lookout stats, its hard to tell what percentage of users already had .NET installed, but I think its about 35%. How many users didn’t install Lookout due to .NET is almost impossible to calculate. But I do know that by bundling .NET installation into your install (which Lookout optionally does for users that don’t already have it), a lot of users are able to install easily. These users are probably broadband users, however.

The good news is that the .NET framework is being bundled with many new Windows installations today. The availability of .NET is only going to increase.

Here are some reasons you should use .NET.

1. Most developers agree they are more productive in .NET.
Developing in C# last year was eye-opening to me. The fact that two guys could build something as complicated as Lookout in a short period of time is just amazing to me. We’re not geniuses, we’re certainly not rocket scientists, but we were able to do it. A lot of it is thanks to .NET. There is no way we could have built an equivalent set of features in C++ in a similar amount of time.

I do think that Java offers many of the same benefits as C# from a pure development perspective. But the Java Runtime is even less distributed than the .NET framework. So, if you are looking to build in a managed framework where you won’t have to bundle and distribute the 20MB framework, C# is a better bet. For server-side applications, you probably don’t care about the distribution of the framework.

2. .NET is more reliable.
In the case of Lookout, we were building an application that had to exist inside of Outlook. Outlook is known to be one of the more treacherous programming environments out there. MAPI in particular (ask your developer friends) is a bit obtuse, and easy to screw up. Managed code, however, runs within a protected boundary. Because its completely interpreted, the native->managed wrappers put a big blanket around the .NET code. If your .NET code crashes or goes awry, its very easy to catch that crash so that it doesn’t percolate into the Outlook application itself. Its difficult to accidentally corrupt the main application’s memory space. Lookout has received praise for its reliability (although it has its share of bugs too), and a big part of this, I believe, is the fact that as managed code, it can’t screw up its hosted application. Consider if it were C++, however. If you have one bad pointer bug, you’ll take down all of Outlook! Thats a huge liability, responsibility, and just downright scary.

3. .NET is more performant than C++ code.
This may sound most controversial to many people. However, I believe it to be true. As a managed language, you may think, “how can it possibly be faster?” Well, you are right at one level. If your application is just a number-crunching app that wants to drive the CPU as fast as it can, you can probably write a more optimal algorithm in C++. But how many apps have that property? I’d argue almost none- except for pure research or scientific applications.

The performance of most real-world applications these days hinge on a combination of disk IO patterns, network IO patterns, and CPU patterns. This is a complex formula, and is generally difficult to optimize. Talk to any performance expert out there, and they’ll tell you that the way to optimize is to design your app, build it, and then profile, profile, and profile again. Use profiling to figure out where your hot-spots are, and then redesign those portions. This is where C# and .NET crush C++. The fact is that C++ is so complicated to maneuver in that refactoring based on profiling is a very difficult and time consuming process. Most companies simply cannot afford to spend much time here. Developers can discover the major bottlenecks, but except in extreme cases, they do not have the time or resources to redesign them. Instead, they will employ a set of “quick hacks” to work around the bottlenecks. These quick hacks become legacy problems for the codebase, and don’t fix the underlying problem. Over the course of a year, after a few patch releases, the C++ code remains largely stagnant due to cost considerations.

C#, however, can be refactored with much more ease. As problems arise, developers can much more easily rearchitect around performance bottlenecks. That profiling data does not go wasted – there is actually time to redesign large portions of the application without destabilizing the whole thing. Because of this, the 2nd and 3rd generations of a C# project will significantly outperform their C++ counterparts, and also be higher quality.

Case in point (and I am certainly biased here) is the Lookout MAPI indexer. I have tried a lot of the competitors’ products, and I believe the Lookout MAPI indexer is 2-5 times faster than any of the competitor’s indexers. The competition is written in C++. How is this so? We redesigned the indexing algorithm about 3 times based on experience and profiling. The C++ guys can’t keep up.

Conclusion:
Well, if its really faster, has fewer bugs, and takes fewer resources to build, you know my conclusion. Some folks may still want to have their applications target some of the old legacy machines out there (windows 98, etc), and if you really need that, C++ may be for you (although .NET does allegedly run on Win98 too). And, you can’t ignore that .NET does require more RAM; so it may not run as well on the older machines. Anyway, I just hope that Microsoft bundles .NET into a service pack sometime soon so that this whole distribution question can start to go away.

Your Anti Virus Program is a Virus

I had a couple of reports over the last few days that the Lookout install was infected with some sort of trojan or virus. This is very alarming, of course! So we looked into it seriously.

What we found, is a bug in Symantec. On Aug 9th, the corporate edition of their anti-virus software published a new definition file of viruses, which incorrectly diagnosed the Lookout installer as containing a virus. This has apparently been fixed in their Aug 10, rev 23 update of that file.

The particular file that was declared a virus was “nsisdl.dll”. Its a part of the NSIS installer, which is used by Lookout, but was written by the WinAmp team. From reading around the net, you can see that their product (as well as all other products that use NSIS) were suddenly hit by the antivirus product.

What the antivirus product does is to delete the files which contain “bad stuff” – and they do it automatically. And the definition of “bad stuff” is auto-updated behind your back. I sure hope they don’t make mistakes like this very often. What would happen if your trusted anti virus folks made a more serious blunder? What would happen if some hacker figured out how to edit that file (its probably signed to avoid tampering). Shoot – with this powerful antivirus software running on your system, who needs a virus program? If I were a hacker, I’d spend all my time disecting the virus definition file from Symantec, and trying to change it on their site. It would be hard word, but if you were successful, it would be the worst nightmare ever. Symantec has taken care of the distribution problem for you – just flip a couple of bits and that “anti” virus becaomes the virus itself.

But you know, I’m paranoid. I guess false positives are part of the world we live in. Sucks.

Blog Spam

Its a shame, but everyone seems to be doing their best to spam lately. I got two comments today (from the same person, pretending to be two people) with a link to their own advertisement for junk. I guess they are under the ficticious belief that Google will give them better placement if they try to use my site as a link to their spam? I guess they think Google can’t figure that out? Hmm. Spammers.

Anyway, if you think you’ll get away with spamming here, think again. I will crush you.

Stealing keystrokes

The “Scob” virus last week that was swimming around the web reportedly was capturing keystrokes and sending them back to a russian site somewhere. Its unclear if the recipients of this data were sophisticated enough to actually use the data they stole, but if they were, the poor souls that lost their data could be in for real trouble.

The notion of “Stealing Keystrokes” has me thinking. I’m no expert on keyboard drivers in windows, but why is it that a 3rd party application can be installed in windows to steal keystrokes which were intended for a different application? Just like we have segmented memory today, shouldn’t we have segmented keystrokes? In Unix, when I press a key on my virtual terminal, you’d have to be super-user to steal it. (XWindows probably opens up a whole set of holes, but lets not talk about that yet)

So, why not write some sort of driver inside of windows to protect the keyboard messages? Maybe some types of keys, like control-keys, shift-keys, etc would still be sent around globally so that hotkeys can work and such. But for regular old keypresses, is there a way we can make sure they only arrive at the intended application?

We know that these virus attacks are going to get worse. I think we need to start protecting even the individual subsystems in windows.

I wish I were proposing a better “solution” here, rather than just complaining about shortcomings…. I’ll do some research and see if I can’t learn anything.

Lookout Mentions

Its always fun, although perhaps somewhat narcisistic, to see who is writing about Lookout 🙂

Today I ran into a nice mini review of Lookout and other tools. Lookout wins!

And here is another from a guy that uses Lookout + Newsgator.

Another satisfied user says that Lookout “doesn’t suck”, is fast and worth the price.

Scott Waterman wrote this great entry comparing Lookout to Gmail. Nice to be considered among the big boys!

And I guess Scott’s article prompted this nice review too.

Another guy says that “Lookout is [his] best friend”

Here’s one about a guy taking a stroll down memory lane due to all the stuff he can now drudge up via Lookout.

Here is another fan that says he “heartily recommends” Lookout.

And here is one more nice writeup which was just posted today!

And amazingly, all of those are just in June!

Why do I search for all these entries? Well, its partly because its fun to read nice comments about your work. But its also because I’m deadly paranoid that someone out there ran into some wierd problem that I haven’t otherwise heard of yet – and I’m searching for it. But, so far, while I’ve found all these nice, warm-fuzzy reviews, I haven’t seen anyone saying anything bad. Phew!

And I really like this last one, because Lookout was the impetus for his very first blog entry! How flattering!

How much spy mail do you get? Who from?

I’ve been running my no-spy-mail utility for a little over a week now. Its definitely been an interesting experience.

First, a little about my email. My test mailbox is mostly spam – probably 98% spam. Its unfiltered in any way. Since running nospymail, I’ve trapped 313 spymail emails! Holy cow!

Whats going on is that its trapping all the spammer sites that use http images to track their advertising campaigns. Probably the reason I get so much spam is the very fact I haven’t been running nospymail or antispam products. Most of the mail I don’t open, of course. But, each time I accidentally do, or leave the cursor in the wrong spot to open a message, BOOM – the spammer gets a nice little note saying that mike @ belshe.com received and read advertising campaign #38273. His IP address is W.X.Y.Z, he read the email from somewhere in Santa Clara county, and his browser is Internet Explorer 6.0. Thats more info than I care to give those guys. I’m glad its working.

The spammer sites are also just flooding out email. There is one site, sending me mortgage stuff, which sends me about 5-6 spymail messages PER HOUR. Their site is images.dabsaahm.biz. Just a spam company.

Anyway, mildly interesting. I’ve passed NoSpyMail to a couple of friends now. At first they were like, “yeah yeah, spy mail. spy ware. viruses. spam… yuk.” But, once you get your first notification that someone is spying on you, you get *really* curious.