Monday, June 29, 2009

DPI in Iran

Over the past couple of weeks I've been reading reports of Iran's government's attempts to control communications into and out of the country. One of the recurrent topics is that of DPI (or deep packet inspection), including how Iran might be using it and who is supplying the equipment. I found this aspect of the political situation intriguing since I had to wonder just how DPI could usefully be applied by their government. I was also skeptical - DPI is one of those buzz-words tossed around by the media and the semi-informed whenever subversive filtering and monitoring are conducted by a government or an ISP, and it is almost always wrong.

First, let's dispense with the 'coarse' filters that are easily used, and without specialized equipment. DNS modification can be used to block access to URLs such as web addresses, and DNS poisoning can redirect users to a warning page, or even raise an alarm. This latter method is not commonly done in real-time since there are typically too many hits to deal with. Since a compromised DNS is easy to circumvent, IP address and sub-net blocking can be used instead. This does require basic DPI of the sort found in pretty much any carrier-grade firewall. This, too, can be circumvented, most commonly with cooperative proxies. Many people outside Iran are providing this ad hoc service, and it is difficult for the authorities to keep track of this and provision their firewalls fast enough to block all these specific addresses to have a major effect.

Other coarse filters include turning off the mobile and wireline data networks that are used to transmit photos, video, IM and SMS. The collateral damage is high (disrupts legitimate traffic) but acceptable if the authorities are sufficiently motivated. They could limit the shut down to only towers in the vicinity of demonstrations and other hot spots, thus limiting the commercial impact. This should be combined with wireline internet access blocking to prevent use of local Wi-Fi base stations. Of course, material can be recorded for later transmittal, if the authorities fail to confiscate all electronic devices in use by the protesters. An even coarser version of this approach is to cut electrical power to the neighbourhood (it's been done by some Eastern Bloc police units back in the communist era).

Then there is data mining. This is done real-time or non-real time to search messaging systems and call records for selected keywords and numbers; data mining does not allow for real-time intervention in traffic streams. It is done best when only a fractional set of end-points (subscribers) is monitored so that the problem is tractable, both for the equipment and for the people that have to review and act on the reports. One approach is to identify key individuals and monitor them in the expectation of getting all the pertinent data, since these people are those serving as nexuses in the protest movement. This is, again, easy to circumvent. At-risk individuals can borrow a random person's mobile phone. Also, messages can be deliberately misspelled to foil keyword scanners, much as spammers get around email spam filters.

After all of this, we have barely even touched on DPI. Just what is it and what can it do? I read the Wikipedia entry and found it a bit vague and only somewhat useful. Even if DPI is of benefit to them, could Iran get hold of it? Nokia Siemens Network claims not to have provided DPI to Iran - I find this believable - although I find it easy to believe they could get their hands on some, even the very best available. After all, if they can import large amounts of restricted munitions and nuclear material, you have to think that it is trivial for them to import commercially available high-tech boxes. Small boxes.

So what is DPI, and what makes it so interesting that it has become such a prevalent buzz word? At its most basic, I would define DPI as real-time, wire-speed monitoring and intervention of communications traffic - a definition that is both simple and descriptive. It covers everything from firewall pinholes and NAT to application blocking and speed throttling, to broadband metering to, well, quite a lot more.

That wire speed constraint is particularly important. Whatever the DPI unit is doing, it must be able to do it without failing to keep up with the data link running at full bore. This is easy enough for a consumer-grade firewall which can deal with the several Mbps data rate in software alone, without specialized hardware like network processors. However, on the network side where 1 and 10 Gbps IP links are common, the problem is far more challenging. If the DPI equipment fails to operate at wire speed under all traffic conditions, it will disrupt service quality, possibly quite severely, and will also be detectable to the endpoints. DPI is essentially equivalent to a MITM (man-in-the-middle) attack, so this is a problem if there is an intent for monitoring and intervention to be inconspicuous.

I do not want to go into details here of how a DPI box is built - its architecture - fascinating as it is. Suffice it to say that the greater the depth and extent of processing involved, the more complex its design, and the more it challenges the state of the art. As the operations performed get deeper into the packets, correlate across packets and other data streams, and are highly application sensitive, the application of network processors, its firmware rules, and cooperation with ancillary transaction processors become increasingly critical. For this reason, any one DPI unit (and even product design) is typically finely-tuned for one or just a few specific applications.

Knowing this, just what are these purported DPI units being used in Iran? The first question to ask is if, for whatever it is they need to accomplish, there an available commercial product? If there isn't, they could of course roll their own with a level of investment in personnel, design and operations. They may be able to get their hands on the chips, but if they need to acquire them outside of export restrictions they will have a large problem when it comes to manufacturer support. Using these chips, in particular the most sophisticated chips, without hand-holding by the supplier, is very difficult indeed.

Let's assume then that the products (and documentation!) must be purchased. They will now be able to move some of their near-real time data mining to real-time. Is this helpful? Perhaps, if time is really that critical. DPI isn't a magic pill: you can only do what you can already do, including all of an algorithm's inherent limitationss. Monitoring for specific words or other patterns within applications is subject to the same user circumventions already mentioned. It is even less useful since the pattern search will of necessity be more restricted and absolutely not modifiable quickly (or even slowly).

Monitoring a specific user can be made more timely with DPI by opportunistically mirroring a specific user's traffic for further near-real time analysis. This is already a requirement for CALEA (in the US) and similar law enforcement usage in other countries, and is available for VoIP and other applications. NSN has said they've provided equipment of this sort to Iran, although I have not heard if it's only for the voice networks or also for IP networks. However, as already mentioned, users who suspect they're being monitored can circumvent the authorities by using another protester's phone. Besides, since mirroring is already supported by commercial routers there is no need for separate DPI boxes to do this.

Beyond this class of applications I strongly doubt that DPI is seeing significant use by the authorities in Iran to combat the protesters. There may come a time in the future when DPI will be able to do far more, but right now it's too fragile and imperfect for what Iran would like to do. They'll stick with coarse network controls and monitoring of individuals, and some good, old-fashioned brutality.

Thursday, June 25, 2009

Indispensable Employees

There is an old aphorism in business that may appear perplexing when first encountered:
If you have an employee that is absolutely critical to the company or project - someone you absolutely cannot do without - fire him/her!
If you are an employee, you most likely would enjoy being in this position since it is not only fulfilling (we all like to be needed) but also gives leverage in negotiating salary and benefits. Besides, why would the company want to get rid of you if you are so valuable? When looked at from the perspective of the employer, the situation is more nuanced.

The issue is one of risk. A critical dependency on one individual - a person that could leave, become ill or simply lose motivation - is a sign of poor management; having a single point of failure in an organization is unduly risky. That is the point of the aphorism above: to make the employer realize the risk with which they are dealing and to start planning, now, to eliminate the source of the risk. The solution is not (despite the superficial message of the aphorism) to fire the individual but to incorporate redundancy into the organization so that loss of any one individual cannot cause serious damage. This may not be possible in a small company or technology start-up, but plan for it anyway.

A good example (for Ottawans) is the pending loss of Heatley from the Senators line-up. It isn't critical since the team has sufficient talent that loss of an unhappy star is entirely managable. But what happens in a business, a prominent business, with a publicly-acknowledged star player, when there is a real risk that the player will be lost. Consider this quote from the famed Warren Buffet of Berkshire Hathaway:
"I think if I have any serious illness, or something coming up of an important nature, an operation or anything like that, I think the thing to do is just tell the American, the Berkshire shareholders about it. I work for 'em. Some people might think I'm important to the company. Certainly Steve Jobs is important to Apple. So it's a material fact."
Here we have a situation where Apple has a CEO, Steve Jobs, who is widely believed to be indispensable to the company. As he alludes, the same can be said for Buffet himself.

Notice that he doesn't say that he and Jobs are indispensable, only that the investing public might think that they are. Are they? Perhaps not. In Apple's case, while Jobs' leadership clearly had a major impact on the company's recent successes, the talent pool goes deep into the organization, in engineering, design and management. In Berkshire Hathaway's case, it is also true, though less deep since the company has a smaller number of employees and key managers.

If Jobs and Buffet were truly critical employees, investors should be very wary. If something unfortunate happens to one of them (Jobs is ill and Buffet is getting old), what will happen to the stock prices of their companies? I expect there will be an initial hit, followed by a rebound. I expect this since neither person is currently critical to their companies; they both were at one time, but not now. They have done their jobs well to ensure there is not only a succession plan but also a culture infused with their style of leadership.

If there is a company with a truly critical employee, an especially visible employee, you should limit your investment, both in time and quantity. Ensure that you are not overly exposed when the inevitable occurs. That is prudent investing.

Sunday, June 21, 2009

Nortel - The Anti-climax

The inevitable outcome of Nortel's woes is now proceeding to the end game: This is exemplified by the following quote from the CEO:
"We're in advanced discussions with anywhere from three to seven companies for each one of the assets," said chief executive officer Mike Zafirovski. "If we're successful in getting the right value and the right integration planning and so on then Nortel as an entity which we know it will no longer be here in the future."
I would hope that by now no one is surprised. The climax of this long, drawn-out story was in late 2008 when carriers and enterprises responded to the financial crisis by deferring the majority of their discretionary capital expenditures. This turned out to be a large fraction of their capital budgets. Nortel, already weakened, suffered a fatal blow. The patient was dead before the body even hit the ground.

From the creditors' perspective, what this outcome means is that the parts are worth more than their sum. For much of the preceding 40 years it was the opposite: the whole was greater than the sum of its parts. By parts, I mean the individual product lines and business units.

A large corporation that is a conglomerate of such parts must have some market benefit to keeping their diverse portfolio under one corporate banner or there will always be shareholder pressure to divest one or more of those parts. In Nortel's case, the benefit was that the world's largest carriers could rely on Nortel to supply a broad range of their network infrastructure requirements. It also meant that Nortel had a presence in every aspect of the telecommunications business. Want a business telephone system? They could point to Meridian and Norstar. Want a hosted business telephone system? They had Centrex. This was true throughout their portfolio. Few companies had that breadth; even today, Cisco's telecommunications portfolio has many gaps (their lock on the enterprise and carrier IP business gives them their edge).

That theme that made Nortel so strong has vanished: there is no glue to hold the parts together. Nortel knows it, and so do their customers. Add their financial woes to the mix and you get what we see today. Nortel will soon truly be history. What a shame. I still remember the confidence I had in heated, though friendly, discussions years ago with colleagues in Lucent, Siemens and the other big equipment vendors that when the inevitable shake-out in the business occurred that Nortel would be one of the giants left standing.

One amusing note was this quote from Susan Spradley of Nokia-Siemens Networks on commenting about their offer to purchase Nortel's wireless business:

Ms. Spradley said the acquisition will be complementary to its current operations.

“The relationship and customer base that they have is tremendous and we’re very excited to expand our relationship with some of those customers even deeper,” Ms. Spradley said.

Ms. Spradley was one of the Nortel senior executives (business unit President) who the company sacrificed in a bid to appease prosecutors looking for blood in the wake of their financial shenanigans. This deal must have provided her with a pleasant moment of schadenfreude.

Thursday, June 18, 2009

First Look at Bing

Like most people, I use internet search quite often although I am no expert on how the various search engines compare with one another. I am however open to alternatives to the one search engine I use most often - Google - since I have for some time had vague negative feelings about the quality of its results. Exactly why this was so, I just could not put pin down.

Experimenting with Microsoft's Bing search engine, I am beginning to understand. The quality of the top search results is subtly better. I don't quite know why this is so, but let me try to articulate what I am seeing.

With Google, there is an excellent probability that the top result will be the one I want. But when it isn't, it is a pain. Whatever their search algorithm does, it seems to pull up a lot of results that are either obscure, poorly related to the search terms, spammy sites, or variations of the other unwanted results.

Trying the same searches with Bing shows up some differences. Again, it is very good at delivering a top search result that is what I want. I am sure there must be some difference between Bing and Google, but that is not apparent from the brief testing I've done. The difference is in the other top results, and especially where the search is one more obscure terms.

What Bing seems to be doing is delivering more variety in the top results. By this I mean, rather than results closely associated with the top result, it elevates a few results from more diverse sources. This brings to the fore a better selection of top results that may contain what you really want. Google is more prone to burying these results deeper in its list, perhaps many pages down.

Without knowing the actual algorithms, my analysis is perhaps not much better than an educated guess. Yet it seems to be true, and... I like it. It does have its problems, and so my assessment is not all positive. For example, a vanity search on this blog turns up nothing. Nada. It isn't that Blogger blogs are not in their database since I can find popular Blogger sites well covered when I search for those. Then on the positive side there is the image search which I find much easier to navigate, and it has nice features such as auto-zoom when you mouse over a thumbnail. All this makes Bing worth some time to explore.

What I am now going to do is make Bing my primary search engine and use it for a while to see if my initial, positive impression is sustained. I will continue to use Wikipedia for more directed, encyclopedia-style searches since it works well for less-transient information and most articles provide outside references. But for general search I will try Bing. There may be some good reasons why Bing is getting some popular attention.

Wednesday, June 17, 2009

Irrational Behemoths

There seems to be a law of large companies that when faced with disruptions to their core business they begin to act irrationally. By irrational I mean they start new projects and businesses, often with enormous amounts of capital, that do little to nothing to effectively address the challenges they actually face.

This came to mind once again when I read this well-written article on Microsoft's activities. The rise of the internet created new challenges and opportunities for the entire technology industry, and especially for industries that depended on controlling telecommunications channels to customers. This is well-understood and does not need elaboration. Microsoft did quite well in the early days with Internet Explorer and IP-centric extensions to their Windows-based business lines, by effectively using their size (and money) to out-manouver emerging competitors like Netscape. It was no small victory: they furthered their dominance by a full decade.

The challenges they now face are more formidable. They are coming at Microsoft from many directions all at once: mobile, gaming, cloud computing, web services and portals (including search), smart phones, open source software, and so on. The upshot is that their dominance in the PC operating system space is increasingly less useful as a tool to control and manage the overall computing and communications marketplace.

Things do change, even for Microsoft. We need not shed any tears since they continue to have quite a good run. What is fascinating is watching them deal with these multifarious threats. Mostly these have been in the realm of the aforementioned mega-projects: Zune, Xbox, .NET, Exchange, Windows Mobile, MSN, Vista, and, most recently, Bing. These are not all terrible products and services, but little distinguishes them from the competition, and this is a problem when you are trying to displace other dominant players in those areas. Surprisingly, Bing looks promising, but then I would not expect Microsoft to get everything wrong!

Why they have been doing all this is clear enough: position themselves on every path between consumers and the services they want. I think they will ultimately fail. The picture I have in my head is from the old story of the little Dutch boy sticking his finger in the dike to block the hole in and untimely failure of the dam. Except in Microsoft's case, there are many holes, and even great rending cracks, popping up all over as the water level behind the dam grows ever higher, building pressure until the dam gives way or the water flows over or around it. What Microsoft needs is not a concrete patching kit, but a boat.

Why does Microsoft make so many costly errors, especially when they have the resources and the talent to do so much better? Large companies are typically risk averse, and Microsoft is no exception. They feel most comfortable picking other, successful businesses that threaten their cash cows and trying to compete with those well enough that their brand and resources can win the day. That is a very expensive strategy. When that doesn't work they try to leverage their installed base of Windows, Office and other products to cripple their competitors. For examples, look at ActiveX, .NET and ODF. They had temporary success with ActiveX and other HTML peculiarities, but ultimately that failed because they continued to be followers and not leading innovators.

Microsoft, as I indicated at the start, is not alone in their irrational behaviour -- many large companies, especially those that have been dominant, are the same. Even in Nortel, with which I have personal experience, there was a bizarre sequence of irrational behaviour in the late 1990s as they encountered their own challenges due to the internet. These included spending enormous amounts on redundant and unwanted switching software that the carriers didn't want, buying companies at ridiculous valuations that were perceived to fill holes in their portfolio, and raising prices even in the face of cheaper competitive products. The automotive industry also comes to mind here, with all their ineffective and expensive initiatives over the past decade or two.

One thing these companies have in common is far too much money: their cash cow businesses keep refilling their coffers, covering for management's expensive mistakes. This, of course, can only continue until those cash cows eventually sicken, which must happen to all cash cows. Except by then the opportunity to replace them has been lost. They would have been wiser to spread some of that money across a range of innovative proposals and then make further investments in those that show initial promise. They can choose proposals according to how well they address the company's challenges, and even make it a contest for employees. That would light an entrepreneurial fire among their best people.

Managers at these companies are typically not entrepreneurial and they are measured on objectives that are comparable to the size of the companies. A common thing you'll hear in every one of them is that it is pointless to propose a new technology or business unless it is provably able to deliver $100 million or more revenue per year. That's an impossible hurdle for truly innovative and risky ventures, and so it is no surprise that good ideas that their smart people propose go nowhere. Like Nortel, Microsoft, GM and all they rest, they stick to the tried and true, and unhelpful initiatives. To them it's very rational. But it isn't - it's irrational when you consider what they must at least attempt to accomplish to keep the company healthy and competitive. Instead they stifle the best ideas of their best people, driving them to leave, and leaving the company without the talent they need to succeed.

By comparison look at companies like Amazon and Google, both of which are large, dominant businesses. Google is very engineering-driven which, while causing many problems, does generate lots of interesting initiatives. They are also young enough as a company to not (yet) be afraid to innovate. Amazon is another interesting example with their history of innovation. Have a look at this interview with Jeff Bezos. Contrast his style of leadership with that found in Microsoft. Apple is of course another good example, in that they have gone through alternating phases of innovation and big-company misadventures, and finally back to innovation.

Microsoft has talent and a record where they do sometimes do things right. That makes them interesting to watch as they continue their struggles. Love them or hate them, there are some important lessons to be learned from their ongoing successes and failures.

Thursday, June 11, 2009

Political Ambitions

The Lisa Raitt affair is now passing through the apology phase (there's a pretty standard progression for this sort of thing). Regardless of whether she should stay or go, and the countless opinions about that being offered from all sides, I want to look a little deeper at a side issue that has come up in all of this: ambition.

Minister Raitt is ambitious. This has come out of her own words and what is apparently being said about her by Conservative Party insiders. I see nothing wrong with that. I would be surprised if that were not the case. Anyone who aspires to a position or an accomplishment requires amibition. This is true of athletes, job seekers, entrepreneurs, and perhaps even bloggers. Ambition is what drives humans to achieve and create things; sometimes even great things.

But what is it that motivates a politician, including Ms. Raitt, to seek political office. That is, what is the underlying drive for that ambition? Ambition requires a source. When each of us was young and had to choose a career, there had to be some driving force to guide that choice. This in turn powered our ambition to pursue that objective.

Despite much cynicism about politics and politicians, there can be positive drivers for their ambition to pursue that avocation. The road is bumpy and littered with many disappointments along the way, with no surety of success. Without ambition, the budding politician would give it up before long.

I will simplify to a short list what I see as the selection of drivers for political ambitions:
  1. Power - to be top dog, the one calling the shots.
  2. Idealism - implement (or impose) policies and programs born of deep personal belief.
  3. Public service - give back to the community, help others, or improve the people's lot.
Look closely at any politician, especially those in leadership positions or ambitions in that direction, and you can probably figure out which drivers apply. In Lisa Raitt's case, I would guess her driver is the first one - power. I would make the same choice for Larry O'Brien. I would pick idealism for Stephen Harper or Pierre Trudeau. For someone like Bob Rae, I would guess public service.

With some politicians I find the choice more difficult. How to categorize Michael Ignatieff or Dalton McGuinty? I see little idealism in either, though there may be some mixture of power and public service, possibly with public service in the inferior position.

Then there are those whose drivers change during their careers. A good example is Jean Chretien. His early career seems to have been driven by idealism and public service, yet by the end there was little to see outside of a desire for continued power.

It is even possible to categorize entire political parties. At the federal level, for the Liberals I see the major driver as power. For the Conservatives, it's a mix of idealism and power. The NDP and Bloc seem primarily driven by idealism. I am not surprised that public service does not jump out at me when I look at the parties since each political party is bound by shared ideals and, where relevant, a quest for the power to put those ideals to the test. As a driver, public service seem to only apply to individual ambitions.

In a perfect world I would like my elected representatives to do what I want done. They would mirror my own ideals and be ready to serve the public good. I also need them to have some ambition for power so that they can be effective in getting things done. In other words, I want to see a balance of all three drivers in their ambitions.

Lisa Raitt does not display this balance, and neither does our current PM. While I have little hope that Stephen Harper could ever dilute his idealistic bent, there is some hope, even if it's a small hope, that Lisa Raitt could achieve a better balance to her ambition in the future. Without that change, her ambitions ought to be denied.

Tuesday, June 9, 2009

Avian Citizenship

What makes a bird Canadian? They aren't on the tax rolls and they don't have passports. Yet it seems to be so terribly important to tag the origin of birds that get in the way of large aircraft.

The scientists have a reason to identify the population of the Canada Geese in the US Airways 1549 incident: which is to find ways to prevent or avoid similar occurrences in the future. That's fair enough. Scientists seem to assign them their home by where they nest and procreate. In this case, that would be Labrador.

However we should be wary of the moniker that we humans assign to these birds -- Canada Geese -- since it means nothing of essential value. We could just as easily call the geese Americans, and then wonder why they keep coming up here and pooping all over our cherished Newfoundland-Labrador. Where are all the editorials about that outrage?

Monday, June 8, 2009

LinkedIn Surges

Have you ever noticed that people tend to go on a "friending" spree when they go on to the job market? Layoffs are common in the high-tech sector so this is something I've noticed over time.

A surprisingly large percentage of former colleagues who invite me on LinkedIn are in this very situation. It happens so often that I am automatically prepared to offer condolences and encouragement every time I get an invitation from someone I haven't spoken to for a few years.

I have to wonder if this is typical of what others experience.

Wednesday, June 3, 2009

Natural Gas: Another Update

Although I don't mean to harp on Natural Gas prices, a follow-up seems appropriate considering my last posting on the topic back on May 11. At that time I stated my belief - not certainty - that the ETF would bounce of the 50-day EMA. I was entirely wrong.

Rather than mentioning it at the time that failure of that support line occurred just one week later, I decided to wait and see what else transpired. Not everyone waited, and instead declared natural gas to be a disaster. This same article went on to compare the divergence in producer stocks and the commodity futures, drawing the conclusion that the producers would be next to fall in order to erase the divergence.

Of course the divergence can be erased by a rising commodity or merely meeting somewhere in the middle. In an attempt to further salvage my position that natural gas would rise in price (eliminating the divergence) I was tempted to draw another line on the UNG chart (shown here). However I waited to post this until I saw some confirmation to avoid embarrassing myself again.

I made the line thin to avoid obscuring the rest of the chart. It is drawn along the peaks of the downtrend line (only 3 months are shown but it is valid for a longer period) and was pierced to the upside 2 days before the same occurred with the EMA. The question I had asked myself was whether this line would now become a trend-line bottom, signifying a trend reversal. This, in combination with a higher low gives me some confidence that we now do have the beginnings of an uptrend. That same confidence was shaken when the EMA line failed to offer support.

If that trend line support fails in the coming weeks, well then I must really be wrong. I am continuing my position in the under-priced (my opinion) producer stock I purchased earlier. So far I am in the black, and I expect to do even better. With that said, I will avoid boring readers by stopping to write about natural gas.

Monday, June 1, 2009

Toxic Stock Options

I got a strong feeling of deja vu when I read this article on the perils of carelessly exercising and holding stock options. While this is a topic that may seem a bit out of tune with the times, it is worth attention for all of us who work in the technology sector and hope to, eventually, do well with stock options in start-ups. I have seen others brought to the brink of financial ruin in the dot-com boom and bust because of this issue.

The article itself is pretty clear so I won't repeat what it has to say - go and read it if you have options in the company you work for and you are feeling optimistic about your prospects. That way when you do see your options in the money some time in the future, you will be prepared. Or consult a professional for advice before you exercise those options.

Those of us in this business tend to be an optimistic lot. When we accept options as compensation in a struggling start-up it is with the hope of future success. Sure there are no guarantees, but hope springs eternal. From time to time the unthinkable happens and the company flourishes and the market bounces. The company goes public and your low-priced options are suddenly well below market value.

Now let's say those options are set to expire as often occurs. Although this normally takes several years, it can be surprising just how fast the time can pass. You suddenly have a decision to make: exercise those options and hold them or sell them? A more common scenario is when you leave the company, whether voluntarily or not, and you are under the gun to choose.

If you exercise and sell, the tax treatment is straight-forward: take your profit and pay your taxes. If you decide to hold you have just incurred a taxable benefit. As the article points out, if the shares decline in value so that you later take a loss, the loss is magnified because of the different treatment of exercising versus capital losses. Even if the shares do not decline to this level, the taxes on the gain of exercising the options is due that same year - you will need to raise funds to pay the tax bill.

I've been in this situation only once in my career. I got good advice and I was aware of the mistakes others had made. I chose to sell the shares immediately upon exercising the options. I'm glad I did since only a short while later those shares were below the option price.

The lesson here is that optimism is fine, provided it does not blind you to the possibility of unpleasant outcomes. Protect yourself.