Mike Loukides

Mike Loukides is Vice President of Content Strategy for O'Reilly Media, Inc. He's edited many highly regarded books on technical subjects that don't involve Windows programming. He's particularly interested in programming languages, Unix and what passes for Unix these days, and system and network administration. Mike is the author of System Performance Tuning", and a coauthor of "Unix Power Tools." Most recently, he's been fooling around with data and data analysis, languages like R, Mathematica, and Octave, and thinking about how to make books social.

Cloud security is not an oxymoron

Think your IT staff can protect you better than major cloud providers? Think again.

I just ran across Katie Fehrenbacher’s article in GigaOm that made a point I’ve been arguing (perhaps not strongly enough) for years. When you start talking to people about “the cloud,” you frequently run into a knee-jerk reaction: “Of course, the cloud isn’t secure.”

I have no idea what IT professionals who say stuff like this mean. Are they thinking about the stuff they post on Facebook? Or are they thinking about the data they’ve stored on Amazon? For me, the bottom line is: would I rather trust Amazon’s security staff, or would I rather trust some guy with some security cert that I’ve never heard of, but whom the HR department says is “qualified”? Read more…

Comments: 7

From the network interface to the database

All systems are distributed systems, and we’re starting to see how they fit into Velocity's themes.


From the beginning, the Velocity Conference has focused on web performance and operations — specifically, web operations. This focus has been fairly narrow: browser performance dominated the discussion of “web performance,” and interactions between developers and IT staff dominated operations.

These limits weren’t bad. Perceived performance really is dominated by the browser — how fast you can get resources (HTML, images, CSS files, JavaScript libraries) over the network to the browser, and how fast the browser can execute those resources. How long before a user stops waiting for your page to load and clicks away? How do you make a page useable as quickly as possible, even before all the resources have loaded? Those discussions were groundbreaking and surprising: users are incredibly sensitive to page speed.

That’s not to say that Velocity hasn’t looked at the rest of the application stack; there’s been an occasional glance in the direction of the database and an even more occasional glance at the middleware. But the database and middleware have, at least historically, played a bit part. And while the focus of Velocity has been front-end tuning, speakers like Baron Schwartz haven’t let us ignore the database entirely. Read more…

Comment: 1

Beyond the stack

The tools in the Distributed Developer's Stack make development manageable in a highly distributed environment.

Cairn at Garvera, Surselva, Graubuenden, Switzerland. The shape of software development has changed radically in the last two decades. We’ve seen many changes: the Internet, the web, virtualization, and cloud computing. All of these changes point toward a fundamental new reality: all computing has become distributed computing. The age of standalone applications has disappeared, and applications that run on a single computer are almost inconceivable. Distributed is the default; and whether an application is running on Amazon Web Services (AWS), on a private cloud, or even on a desktop or a mobile phone, it depends on the behavior of other systems and services that aren’t under the developer’s control.

In the past few years, a new toolset has grown up to support the development of massively distributed applications. We call this new toolset the Distributed Developer’s Stack (DDS). It is orthogonal to the more traditional world of servers, frameworks, and operating systems; it isn’t a replacement for the aged LAMP stack, but a set of tools to make development manageable in a highly distributed environment.

The DDS is more of a meta-stack than a “stack” in the traditional sense. It’s not prescriptive; we don’t care whether you use AWS or OpenStack, whether you use Git or Mercurial. We do care that you develop for the cloud, and that you use a distributed version control system. The DDS is about the requirements for working effectively in the second decade of the 21st century. The specific tools have evolved, and will continue to evolve, and we expect you to evolve, too. Read more…


Life, death, and autonomous vehicles

Self-driving cars will make decisions — and act — faster than humans facing the same dangerous situations.


Plymouth Fury III. Photo by Infrogmation, on Wikimedia Commons.

There’s a steadily increasing drumbeat of articles and Tweets about the ethics of autonomous vehicles: if an autonomous vehicle is going to crash, should it kill the passenger in the left seat or the right seat? (I won’t say “driver’s seat,” though these sorts of articles usually do; there isn’t a driver.) Should the car crash into a school bus or run over an old lady on the side of the road?

Frankly, I’m already tired of the discussion. It’s not as if humans don’t already get into situations like this, and make (or not make) decisions. At least, I have. Read more…

Comments: 7

Heartbleed’s lessons

All trust is misplaced. And that's probably the way it should be.

In the wake of Heartbleed, there’s been a chorus of “you can’t trust open source! We knew it all along.”

It’s amazing how short memories are. They’ve already forgotten Apple’s GOTO FAIL bug, and their sloppy rollout of patches. They’ve also evidently forgotten weaknesses intentionally inserted into commercial security products at the request of certain government agencies. It may be more excusable that they’ve forgotten hundreds, if not thousands, of Microsoft vulnerabilities over the years, many of which continue to do significant harm.

Yes, we should all be a bit spooked by Heartbleed. I would be the last person to argue that open source software is flawless. As Eric Raymond said, “With enough eyes, all bugs are shallow,” and Heartbleed was certainly shallow enough, once those eyes saw it. Shallow, but hardly inconsequential. And even enough eyes can have trouble finding bugs in a rat’s nest of poorly maintained code. The Core Infrastructure Initiative, which promises to provide better funding (and better scrutiny) for mission-critical projects such as OpenSSL, is a step forward, but it’s not a magic bullet that will make vulnerabilities go away.

Read more…

Comments: 5

Robots in the lab

Hacking lab equipment to make it programmable is a good first step toward lab automation.


An automated centrifuge at Modular Science — click here for instructions to hack one yourself.

In the new issue of BioCoder, Peter Sand writes about Hacking Lab Equipment. It’s well worth a read: it gives a number of hints about how standard equipment can be modified so that it can be controlled by a program. This is an important trend I’ve been watching on a number of levels, from fully robotic labs to much more modest proposals, like Sand’s, that extend programmability even to hacker spaces and home labs.

In talking to biologists, I’m surprised at how little automation there is in research labs. Automation in industrial labs, the sort that process thousands of blood and urine samples per hour, yes: that exists. But in research labs, undergrads, grad students, and post-docs spend countless hours moving microscopic amounts of liquid from one place to another. Why? It’s not science; it’s just moving stuff around. What a waste of mental energy and creativity.

Lab automation, though, isn’t just about replacing countless hours of tedium with opportunities for creative thought. I once talked to a system administrator who wrote a script for everything, even for only a simple one-liner. (Might have been @yesthattom, I don’t remember.) This practice is based on an important insight: writing a script documents exactly what you did. You don’t have to think about, “oh, did I add the f option on that rm -r / command?”; you can just look. If you need to do the same thing on another system, you can reproduce what you did exactly.

Read more…

Comments: 3

Toward an open Internet of Things

Vendors, take note: we will not build the Internet of Things without open standards.

Open_19In a couple of posts and articles, we’ve nibbled around the notion of standards, interoperability, and the Internet of Things (or the Internet of Everything, or the Industrial Internet, or whatever you want to call it). It’s time to say it loud and clear: we won’t build the Internet of Things without open standards.

What’s important about the IoT typically isn’t what any single device can do. The magic happens when multiple devices start interacting with each other. Nicholas Negroponte rightly criticizes the flood of boring Internet-enabled devices: an oven that can be controlled by your phone, a washing machines that texts you when it’s done, and so on. An oven gets interesting when it detects the chicken you put in it, and sets itself accordingly. A washing machine gets interesting if it can detect the clothes you’re putting into it and automatically determine what cycle to run. That requires standards for how the washer communicates with the washed. It’s meaningless if every clothing manufacturer implements a different, proprietary standard for NFC-enabled tags.

We’re already seeing this in lighting: there are several manufacturers of smart network-enabled light bulbs, but as far as I can tell, each one is controlled by a vendor-specific app. And I can think of nothing worse for the future of home lighting than having to remember whether the lights in the bedroom were made by Sylvania or Philips before I can turn them off. Read more…

Comments: 6

Biomimicry in the real world

There's good reason to believe nature has clues about how to do a good job — can it also help with web designs?


Festo’s Robotic Bird. Photo by Mike Loukides.

A couple of years ago, I visited the World Science Festival in New York and saw Festo’s robotic bird. It was amazing. I’ve seen things that looked more or less like a bird, and that flew, but clearly weren’t flying like a bird. An airplane has a body, has wings, and flies, but you wouldn’t mistake it for a bird. This was different: it looked like a giant seagull, with head and tail movements that were clearly modelled on a living bird’s.

Since then, Festo has built a robotic kangaroo; based on work they started in 2010, they have a robotic elephant’s trunk that learns, a robotic jellyfish, and no doubt many other animals that I haven’t yet seen.

Read more…

Comments: 2

Announcing BioCoder issue 3

Advances in biology and biotechnology are driving us in exciting new directions — be part of the revolution!

We’re excited about the third issue of BioCoder, O’Reilly’s newsletter about the revolution in biology and biotechnology. In the first article of our new issue, Ryan Bethencourt asks the question “What does Biotechnology Want?” Playing with Kevin Kelly’s ideas about how technological development drives human development, Bethencourt asks about the directions in which biotechnology is driving us. We’re looking for a new future with significant advances in agriculture, food, health, environmental protection, and more.

That future will be ours — if we choose to make it. Bethencourt’s argument (and Kelly’s) is that we can’t not choose to make it. Yes, there are plenty of obstacles: the limits to our understanding of biology and genetics, the inadequate tools we have for doing research, the research institutions themselves, and even fear of the future. We’ll overcome these obstacles; indeed, if Bethencourt is right, and biology is our destiny, we have no choice but to overcome these obstacles. The only question is whether you’re part of the revolution or not.
Read more…


Distributed science

In the future, we will solve biological problems by running experiments in parallel.


Participants at #ScienceHack 2014, Synbiota’s Open Distributed Genetic Engineering event. Photo by Madison Matthews, courtesy of Synbiota.

In my post on biohacking and bioterrorism, I briefly mentioned the possibility of vaccines and other treatments developed outside of institutional research. That may be far-fetched, and I certainly hope we’re never in a situation where DIY treatments are the only ones available. But it is worth looking at how biologists outside of medical institutions are transforming research.

Perhaps the most ambitious project right now is Synbiota’s #ScienceHack. They are organizing a large number of volunteer groups to experiment with techniques to produce the compound Violacein. Violacein is potentially useful as an anti-cancer and anti-dysentery drug, but currently costs $356,000 per gram to produce. This price makes research (to say nothing of therapeutic use) impossible. However, it’s possible that bacteria can be genetically engineered to produce Violacein much more efficiently and cheaply. That’s what the #ScienceHack experiment is about: the groups will be trying to design DNA that can be inserted into E. coli bacteria to make it produce Violacein at a fraction of the cost. Read more…