The Problem With Early Standardization

Or How I Learned to Stop Worrying and Love Evolution.  

I’ve noticed recently that I’m getting quite a bit of grey in my beard. While there are many downsides to being an aging geek (I can’t pull all-nighter coding sessions any more without hell to pay for several days), one of the benefits is gaining some perspective on how innovations play out over time. I started building software in the late ‘80s on my beloved Amiga, began programming OO in Objective-C on NeXTStep in 1990, and built my first web application in 1993. Along the way, I’ve seen all manner of approaches to standardization of new technologies.

Some ultimately yield successful standards, some do not.

Continue reading

Luminal wins the InvestMD Challenge
(cybersecurity category)

We’re thrilled to have won the top prize in the InvestMaryland Challenge, (cybersecurity category) last night. It was a fun evening, and we’re honored to have won in a category with such tough competitors including Light Point Security and fellow Core Capital Partners and NEA portfolio company ZeroFox. Congrats to all the winners and finalists!

luminal wins InvestMD

Read about it at the Baltimore Business Journal and the Baltimore Sun.

Cybersecurity’s new frontier

From Lizzy McLellan’s article on Luminal in The Daily Record:

          The exterior walls of Luminal’s downtown Frederick headquarters are made of brick.

          But the company isn’t focused on walls. Its software aims to make a computer system more secure
          from the inside, instead of relying only on exterior defenses.

          “There’s a moment in time when you stop building fortresses because the weapons are too good.
          …We’re well past that point in cybersecurity,” said Luminal CEO and co-founder Josh Stella. “We
          impart security to the system itself.”

          And the company is doing so in the cloud, a place where many worry about vulnerability but where
          business can find great efficiencies. 

Read the full article [pdf]: Luminal – Cybersecurity New Frontier

Announcing our $3.8MM Series A with Core Capital, Maryland Venture Fund, NEA

We’re excited to announce that Luminal has closed a $3.8MM Series A financing round with Core Capital Partners, Maryland Venture Fund, New Enterprise Associates, and other investors. The round includes the conversion of $1.1MM in convertible debt the company raised in August 2012.

Luminal is addressing deficiencies in traditional computing architectures that perpetuate operational complexity and security vulnerabilities. The company is working with early customers to further develop its solution for general availability, initially on Amazon Web Services.

The current model for computing is broken, and bad actors are racing far ahead of available defenses. We’re taking advantage of the nature of cloud computing to deliver native security, declarative control, and operational simplicity previously unattainable.

The company will use the investment to grow its engineering staff to continue product development and expand its customer base.

We’ll provide updates as we progress.

For media inquiries, please contact Andrew Wright.

A handful of stories from around the web:

TechCocktail: Luminal Raises $600K from the State of Maryland, Closes $3.82M in Series A Funding

Baltimore Business Journal: Startup cyber firm Luminal snags $600,000 investment just months after moving to Frederick 

Infosecurity: Maryland Focuses on Cybersecurity with Cloud Security Startup Grant

InTheCapital: Maryland Governor Entices Cybersecurity Startup to Move to Frederick

Why we’re porting to Python 3

Here at Luminal, work on a major component of Fugue began in Python 2.7. For this component, we had some early deadlines and a lot of architecture to figure out and prove, so for implementation, we went with what was familiar. We think this was the right decision.

However, after we met our deadlines, we took some time to reconsider our platform decision before committing to the existing code base. We knew Python was the right choice, but we had lingering doubts about our decision to continue avoiding Python 3. Upon a closer look, we found that things had changed drastically since the last time we’d seriously considered this question, and the scale was no longer decidedly tipped against Python 3. We ultimately made the decision to port to it. In this post, we’ll go over some of the key factors driving our decision.

Continue reading

March, Hypatia, and a case for optimism in tech culture

March 8 was International Women’s Day. Some celebrated. Some scoffed. Some lives are so tough that calendars mean little. In the U.S., a Presidential Proclamation highlights the entire month of March; it’s an eloquent document with compelling reminders of sacrifices made, achievements earned, brutalities endured, present and past, by women. The genderless, luminous being attached to my beautifully gendered identity and sexed body laments the necessity of these kinds of declarations.

But, I would use any tool, including “March,” to spell out history and reality in the public forum, in a persistent attempt to stop vicious patterns from repeating themselves. I remain certain that an honorable alien trying to understand humanity, Googling rape statistics alone (much less employment disparity), would marvel in disgust at such mass carnage against body and soul and agree with Thomas Hobbes: What nasty, brutish, and short lives those humans lead! Zap them and put them out of their misery!

Hang on, alien (and anthropologically-minded friends), hang on. Continue reading

We should just stop saying “virtual”

Cloud infrastructure services have allowed our field to gradually abstract computation tasks from long-standing physical restraints. As cloud infrastructure adoption increased, we realized the power and efficiencies of quick deployments and elastic scaling, giving birth to the DevOps movement. We’ve been steadily directing more of our attention and resources to what matters most: the applications that differentiate our organizations and create value. We can do this because we spend fewer scarce resources managing and maintaining bare metal infrastructure.

This, however, is a gradual transition, not an overnight change. It takes time to recognize what changes are needed (or even possible) in this new paradigm. Consequently, it’s natural that we continue to employ both acknowledged and unacknowledged anachronisms from the pre-cloud era. We started out in the only way we could, creating a complete virtual emulation of a physical computing platform, including just about every part but the cooling fan. This ensured that existing software, particularly operating systems, would run on them. In doing so, we carried along a lot of assumptions and components that made sense for long-lived servers–including those that caused us many problems over the years.

As we’ve moved toward a “paper-cup,” ephemeral computing model, these “virtual” components are becoming skeuomorphs; that is, they are features of computing instances that resemble facets of the physical computers they’ve replaced, but are not essential to the new model. Because we still use and value these components, we continue to suffer many of the complexities, inefficiencies, and insecurities that have plagued physical servers for years.

Continue reading

Every startup is now a security startup

Startups don’t care about security.

We hear this a lot. It may be a descendant of “developers don’t care about security… that’s InfoSec’s concern,” a situation where at least someone in the organization was paying attention to security. In the developer-dominated world of tech startups, such a statement would be nonsensical. If a startup has dedicated InfoSec staff, they’re probably not a startup anymore.

To be fair, early-stage startups have a lot on their plate: fundraising, product development, acquiring customers. Speed is of the essence for startups and they need to avoid distractions that can slow them down. Worrying about security too early can feel a lot like building at scale when you only have five customers. In most cases, a focus on security doesn’t contribute to the bottom line and can appear the opposite. It’s natural to feel like “we’re too small to be a target… it won’t happen to us.”
Continue reading

Software agents are a vulnerability

Software agents are everywhere in the cloud. These little programs perform often complex or repetitive functions on our behalf so we don’t have to. Some agents help us keep our systems updated and avoid configuration drift. Others roam our compute infrastructure in an attempt to keep everything safe from threats. Software agents are designed to make our job easier.

However, in cases of large and complex systems where the true value of the agent should be realized, the opposite can occur. Getting approval to install agent software on machines can involve a lot of red tape. Deploying and managing hundreds of agents on multiple hosts can be a real hassle. They can sap compute resources and impede performance. And while agents help us monitor our systems, who’s monitoring the agents? Continue reading

If You Start Me Up…: Doing Business on AWS

The greatest opportunity for Amazon Web Services to grow in the short term lies in convincing large enterprises to move their computing into the cloud.  Given the sheer volume of enterprise on-premise installations, AWS is counting on the incremental, and in many cases wholesale, migration of legacy operations to the cloud to fuel the next phase of its explosive growth. But despite this being the year of the enterprise at this month’s AWS re:Invent conference, the drumbeat of AWS as a fertile ground for startups remained loud and steady.

Everybody understands the rationale for cloud computing: no capital investment, near infinite scaling, and a constellation of ancillary services to address security, analytics, storage, and other requirements. It is now possible to build a substantial business with minimal technical infrastructure and staff. As such, the promise of cloud computing for startups is very enticing, and AWS spared no opportunity to drive this point home. In panel after panel with VCs and angel networks, the message was repeated. If you are a technology startup expecting to get funding, you had better have a pretty good reason for not basing your operations in the cloud.
Continue reading