Andy Oram

Andy Oram


  • @praxagora

Areas of Expertise:

  • free and open source software
  • health IT
  • writing

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His work for O'Reilly includes the influential 2001 title Peer-to-Peer, the 2005 ground-breaking book Running Linux, and the 2007 best-seller Beautiful Code.

Andy also writes often for O'Reilly's Radar site ( and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. His web site is

Making Software Making Software
by Andy Oram, Greg Wilson
October 2010
Print: $44.99
Ebook: $35.99

Beautiful Security Beautiful Security
by Andy Oram, John Viega
April 2009
Print: $39.99
Ebook: $31.99

Beautiful Code Beautiful Code
by Andy Oram, Greg Wilson
June 2007
Print: $44.99
Ebook: $35.99

Peer-to-Peer Peer-to-Peer
by Nelson Minar, Marc Hedlund, Clay Shirky, Tim O'Reilly, Dan Bricklin, David Anderson, Jeremie Miller, Adam Langley, Gene Kan, Alan Brown, Marc Waldman, Lorrie Faith Cranor, Aviel Rubin, Roger Dingledine, Michael Freedman, David Molnar, Rael Dornfest, Dan Brickley, Theodore Hong, Richard Lethin, Jon Udell, Nimisha Asthagiri, Walter Tuvell, Brandon Wiley
February 2001
Print: $29.95

Programming with GNU Software Programming with GNU Software
by Andy Oram, Mike Loukides
December 1996
Print: $39.95

Managing Projects with make Managing Projects with make
by Andy Oram, Steve Talbott
Second Edition October 1991

Recent Posts | All O'Reilly Posts

Andy blogs at:

Business models that make the Internet of Things feasible

April 08 2014

For some people, it’s too early to plan mass consumerization of the Internet of Things. Developers are contentedly tinkering with Arduinos and clip cables, demonstrating cool one-off applications. We know that home automation can save energy, keep the elderly and … read more

Advances in health IT must be viewed as a whole

April 07 2014

Reformers in health care claim gigantic disruption on the horizon: devices that track our movements, new treatments through massive data crunching, fluid electronic records that reflect the patient’s status wherever she goes, and even the end of the doctor’s role. … read more

Pursuing adoption of free and open source software in governments

March 25 2014

Free and open source software creates a natural — and even necessary — fit with government. I joined a panel this past weekend at the Free Software Foundation conference LibrePlanet on this topic and have covered it previously in a … read more

Open data can drive partnerships with government

March 24 2014

As governments and businesses — and increasingly, all of us who are Internet-connected — release data out in the open, we come closer to resolving the tiresomely famous and perplexing quote from Stewart Brand: “Information wants to be free. Information … read more

The technical aspects of privacy

March 05 2014

Thrust into controversy by Edward Snowden’s first revelations last year, President Obama belatedly welcomed a “conversation” about privacy. As cynical as you may feel about US spying, that conversation with the federal government has now begun. In particular, the first … read more

Hurdles to the Internet of Things prove more social than technical

February 26 2014

Last Saturday’s IoT Festival at MIT became a meeting-ground for people connecting the physical world. Embedded systems developers, security experts, data scientists, and artists all joined in this event. Although it was called a festival, it had a typical conference … read more

Court prods FCC in unexpected direction in this week’s Verizon ruling

January 16 2014

A court ruling this past Tuesday on FCC “network neutrality” regulation closes and opens a few paths in a three-way chess game that has been going on for years between the US District Court of Appeals, the FCC, and the … read more

How did we end up with a centralized Internet for the NSA to mine?

January 08 2014

I’m sure it was a Wired editor, and not the author Steven Levy, who assigned the title “How the NSA Almost Killed the Internet” to yesterday’s fine article about the pressures on large social networking sites. Whoever chose the title, … read more

Security firms must retool as clients move to the cloud

January 06 2014

This should be flush times for firms selling security solutions, such as Symantec, McAfee, Trend Micro, and RSA. Front-page news about cyber attacks provides free advertising, and security capabilities swell with new techniques such as security analysis (permit me a … read more

Who will upgrade the telecom foundation of the Internet?

December 09 2013

Although readers of this blog know quite well the role that the Internet can play in our lives, we may forget that its most promising contributions — telemedicine, the smart electrical grid, distance education, etc. — depend on a rock-solid … read more

Three organizations pressing for change in society’s approach to computing

May 16 2013

Taking advantage of a recent trip to Washington, DC, I had the privilege of visiting three non-profit organizations who are leaders in the application of computers to changing society. First, I attended the annual meeting of the Association for Computing … read more

LISA mixes the ancient and modern: report from USENIX system administration conference

December 14 2012

I came to LISA, the classic USENIX conference, to find out this year who was using such advanced techniques as cloud computing, continuous integration, non-relational databases, and IPv6. I found lots of evidence of those technologies in action, but also … read more

The MOOC movement is not an indicator of educational evolution

December 03 2012

Somehow, recently, a lot of people have taken an interest in the broadcast of canned educational materials, and this practice — under a term that proponents and detractors have settled on, massive open online course (MOOC) — is getting a … read more

Tools for test-driven development in Scala

October 17 2012

Scala, a language designed for well-structured and readable programs, is richly provisioned with testing frameworks. The community has adopted test-driven development (TDD) and behavior-driven development (BDD) with zeal. These represent the baseline for trustworthy code development today. TDD and BDD … read more

Growth of SMART health care apps may be slow, but inevitable

September 13 2012

This week has been teaming with health care conferences, particularly in Boston, and was declared by President Obama to be National Health IT Week as well. I chose to spend my time at the second ITdotHealth conference, where I enjoyed … read more

The many sides to shipping a great software project

September 09 2012

Chris Vander Mey, CEO of Scaled Recognition, and author of a new O’Reilly book, Shipping Greatness, lays out in this video some of the deep lessons he learned during his years working on some very high-impact and high-priority projects at … read more

The future of medicine relies on massive collection of real-life data

September 05 2012

Health care costs rise as doctors try batches of treatments that don’t work in search of one that does. Meanwhile, drug companies spend billions on developing each drug and increasingly end up with nothing to show for their pains. This … read more

Analyzing health care data to empower patients

August 29 2012

The stress of falling seriously ill often drags along the frustration of having no idea what the treatment will cost. We’ve all experienced the maddening stream of seemingly endless hospital bills, and testimony by E-patient Dave DeBronkart and others show … read more

Seeking prior art where it most often is found in software

August 28 2012

Patent ambushes are on the rise again, and cases such as Apple/Samsung shows that prior art really has to swing the decision–obviousness or novelty is not a strong enough defense. Obviousness and novelty are subjective decisions made by a patent … read more

Smart notebooks for linking virtual teams across the net

August 13 2012

Who has the gumption to jump into the crowded market for collaboration tools and call for a comprehensive open source implementation? Perhaps just Miles Fidelman, a networking expert whose experience spans time with Bolt, Beranek and Newman, work on military … read more

Five elements of reform that health providers would rather not hear about

August 09 2012

The quantum leap we need in patient care requires a complete overhaul of record-keeping and health IT. Leaders of the health care field know this and have been urging the changes on health care providers for years, but the providers … read more

Technical requirements for coordinating care in an Accountable Care Organization

August 08 2012

The concept of an Accountable Care Organization (ACO) reflects modern hopes to improve medicine and cut costs in the health system. Tony MCormick, a pioneer in the integration of health care systems, describes what is needed on the ground to … read more

Inside GitHub’s role in community-building and other open source advances

July 26 2012

In this video interview, Matthew McCullough of GitHub discusses what they’ve learned over time as they grow and watch projects develop there. Highlights from the full video interview include: How GitHub builds on Git’s strengths to allow more people to … read more

Democratizing data, and other notes from the Open Source convention

July 25 2012

There has been enormous talk over the past few years of open data and what it can do for society, but proponents have largely come to admit: data is not democratizing in itself. This topic is hotly debated, and a … read more

Social networks are not communities, and other discussions from the Community Leadership Summit

July 16 2012

The Community Leadership Summit this past weekend roused thoughts in me about the predictions and analyses I’ve heard over the past few years about social networking and to contrast them with what we were saying about community. I realized that … read more

The key web technologies that work together for dynamic web sites

July 12 2012

The technologies that led to an explosion of interactive web sites — PHP, MySQL, JavaScript, and CSS — are still as popular today, and a non-programmer can master them quickly. read more

Have a healthy conference

July 09 2012

In honor of the third health care track at the O'Reilly Open Source Convention, I invite everyone to join me in five ways to have a healthy conference. read more

Health records support genetics research at Children's Hospital of Philadelphia

June 26 2012

Michael Italia from Children's Hospital of Philadelphia discusses the tools and methods his team uses to manage health care data. read more

Clinician, researcher, and patients working together: progress aired at Indivo conference

June 21 2012

SMART and Indivo offer a far-reaching platform for giving patients access to data and working seemlessly with other cooperating institutions. read more

How the federal government helps health care standards evolve

June 20 2012

In this interview, Federal Health Architecture director Dr. Lauren Thompson discusses the state of health information exchange. read more

Games for Health covers current status of behavior change

June 15 2012

A few existing and upcoming projects that illustrate what games are doing in health care, and some trends to watch. read more

Health care privacy discussed as an aspect of patient control

June 13 2012

Privacy is caught up with issues of security, clinical decision-making, mobile health, and medical errors. So the topics at this conference are relevant to all the issues health care advocates talk about regularly: data exchange and ACOs, clinical research, the use of apps on mobile devices, the Quantified Self movement, and… read more

Data in use from public health to personal fitness

June 12 2012

Releasing public data can't fix the health care system by itself, but it provides tools as well as a model for data sharing. read more

Health reform leaders focus on patient access to records as key barrier

June 11 2012

A convocation of trend-setters and organizational leaders in U.S. health care advised two government organizations driving health reform--the Office of the National Coordinator at the Dept. of Health and Human Services, and the Dept. of Veteran Affairs--how to push forward one of their top goals, patient engagement. read more

Getting started with data-related explorations of everyday things

June 07 2012

Sau Sheong Chang describes the intriguing projects in his upcoming book, "Exploring Everyday Things with R and Ruby" and how other people can develop their own experiments. read more

Using Python for Computer Vision

May 31 2012

In this interview, Jan Erik Solem, author of the upcoming book "Programming Computer Vision with Python," describes the uses for some common operations, and choices programmers have. read more

Jon Loeliger offers some practices to use with Git

May 24 2012

After finishing the second edition of "Version Control with Git," author Jon Loeliger talked to O'Reilly editor Andy Oram about how to use Git effectively as changes to code pile up. read more

Health Information Technology: putting the patient back into health care

May 21 2012

In health information technology, we have a rare chance to ensure that the most affected members of the public actually have their own direct representative. A letter in support of Regina Holliday. read more

How to start a successful business in health care at Health 2.0 conference

May 16 2012

Great piles of cash are descending on entrepreneurs who develop health care apps, but that doesn't make it any easier to create a useful one that your audience will adopt. About the Spring Fling conference, enterpreneurship, and open data. read more

Lucene conference touches many areas of growth in search

May 11 2012

With a modern search engine and smart planning, web sites can provide visitors with a better search experience than Google. Why turn-out for the new "big data" track was lower than I expected, and other news from this week's conference about using Lucene big and small. read more

The state of health IT according to the American Hospital Association

May 06 2012

The letter conveys a rather sorrowful message about the state of health IT in the United States. One request--to put brakes on the requirement for hospitals to let patients see their own information electronically--has received particularly strong coverage and vigorous responses. read more

Recombinant Research: Breaking open rewards and incentives

May 02 2012

To move from a hothouse environment of experimentation to the mainstream of one of the world's most lucrative and tradition-bound industries, Sage Bionetworks must aim for its nucleus: rewards and incentives. Comparisons to open source software and a summary of tasks for Sage Congress. read more

Recombinant Research: Sage Congress plans for patient engagement

May 01 2012

The Vioxx problem is just one instance of the wider malaise afflicting the drug industry. Managers from major pharma companies expressed confidence that they could expand public or "pre-competitive" research in the direction Sage Congress proposed. The sector left to engage is the one that's central to all this work--the… read more

Recombinant Research: Sage Congress promotes data sharing in genetics

April 30 2012

Through two days of demos, keynotes, panels, and breakout sessions, Sage Congress brought its vision to a high-level cohort of 230 attendees from universities, pharmaceutical companies, government health agencies, and others who can make change in the field. read more

Sage Congress: The synthesis of open source with genetics

April 19 2012

A conversation with Sage Bionetworks founder Stephen Friend about how open source can support a business model in drug development, the progress of current data sharing projects, and more. read more

MySQL in 2012: Report from Percona Live

April 14 2012

Contrasting deployments at craigslit and Pinterest, trends, commercial offerings, and more read more

Promoting and documenting a small software project: VoIP Drupal update

April 06 2012

Part of a series about efforts by VoIP Drupal collaborators to find the right media and tools with which to promote a small, little known software project. read more

Steep climb for National Cancer Institute toward open source collaboration

April 05 2012

Although a lot of government agencies produce open source software, hardly any develop relationships with a community of outside programmers, testers, and other contributors. NCI sees the advantages of a give-and-take. read more

Five tough lessons I had to learn about health care

March 26 2012

Despite the disappointments I've undergone in learning about health care, I expect the system to change for the better. Those who want a better system need to look at the areas where change is most likely to make a difference. read more

Report from HIMSS 12: wrap-up of the largest health IT conference

February 29 2012

Recalcitrant instincts that depressed me and progressive suggestions that restored me. Details DICOM, Watson, and other interesting projects. read more

Recent Posts | All O'Reilly Posts

Webcast: Crowdsourced news and professional journalists: pulling together to replace the tug-of-war
March 27, 2012
This webcast covers both the threat and the promise presented to professional journalism by citizen journalism, social networking, and other crowdsourcing.

"I found it a very interesting book that examined the actual empirical evidence to support or refute some of the sacred cows in software engineering. I think this this is a refreshing step forward for our profession."
--Kim Moir, Releng of the Nerds

"Overall I found the book a very fascinating and enjoyable read, and since no jargon is used it should be accessible to any audience. If you want to find out what the cyber criminals are up to and what security professionals are doing to counteract, then this is a very good place to start."
--Mehmet Hurer, ITNOW

"Right from the beginning, this book offers a startlingly fresh perspective on the realm of computer security...This work is a must for anyone investigating security on a professional or cursory level."
--T. D. Richardson, South University, CHOICE, February 2010 Vol. 47 No. 06

"This is a book that you, the programmer and designer, will find worth your time. "
--David H. Bushnell, IOS Press

"Beautiful Security is an enjoyable book that answers many questions and does so in a simple, yet effective way. It is particularly suitable for all those people who have been around the net for a while and have learned many terms and phrases concerning information security, but they have still only a vague idea of the notion they represent."
--Zeljka Zorz, Help Net Security

"As with any good security book, there’s plenty of well-done content which will likely scare you in to re-thinking how you and your company approach security. Beautiful Security can help you identify practices, problems, and mindsets which leave you, your company, or your clients at risk."
--Jim Holmes, FrazzledDad

"Beautiful Security goes well beyond the confines of traditional security books that dive into technical minutia and bore you to tears. Yes there is technical jargon to be seen throughout, but the real hook to this collection of ideas and best practices is the thinking and logic the various contributors gracefully convey through the pages within. "
--Wesley M. Talbert,

"...a required read. For those that have an interest in information security or those that are frustrated by it, Beautiful Security is an eye-opening book that will challenge you, and change the way you think about information security."
--Ben Rothke,

"The preface states that the purpose of the book is to convince the reader that security is not bureaucratic drudgery but is an exciting career, and I think the book is successful at this."
--Allen Stenger, SPUG Nuggets, July 2009 Issue

"In Beautiful Security, experienced insiders share some rarely spoken truths about the real problems in information security today, and point the way towards how the situation could or should be improved. The challenges we face in security and personal privacy are not always purely technical--in fact they rarely are. Instead, they are social, geo-political, legacy, or simply when interests are not in alignment. Taking into account all the external factors, the authors behind Beautiful Security explore more modern and practical information security approaches, with a healthy skepticism for conventional wisdom."
--Jeremiah Grossman, Chief Technology Officer, WhiteHat Security, Inc.

"There is no doubt that the way we manage information security in the future will need to evolve as significantly and swiftly as the technology itself and adapt to the new ways we choose to embrace it. Information security plays a critical role in enabling a secure and reliable business that earns the trust of our customers. The thoughts and ideas shared by the authors in this book can shape the security "cogs and levers" of tomorrow."
--Tony Scott, Corporate Vice President and Chief Information Officer, Microsoft Corporation

"Whereas a lot of books are either narrowly focused (and convinced that their focus is all that matters), or too wide to be useful, Beautiful Security draws a wide net and collects a representative view of the state of the problem in infosecurity today."
--Michael Collins, Chief Scientist at RedJack, creator of the SiLK Analysis Suite

"Computer security is quite possibly the most intellectually challenging field today, an interdisciplinary and rapidly evolving arena that straddles the realms of people and technology. Hacking, both positive and negative, is simply the activity of smart people stretching the limits and repurposing what a computer can do for their own objectives. Beautiful Security gives us a window into the minds of the passionate people who defend us by out-thinking and staying one step ahead of our black hat adversaries. "
--Chris Wysopal, CTO & co-founder of Veracode, a software security company; pioneering vulnerability researcher at the L0pht

"Any project that undertakes to get students and professionals interested in security issues is laudable. This book is no exception. I found Jim Routh's chapter on 'Forcing Firms to Focus' to be profound. It is not often we get to look under the hood with leaders actually doing the work--rather than listening to vendors and experts talk about what 'might' work."
--Mason Brown, Director, SANS Institute

"This collection of thoughtful essays catapults the reader well beyond deceptively shiny security FUD (the drum major of the bug parade) toward the more subtle beauty of building security in. Security is an essential emergent property for all modern systems--something that most people implicitly expect and few people explicitly enjoy. This book demonstrates the yin and the yang of security, and the fundamental creative tension between the spectacularly destructive and the brilliantly constructive. Read. Learn. Emulate."
--Gary McGraw, CTO, Cigital, author of Software Security and 9 other books

"What a spectacular book--each chapter written by someone who actually knows the topic--and each chapter short enough that it is full of interesting stuff. And most of them are quite timely."
--Alan Paller, Director of Research, SANS Institute

"This isn't a book you have to read – but if you are a programmer at almost any skill level you will find it deeply enjoyable. "
--Mike James, I Programmer

"A collection of thirty three chapters from experts in their fields, Beautiful Code comes as a whiff of fresh air into the book shelf of the programmer...The book will give color to imagination of programmers used to reading bland text-book type documentation and programming manuals."
--Ganadeva Bandyopadhyay,

"Beautiful Code seems the rare kind of computer programming book that tends to resist well the test of time; while it is quite technical and full of code samples, the ideas being discussed are mostly independent of the programming language in question. "
--Rafael Chaves, Vancouver Island Java User Group

"If you want to take your mindset as a developer to the next level, this is a good book. It's also an interesting insight into certain programming problems and their solutions."
--Iain Laskey, PC Book Review