Midori and M#: Microsoft's open source bridge to better security?

Speculation about Microsoft's M# language is wide-ranging, but it may be the foundation to a secure, non-Windows OS

Page 2 of 2

A high degree of abstraction pervades the system, from the way it's architected to the way it's programmed, so that applications can be run in a distributed and loosely coupled way. Worthington reached out to Forrester Research senior analyst Jeffrey Hammond for further comment, and Hammond noted that the Web has largely become about lightweight, asynchronous services, so the average software developer might well start to think of things that way as well.

The second, even more interesting element, is how Midori's managed-language construction is being used as a way to reduce programmer error and enhance security from the inside out, to create a system that's far more inherently secure than is currently allowed.

Worthington noted that apps in Midori would be written using the .Net managed-language family -- which in this case means M#, but also likely C# too -- and would be compiled using Microsoft's currently experimental Bartok compiler.

"The Bartok compiler can typecheck machine code programs for programming errors thanks to its use of an intermediate typed language," wrote Worthington. "Microsoft's objective is to force developers to create applications that are correct by construction, and [Microsoft] has repeatedly pledged to shore up the overall security of the operating system."

The concept of "correct by construction" hearkens back to the work of computer scientist Peter G. Neumann, who for decades has been advocating a clean-slate approach to computer security. His ideas about tagged architectures and credentials for system components are echoed in many of the design features of Midori.

Much of what Midori is about stems from Microsoft's earlier work with another experimental OS, code-named Singularity, which was an earlier attempt to create an OS written entirely in managed languages. Apart from increased security, Microsoft claimed other benefits like reduced memory footprint thanks to more shared code.

How to get to Midori?

In the abstract all this sounds great, but what good is it if nobody adopts the new system? That's where the alleged open source nature of M# might become truly useful. If enough people start programming with M# in Windows -- and maybe in other OSes -- that makes it all the easier for people to pick up on it.

It isn't likely that Midori itself would be open-sourced, as that runs against the grain of the way Microsoft has traditionally worked. It's far more likely it would allow the toolsets -- the languages, maybe some of the runtimes themselves -- to be open-sourced, and it would continue to keep the core of the OS a closed affair. Another possibility, although again this is even less likely, is that Microsoft would indeed open source all of Midori but would charge -- Red Hat-style -- for its maintenance and support, and would also charge to allow software services to be run on its cloud hardware.

Like anything related to Midori or M#, this is all still a long way off. But there's little question that attention has now turned to what's lying ahead.

This story, "Midori and M#: Microsoft's open source bridge to better security?," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2