Midori and M#: Microsoft’s open source bridge to better security?

An alleged future successor to Windows received renewed attention over the past week, as speculation whirled that Microsoft might open-source the new programming language associated with it.

But a closer look at the project reveals it might be an attempt by Microsoft to tackle an even more significant task: namely, address the problem of computer security from the inside out and ground up.

M for Microsoft

Let’s start with M#, the language that’s apparently being developed as an experimental project within Microsoft. It became the center of attention when Joe Duffy, billed as “an architect and developer on a research operating system” at Microsoft, blogged about M# in a post entitled “C# for Systems Programming.”

In what he stressed was a “research effort, nothing more,” Duffy talked about developing a managed language — like C# and its .Net compatriots — that is designed to allow both high performance and a good margin of safety and productivity. What’s more, the intended use of the language is apparently systems programming.

Mary Jo Foley at Cnet connected some of the dots and posited the language in question was part and parcel of the work involved in building Midori, a long-under-wraps experimental OS that has been allegedly incubating within Microsoft for years now.

“My goal is to eventually open-source this thing,” Duffy also wrote in his post, which touched off a great deal of thought (by Computerworld’s Preston Gralla, for one) about how Microsoft is preparing to move toward a more open-source-driven future.

But the really intriguing aspect of Midori and M# may not lie in either of them being open sourced.

The future is abstract, parallel, and managed

For a full perspective on Midori, I dug back into the archives of Software Development Times and found a piece from July 2008, wherein author David Worthington described examining “internal Microsoft documents that outline Midori’s proposed design.”

Two significant things stand out about Midori. The first is how, as Worthington puts it, the OS is “Internet-centric and predicated on the prevalence of connected systems.”

“Midori,” he wrote, “will be built with an asynchronous-only architecture that is built for task concurrency and parallel use of local and distributed resources, with a distributed component-based and data-driven application model, and dynamic management of power and other resources.”

A high degree of abstraction pervades the system, from the way it’s architected to the way it’s programmed, so that applications can be run in a distributed and loosely coupled way. Worthington reached out to Forrester Research senior analyst Jeffrey Hammond for further comment, and Hammond noted that the Web has largely become about lightweight, asynchronous services, so the average software developer might well start to think of things that way as well.

The second, even more interesting element, is how Midori’s managed-language construction is being used as a way to reduce programmer error and enhance security from the inside out, to create a system that’s far more inherently secure than is currently allowed.

Worthington noted that apps in Midori would be written using the .Net managed-language family — which in this case means M#, but also likely C# too — and would be compiled using Microsoft’s currently experimental Bartok compiler.

“The Bartok compiler can typecheck machine code programs for programming errors thanks to its use of an intermediate typed language,” wrote Worthington. “Microsoft’s objective is to force developers to create applications that are correct by construction, and [Microsoft] has repeatedly pledged to shore up the overall security of the operating system.”

The concept of “correct by construction” hearkens back to the work of computer scientist Peter G. Neumann, who for decades has been advocating a clean-slate approach to computer security. His ideas about tagged architectures and credentials for system components are echoed in many of the design features of Midori.

Much of what Midori is about stems from Microsoft’s earlier work with another experimental OS, code-named Singularity, which was an earlier attempt to create an OS written entirely in managed languages. Apart from increased security, Microsoft claimed other benefits like reduced memory footprint thanks to more shared code.

How to get to Midori?

In the abstract all this sounds great, but what good is it if nobody adopts the new system? That’s where the alleged open source nature of M# might become truly useful. If enough people start programming with M# in Windows — and maybe in other OSes — that makes it all the easier for people to pick up on it.

It isn’t likely that Midori itself would be open-sourced, as that runs against the grain of the way Microsoft has traditionally worked. It’s far more likely it would allow the toolsets — the languages, maybe some of the runtimes themselves — to be open-sourced, and it would continue to keep the core of the OS a closed affair. Another possibility, although again this is even less likely, is that Microsoft would indeed open source all of Midori but would charge — Red Hat-style — for its maintenance and support, and would also charge to allow software services to be run on its cloud hardware.

Like anything related to Midori or M#, this is all still a long way off. But there’s little question that attention has now turned to what’s lying ahead.

This story, “Midori and M#: Microsoft’s open source bridge to better security?,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.