
Midori: A Tale of Three Safeties - the_why_of_y
http://joeduffyblog.com/2015/11/03/a-tale-of-three-safeties/
======
PhaseMage
I'd hate for Midori to be lost to the sands of time. Any chance it will be
open sourced?

~~~
leppr
But Midori has always been open-source, why would a project made for... oh
wait, wrong neighborhood, sorry I'm out.

------
nickpsecurity
I'd like to know more details of the concurrency system. The best of today are
mainly Eiffel's SCOOP (+ academic advances on it) and Rust's model from what I
hear. The more models to consider and improve on the merrier.

~~~
pcwalton
[http://joeduffyblog.com/2015/11/19/asynchronous-
everything/](http://joeduffyblog.com/2015/11/19/asynchronous-everything/)
describes it.

~~~
nickpsecurity
Thanks for the link. That will take time to digest.

------
Animats
The trouble with computer security "defense in depth" is that it only protects
against inept attackers. An attacker with resources can get through multiple
levels of weak security. Example: StuxNet.

~~~
nickpsecurity
Usually true. That's why high assurance security tried to identify the root
causes of problems, formalize security schemes to stop/limit them, formalize
designs, and show correspondence. Worked in many situations, not as much in
others.

With defense in depth, inherently insecure OS's, libraries, and so on mean
extra layers = some extra time/effort. We also know that software markets
concentrate into a small number of products in each category that get
dominant. We also know nation states and malware authors specialize and
increase efficiency similar to markets with effort focused on greatest gains.
So, naturally, these combine to dramatically reduce odds one will be safe if
they're using popular combinations of hardware, OS's, and software.

High assurance is still necessary. At least at the level of CPU's, kernels,
type systems, protocols, and so on. The critical stuff everything else depends
on. Rest might be contained or detected running on right architecture.

