Application Security Testing: An Integral Part of DevOps
Midori is a technology incubation project that was born out of Microsoft Researchs (MSR) Singularity operating system, the tools and libraries of which are completely managed code. Microsoft has designed Midori to be Internet-centric with an emphasis on distributed concurrent systems. It also introduces a new security model that sandboxes applications.
Singularity is a research project focused on the construction of dependable systems through innovation in the areas of systems, languages, and tools. Microsoft is building a research operating system prototype (called Singularity), extending programming languages, and developing new techniques and tools for specifying and verifying program behavior.
Is this a new OS that breaks with the successful but mind-bogglingly slow progression of Windows? Or will it, too, pile incremental improvements (better code, improved security, UI changes and so on) on top of a roughly unchanged code "heart" beating inside? MS looks like it's winding Midori into its cloud-based .NET system, meaning it may be an off-PC OS that never really dwells on your hard drive, instead coming over the wire from the cloud. This would be a new thing for users, and it would let MS keep tighter control over how the OS worked, as it would all "live" on MS hard drives in MS servers. It would also position MS in a better place to combat cloud-OS efforts from competitors like Amazon and Google. But it's not obvious how MS would sell this new radically clever system to users, who are all conditioned to thinking of MS products in the style that they've always worked. So instead Midori may be intended to be used only in special locations, such as in data center computers, where its parallel processing skills would work very well.
"Midori is an attempt to create a new foundation for the operating system that runs inside the box, on the desktop and in the rack. As such, it's willing to break with compatibility (or at least wall off compatibility to a virtual machine)," explained Larry OBrien, a private consultant and author of the "Windows & .NET Watch" column for SD Times.
"We're seeing a gulf opening up right now between serial and parallel programming; only a small minority of rocket-scientist types can actually write code that works effectively in a parallel, multicore world, Hammond added. I think it's pretty clear that Midori is on the other side of that scale-out gulf. From a development point of view, those that can make the leap solidify their skills and employment opportunities for the next decade and beyond."
It would make sense for Microsoft to use the Azure platform as a vehicle for introducing Midori, Forrester's Hammond said. "It's essentially a .NET-centric (and Internet-centric) scale-out runtime.
"A distributed network-aware OS is the perfect thing to host in the cloud, and what better place to knock out the kinks than your own data center, where you have 100% control over the hardware and infrastructure you're testing on? This also allows them to test it underneath parts of the overall infrastructure: for example, hosting an individual service," Hammond explained.
Microsoft may be developing a new OS, based on its Azure "Midori" tech demonstrator, that is a radical departure from its OS history.