Video link to Vermona being presented
I watched the video last night, and the title is apparently wrong.
It’s not a Rust-based programming language. It’s a new language with Rust-like ownership (but more coarse-grained than the object level) and application compartmentalization for legacy code.
It’s designed to allow incremental upgrading of legacy code, which makes a ton of sense because Microsoft has millions of millions of lines of it.
But this also makes sense for the open source ecosystem, which suffers from a lack of maintainers.
I mentioned that “securing legacy codebases” is in some ways a better framing than “memory safety” here: https://lobste.rs/s/yttj7j/memory_safety_research_agenda#c_7n8idu
I will look at this when it comes out… It sounds early, but if they provide a way to incrementally upgrade old code, that would be amazing. That is, it would be great to secure Python, PHP, Erlang, Apache, Nginx, sqlite, coreutils, Firefox, etc. without rewriting them entirely in another language!
They mentioned CHERI: https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
Although that apparently relies on hardware, which doesn’t seem deployable.
While it was light on details, I think they’re on the right track.
I haven’t watched the video yet, but I have been mulling a version of cmake that targets Wasi and compartmentalizes legacy C/C++ codebases into a Wasm container while providing easy hooks to extend the system with Rust. It wouldn’t automatically configure protection domains between submodules, but it would it make it much much easier.
Eventually, I’d like to see a tool where you could carve say a Redis process into networking, disk and memory. If one could determine those boundaries from watching execution traces, all the better. Bonus points for having a capabilities overseer running in realtime, but that would require dynamic recompilation.
I’m sure somebody recently announced an ARM core with Cheri built in… But I can’t seem to scrounge up a link :(
You are probably thinking of https://www.arm.com/blogs/blueprint/digital-security-by-design.
Oh cool, a new language from Microsoft that helps us write correct code.
Throws Verona on the pile with P, P#, IVy, Dafny, F*, Midori, Koka, and Lean
(I kid, I kid. Microsoft does a lot of great work in this field, but a lot of their experiments end up not working out.)
But you have a point nevertheless…
EDIT (I almost forgot)
It’s just the Microsoft way
Huh. Never thought about it before but does Microsoft (research) have a Lisp?
As a matter of fact, yes! Microsoft Lisp was a LISP interpreter in the 1980s for DOS.
As I recall, it was slower than BASIC, had a terrible editor, and was missing basic stuff like being able to parse 'x as (quote x)
I think ASP (1996) predates PHP (1997).
Both were ultimately a really bad idea though.
PHP was a genius idea in its time, because it enabled extremely cheap shared hosting.
If you had a low-traffic site, your options around 2002 were either a PHP host for under $5/mo, or the cheapest available colocated host at around $200/mo.
It wasn’t a better language, but it was a much better setup experience with a smoother on-ramp that cost less to host (which echoes, to me, modern criticisms of golang).
PHP/FI first appeared in 1994/1995, and although the “FI” part bears little resemblance to the “modern” PHP3 that showed up in 1997 (of which I think it’s fair to say PHP7 has much more in common with than PHP/FI), several critical ideas showed up here that undoubtedly influenced the design and development ASP.
ASP was a good idea (glue to stick together existing application code and render its output to the web) that everybody ignored and just tried to create entire applications with. It was never meant to do that, which is why it was so terrible at doing so for the first 5 or so years of its life
Why were they bad ideas?
What’s the definition of “working out” ? P looks like it’s still active:
I remember it had this success story but I don’t know the details very well. I’m not a Windows user so I haven’t been motivated to look.
It sounds like this Verona project is very early, but I think they framed the problem “right”. I would like something like Rust that works better with legacy code. Rewriting code for only of security purposes (as opposed to functionality) is a waste and splits the ecosystem / developer effort. It’s the most expensive way to achieve that goal.
And empirically speaking I don’t think it happens… People talk about it but don’t do it on major systems because of the effort involved. (e.g. speaking as someone who has been “rewriting” bash for nearly 4 years, with Oil. Of course Oil isn’t motivated only by security..)
For example, I would be surprised if Firefox is >90% Rust within 10 years. Or even 20 years. It makes more sense to split the application up and rewrite certain parts of it in a safe language. That is, follow the Verona strategy (if it is feasible, which is a big “if”, and something that’s a worthy target of research).
Re P. From Microsoft’s site:
“P got its start in Microsoft software development when it was used to ship the USB 3.0 drivers in Windows 8.1 and Windows Phone. These drivers handle one of the most important peripherals in the Windows ecosystem and run on hundreds of millions of devices today. P enabled the detection and debugging of hundreds of race conditions and Heisenbugs early on in the design of the drivers, and is now extensively used for driver development in Windows.”
Don’t forget about Spec# and Sing#
My understanding is that F* code (EverCrypt in particular) shipped in Windows kernel.
It’s Verona, not Vermona.
Verona is a city in Italy, “vermone” means “big worm”
Veromona is Vermone’s wife.
And Vermione is their daughter. She’s a talented programmer and has recently been accepted into an elite boarding school to hone her skills.
Thanks, too much drum machine on my mind