To the Apple fans:
Memory tagging is one of the 1970s-era technologies (Lisp Machines) that used hardware to strengthen security. For decades Apple played their part in trying to bury that legacy by normalizing naive system architectures that emphasized speed and sensationalism above all else (except for the Apple IIgs, which was non-fast for the sake of being slow). 🙃
Also, their announcement is more about reversing the ground iOS has lost to its two main competitors in China, who now use microkernel architectures that are considered more secure than iOS (even if they are probably backdoored). Xiaomi HyperOS is very interesting. https://techwireasia.com/2025/04/apples-market-share-in-china-plummets-9-as-xiaomi-reclaims-top-smartphone-spot/
The exploit market for iOS has become endemic (indicating an engineering culture in torpor), so I sincerely hope this long-overdue feature will make an impact.
I also hope western FOSS communities will sit up and take notice; the gaggle of prancing Linux/BSD fans around here clearly don't realize the ground has been shifting under their feet for years.
#apple #ios #iphone #ipad #infosec #hyperos #smartphone #spyware #malware #foss #microkernels
Как мы раскрыли внутреннюю архитектуру Flutter и затащили его на собственную платформу
Если вы разрабатываете мобильные приложения, то почти наверняка сталкивались с Flutter — мегапопулярным открытым фреймворком от Google. Наша команда Mobile SDK and Applications Development, конечно, тоже захотела использовать Flutter при создании приложений для KasperskyOS — собственной микроядерной операционной системы «Лаборатории Касперского» — но был нюанс… Особенности архитектуры KasperskyOS задают условия, при которых мы не можем пойти проторенными дорожками и свободно интегрировать фреймворк на своей платформе. Подсмотреть решения где-то вовне мы не можем тоже — таких кейсов в индустрии просто не было. А сам Google практически не раскрывает внутреннюю архитектуру Flutter. Так что интеграцию требовалось выстраивать с нуля. И мы залезли под капот Flutter и нашли решения, которые, с одной стороны, были бы удобны разработчикам, а с другой — устраивали бы нас с точки зрения безопасности и производительности. Если вы тоже разрабатываете приложения, где требуется разбираться во внутренней архитектуре Flutter, статья точно будет вам полезна — ныряйте под кат!
https://habr.com/ru/companies/kaspersky/articles/864200/
#flutter #operating_system #microkernels #crossplatform_mobile_programming #mobile_development #kasperskyos #wayland #разработка_приложений #android #android_development #ос #операционные_системы #операционная_система
E. de Matsos and M. Ahvenjärvi, "seL4 Microkernel for virtualization use-cases: Potential directions towards a standard VMM"¹
Virtualization plays an essential role in providing security to computational systems by isolating execution environments. Many software solutions, called hypervisors, have been proposed to provide virtualization capabilities. However, only a few were designed for being deployed at the edge of the network, in devices with fewer computation resources when compared with servers in the Cloud. Among the few lightweight software that can play the hypervisor role, seL4 stands out by providing a small Trusted Computing Base and formally verified components, enhancing its security. Despite today being more than a decade with seL4 microkernel technology, its existing userland and tools are still scarce and not very mature. Over the last few years, the main effort has been put into increasing the maturity of the kernel itself and not the tools and applications that can be hosted on top. Therefore, it currently lacks proper support for a full-featured userland Virtual Machine Monitor, and the existing one is quite fragmented. This article discusses the potential directions to a standard VMM by presenting our view of design principles and feature set needed. This article does not intend to define a standard VMM, we intend to instigate this discussion through the seL4 community.
#arXiv #ResearchPapers #seL4 #VMM #Virtualisation #Microkernels
__
¹ https://arxiv.org/abs/2210.04328
Virtualization plays an essential role in providing security to computational systems by isolating execution environments. Many software solutions, called hypervisors, have been proposed to provide virtualization capabilities. However, only a few were designed for being deployed at the edge of the network, in devices with fewer computation resources when compared with servers in the Cloud. Among the few lightweight software that can play the hypervisor role, seL4 stands out by providing a small Trusted Computing Base and formally verified components, enhancing its security. Despite today being more than a decade with seL4 microkernel technology, its existing userland and tools are still scarce and not very mature. Over the last few years, the main effort has been put into increasing the maturity of the kernel itself and not the tools and applications that can be hosted on top. Therefore, it currently lacks proper support for a full-featured userland Virtual Machine Monitor, and the existing one is quite fragmented. This article discusses the potential directions to a standard VMM by presenting our view of design principles and feature set needed. This article does not intend to define a standard VMM, we intend to instigate this discussion through the seL4 community.
The Three Generations of Microkernels
From Mach to seL4 https://fediverse.blog/~/3542/the-three-generations-of-microkernels/
N-gated Hacker News
wyngman
Habr
LisPi
bren
The ol' tealeg 🐡
cynicalsecurity 
Daniel 黄法官 CyReVolt 🐢
Sergey Bugaev