From 45c9a50641b9469d508e67f0e3c737663e46c2f4 Mon Sep 17 00:00:00 2001
From: Thomas Leonard <talex5@gmail.com>
Date: Thu, 27 Apr 2023 10:57:34 +0100
Subject: [PATCH 1/2] Link to Meio

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 0ee20eb8d..f7e2dbb4e 100644
--- a/README.md
+++ b/README.md
@@ -245,6 +245,9 @@ This shows the two counting threads as two horizonal lines.
 The white regions indicate when each thread was running.
 Note that the output from `traceln` appears in the trace as well as on the console.
 
+The [Meio][] (Monitoring for Eio) project provides an interactive console-based UI for exploring running fibers,
+using the new runtime events support in OCaml 5.1.
+
 ## Cancellation
 
 Every fiber has a [cancellation context][Eio.Cancel].
@@ -1776,3 +1779,4 @@ Some background about the effects system can be found in:
 [Eio.Semaphore]: https://ocaml-multicore.github.io/eio/eio/Eio/Semaphore/index.html
 [Eio.Condition]: https://ocaml-multicore.github.io/eio/eio/Eio/Condition/index.html
 [Domainslib]: https://github.com/ocaml-multicore/domainslib
+[Meio]: https://github.com/tarides/meio

From 2a1478b695dc934b1beb634b764126a7bd6b0134 Mon Sep 17 00:00:00 2001
From: Thomas Leonard <talex5@gmail.com>
Date: Thu, 27 Apr 2023 11:03:49 +0100
Subject: [PATCH 2/2] Link to Lambda Capabilities blog post

---
 README.md | 28 ++++++----------------------
 1 file changed, 6 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index f7e2dbb4e..fa717f0ff 100644
--- a/README.md
+++ b/README.md
@@ -514,7 +514,7 @@ See [examples/net](./examples/net/) for a more complete example.
 
 ## Design Note: Capabilities
 
-Eio follows the principles of [capability-based security][].
+Eio follows the principles of capability-based security.
 The key idea here is that the lambda calculus already contains a perfectly good security system:
 a function can only access things that are in its scope.
 If we can avoid breaking this model (for example, by adding global variables to our language)
@@ -544,27 +544,12 @@ In a capability-safe language, we don't have to read the entire code-base to fin
   We could make that code easier to audit by passing it `(fun () -> Eio.Net.connect net addr)` instead of `net` .
   Then we could see that `run_client` could only connect to our loopback address.
 
-Some key features required for a capability system are:
-
-1. The language must be memory-safe.
-   OCaml allows all code to use e.g. `Obj.magic` or `Array.unsafe_set`.
-
-2. The default scope must not provide access to the outside world.
-   OCaml's `Stdlib.open_in` gives all code access to the file-system.
-
-3. No top-level mutable state.
-   In OCaml, if two libraries use a module `Foo` with top-level mutable state, then they could communicate using that
-   without first being introduced to each other by the main application code.
-
-4. APIs should make it easy to restrict access.
-   For example, having a "directory" should allow access to that sub-tree of the file-system only.
-   If the file-system abstraction provides a `get_parent` function then access to any directory is
-   equivalent to access to everything.
-
 Since OCaml is not a capability language, code can ignore Eio and use the non-capability APIs directly.
-However, it still makes non-malicious code easier to understand and test
+However, it still makes non-malicious code easier to understand and test,
 and may allow for an extension to the language in the future.
-See [Emily][] for a previous attempt at this.
+
+The [Lambda Capabilities][] blog post provides a more detailed introduction to capabilities,
+written for functional programmers.
 
 ## Buffered Reading and Parsing
 
@@ -1749,8 +1734,6 @@ Some background about the effects system can be found in:
 [Lwt_eio]: https://github.com/ocaml-multicore/lwt_eio
 [mirage-trace-viewer]: https://github.com/talex5/mirage-trace-viewer
 [structured concurrency]: https://en.wikipedia.org/wiki/Structured_concurrency
-[capability-based security]: https://en.wikipedia.org/wiki/Object-capability_model
-[Emily]: https://www.hpl.hp.com/techreports/2006/HPL-2006-116.pdf
 [gemini-eio]: https://gitlab.com/talex5/gemini-eio
 [Awesome Multicore OCaml]: https://github.com/ocaml-multicore/awesome-multicore-ocaml
 [Eio]: https://ocaml-multicore.github.io/eio/eio/Eio/index.html
@@ -1780,3 +1763,4 @@ Some background about the effects system can be found in:
 [Eio.Condition]: https://ocaml-multicore.github.io/eio/eio/Eio/Condition/index.html
 [Domainslib]: https://github.com/ocaml-multicore/domainslib
 [Meio]: https://github.com/tarides/meio
+[Lambda Capabilities]: https://roscidus.com/blog/blog/2023/04/26/lambda-capabilities/