1. 14
  1.  

  2. 5

    Redox is not a particularly good example of operating system design

    A bold claim that I’d be curious to hear sustantiated.

    1. 4

      Someone on the reddit post asked much the same thing. Here’s my reply:

      Sure thing. I’m not saying that Redox isn’t a great thing. It was the first project to seriously open up the possibility of writing operating systems in Rust and I will forever be thankful to it for that.

      To elaborate on bad design: there are a number of questionable (at least to me) design decisions. For example, why are schemes designed the way they are? It seems to me like if they want to change the api between usermode and the kernel, they should either go all the way or none of it. Schemes change it a bit, but they don’t reconsider and fix bad design choices in posix and linux.

      Furthermore, Redox is simply not designed for performance. Even the scheduler, one of the most important contributors to the overall performance of a system does far more work than necessary. It exchanges performance for slightly more simplicity, which, when designing an operating system, is rarely the correct choice.

      1. [Comment from banned user removed]

        1. 1

          I agree with you in most cases about premature optimizations. However, there are some parts, like in an os scheduler, that aren’t much more difficult to optimize and reap huge benefits.

          I chose wasm for both of those benefits. It can reach almost native performance, but the compiler for it and the runtime around are much simpler than any other comparable isa.

          Why don’t you like wasm?

          1. 0

            From wikipedia:

            WebAssembly is a web standard that defines a binary format and a corresponding assembly-like text format for executable code in Web pages.

            Really, what can go wrong?

            I grew up when the web was a public library, not a market.
            I learnt my first HTML, CSS and Javascript through “view source”.
            WASM is the ultimate obfuscation.

            There is a huge architectural security flawn in webassembly (inherited by Javascript): you run on your pc code controlled by a third party that knows you and your location and can easily customise such code to exploit the resources of your pc.

            This is actually a geopolitical scale security issue.

            From a technical perspective several high level assembly exists (java byte code, clr’s IL, Inferno DIS… the first that come to mind), but deploying worldwide a new one based on the provably most insecure system existing out there is plain stupid (if not criminal).

            These are in a nutshell my concerns.

            But these are not concerns with your project!
            It’s an interesting hack… exactly because it could prove me wrong!

    2. 3

      One of the OSes that Nebulet reminds me the most of is again, IBM i (but everyone old enough calls it OS/400), with its single address space and requiring applications be written for a safe VM. If it had objects, database as storage, and a single level store, it’d be very close to it!

      1. 4

        It’s a design that’s easy to get off the ground, for sure. Managing arbitrary user binaries with different permissions means needing to rely on hardware memory management (non-portable and one of the ickier corners of the 386 IMO).

        I’ve done it on all my OS projects, on the ground that I’m lazy & don’t care about the performance & security of toys. But, with JIT and virtualization on the table, there’s plenty of practical reason to move the management of permissions to the VM and away from hardware facilities. (Plus, recent events have shown that trusting chipmakers to do complicated security-vital stuff in hardware is not any more reliable than doing it in software, & perhaps worse since it’s harder to investigate and patch.)

        1. 3

          FWIW, i uses an AOT compiler for the VM based applications. (It does also implement private address spaces for applications that request it, and for AIX applications running under it.)