1. 5
    wezm avatar wezm 1 month ago | link | on: Nebulet | More answers to questions that you may or may not have asked.

    Redox is not a particularly good example of operating system design

    A bold claim that I’d be curious to hear sustantiated.

    1. 4
      lachlansneff avatar lachlansneff 1 month ago | link

      Someone on the reddit post asked much the same thing. Here’s my reply:

      Sure thing. I’m not saying that Redox isn’t a great thing. It was the first project to seriously open up the possibility of writing operating systems in Rust and I will forever be thankful to it for that.

      To elaborate on bad design: there are a number of questionable (at least to me) design decisions. For example, why are schemes designed the way they are? It seems to me like if they want to change the api between usermode and the kernel, they should either go all the way or none of it. Schemes change it a bit, but they don’t reconsider and fix bad design choices in posix and linux.

      Furthermore, Redox is simply not designed for performance. Even the scheduler, one of the most important contributors to the overall performance of a system does far more work than necessary. It exchanges performance for slightly more simplicity, which, when designing an operating system, is rarely the correct choice.

      1. -1
        Shamar avatar Shamar Jehanne Hacker 1 month ago | link

        It exchanges performance for slightly more simplicity, which, when designing an operating system, is rarely the correct choice.

        I’d argue that premature optimization is the root of all evils… but I have a better question.

        Did you chose WebAssembly for performance, simplicity or both?

        Nebulet is a great challenge to my own wisdom because of this choice: I do not like WASM.
        And if it sound so much evil and disgusting to an heretic like me, it must really be a great hack! ;-)

        1. 1
          lachlansneff avatar lachlansneff 1 month ago | link

          I agree with you in most cases about premature optimizations. However, there are some parts, like in an os scheduler, that aren’t much more difficult to optimize and reap huge benefits.

          I chose wasm for both of those benefits. It can reach almost native performance, but the compiler for it and the runtime around are much simpler than any other comparable isa.

          Why don’t you like wasm?

          1. 0
            Shamar avatar Shamar 1 month ago | link

            From wikipedia:

            WebAssembly is a web standard that defines a binary format and a corresponding assembly-like text format for executable code in Web pages.

            Really, what can go wrong?

            I grew up when the web was a public library, not a market.
            I learnt my first HTML, CSS and Javascript through “view source”.
            WASM is the ultimate obfuscation.

            There is a huge architectural security flawn in webassembly (inherited by Javascript): you run on your pc code controlled by a third party that knows you and your location and can easily customise such code to exploit the resources of your pc.

            This is actually a geopolitical scale security issue.

            From a technical perspective several high level assembly exists (java byte code, clr’s IL, Inferno DIS… the first that come to mind), but deploying worldwide a new one based on the provably most insecure system existing out there is plain stupid (if not criminal).

            These are in a nutshell my concerns.

            But these are not concerns with your project!
            It’s an interesting hack… exactly because it could prove me wrong!

    1. 1
      lachlansneff avatar lachlansneff 2 months ago | link | on: customasm: Assembler for custom instruction sets

      Very cool!

      1. 1
        rzhikharevich avatar rzhikharevich 3 months ago | link | on: Why Nebulet?

        I don’t understand how it’s possible pick three here: “full-native speed”, single address space OS (everything in ring 0) and security. I believe you can only pick two.

        1. 1
          lachlansneff avatar lachlansneff 2 months ago | link

          Well, that’s what nebulet is trying to challenge.

          1. 1
            dw avatar dw 2 months ago | link

            https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/osr2007_rethinkingsoftwarestack.pdf

            1. 1
              rzhikharevich avatar rzhikharevich 2 months ago | link

              I haven’t yet read the whole paper but in the conclusion they say that performance was a non-goal. They “also improved message-passing performance by enabling zero-copy communication through pointer passing”. Although I don’t see why zero-copy IPC can’t be implemented in a more traditional OS design.

              The only (performance-related) advantage such design has in my opinion is cheaper context-switching, but I’m not convinced it’s worth it. Time (and benchmarks) will show, I guess.

              1. 1
                dw avatar dw edited 2 months ago | link

                When communication across processes becomes cheaper than posting a message to a queue belonging to another thread in the same process in a more traditional design, I’d say that that’s quite a monstrous “only” benefit.

                I should have drawn your attention to section 2.1 in the original comment, that’s where you original query is addressed. Basically the protection comes from static analysis, a bit like the original Native Client or Java’s bytecode verifier