
Riot OS – Real-Time, MMU optional and threads - anonsivalley652
https://www.riot-os.org
======
seren
I wonder why the comparison table does not include FreeRTOS or Zephyr.

From a high level view, I don't really what's really different for RIOT OS

~~~
anonsivalley652
I would read the extensive list of features and look at the code first before
hurling content-free FUD. It even supports Arduino too.

[https://github.com/RIOT-OS/RIOT/tree/master/cpu](https://github.com/RIOT-
OS/RIOT/tree/master/cpu)

~~~
bsder
Not comparing to Zephyr, which ticks all the same boxes, is absolutely a
problem.

And I would argue that Arduino support nowadays is a negative, not a positive.
Arduino support means that you are going to do a bunch of things to support 8
and 16 bit systems that look absolutely silly on 32 bit systems. And, it's not
even clear that Arduino systems are actually cheaper or lower power than ARM
Cortex-M4 systems anymore--which negates the advantage of Arduinos.

~~~
moron4hire
I completely switched to the Adafruit Feather M4 series for my hobby
electronics about 5 years ago. Each board might be a little more expensive
than a base Arduino, but they are way more powerful and have a lot of great
features.

~~~
duskwuff
If you want to go "budget", STM32 hardware (like the common "blue pill"
STM32F103C8 board) is priced comparably to a knockoff Arduino, if not cheaper.

~~~
pantalaimon
You can now get much more powerfull STM32F411CEU6 boards for the same price.

~~~
duskwuff
Which boards are you thinking of? "Blue pill" STM32F103C8 boards are $2 to $3,
if you're willing to run the risk of getting a cloned microcontroller. (The
clones are actually quite usable for most purposes.)

~~~
pantalaimon
The clones even tend to have more memory.

But I was thinking of those boards:
[https://aliexpress.com/item/4000103610226.html](https://aliexpress.com/item/4000103610226.html)

(also supported by RIOT btw [https://github.com/RIOT-
OS/RIOT/pull/12778](https://github.com/RIOT-OS/RIOT/pull/12778))

~~~
duskwuff
Oh, those! I have one of the F401 models -- I didn't know there was a F411
variant, though, nor that they've gotten so cheap. There might be a purchase
in my future. :)

------
snvzz
Yet another to the list[0].

[0]: [https://www.osrtos.com/](https://www.osrtos.com/)

------
dang
Related from 2019:
[https://news.ycombinator.com/item?id=19016945](https://news.ycombinator.com/item?id=19016945)

(Edit: link is for the curious. Reposts are fine after a year or so:
[https://news.ycombinator.com/newsfaq.html.](https://news.ycombinator.com/newsfaq.html.))

~~~
anonsivalley652
Dern it, http<->s. I swore I algolia'd first but must not have. Sorry!

Btw, would it be a bother to suggest a tweak to the submit action's link
uniqueness check to prevent dupe items differing only in URI scheme?

    
    
        // Crunchy pseudo-LISP below
    
        (defun flip_scheme (url)
          (sed "s/^https/@ttp/;s/^http/@ttps/;s/^@/h/" url)
        )
    
        // after sanitization/normalization at the point of checking for dupe items
        // instead of
        // (has_url url)
        (if (has_url url)
           (return (redirect 301 "Moved permanently" (item_for_url url))
        )
        (let flipped (flip_scheme url))
        (if (has_url flipped)
           (return (redirect 301 "Moved permanently" (item_for_url flipped)))
        )

~~~
Wowfunhappy
The last posting was more than a year ago, it's fine to re-post! Dang was
merely providing the old thread as a reference.

------
anonsivalley652
Collab between Samsung + Microsoft + UofW + U of Maryland that is also trying
CheckedC.

[https://github.com/Microsoft/checkedc-
clang](https://github.com/Microsoft/checkedc-clang)

[https://github.com/Microsoft/checkedc](https://github.com/Microsoft/checkedc)

------
andrewklofas
Cool project, but no ipv4 support. Can't take an iot os seriously with no
ipv4, sorry

~~~
Reventlov
Ipv6 should be the way to go nowadays, no ? For sensors network, people are
using ipv6: as you don't have enough ipv4 adresses for computers and phones,
you don't use ipv4 for sensors networks and IOT, that's a nonsense.

~~~
joosters
I would imagine almost all IoT devices in the home are using IPv4 at the
moment, you can’t rely on IPv6 working properly with many ISPs. They don’t
have to use public addresses, so scarcity isn’t a problem.

------
Aloha
I wonder how this compares to RTEMS

------
xvilka
Tock OS[1][2] is way more promising since it's written in Rust instead. In
2020 there is no reason to invest time in anything new in C, apart from
maintaining legacy software.

[1] [https://www.tockos.org/](https://www.tockos.org/)

[2] [https://github.com/tock/tock](https://github.com/tock/tock)

~~~
snvzz
I'd rather seL4, which isn't written in rust but on a time-proven language (C)
and yet has thorough proofs of doing what it's supposed to do, unlike this OS
you suggest.

~~~
pjmlp
Indeed, 40 years of proven memory corruption bugs.

[https://www.cvedetails.com/vulnerability-
list/opmemc-1/memor...](https://www.cvedetails.com/vulnerability-
list/opmemc-1/memory-corruption.html)

[https://msrc-blog.microsoft.com/2019/07/16/a-proactive-
appro...](https://msrc-blog.microsoft.com/2019/07/16/a-proactive-approach-to-
more-secure-code/)

Which are reaching the tipping point of enough is enough.

Which is why Android 11 will now require memory tagging hardware for C and C++
code, when running on ARM.

[https://security.googleblog.com/2019/08/adopting-arm-
memory-...](https://security.googleblog.com/2019/08/adopting-arm-memory-
tagging-extension.html)

[https://source.android.com/devices/tech/debug/tagged-
pointer...](https://source.android.com/devices/tech/debug/tagged-pointers)

And no, it doesn't need to be Rust, in fact NVidia has decided to dump C and
C++ for security critical firmware, betting on Ada,

[https://blogs.nvidia.com/blog/2019/02/05/adacore-secure-
auto...](https://blogs.nvidia.com/blog/2019/02/05/adacore-secure-autonomous-
driving/)

While F-Secure is using bare metal Go for their Foundry,
[https://www.f-secure.com/en/consulting/foundry](https://www.f-secure.com/en/consulting/foundry)

Speaking of seL4, Genode OS is now using Ada alongside seL4,

[https://genode.org/documentation/release-
notes/16.08](https://genode.org/documentation/release-notes/16.08)

[https://genode.org/documentation/release-
notes/19.11](https://genode.org/documentation/release-notes/19.11)

~~~
renox
seL4 isn't really written in C, AFAIK it's written in Haskell then translated
in C. Because C is one of the few language to have a formally verified
compiler CompCert.

Now does seL4 support properly modern CPUs: multiple cores, with different
power settings? This I don't know.

And what about Spectre?

~~~
pjmlp
With the caveat that CompCert is mostly C99 and requires MISRA like C.

What about Spectre? It is an hardware exploit, thus there is only so much one
can don in software to prevent it.

However that shouldn't be an argument for not improving the security of the IT
stack, people still die when wearing security belts and helmets, but they
surely do surving in higher rates than when they weren't a requirement.

Exploits due to logical programming errors, false premises, hardware bugs,
will always be around, however reducing the attack surface is already a big
improvement.

~~~
renox
>What about Spectre? It is an hardware exploit, thus there is only so much one
can don in software to prevent it.

And there _has been_ mitigations done in software in the Linux kernel (and the
web browsers but that's userspace), so my question:

has seL4 being updated with mitigations for Spectre?

Plus for a microkernel, this can be a big performance issue..

~~~
pjmlp
Mitigations never solve 100% the problems, as proven by 40 years of C related
security mitigations, including hardware memory tagging.

As for seL4, I only have superficial knowledge of the project.

