
Redox – A Unix-Like Operating System Written in Rust - wtetzner
https://www.redox-os.org/
======
Animats
Interesting. Not clear if they got the big lesson of QNX vs. Mach - scheduler
and interprocess message coordination is crucial to microkernel performance.
The relevant pages of their "book" are blank. I'm trying to find the
interprocess communication primitives and can't. Anyone know where that's
documented?

I notice they put an ELF loader for executables in the kernel. It's better to
have the loader outside the kernel. See this Linux vulnerability.[1] They may
get there; they don't have shared objects yet. QNX starts up new processes
with a canned startup which links to a shared object to do the loading of the
executable. So loading runs with the privileges of the thing being loaded,
which is safe.

They put very few drivers in the kernel - just a serial console. That's good.
Like QNX, the boot image contains user-level processes you want run at
startup. So you don't need drivers in the kernel to get going. This is good
for embedded applications. QNX comes with a boot image builder into which you
put what's needed at startup. There's a set of services for disk-based systems
which get you a UNIX desktop like environment. But for embedded use, you can
build a diskless QNX image with much less.

One advantage of a small unchanging kernel is that it can be put in a boot ROM
for the life of the machine. This is a win in embedded devices. Any updating
is done by loading new processes in userland, not with some super-powerful low
level thing that nobody understands and probably relies on security through
obscurity.

[1]
[https://nvd.nist.gov/vuln/detail/CVE-2018-6924](https://nvd.nist.gov/vuln/detail/CVE-2018-6924)

~~~
saghm
> They may get there; they don't have shared objects yet.

I'm a bit of a novice when it comes to operating system implementation, so I'm
not sure if this is a naive question, but how big of a priority is this for an
OS written in Rust? By default, Rust statically links everything besides
things written in C/C++ (e.g. libc), so would static linking be sufficient for
an OS designed to implement everything in Rust?

~~~
amenghra
Call me crazy, but it would be nice if binaries were bundled with all their
dependencies but then the OS maps identical files to the same memory region to
save space+perf.

You get the best of both worlds?

~~~
dahfizz
This is exactly the approach of newer application formats in the Linux world
such as flatpak and snaps.

The problem, though, is that all the libraries are duplicated on disk. Flatpak
and snaps get around this by recognizing when there is a shared dependency and
only downloading it once. But if you "bake in" all your dependecies into a
single executable file, that would cause pretty significant inflation for
program sizes.

This may be less of an issue now as disk space gets cheaper and cheaper, but
it still feels like a step in the wrong direction.

~~~
wtetzner
It would be cool to have a filesystem that unique'd storage of identical
objects under the hood. E.g. even though the user sees a particular filename,
it's actual stored using a SHA to detect duplicates.

If you edit a file, it could do a copy-on-write, to ensure you're not
inadvertently changing a different file.

~~~
db48x
Deduplicating filesystems do exist; ZFS is one of the better examples. Of
course, maintaining the indexes turns out to become a larger percentage of
your cpu time, and those indexes have to live somewhere so they occupy a lot
of memory. (You could reduce that impact by doing file-level rather than block
-level deduplication, but then you also lose many of the benefits)

If you want something that's higher level, there are tools like git annex that
do this.

~~~
ComputerGuru
ZFS (and others) feature block-based deduplication, not rule-level
deduplication which is cheap and fast (though less “effective”).

~~~
ComputerGuru
*file-level

------
nixpulvis
Redox is a really cool project. I haven't tried running it in a while though.
Last time I tried it I couldn't get it running on real hardware, maybe things
have gotten better there.

Either way, if you find Redox interesting, I bet you'll find [https://os.phil-
opp.com/](https://os.phil-opp.com/) interesting too. It's a much less full
fledged project, but the blog posts are a _great_ way to learn about Rust and
OSes at the same time.

------
Koshkin
> _Unix-Like_

It has been my impression that one of the advantages of Unix is not having to
_rewrite the userland_ each time you write a new kernel or port an existing
one to a new platform.

~~~
coliveira
Exactly, there is no sense in trying to write UNIX in another language because
it defeats the original goal of the system.

~~~
chc4
It's Unix-like, not a Unix clone. In particular they settled on a "everything
is a URL" instead of "everything is a file", with different URIs being
delegated to userspace services.

It still draws quite a bit from Unix though, and provides a shim translating
`/dev/proc` to `proc:` or whatever.

~~~
ori_b
Well, that's a major imstake -- now I need to know what service I'm talking
to, which means that I can't transparently replace my /dev/net with a
userspace proxy. Unix half screwed this up, and they took the mistake and
perfected it.

~~~
winklock
You can replace anything transparently, the Redox kernel supports scheme
namespacing.

~~~
ori_b
So, for example, can I replace my network traffic with a file for testing, by
binding a scheme to a file on disk?

~~~
Tuna-Fish
To do that, you need to use a driver that translates between a file: and ip:
(or ethernet:, tcp:/udp: or network:, allowing binding at different levels of
the stack), because the protocols allow different operations. Said driver of
course runs in userspace (because microkernel) and already exists. (Because
it's absolutely needed for development.)

~~~
Koshkin
> _driver that translates_

That's something new... So, for the N-th device type in addition to the device
driver I might need 2*(N-1) translating drivers!

~~~
Tuna-Fish
Most of those would be meaningless, or require enough decisionmaking that the
program between them cannot reasonably be called a driver. What kind of driver
translates between audio and window system objects?

In any case, you only need 2N for translating both ways between file: and
whatever: to get the same experience Unix does, and wherever that makes sense
it is usually provided.

The win is of course that each of those protocols can be strongly typed and
provide exactly all the operations that make sense for that protocol.
Basically, think of all the things IOCTL does and give them their own names.

~~~
ori_b
Ioctl was a horrible mistake, since it prevents configuring and introspecting
devices with general interfaces and ad-hoc scripts.

This elevates the mistake, and polishes the worst of the early Unix conceptual
fuckups.

------
matachuan
Really cool project! It reminds me of TockOS from SOSP'17 which is also
written in Rust but designed for extremely resource-constrained devices.

~~~
moosingin3space
Serious question: how is this similar to TockOS, other than being written in
Rust? TockOS doesn't use an MMU since it's designed for single-address-space
applications on microcontrollers.

------
marsrover
I think Redox is cool but I wonder if it not being POSIX compliant is going to
cause adoption issues.

~~~
jackpot51
I am the creator of Redox. We have a somewhat POSIX compliant C library called
relibc that supports existing Unix applications.

------
adamnemecek
Redox is cool but I'm pumped for the OS' that really take advantage of Rust to
create new architectures.

~~~
johannes1234321
The issue with such an OS is that there aren't won't be any libraries and
tools. So the OS vendor might need a custom shell, custom utilities, custom
libraries for everything ... or they offer POSIX-like APIs. One area where one
can see this is IncludeOS - they had their custom APIs for a long time to
leverage their architecture, but are now focussed on providing POSIX
compatibility ... and that's only for single purpose unikernel systems. If the
OS should also be universal this is even more of a problem. (Especially if you
also want a graphical desktop ...)

~~~
AnIdiotOnTheNet
With that attitude you'll never be able to ditch legacy cruft, and there's
quite a lot of it in POSIX. I agree with the other poster that a compatibility
layer in the form of virtualization and/or emulation should be sufficient, as
long as your new OS brings something to the table that's desirable. Shunt the
legacy crap off into its own contained environment and build a nice new clean
one for new stuff to use.

~~~
johannes1234321
Yeas, in a imaginary world replacing POSIX would be great. But that's not an
easy endeavor. 30 years of legacy tied to it.

As long as you don't have POSIX only special interest users will use your
system.

I believe the only way forward is to start on POSIX and then move on step by
step and deprecating part by part.

~~~
AnIdiotOnTheNet
In the same imaginary world, creating a new POSIX OS that isn't Linux is a
giant waste of time just from gap in drivers alone. If you're going to ditch
all that hardware support then you may as well ditch POSIX and its crap while
you're at it.

~~~
yjftsjthsd-h
Unless you have _some_ portable standard to target, you just tied the entire
universe to exactly 1 OS implementation. I would like to not do that.

~~~
AnIdiotOnTheNet
Bull. People developed software for multiple completely different computer
architectures throughout the 80s and 90s. People do it today between different
game console platforms in addition to operating systems. Even if you try and
target something like SDL or a web browser your abstraction won't save you
from a platform's quirks once you reach a certain level of complexity and then
you'll have to work around it anyway.

Hell, even between supposedly POSIX systems there's a lot of #ifdef going on
to make things work.

------
qwerty456127
Where can one find lists of hardware and software supported to the date?

~~~
sajattack
Hardware is pretty much just try it and see if it works. Drivers supported are
pretty much just what virtualbox/qemu use. [https://gitlab.redox-os.org/redox-
os/drivers](https://gitlab.redox-os.org/redox-os/drivers) Things like e1000.
Many Thinkpads work.

Software list is here [https://static.redox-os.org/pkg/x86_64-unknown-
redox/](https://static.redox-os.org/pkg/x86_64-unknown-redox/)

------
jayalpha
Saw it before but did not try it out yet. On a first look I mistook it for
Harvey [https://harvey-os.org/](https://harvey-os.org/)

------
snvzz
>unix-like

>microkernel based

Aren't these two contradictory? Unix-like would be a classic monolithic
design.

------
rubyn00bie
Is there like... a joke to the screenshots page being literal pictures of
screens? Because I'm dying on the inside.

~~~
steveklabnik
Running your own OS on real hardware is an accomplishment.

~~~
rubyn00bie
I no way am implying or saying it’s not an accomplishment. It’s just the fact
they’re literally screenshots I found hilarious/brilliant.

------
paavoova
Redox is still very much a prototype and shows you can't simply slap "safe"
Rust together and magically conjure up a kernel and OS: [https://gitlab.redox-
os.org/redox-os/redox/issues/1136](https://gitlab.redox-os.org/redox-
os/redox/issues/1136)

~~~
gpm
So, no one anywhere is claiming you can write a kernel in purely safe code. It
fundamentally needs to access arbitrary memory locations which is unsafe.

That said, I don't think _any_ of the issues in that thread are related to
unsafety. It's perfectly safe to panic. None of those bugs are memory
corruption, arbitrary code execution, or so on, which is what safety tries to
protect against.

~~~
paavoova
But people are claiming you can't write a safe kernel in C, and point out safe
languages which should be adopted in its place. This misses the point that,
just like the theoretical safety of C is 100% safe, the theoretical safety of
Rust as a low-level language is zero.

Those are all bugs produced essentially on request. That doesn't bode well for
the security and robustness of the project. The end user doesn't care whether
the class of bug is memory related or whatever else if the end consequences
are the same. Despite having the benefit of safety and the decreased burden on
the programmer this offers, bugs still abound in Redox, which points to it
being written in Rust as incidental at best.

~~~
roca
Don't gloss over the distinction between security and robustness. The
consequences of panics and memory corruption are very much NOT the same. The
former means a reboot, which is annoying; the latter means corrupted or
exfiltrated data or a hostile takeover of the system.

------
robertsd247
I think this is awesome but how many more Linux OS' do we need? The community
needs to come together and hammer out the end user desktop issues and get a
unified Linux out to the unwashed masses. Windows 10 can't be the only future.

~~~
qwerty456127
Can you name any end user desktop issues for Linux? I don't know any except
lack of native Adobe Photoshop, limited selection of games and inefficient
marketing. It already is easy and pleasurable for any reasonably young non-
gamer non-geek with Windows7&Mac background to use Ubuntu or Manjaro, just
install it, install and pin all the apps they need and no questions emerge.

~~~
rifung
> Can you name any end user desktop issues for Linux?

I've installed Linux on like 5 of my desktops/laptops. The best way to
describe my issues with it are "death by a thousand cuts". Namely that random
stuff just doesn't work, either at all or the way I expect or want.

Installing Nvidia drivers is hit or miss. Wifi often doesn't work out of the
box. The touchpad experience is far inferior. Also all of the desktop
environments I've used have been really ugly (GNOME, KDE, Unity).

Even when installing Linux there are so many options for partitioning (what
format you want, swap space size, etc) which are likely overwhelming for non
technical users.

~~~
ThenAsNow
> Also all of the desktop environments I've used have been really ugly (GNOME,
> KDE, Unity).

This is very much in the eye of the beholder. Linux with KDE has been my daily
driver since at least as far back as 2009 (with the KDE 3.5 series), possibly
earlier.

In no way would I say it's any uglier than windows, especially now with all
the effort to make key GTK applications fit with Qt ones via theming. Windows
10's hodgepodge of old and new styles for things like settings is more
offensive to me than anything a Linux graphical desktop does.

Agree the driver situation lagging on Linux vs. Windows is sub-optimal, but
when the driver support is there, I don't find Linux to work any more poorly
than Windows.

The reality is that every major desktop system has issues, but at least with
Linux, if you learn enough about the plumbing, you can go in and try to fix or
work around issues that arise. Until we move into a new world of robust,
correct-by-construction, non-worse-is-better software, I'll take the lumps I
get with Linux over the others whenever I have the choice.

~~~
AnIdiotOnTheNet
> The reality is that every major desktop system has issues, but at least with
> Linux, if you learn enough about the plumbing, you can go in and try to fix
> or work around issues that arise.

Have you ever tried that? You'll find that the plumbing consists of 20
different standards of pipe cobbled together over the past 30 years by dozens
of different plumbers, each with their own conception of how plumbing should
work but too lazy to tear out the whole thing and replace it so they just
patch in their change with duct tape and rubber bands.

And worse, that's the culture the community seems to _prefer_. Case in point:
the one guy who's shown a willingness to unify that plumbing, Lennart
Pottering, is _loathed_ for being successful at it.

~~~
yjftsjthsd-h
> Have you ever tried that? You'll find that the plumbing consists of 20
> different standards of pipe cobbled together over the past 30 years by
> dozens of different plumbers, each with their own conception of how plumbing
> should work but too lazy to tear out the whole thing and replace it so they
> just patch in their change with duct tape and rubber bands.

This is actually true:), but I defy you to find a desktop OS of which the same
isn't true. Did MS ever fix the fact that they have 2 _completely different_
control panels with partially-overlapping functionality? And I know Windows
Explorer still can't open certain paths because DOS had a ... _poor_
implementation of device files.

> Pottering, is loathed for being successful at it.

Pottering unified the plumbing by taking a demolition crew to the house and
replacing the plumbing and electrical systems while people were living in it,
informed us that objects being automatically thrown in the trash if they were
on the floor when you left the room was a feature[0], and demanded that all
faucet manufacturers adopt a new pipe size that only his plumbing uses[1].

[0]
[https://github.com/systemd/systemd/commit/97e5530cf20](https://github.com/systemd/systemd/commit/97e5530cf20)

[1]
[https://news.ycombinator.com/item?id=11797075](https://news.ycombinator.com/item?id=11797075)
[https://github.com/tmux/tmux/issues/428](https://github.com/tmux/tmux/issues/428)

~~~
uryga
> Did MS ever fix the fact that they have 2 completely different control
> panels with partially-overlapping functionality?

if you're referring to the split that came with Windows 8 , there's been
(slow) progress in Windows 10. There's still a handful of settings left in the
old Control Panel, but most of them have been moved to the new Settings app.

