At least the Inflight Entertainment (IFE) is running Linux. 10 years ago that was something "cooked up" (textconsole was visible sometimes), today it seems to be Android.

All I can say is "well duh"

True but its also completely irrelevant. The inflight entertainment systems is not what is being talked about here and its basically a glorified tablet that is completely segregated from all other systems aside from power (for obvious reasons).

Meanwhile, SpaceX uses Linux for their Merlin engine controllers and Linux (and Webkit) for their Dragon touchscreen UI, and are certified by NASA to fly US astronauts to the ISS.

I'm LOLing at their typo.

Linus does not have a software engineering culture.



I bet NVIDIA agrees.

More people need to start saying this.

Linux is the worst of both worlds. It's an open source project but has a mega-corporate culture. You have to go through hoops of corporate garbage just to contribute to a poorly-managed open source project. It's virtually run by IBM who likes to pretend they're Microsoft but don't actually care to do the code and testing MS does. I've seen it said a few times here before, but Linux is no longer a hobbyist open source project, it's a corporate one. A headless corporate one, like the garbage Google churns out. Everyone contributes but there's no coherency or QC or any real effort to improve the infrastructure. All innovation is pretty much done by one person who has the skillset and time to force some kind of change, with virtually no help from their corporate peers. How often do they have to remove a driver/filesystem because it's one contributor got hit by a bus? I feel like I see it every other week here.

That said, his point about Linux being unsafe because it's monolithic is irrelevant. Pretty much all robotics and RTOSes are monolithic/megalithic (the program *is* the kernel). Microkernels and recoverability are an illusion of safety. Your software should not be crashing at all in robotics, and just because the OS can kill it and recover it doesn't mean that's suddenly okay to just not test your code or have QC in check. Further, microkernels are kind of an outdated meme at this point, as a misguided attempt at making C/ASM safe. Language-based safety is a far better concept, and we're finally getting some real public interest with that thanks to Rust. And Linux is heavily embracing it, so you can't criticize it for that.

Linux is a marvelous operating system! However, it is *not* a simple, stable (as in slowly changing) narrowly focused operating system designed with determinism as highest priority. So there is no reason to try to fit a square peg in a round hole instead of just using the right tool for the job. Safety is about not gambling with peoples lives...

I don't know the inner workings of Rust and its memory model, but IIRC for flight systems they are not allowed to allocate memory, and I don't think the Linux kernel has been formally verified which would also probably need a different C compiler, IDK. (As I know nothing about C)

This isn't the right way to look at it. No matter what kernel is used, someone is going to have to lock it down and customize it a lot for a car or airplane OS or utility - regardless of it being Linux or some crap Windows or TempleOS kernel. Who knows how many airplane electronics may already be running some customized Linux - I'd actually bet on it. But this modern authoritarian idea of "it must work for everyone at all times or else there's something wrong with it" is just mental illness. Linux and Linux distros are meant to be fairly flexible, and we make them less flexible and more tailor fit when putting them onto the application at hand. And when lives are at stake, even more so.
BTW, no one ever went to the moon.

RT/Microkernels like QNX would like to have a word with you (and these are used in places line nuclear power plants). There is also minix which is used by the Intel ME and Sel4 which is used in Apple phone waveband devices as well as military/medical.

The only way monolithic kernels would be even considered in such spaces is if there is at least some form of formal verification, and good like formally verifying something like Linux.