What usage Genode OS seeks to achieve? With restrictive AGPL license, I doubt anybody would use it over Windows / Linux / BSD. IMO, it's wasted effort to contribute into this projects, which never gets adopted in the real world,... Sony PlayStation and Nintendo Switch have based their OS on BSD.

Relax, it's just a cute little research OS. Besides, it would be refreshing for one of these hobby OSes to get some traction and actually challenge the Big Three at this point. Linux is all but a corporate OS at this stage, it's basically Chromium.

What kind of challenge do you expect in the OS/kernel world? Besides Windows-like-UX-friendly tools for Linux, there's nothing missing in Linux. Also, BSD lags behind Windows and Linux, which isn't an issue for specifically crafted OS-es for special devices (e.g. consoles,..).

The existing eco-system is defining factor, whether some technology gets adopted and gets traction,... That's reason, why Java is dominant in business world (maven - immutable repository with large amount of libraries), and also NodeJS start getting nice traction. Not that these languages are the most HW-resources-usage friendly, but that's clearly irrelevant factor for large amount of software development companies.

In no small thanks due to its obsolete UNIX-like architecture, there's a lot Linux leaves to be desired, including but not limited to:

• Lack of a sound security model: Ambient security isn't sound. Confused deputy problem. Genode is built around Capabilities, which can offer actual security.
• Size of Trusted Computer Base: whole kernel runs privileged, thus is part of TCB, thus the TCB is huge and unmanageable. Impossible to formally prove correctness or even reason about. Can't provide security nor can it be used anywhere where high assurance is required. Genode is a multi-server operating system, which means the TCB can be minimized. This works specially well with seL4 microkernel, as it has thorough formal proofs. They don't stop at the source code, and actually go down to the compiler output, using ISA models to prove it is a valid compilation of the source code and thus the compiler didn't fuck up.
• Non-deterministic behaviour: Can't be used in hard realtime as latency can't be bound, not even with rt patchset. This is unlike Genode, which architecture permits such proofs, particularly when on top of seL4, which has WCET proof.

Basically, Linux is great and popular and all that, but it isn't the ultimate answer to OS design. Its design trails behind the state of the art. By decades.

Fair enough. From perspective of multi-user security Linux kernel lags a lot. The bigger threat are closed-source applications (well, businesses want them), does Genode OS address user-space security issues anyhow?

I tend to consider Linux less 'The Future' (TM) and more 'what the past should have been'. Fresher OSS OSes are more than welcome to have a go at entry to the space. in my book.

who cares about Playstation and Switch anyway? It's not like they paid a dime back to the BSD community anyway.

lol not really. To even think about compiling Chromium you need to pull down a load of blobs and hacks, especially for the Google's own stuff.
Linux is mostly developed by corporate users, but it's not relying on blobs to be compiled or blob libraries and it's actually fully opensource.

not really, and what you quoted has nothing to do with what you are saying.
Linux is perfectly capable of sandboxing applications with cgroups and SELinux and AppArmor frameworks. Look up FireJail for that, and KDE/GNOME are slowly adding functionality to themselves to be able to do this. Also Flatpak uses these limits for its own sandboxing.


What you quoted is saying that there is so much stuff in Linux kernel that it can't be validated formally, and formal validation is crucial to ensure bugs are kept at a minimum. Sandboxing features mean nothing if the system is buggy and you can bypass the sandbox (especially a problem for Android, since forever) Yes they employ automated testing and a whole lot of stuff, but it's an "after-the-fact" thing, the kernel wasn't designed around this concept.

It is also saying that there is A LOT of stuff that is running at kernel privilege and you don't want that for a secure system, with a decent microkernel you can even have binary drivers and it's still all perfectly secure and fine because the driver is running in userspace so it is still sandboxed and can't do anything the kernel does not allow. A Linux kernel driver can do whatever it wants because it's running with kernel privilege.