×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Genode OS 13.02 Features Low Latency Audio, Virtualization, Protected DMA

Unknown Lamer posted about a year ago | from the dreaming-of-hurd dept.

Operating Systems 41

On the heels of their December release, the 13.02 release of the Genode multi-server microkernel OS framework continues to deliver major new features. Under the hood, there's support for the IOMMU, bringing safe bus master DMA to userspace drivers (overcoming one of the final advantages monolithic kernels had). They've also added full virtualization support, good enough to boot Linux as an application. In the cool department, they've added a new low latency audio interface that could very well pave the way for something akin to JACK, and right now provides a lightweight way for the system to beep at you in real time . A few more libraries have been ported (libssh, curl, iconv) in preparation for a port of git to the Noux native GNU runtime. There are also a bunch of other improvements to their NOVA microkernel, support for running on the Exynos 5250 and Freescale i.MX53, a new console multiplexer, improvements to the display server, simplification of the base libraries, and more. I'll be attempting to build it and give it a spin to see how well it works in practice sometime soon.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

41 comments

GENOCIDE? (-1)

Anonymous Coward | about a year ago | (#43037595)

I will not buy a multi-server microkernel OS framework called GENOCIDE no matter how many major new features it delivers. this naming shows me a extreme level of disregard for the victims of genocide around the world and I refuse to use it no matter how much support for the IOMMU, bringing safe bus master DMA to userspace drivers it has.

Re:GENOCIDE? (-1)

Anonymous Coward | about a year ago | (#43037791)

I, too, won't participate in genocide unless it guarantees me at least several millions of barrels of oil or some precious metals or maybe some clean water.

Re:GENOCIDE? (1)

BryanL (93656) | about a year ago | (#43037795)

I think Genocide is only what happens when the OS crashes. I would like to see the OS up-times before trying this out.

Re:GENOCIDE? (0)

Anonymous Coward | about a year ago | (#43040415)

I WILL use a multi-server microkernel OS framework called GENOCIDE in honor of all the anonymous cowards who died around the world by disregarding warnings of the hazards of Cranial Rectumitis. In spite of faux moral highground, you have to pull your head out of your ass and take an occasional breath.

No, thanks (2)

marcello_dl (667940) | about a year ago | (#43037617)

No, I rather keep a monolithic kernel for performance. Then I'll enable some security hooks... and run server and sensitive stuff in a VM... hoping that the bare metal which I use for games won't get compromised... hmm...

OK, TANENBAUM WAS RIGHT.

Re:No, thanks (2)

bluefoxlucid (723572) | about a year ago | (#43038855)

Actually tanenbaum WAS right.

Minix displays roughly a 4% slowdown at worst, which isn't really a lot. It's considerable that 18% of code should probably run in kernel. Application code doesn't experience such a slow-down. 4% of 18% is about 0.72% total. This is pathetically little, so much so that even if you hit it with a fully loaded Web server you're talking about a situation that would kill your server anyway (consider: as soon as you dip a few connections for 3-5 seconds, your system catches up to the past hour or so of max load... 100% workload that takes 1 hour takes 35 seconds longer, so the moment you'd normally back off 100% CPU you have the headroom to blast that away OR you're running a non-stop square block maxed at 100%, so you're dead anyway).

On the other hand, this Genode thing is another L4-Linux-alike. Can't write a microkernel like Minix? Write a glorified hypervisor and load Linux on top of it as a guest OS, and call it a "Microkernel Architecture." You get all the advantages of being slower, with none of the disadvantages of having a better, decoupled architecture and without a refined and stable product like VMware or KVM or Xen and management tools like vSphere or oVirt. Great press release.

Re:No, thanks (2)

Yebyen (59663) | about a year ago | (#43039083)

Whoa there! Have you actually tried Genode?

Maybe you have, but I think that just because you can run Linux on it does not mean you must.

I mean, sure, there's no built-in support for filesystems on block devices. I was kind of expecting to see that in the next release. But who needs read-write filesystems anyway? ^_^

I don't follow you, just because Linux can run on L4, and Linux can run on Genode, and Genode can run on L4,
Besides that... "another" L4Linux-alike? Where do you find them all? What news outlets do you frequent? Because I honestly haven't heard of dozens of projects just like Genode. This is not an attempt at flaming. You're obviously not convinced that you need a Genode, and clearly neither am I. I'll be the first to admit it's hard to have a thought-provoking discussion about something you don't know exactly what it does, and you're not sure why you need it.

I was particularly disappointed when after hours of fiddling around just to bring up something called Noux that was finally resembling a shell, I was able to bring it down (and it seemed, the whole Genode system with it) just by typing 'ls'. Maybe that's just not how it's meant to be used. Maybe I just didn't know the correct recovery sequence. I was impressed but just more-so impatient. Glad to know that these guys make new releases every 3 months.

Re:No, thanks (1)

bluefoxlucid (723572) | about a year ago | (#43044445)

There are a lot of "Microkernels" that amount to a core kernel and then "Linux runs on top of this because it's completely inadequate!" There are things like VMware ESXi that claim to be nothing more than a hypervisor; there are then all these microkernels that claim to be full-feature microkernels, but "are in development" and "have limitations" and "haven't been taken to their full potential" so they run a Linux kernel as a micorkernel service--they virtualize Linux and claim that you're running a microkernel OS, when all you're running is a monolith in a hypervisor.

Re:No, thanks (0)

Anonymous Coward | about a year ago | (#43039245)

Actually tanenbaum WAS right.

Minix displays roughly a 4% slowdown at worst, which isn't really a lot. It's considerable that 18% of code should probably run in kernel. Application code doesn't experience such a slow-down. 4% of 18% is about 0.72% total. This is pathetically little, so much so that even if you hit it with a fully loaded Web server you're talking about a situation that would kill your server anyway (consider: as soon as you dip a few connections for 3-5 seconds, your system catches up to the past hour or so of max load... 100% workload that takes 1 hour takes 35 seconds longer, so the moment you'd normally back off 100% CPU you have the headroom to blast that away OR you're running a non-stop square block maxed at 100%, so you're dead anyway).

On the other hand, this Genode thing is another L4-Linux-alike. Can't write a microkernel like Minix? Write a glorified hypervisor and load Linux on top of it as a guest OS, and call it a "Microkernel Architecture." You get all the advantages of being slower, with none of the disadvantages of having a better, decoupled architecture and without a refined and stable product like VMware or KVM or Xen and management tools like vSphere or oVirt. Great press release.

You have no Idea what you are talking about. Genode is a userland that can run on various microkernels/hypervisor and also on the linux kernel. L4Linux is a feature that you can use on Genode while running the Fiasco.OC microkernel. There are various use cases for virtualized complete operating system on an operating system that is under development. However, L4Linux is not a requirement. If you do not want L4Linux, then do not build it. You still get genode with all the advantages that it offers.

Re:No, thanks (0)

Anonymous Coward | about a year ago | (#43074695)

> Actually tanenbaum WAS right.

Yep. The proof is that the Linux kernel is constantly being revised. New versions come out every few weeks or months.

Shouldn't the kernel be pretty much stable for years? It should really only need tweaking for bug fixes or when some weird new hardware comes out. The incremental changes belong in the drivers and modules.

(captcha: immature)

neat (1)

spiffmastercow (1001386) | about a year ago | (#43037849)

Looks very cool, but what exactly is their business model? It looks to me like this

Step 1: build a cool microkernel
Step 2: Port GNU tools
Step 3: ???
Step 4: Profit!

Re:neat (1)

CoolHnd30 (89871) | about a year ago | (#43037859)

Looks very cool, but what exactly is their business model? It looks to me like this Step 1: build a cool microkernel Step 2: Port GNU tools Step 3: ??? Step 4: Profit!

What was Linux's business model?

Re:neat (0)

Anonymous Coward | about a year ago | (#43038001)

What was Linux's business model?

Step 1: Do it "Just for Fun".
Step 2: Release under the GPL.
Step 3: Wait...
Step 4: I am your GOD.
Step 5: Profit.

Re:neat (1)

spiffmastercow (1001386) | about a year ago | (#43038243)

Looks very cool, but what exactly is their business model? It looks to me like this Step 1: build a cool microkernel Step 2: Port GNU tools Step 3: ??? Step 4: Profit!

What was Linux's business model?

Graduate student thesis?

Re:neat (3, Interesting)

Unknown Lamer (78415) | about a year ago | (#43037865)

I think there's a lot of interest in microkernels right now in the mobile world... single chip, running something like OKL4 or Genode with GNU/Linux as a server and the radio stack as another server, completely isolated. It's easier to trust a small microkernel won't allow resources to leak between servers than it is to trust something huge like Xen.

Are you writing this up? (0)

Anonymous Coward | about a year ago | (#43038437)

I'll be attempting to build it and give it a spin to see how well it works in practice sometime soon.

Do you have a blog or something where we can follow along? This project looks more than a little interesting.

Re:Are you writing this up? (0)

Anonymous Coward | about a year ago | (#43052147)

Because there unfortunately are valid reasons that the links below the title in your parent post could possibly not be helpful enough here are two direct links, first to his homepage:
http://unknownlamer.org/muse/index.html [unknownlamer.org]
and second to his blog:
http://journal.unknownlamer.org/ [unknownlamer.org]

This Anonymous Coward is just doing what Stephen Fry would have done :) (except without the steaming man sex lol).

The Question on Everyone's Mind: (2)

CanHasDIY (1672858) | about a year ago | (#43038019)

Will it blend?

(wonder how many entendre we can generate with that one...)

Re:The Question on Everyone's Mind: (5, Funny)

Anonymous Coward | about a year ago | (#43038443)

They haven't ported Blender's dependencies yet, so, no, it will not blend.

Re:The Question on Everyone's Mind: (2)

Medievalist (16032) | about a year ago | (#43038791)

Will it blend?

They haven't ported Blender's dependencies yet, so, no, it will not blend.

Best post on slashdot in years.

How does it compare to Qubes? (2)

elucido (870205) | about a year ago | (#43038029)

It looks like it is on the spot with virtualization but has anyone audited or inspected the code? Are any of these features comparable to Qubes? Why would I choose this OS?

Just asking anyone more familiar with this project to explain to me the pros and cons compared to other projects.

Interesting. Not clear if it's good yet. (2)

Animats (122034) | about a year ago | (#43038063)

They're making progress. The system now runs on bare hardware. For a while, it ran on top of Linux, more of a demo than an OS. Now it can run directly on ARM machines. That's useful. It should run on the Allwinner ARM parts from China ($7 each in bulk) and we may see products from China using it.

It's interesting to read over the documentation, what there is of it. The "API reference" is links to C++ .h files which make heavy use of templates. Like this:

typedef Meta::Type_tuple<Rpc_create_thread,
Meta::Type_tuple<Rpc_utcb,
Meta::Type_tuple<Rpc_kill_thread,
Meta::Type_tuple<Rpc_set_pager,
Meta::Type_tuple<Rpc_start,
Meta::Type_tuple<Rpc_pause,
Meta::Type_tuple<Rpc_resume,
Meta::Type_tuple<Rpc_cancel_blocking,
Meta::Type_tuple<Rpc_set_state,
Meta::Type_tuple<Rpc_get_state,
Meta::Type_tuple<Rpc_exception_handler,
Meta::Type_tuple<Rpc_single_step,
Meta::Type_tuple<Rpc_num_cpus,
Meta::Type_tuple<Rpc_affinity,
Meta::Empty>
> > > > > > > > > > > > > > Rpc_functions;


Better for security to do it at compile time than at run time.

Re:Interesting. Not clear if it's good yet. (0)

Anonymous Coward | about a year ago | (#43038359)

Jesus that is the most disgusting thing I have ever seen.

Re:Interesting. Not clear if it's good yet. (-1, Troll)

Desler (1608317) | about a year ago | (#43038387)

I don't know. I've seen your mom's tuna vag and her blown-out asshole.

Re:Interesting. Not clear if it's good yet. (0)

Anonymous Coward | about a year ago | (#43038489)

C++ has no place in operating system kernels. How in the hell is this remotely better than straight up and down c?

typedef struct Rpc_functions
{
        Rpc_utcb utcb;
        Rpc_kill_thread kill_thread; ...
} Rpc_functions;

Not sure what the types are, but they're probably functor objects that could be replaced with function pointers in the struct kinda like... how linux handles nearly everything under the hood.

Re:Interesting. Not clear if it's good yet. (1)

Anonymous Coward | about a year ago | (#43038801)

It's *much* better because of

1) RAII: If you know how to use the advantages of destructors, your code is *much* more robust than the insane goto arrays typically found in Linux that brought us so many resource leaks and uncountable hours of wasted developer time.

2) Templating: Give so much nicer abstractions and compile time checks than the crazy casting madness in typical C-programs. Now if only the compilers would produce sane error messages.

Re:Interesting. Not clear if it's good yet. (2)

Hizonner (38491) | about a year ago | (#43038963)

C++ has no place in operating system kernels.

True enough. C and all its progeny need to go away. Memory safety and type safety are not optional in critical code.

Or is that not what you meant?

Re:Interesting. Not clear if it's good yet. (1)

drewm1980 (902779) | about a year ago | (#43043621)

Amen, brother. But it's a shame that there are basically no mainstream languages that are memory and type safe, but are still suitable for hard real-time use. Ada comes closest. Garbage collection kills most really nice modern languages (like haskell and go) for some applications. C isn't going even have a chance of going away until there is a language that can cover (or at least provide a good low level foundation for) programming for all application domains.

Re:Interesting. Not clear if it's good yet. (0)

Anonymous Coward | about a year ago | (#43043857)

Memory safety doesn't make much sense at ring 0/supervisor levels.

Re:Interesting. Not clear if it's good yet. (2)

Animats (122034) | about a year ago | (#43038997)

Some of the strange-looking code comes from using C++ to serialize a sequence of parameters into a byte stream for message passing. The idea, I think, is that you write something that looks like a function call with parameters. Instead of pushing the parameters on the stack for a function call, the compiler turns them into a byte stream and sends them to a message passing interface. That makes sense, although it looks weird.

Re:Interesting. Not clear if it's good yet. (1)

advantis (622471) | about a year ago | (#43040615)


typedef Meta::Type_tuple<Rpc_create_thread,
Meta::Type_tuple<Rpc_utcb,
[snip]
Meta::Empty>
> > > > > > > > > > > > > > Rpc_functions;

Now that's a _very_ interesting way to build a singly linked list at compile time. And you can append to it at runtime as well. And manipulate it. And all without a writing a single line of linked list management logic yourself and without bringing STL in. Just (ab)using language constructs.

Re:Interesting. Not clear if it's good yet. (1)

noobermin (1950642) | about a year ago | (#43042529)

It's funny reading the above C_FOR_LYFE diehard hackers above decrying this. I don't know, this is damn smart, get the language to hard boil a construct. Seriously awesome, although, it is an eyesore.

Real security... getting closer all the time. (1)

ka9dgx (72702) | about a year ago | (#43038765)

I'm glad this project is getting positive attention. It's my main source of hope that computer security will get fixed, for real. I won't miss virus scanners, having to worry about visiting web sites, opening email, etc. When my laptop can run it as a primary OS, I'm switching and never looking back.

Hobbes was right (1)

Anonymous Coward | about a year ago | (#43038893)

"Genode multi-server microkernel OS framework ... IOMMU ... safe bus master DMA to userspace drivers...something akin to JACK... git to the Noux ... NOVA ...Exynos 5250 and Freescale i.MX53." Language is becoming a complete impediment to understanding. At least it beeps at you.

Re:Hobbes was right (0)

Anonymous Coward | about a year ago | (#43043419)

hobbes who? oh I should look it up? then maybe you could look up the terms you ignore, too.

Use BeFS (0)

Anonymous Coward | about a year ago | (#43039821)

Why not use BeFS? It works. It has several implementations (Haiku, Atheos, & BeOS). It is well documented ("Practical Filesystem Design" by Dominic Giampoalo) It was designed for a similar kind of OS (BeOS). It's not tied to Linux/Unix, but still is (mostly) Posix compliant. Sure, it's not bleading edge, but that would just hold back your project anyhow.

uKernels and formal proofs... (0)

Anonymous Coward | about a year ago | (#43041251)

The reason why micro-kernels are going to really take off at some point is that program provers are getting better and better.

The "esL4" microkernel L4 variant has been formally proved as immune to a whole lot of common attack vectors. It is known for a fact that you cannot have buffer overflow/overruns, null pointers dereferencing, etc. I don't remember the numbers but while verifying x thousands lines of code, the prover found *hundreds* of potential bugs (and, for many, potentially security issues). All these bugs were indeed bugs and have been fixed. And the prover has been re-run.

The proof itself has been done using a prover that is highly trusted. Nothing is perfect yet but we're slowly getting there. It may take a few more years but in the end the benefit of having a microkernel closing 99.9% (made up on the fly) of all the security holes is going to be a *major* advance.

It's not yet done, but people are working on it.

I personally cannot wait for that day where it is know for a fact that buffer overrun/overflow, pointers dereferencing, etc. cannot be used as attack vectors, no matter how good, how skilled and how rich the attacker.

Simply because it shall be *mathematically provable* that these attack vectors simply aren't there.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...