I strongly believe that capability based systems like this are the only way out of the security abyss we inhabit, and are also a required step if we ever want to stop losing the war on general purpose computing.
All of that said, I can't see a path forward to using this as a daily driver for myself. I'm not versed enough in C and Linux systems to deal with the complexity. It keeps getting closer, I can feel that happening... one day, for me, I expect it to click, and then I'll be onboard.
We built a thing to enable combining Rust applications together to be hosted on the seL4 microkernel. The developer experience is more akin to that of something like an RTOS where the OS and your applications are built and deployed together. The whole premise of it is decidedly non-POSIX-like. The current point is for assembling software for use-case-specific/appliance computing, not general purpose computing. (https://github.com/auxoncorp/ferros)
In the process we learned a lot about how to interface with the kernel, etc. from the work and associated mailing list of the Genode project. Absolutely could not have done it without them blazing a painful trail previously.
We're looking both for contributors and also actively hiring for a couple engineering positions for the above and for or mainline product.
Genode and Sculpt actually go a long way towards abstracting away the complexity.
It took serious effort to get to such easy to use components and such high level abstractions of capabilities.
Running a modern webbrowser perfectly caged with the capabilities it needs (and no more) is quite the feat they achieved. It even has hardware graphics acceleration.
I imagine the hardware can't DMA all over RAM thanks to iommu, and the driver can only talk to its associated hardware.
Past that (textures being visible from the wrong process, gpu memory being reusable without clearing), I have no idea, and I would love to learn more about.
As long as acceleration is not involved, nitpicker does an excellent job of isolating applications that are "sharing the desktop", and preventing many dark patterns. AIUI it predates Genode, but people who were involved in it from its earlier times are now part of Genode.
It's one of the most interesting operating system projects out there yet it gets not much attention. That's a pity.
It's really nice to see some progress there!
Would be cool if someone would port a GUI environment like KDE. I guess this could attract more people. Currently there isn't much "to see". Most of the interesting parts are in the guts of this system. An usable desktop could bring more people that want tinker with with it I guess — as OS dev is much more fun if you don't have to try out every change in a VM.
Genode Sculpt has a modern webbrowser and hardware video acceleration.
It also has VirtualBox, so it can be used for day by day computing by running Linux for misc tasks in a VM, and the developers absolutely do dogfood it.
I doubt porting KDE (which isn't at all made for a system centered around the capability model) would be a good use of Genode team's time.
> It's one of the most interesting operating system projects out there yet it gets not much attention. That's a pity.
From a research project perspective, it is interesting.
Software which is AGPL3+required contributor agreement is IMHO rather uncompelling to contribute to due to extremely asymmetric developer rights. That has given me personally little motivation to tinker with or examine the source code of their work-in-progress.
They have screenshots on the announcement, and several videos available elsewhere (youtube, genodians.org) demonstrating the dynamic composition of the system using the graphical interface.
All of that said, I can't see a path forward to using this as a daily driver for myself. I'm not versed enough in C and Linux systems to deal with the complexity. It keeps getting closer, I can feel that happening... one day, for me, I expect it to click, and then I'll be onboard.