BRiX is a new operating system that redefines how operating systems should be designed. Like conventional
operating systems, it will provide features such as SMP, preemptive multi-threading, virtual memory, a secure
multi-user environment and an easy to use graphical interface.
BRiX is not a conventional operating system and some of its new features include:
- Small, fast and responsive -- There is no reason why operating systems should be bloated, slow and
unresponsive. Features should be split among several smaller and reusable packages to avoid single large
packages that require each feature to be reimplemented in another similar package. Smaller packages load
faster and optimizations can be applied to a single package instead of its many implementations over
- Data-centric -- All data is stored in a flat filesystem and accessed using search queries on the
attached metadata. The traditional hierarchical filesystem requires the user to remember where files are
stored and what they were named. An easy-to-use graphical interface plugs the data into special
interface objects that provide multiple means of viewing and modifying it. The traditional approach
involves launching applications to display data and requires the user to manually launch additional
applications if the default is not what the user wants. With BRiX the user flips through various
viewers and editors all in the same window.
- Persistence -- All changes to data are automatically saved and can be undone even after the
current session has been closed.
- Reconfigurable User Interface -- The interface objects, that present the user with multiple views
of data, can also be modified by the user. This allows the user to add or remove features to or from
interfaces and change the layout to be more efficient and easier to use.
- Safe-language -- BRiX uses a special language that guarantees fine-grained safety instead of
relying on hardware that only isolates programs from each other and does nothing to protect a user's data
from programs running as that user. The language allows user's to browse a repository, download and compile
packages and warn the user when code requires certain resources or restricted capabilities. File safety is
provided by capabilities that prevent access without a reference that must be given to the package by the
user. Data is further protected by making networking a restricted service requiring all packages to explain
to the user why they need to be able to access the network.
- Security -- Other operating systems use special hardware features and lots of runtime checks to
secure the system but programmers aren't perfect and sometimes make mistakes. These mistakes can lead to
the system being exploiting and lost or stolen data. BRiX makes use of its safe-language to provide
fine-grained protection and frees the programmer from writing runtime checks. The service manager launches
and tracks all service threads while the UI (console or graphical) launches and tracks all user threads.
Each thread executes without any user privileges and are only restricted by compile-time access
restrictions. Users (administrators) who have a full capability for the service manager and UI components
can grant limited or full capabilities to other users, allowing them to manager users and services. The
tight integration between the user authentication, UI, service manager and language, all at the top of the
software stack, provide a level of security not available in other systems.
- Repository -- BRiX uses a repository to give users a trusted location from which all code can
be easily and automatically downloaded.
The security in BRiX will allow untrusted source code to be downloaded and installed without worry of it
harming the system or user data. The safe-language should further increase security by preventing buffer
overflows and unchecked values in external services and local applications. Administrative users always have
full access without needing to explicitly lower or raise their privileges, and this has no impact on security.
It does not prevent someone else from logging into the system with your credentials. Various techniques
can be used to limit the success rate of brute force attacks on the local and remote auth services but simple
passwords can be guessed and no amount of security will help. There is no cure for stupid.
It does not prevent someone with physical access from modifying binary and data files using another operating
system. Encryption and other methods can be employed to secure the filesystem from simple attacks but there is
no way to stop someone who has physical access, is motivated and has the right tools. This applies to all
Bugs in the Tetra implementation are like bugs in the Linux kernel or the GNU toolchain. Both can lead to
system instability or exploitation. A C compiler is written in C and Linux is written in C. A minimal Tetra
compiler will be rewritten in C which then bootstraps the full Tetra compiler written in itself, therefore, a
stable Tetra compiler should provide far more security than a stable Linux system.
Cosmic radiation and hardware errors can cause memory bits to randomly change values, this is highly unlikely
but affects all systems when it does happen. The lack of hardware protection between processes and with many
runtime checks happening at compile-time means BRiX is more likely to crash. The stability of other systems in
this situation wouldn't be much better and hardware error correction is the only real solution.