I dunno, Stallman, it's been 30 years, you got something for us?

I think we should just resurrect Plan 9 instead.

Redox-OS?

L4. HURD never panned out, and L4 is where the microkernel research settled: Memory protection, scheduling, IPC in the kernel the rest outside and there's also important insights as to the APIs to do that with. In particular the IPC mechanism is opaque, the kernel doesn't actually read the messages which was the main innovation over Mach.

Literally billions of devices run OKL4, seL4 systems are also in mass production. Think broadband processors, automotive, that kind of stuff.

The kernel being watertight doesn't mean that your system is, though, you generally don't need kernel privileges to exfiltrate any data or generally mess around, root suffices.

If you want to see this happening -- I guess port AMDGPU to an L4?

I ran it and followed a documentation to install Void Linux and now it runs so much smoother!

I'm genuinely worried sometimes that a Ken hack has been introduced. I don't know by who, but possibly some government agency. Then again, we also have a Minix system built into the CPU doing god knows what and we just accept that.

There are two schools of thought here. The "never risk anything that could potentially break something" school and the "make stuff robust enough that it will deal with broken states". Usually the former doesn't work so well once something actually breaks.

Not having automated updates can quickly lead to not doing updates at all. Same goes for backups.

Whenever possible, one should automate tedious stuff.

That only applies to unstable distros. Stable distros, like debian, maintain their own versions of packages.

Debian in particular, only includes security patches and changes in their packages - no new features at all.* This means risk of breakage and incompatibilitu is very low, basically nil.

*exceot for certain packages which aren't viable to maintain, like Firefox or other browsers.

Both my Debian 12 servers run with unattended upgrades. I've never had anything break from the changes in packages, I think. I tend to use docker and on one even lxc containers (proxmox), but the lxc containers also have unattended upgrades running.

Do you just update your stuff manually or do you not update at all? I'm subscribed to the Debian security mailing list, and they frequently find something that means people should upgrade, recently something with the glibc.

Debian especially is focused on being very stable, so updating should never break anything that wasn't broken before. Sometimes docker containers don't like to restart so they refuse, but then I did something stupid.

My airgap stinks.