Introduction

MINIX 3 is a small, modular, multiserver operating system aimed at being highly reliable, fault tolerant and self healing. Only about 5000 lines of code run in kernel mode. The rest runs as a collection of user processes, mostly separate processes for each device driver and server. If a driver fails, it is automatically replaced by a fresh copy, without user intervention (or even knowledge) and without affecting running programs. Few other systems can survive fatal errors in some critical system components without even missing a beat. The goal of reliable systems will have been achieved when no computer has a RESET button and no user has ever experienced a crash and does not know anyone personally who has ever experienced a crash.

MINIX 3 supports the POSIX interface and about 500 of the standard UNIX programs have been ported to it, including X11, gcc, perl, python, ghostview, mplayer, the GNU core utilities, and many more. There is also a a simple GUI (EDE). Nevertheless there is much more to do.

We would like to continue the development to demonstrate that building a system out of small replaceable components leads to a highly robust design that is far easier to understand and maintain that systems with millions of lines of kernel code. While good performance is important, it is hardly the overriding criteria it once was. If most ordinary users were given a choice between the fastest possible system and one that was 10-20% slower but never crashed, we believe a large number of users would choose the latter.

Many organizations running servers want their system to run 24/7 with no failures. Performance is not as important to them as one might think--witness the popularity of hosting multiple virtual machines on a single platform using VMware, Xen, and other hypervisors, which give a substantial performance hit. What these organizations really want is that when the mail server goes down, it does not take the Web server with it, etc. If all they wanted was maximum performance, they could just run all the servers as separate processes on the Linux or FreeBSD kernel rather than as virtual machines. Virtual machines are certainly an interesting direction to go, especially if you want to run two operating systems at the same time. But for people who just want to run one operating system and have it never fail virtual machines still have the fundamental problem that a single pointer error in one driver in a guest operating system can crash the entire virtual machine instantly. We think systems should be more fault tolerant than this.

Embedded systems are another area where high reliability is important. People do not expect their TV sets, digital cameras, and camcorders to exhibit blue screens, except when images of the sky are being shown. As the software in these and other embedded systems gets more and more complex, these devices are going to start having the same problems as PC software. They need to become self healing.

We also believe security is enhanced by this scheme as well because each component is tightly restricted in what it can do by tables in the kernel. For example, an audio driver can access the sound card but not the disk and it cannot create a new process and it cannot interact with the printer driver, etc. The powers that a component has can be restricted on a per-component basis and are normally set according to the Principle of Least Authority--if you don't need some power to do your job, you don't get it. The powers are very fine grained, for example, allowing or forbidden individual kernel calls (using a bit map). This means that if a component (running in user mode) is ever taken over by a virus or other malware, it has very limited powers and will not be able to do as much damage as, say, a kernel driver, which can do anything.

In short, we are trying to build a modular, reliable (and secure) operating system out of small components that can be replaced on the fly and we would like you to help. Below are some ideas.

As an aside, MINIX 3 is not your grandfather's MINIX. It started out as an educational system but has evolved greatly since then into a tight system with a focus on high reliability (and security). We kept the name "MINIX" because a friend in the advertising industry said: "Never throw out a famous brand name," but MINIX 3 has about as much in common with MINIX 1 as Windows Vista does with Windows 3.1

As many people know, Linus Torvalds bought his first PC in order to run MINIX and used it to develop Linux. In a sense, MINIX has already had quite an impact since without it (the first UNIX clone with source code available) Linus would never have been able to write Linux. While their paths have diverged, MINIX 3 is still quite popular as open-source projects go. We have had over one million visitors to the new Website (which has been up about 2 years). Currently about 10,000 to 12,000 people a month download the CD-ROM image file to install it.

About You

All the project ideas below are very challenging. None of them are easy. To participate in this project you must be a very experienced C programmer. Furthermore, it would be useful if you have knowledge of the internals of some operating system (MINIX 3, Linux, FreeBSD, etc.). What would be especially helpful (but not required) would be if you have already read the MINIX book, for example, in a course you took at your university. Given the dificulty of these projects, we expect you to work full time all summer on them. That means not having a job and not going to school. The application template is here.

Since this is an open-source project, many other people will study the code later. It is therefore essential that you are someone who takes pride in his or her work and wants to produce code that is clean, efficient, elegant, and well documented so that other people will marvel at its beauty. Just hacking it together quickly so it mostly works some of the time doesn't cut it. We want people to admire the code, even to envy your ability to write truly great code.

If you are an experienced C programmer who knows something about operating systems and can write clear, well-documented code, go to Google's Summer of Code page to find out how to apply.

Possible Projects

• An electronic voting machine that actually works and can be trusted. Current voting machines are based on proprietary code and are untrustworthy. We would like to build an open-source voting machine based on MINIX 3 that is small enough that anyone who wants to can understand all the code--operating system, display software, libraries, application code, and so on. Our goal is a voting machine in which the complete source from the operating system on up through and including the application software is under 50,000 lines of code. We also want to make sure that nobody can tamper with the election results. In particular, we have no faith at all in the manufacturer of the voting machine, the secretary of state, the county officials, the precinct pollworkers, and others. We have a good idea of how to do this involving ideas such as sharing secrets and other cryptographic techniques. Anyone choosing this project will be told what the algorithms and protocols are, but if RSA and AES are just random three-letter acronyms to you, this probably isn't your project. What the project entails is (1) stipping MINIX 3 down to its barest essentials and (2) writing the application code that implements our ideas.
  
  
• MINIX 3 on embedded systems. We would like to port MINIX 3 to various chips popular in the embedded systems world, including the PowerPC, ARM, Xscale, ColdFire, etc. We have made a good start on the PowerPC but it is not entirely finished. You can find the PowerPC project code here. While most of MINIX 3 is in C, there are also about 800 lines of assembly code for the very low-level code (interrupt handling, context switching, etc.). All the assembly code has to be rewritten for each new architecture. In addition, a small amount of C code has to be rewritten, typically the way the MMU is programmed. Finally, some basic device drivers are usually needed, for example, keyboards and displays often differ from system to system. A student tackling a port should be very familiar with the target architecture already, from previous courses taken or job or hobby experience.
  
  
• Minimal windowing system. Not all applications, especially dedicated and embedded systems need the full power of X11. We would like a greatly scaled down system that can handle straightforward user interfaces in a much smaller and simpler system. There might be something out there that could be ported but the goal is something that does the basics (like supporting xterms) and is one to two orders of magnitude smaller and simpler than X11.
  
  
• Software RAID. The current system is not immune to certain kinds of driver bugs or malicious drivers. For example, if the driver accidentally or intentionally modifies data on the way out to the disk, we cannot currently detect it. We would like to be able to detect such changes to the data, which can be done using software RAID techniques and extra checksumming done by the file system before the data is passed to the driver and verified when it is later read back. In this way, any changes to the data made by the disk driver can be detected, and possibly repaired. We have ideas on how to do this. We just need someone to do it.
  
  
• USB Stack. We don't have any support for USB at present. This is a serious omission and would very much like to have someone write a USB stack for MINIX 3. USB is extremely complex and this project requires a knowledgeable and tenacious student who thinks sleeping is a waste of valuable coding time. There are multiple host controllers and USB devices around, so we will have to make a choice as to which one to use. Porting a driver from Linux might be a possibility but we have already tried and failed due to the lack of portability of Linux drivers and their very tight integration in the kernel, so starting again is probably easier. But studying existing drivers is clearly a good first step.
  
  
• NDIS wrapper. All open source operating systems have a problem getting drivers written. One approach is to take binary drivers from other operating systems and wrap them to make them usable in the target system. This has been done for drivers for wireless cards for Linux but not for MINIX 3. In this project the student will do the same thing for MINIX 3. This project should not be attempted unless you have extensive experience with Linux, BSD, or Windows drivers.
  
  
• Porting or writing device drivers. We need all kinds of device drivers. Almost anything you can think of would be useful. It might be possible to port drivers from other operating systems, but our experience is that it is extremely difficult because each of our drivers runs as a separate user process, outside the kernel. It is usually best to study an existing driver to see how it works, but then write a new one from scratch.
  
  
• Porting application programs to MINIX 3. Although we have a lot of software ported, additional ports would be very welcome. Porting Linux or FreeBSD software takes some effort because our system call interface is POSIX plus some additional calls for networking and other things, but is not full Linux or FreeBSD. Thus ported software sometimes has to be tweaked a bit to make it work, but after having ported some 500 programs, we have learned that the amount of work is not so great. There are many useful programs that we are missing. This project is probably somewhat easier than the others and does not require kernel experience. The only caveat is that we already have all the easy stuff. The things left are much bigger and more complicated, like Java (compiler, byte code verifier, JVM), and Firefox.
  
  
• Other projects. We are open to ideas for other interesting projects to enhance MINIX 3.

Conclusion

Thanks for your interest. If you want to apply, see the application page. But even if you do not want to participate in the Google Summer of Code, give MINIX 3 a try. You might be surprised. For example, it can compile itself, kernel, all servers, drivers, etc.--125 compilations--in about 6 seconds on a modern PC. And if you want to help on the project outside the framework of the Google Summer of Code, you are most welcome. We have a USENET newsgroup: comp.os.minix where your input is welcomed. We also recently started a MINIX 3 Wiki so users can help document the system.