[Animats]

Also, QNX has never seen usage as a general purpose OS on a PC.

It has. QNX 6.2.1 offered a full desktop environment. I ran it as my primary OS for three years (2003-2005) while working on a DARPA Grand Challenge vehicle. The vehicle itself ran QNX, and development was also on QNX. An early Firefox and Thunderbird both ran well. The Eclipse IDE ran. All the command-line GCC tools ran. It worked like a typical UNIX/Linux system, but with more consistent response. No swapping. I could run the real-time vehicle code while compiling or web browsing and the real-time code. That consistency in response time made QNX a nice desktop OS.

It disappeared on the desktop after Blackberry took it over and made QNX closed source again. (For several years, all the source was online. Then one day Blackberry took it down, with no warning.) All the open source projects then stopped supporting QNX. QNX development is now cross-compiled from Windows.

With a small microkernel with a good track record, there's no churn. There's no new kernel every week. The QNX kernel had an update once a year or so. This is a big win when it controls your nuclear reactor.

[tptacek]

I mean, there's no churn in "the thing called your kernel", but that doesn't mean there isn't churn in the TCB, which is what you care about in security design. There's no reason the TCB in a microkernel would necessarily be any smaller than that of a monolith.

[Fnoord]

> With a small microkernel with a good track record [...]

https://media.ccc.de/v/34c3-8730-taking_a_scalpel_to_qnx

[rwmj]

I'm sure that QNX's ASLR would be fixed pretty quickly if only it wasn't closed source (a massive shame, AIUI Blackberry aren't even really using QNX for anything seriously, it's used in a few car stereo systems, so it's basically "abandonware" at this point).