{"slug": "an-os-in-pure-rust-with-its-own-tcp-ip-and-tls-1-3-stack-fetching-the-live-web", "title": "An OS in pure Rust with its own TCP/IP and TLS 1.3 stack, fetching the live web", "summary": "A team of developers has built Rusty Penguin, a complete operating system written entirely in pure Rust with its own bootloader, kernel, drivers, and window manager, featuring a native TCP/IP and TLS 1.3 stack. The OS uses balanced ternary logic (-1/0/+1) as a first-class primitive across all layers, treating a \"dormant\" state as distinct from active or terminated processes. The project aims to create a daily-driver desktop OS that can replace Ubuntu, with a Linux ABI compatibility layer allowing unmodified glibc binaries to run on its native kernel.", "body_md": "\"Binary hardware. Ternary mind.\"\n\n**Rusty Penguin is a complete operating system written from scratch in pure Rust —\nits own bootloader, kernel, drivers, window manager and apps, with no Linux kernel\nand no libc underneath. The goal: a daily-driver desktop OS you can install in\nplace of Ubuntu. Ternary logic ( -1 / 0 / +1) is a first-class primitive at\nevery layer, from the scheduler to the AI runtime.**\n\nBuilt by [RFI-IRFOS](https://github.com/rfi-irfos) as part of the\n[Ternary Intelligence Stack](https://ternlang.com).\nPreinstalled: `albert`\n\n· `ternlang`\n\n· `albert-cli`\n\n· `ternlang-mcp`\n\n*Rusty Penguin Googles itself — on its own bare-metal kernel. The OS fetches\ngoogle.com/search?q=rusty+penguin+os over our own TLS 1.3 stack and finds\n\"rusty-penguin - crates.io: Rust Package Registry\" in the results. No X11,\nno Wayland, no libc, no Linux kernel underneath.*\n\nBinary computers have two states: on and off. Every value, every decision, every\nprocess is either `1`\n\nor `0`\n\n.\n\nRusty Penguin treats a third state as real: **dormant**. Not running, not stopped\n— *resting*. A process that hasn't been asked for anything yet is not the same as\na process that failed. A memory page that hasn't been touched is not dead. A\nneural-network weight of zero should cost nothing to compute.\n\nEvery primitive in this system expresses three states:\n\n| Trit | Value | Meaning |\n|---|---|---|\n| Pos | +1 | Active, running, promoted |\n| Zero | 0 | Dormant, idle, neutral |\n| Neg | -1 | Suppressed, terminated, rejected |\n\nDormancy is sacred. Zero is not nothing — and the renderer, the scheduler and the AI runtime all skip dormant work instead of grinding through it.\n\nA from-scratch x86_64 OS, hand-written in Rust top to bottom:\n\n**Bootloader handoff → pure-Rust kernel**— Multiboot2, 32-bit → 64-bit long mode, physical/virtual memory management, interrupts, a custom syscall ABI, ring-3 userspace, PS/2 keyboard + mouse, a 1920×1080 framebuffer, and Intel HDA audio.**A native desktop**— frosted-glass window manager (drag / resize / minimize / maximize), a floating dock, a start menu, an arrow cursor, and a warm stone-green visual language. No external UI toolkit; every pixel is drawn by our own framebuffer + ternary-CSS engine.**Real apps**— terminal (psh), file manager, text editor, calculator, system monitor, settings, the TIS console, plus Snake, Minesweeper and a pure-Rust DOOM-style raycaster.**A ternary runtime**— balanced-ternary arithmetic and a sparse-skip inference engine that physically skips zero-weight multiplications.\n\nNo libc. No C dependencies. No UI framework. Systems programming from first principles.\n\nA from-scratch OS has a chicken-and-egg problem — none of the world's existing\nsoftware was compiled for it. We solve this **without giving up the pure-Rust\nternary core**: the kernel is growing a **Linux ABI compatibility layer** — a\none-way translation shim that lets unmodified, already-compiled Linux/glibc\nbinaries run on top of our Rust kernel.\n\nThis is not \"boot Linux instead.\" There is no Linux kernel here. The native syscall surface is our own, ternary-flavored ABI; the Linux ABI sits beside it purely so the binary ecosystem (eventually a real browser) can run while the native, ternary-native app ecosystem grows to replace it.\n\nIt is honest, brick-by-brick work:\n\n**Done:** the kernel runs real unmodified glibc programs natively — both statically and dynamically linked.`printf`\n\n, TLS (`__thread`\n\n),`malloc`\n\n, SSE floating point, full`atexit`\n\n/`exit`\n\n, file I/O, and`ld.so`\n\nloading + relocating + running a dynamically-linked binary against`libc.so.6`\n\n.**Next:** threads (`clone`\n\n/`futex`\n\n), per-process virtual memory + demand paging,`/proc`\n\n, more of the syscall surface, then a framebuffer GUI app — and on that road, a real web browser.\n\nA browser is the long pole. Be clear-eyed: full web parity is a multi-year horizon. The path is real and the early bricks are laid, but we don't pretend velocity equals completion.\n\n| Component | Status |\n|---|---|\n| Boot → long mode, memory mgmt, interrupts, syscalls, ring-3 | ✅ |\n| Framebuffer 1920×1080, PS/2 keyboard + mouse | ✅ |\nUSB xHCI HID — keyboard + mouse on modern laptops |\n✅ QEMU verified |\n| Intel HDA audio + Sound mixer app | ✅ |\n| Window manager, floating dock, start menu, arrow cursor | ✅ |\nQuick Settings panel (Wi-Fi/BT/dark/volume tiles, tray-anchored) |\n✅ GNOME-style |\n| Apps: terminal, files, editor, calculator, monitor, settings, TIS console | ✅ |\nNIC drivers: RTL8139, Intel e1000/i219, Realtek r8169 |\n✅ ~95% laptop coverage |\nTCP/IP stack: ARP/ICMP/UDP/DHCP/DNS/TCP/HTTP |\n✅ fetches real internet |\nTLS 1.3 client (X25519 · ChaCha20-Poly1305 · from scratch) |\n✅ real HTTPS, QEMU-verified vs live web |\nLive web browser — type host → real page |\n✅ http + https, follows redirects |\n`fetch` , `wget` terminal commands |\n✅ |\n| Linux ABI layer (static + dynamic glibc binaries) | ✅ Bricks 1–5 done |\nMulti-user login (SHA-256 passwords, /home/) |\n✅ |\n| In-memory VFS within a session | ✅ |\nPersistent bare-metal disk storage (RPFS + AHCI) |\n✅ settings/files survive reboot |\n\n| Component | Status |\n|---|---|\nInstall to disk (`rp-install /dev/nvme0n1` ) |\n✅ UEFI/GPT |\n| Standalone boot from disk (no ISO) | ✅ |\nPersistent `/home` (ext4) |\n✅ survives reboots |\nPackage manager (`rpm install <url>` ) |\n✅ with SHA-256 + ed25519 signing |\nWiFi: wpa_supplicant + iw bundled |\n✅ auto-assoc on boot |\nwifi-setup command (console: `wifi-setup <SSID> <pass>` ) |\n✅ |\n| Chrome / Firefox on X11 | ✅ |\n| Recovery console | ✅ |\n\n- TLS certificate-chain validation (the TLS 1.3 client does the handshake + verifies the server Finished, but has no CA trust store or wall clock yet — confidentiality vs a passive attacker, not active-MITM protection)\n- GPU acceleration (framebuffer only; software rendering)\n- WiFi on bare-metal kernel (needs per-chip driver + firmware)\n**The real work-week path today: install to disk + rp.web mode**\n\nPaste this into a fresh Linux or macOS terminal. It installs the Rust toolchain and all required tools, builds the ISO, and launches it in QEMU automatically:\n\n```\ncurl -sSf https://raw.githubusercontent.com/rfi-irfos/rusty-penguin/main/install-dev.sh | bash\n```\n\nWhat it does: installs `rustup`\n\n(nightly + required targets), `grub-mkrescue`\n\n/\n`xorriso`\n\n, and `qemu-system-x86_64`\n\nvia your system package manager, clones the\nrepo, runs `bash iso/build.sh`\n\n, then launches `bash launch.sh`\n\n. Total time on a\nfast connection: ~3 minutes.\n\n```\n# 1. Rust nightly + bare-metal targets\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly\nsource ~/.cargo/env\nrustup component add rust-src --toolchain nightly\n\n# 2. QEMU + ISO tools (Ubuntu/Debian)\nsudo apt-get install -y qemu-system-x86 grub-pc-bin grub-efi-amd64-bin xorriso\n\n# 3. Build + launch\ngit clone https://github.com/rfi-irfos/rusty-penguin && cd rusty-penguin\nbash iso/build.sh && bash launch.sh\n# Flash to USB (replace /dev/sdX with your USB drive)\nsudo dd if=rusty-penguin.iso of=/dev/sdX bs=4M status=progress && sync\n\n# Boot from USB → GRUB menu:\n#   \"Rusty Penguin (bare metal)\"  — pure-Rust kernel + desktop\n#   \"Rusty Penguin -- Web (X11)\"  — Linux kernel + Chrome/Firefox\n#\n# First time: pick \"Console / Install to disk\", then:\n#   rp-install /dev/nvme0n1       (or your disk)\n#   wifi-setup MyNetwork MyPass   (if WiFi only)\nbash launch.sh\n# Or with Intel e1000 NIC (real laptop test):\nqemu-system-x86_64 -machine q35 -cdrom rusty-penguin.iso -m 512M \\\n  -netdev user,id=n0 -device e1000,netdev=n0 \\\n  -device qemu-xhci,id=xhci -device usb-kbd,bus=xhci.0 \\\n  -display sdl\n```\n\nThe preselected GRUB entry, **Rusty Penguin (bare metal)**, boots the pure-Rust\nkernel. For a full work week (browser, persistence, Git), use the\n**Web (X11)** entry after installing to disk.\n\nClick the **Doom** icon in the dock. The kernel suspends the desktop, hands the\nraw framebuffer to id Software's 1993 shareware DOOM (E1M1) via fbDOOM, and\nrestarts the desktop when you quit. No X, no Wayland, no SDL:\n\nA separate GRUB entry, ** Rusty Penguin -- DOOM (demoable)**, boots straight\ninto DOOM without the desktop at all (for maximum performance demo).\n\nBalanced ternary represents the same range in fewer digits:\n\n- 9 trits → ±9841 (vs 9 bits → ±255 unsigned)\n- Multiplication maps to shift-and-add on a ternary number line\n- Neural networks quantized to\n`{-1, 0, +1}`\n\nskip every zero-weight multiplication — the entire basis of the sparse`ai-runtime`\n\n``` bash\nrp$ tri 6 * 7\n  6 * 7 = 42\n  ternary: 000000+-0 * 000000+-+ = 0000+---0\n\nrp$ ai 8 4\nsparse ternary inference -- 4 layers x dim 8\n  L0 [00000+-0] -> [+-++-+++]  dormancy 79%\n  ...\n4 layers  avg dormancy 46%  skipped 120/256 ops\n```\n\nThis is the same insight behind BitNet and ternary LLM quantization —\nimplemented here from first principles in Rust, running bare-metal in a bootable\nOS. Each win is logged, with its honest basis, in\n[ docs/TERNARY_FINDINGS.md](/rfi-irfos/rusty-penguin/blob/master/docs/TERNARY_FINDINGS.md).\n\n| Module | Source |\n|---|---|\n`compiler/` |\nternlang-core lexer/parser/BET bytecode/VM |\n`filesystem/` |\nternlang-fs VFS patterns |\n`ipc/` |\nternlang-runtime TernNode actor model |\n`hardware-abstraction/` |\nternlang-driver HAL traits |\n`ai-runtime/` |\nternlang-ml TritTensor + sparse inference |\n\nMIT — see workspace `Cargo.toml`\n\n.", "url": "https://wpnews.pro/news/an-os-in-pure-rust-with-its-own-tcp-ip-and-tls-1-3-stack-fetching-the-live-web", "canonical_source": "https://github.com/rfi-irfos/rusty-penguin", "published_at": "2026-05-30 19:55:40+00:00", "updated_at": "2026-05-30 20:16:49.753937+00:00", "lang": "en", "topics": ["ai-infrastructure", "ai-research", "neural-networks"], "entities": ["Rusty Penguin", "RFI-IRFOS", "Ternary Intelligence Stack", "ternlang", "albert", "albert-cli", "ternlang-mcp", "crates.io"], "alternates": {"html": "https://wpnews.pro/news/an-os-in-pure-rust-with-its-own-tcp-ip-and-tls-1-3-stack-fetching-the-live-web", "markdown": "https://wpnews.pro/news/an-os-in-pure-rust-with-its-own-tcp-ip-and-tls-1-3-stack-fetching-the-live-web.md", "text": "https://wpnews.pro/news/an-os-in-pure-rust-with-its-own-tcp-ip-and-tls-1-3-stack-fetching-the-live-web.txt", "jsonld": "https://wpnews.pro/news/an-os-in-pure-rust-with-its-own-tcp-ip-and-tls-1-3-stack-fetching-the-live-web.jsonld"}}