An OS in pure Rust with its own TCP/IP and TLS 1.3 stack, fetching the live web

A team of developers has built Rusty Penguin, a complete operating system written entirely in pure Rust with its own bootloader, kernel, drivers, and window manager, featuring a native TCP/IP and TLS 1.3 stack. The OS uses balanced ternary logic (-1/0/+1) as a first-class primitive across all layers, treating a "dormant" state as distinct from active or terminated processes. The project aims to create a daily-driver desktop OS that can replace Ubuntu, with a Linux ABI compatibility layer allowing unmodified glibc binaries to run on its native kernel.

"Binary hardware. Ternary mind." Rusty Penguin is a complete operating system written from scratch in pure Rust — its own bootloader, kernel, drivers, window manager and apps, with no Linux kernel and no libc underneath. The goal: a daily-driver desktop OS you can install in place of Ubuntu. Ternary logic -1 / 0 / +1 is a first-class primitive at every layer, from the scheduler to the AI runtime. Built by RFI-IRFOS https://github.com/rfi-irfos as part of the Ternary Intelligence Stack https://ternlang.com . Preinstalled: albert · ternlang · albert-cli · ternlang-mcp Rusty Penguin Googles itself — on its own bare-metal kernel. The OS fetches google.com/search?q=rusty+penguin+os over our own TLS 1.3 stack and finds "rusty-penguin - crates.io: Rust Package Registry" in the results. No X11, no Wayland, no libc, no Linux kernel underneath. Binary computers have two states: on and off. Every value, every decision, every process is either 1 or 0 . Rusty Penguin treats a third state as real: dormant . Not running, not stopped — resting . A process that hasn't been asked for anything yet is not the same as a process that failed. A memory page that hasn't been touched is not dead. A neural-network weight of zero should cost nothing to compute. Every primitive in this system expresses three states: | Trit | Value | Meaning | |---|---|---| | Pos | +1 | Active, running, promoted | | Zero | 0 | Dormant, idle, neutral | | Neg | -1 | Suppressed, terminated, rejected | Dormancy is sacred. Zero is not nothing — and the renderer, the scheduler and the AI runtime all skip dormant work instead of grinding through it. A from-scratch x86 64 OS, hand-written in Rust top to bottom: Bootloader handoff → pure-Rust kernel — Multiboot2, 32-bit → 64-bit long mode, physical/virtual memory management, interrupts, a custom syscall ABI, ring-3 userspace, PS/2 keyboard + mouse, a 1920×1080 framebuffer, and Intel HDA audio. A native desktop — frosted-glass window manager drag / resize / minimize / maximize , a floating dock, a start menu, an arrow cursor, and a warm stone-green visual language. No external UI toolkit; every pixel is drawn by our own framebuffer + ternary-CSS engine. Real apps — terminal psh , file manager, text editor, calculator, system monitor, settings, the TIS console, plus Snake, Minesweeper and a pure-Rust DOOM-style raycaster. A ternary runtime — balanced-ternary arithmetic and a sparse-skip inference engine that physically skips zero-weight multiplications. No libc. No C dependencies. No UI framework. Systems programming from first principles. A from-scratch OS has a chicken-and-egg problem — none of the world's existing software was compiled for it. We solve this without giving up the pure-Rust ternary core : the kernel is growing a Linux ABI compatibility layer — a one-way translation shim that lets unmodified, already-compiled Linux/glibc binaries run on top of our Rust kernel. This is not "boot Linux instead." There is no Linux kernel here. The native syscall surface is our own, ternary-flavored ABI; the Linux ABI sits beside it purely so the binary ecosystem eventually a real browser can run while the native, ternary-native app ecosystem grows to replace it. It is honest, brick-by-brick work: Done: the kernel runs real unmodified glibc programs natively — both statically and dynamically linked. printf , TLS thread , malloc , SSE floating point, full atexit / exit , file I/O, and ld.so loading + relocating + running a dynamically-linked binary against libc.so.6 . Next: threads clone / futex , per-process virtual memory + demand paging, /proc , more of the syscall surface, then a framebuffer GUI app — and on that road, a real web browser. A browser is the long pole. Be clear-eyed: full web parity is a multi-year horizon. The path is real and the early bricks are laid, but we don't pretend velocity equals completion. | Component | Status | |---|---| | Boot → long mode, memory mgmt, interrupts, syscalls, ring-3 | ✅ | | Framebuffer 1920×1080, PS/2 keyboard + mouse | ✅ | USB xHCI HID — keyboard + mouse on modern laptops | ✅ QEMU verified | | Intel HDA audio + Sound mixer app | ✅ | | Window manager, floating dock, start menu, arrow cursor | ✅ | Quick Settings panel Wi-Fi/BT/dark/volume tiles, tray-anchored | ✅ GNOME-style | | Apps: terminal, files, editor, calculator, monitor, settings, TIS console | ✅ | NIC drivers: RTL8139, Intel e1000/i219, Realtek r8169 | ✅ ~95% laptop coverage | TCP/IP stack: ARP/ICMP/UDP/DHCP/DNS/TCP/HTTP | ✅ fetches real internet | TLS 1.3 client X25519 · ChaCha20-Poly1305 · from scratch | ✅ real HTTPS, QEMU-verified vs live web | Live web browser — type host → real page | ✅ http + https, follows redirects | fetch , wget terminal commands | ✅ | | Linux ABI layer static + dynamic glibc binaries | ✅ Bricks 1–5 done | Multi-user login SHA-256 passwords, /home/ | ✅ | | In-memory VFS within a session | ✅ | Persistent bare-metal disk storage RPFS + AHCI | ✅ settings/files survive reboot | | Component | Status | |---|---| Install to disk rp-install /dev/nvme0n1 | ✅ UEFI/GPT | | Standalone boot from disk no ISO | ✅ | Persistent /home ext4 | ✅ survives reboots | Package manager rpm install <url | ✅ with SHA-256 + ed25519 signing | WiFi: wpa supplicant + iw bundled | ✅ auto-assoc on boot | wifi-setup command console: wifi-setup <SSID <pass | ✅ | | Chrome / Firefox on X11 | ✅ | | Recovery console | ✅ | - TLS certificate-chain validation the TLS 1.3 client does the handshake + verifies the server Finished, but has no CA trust store or wall clock yet — confidentiality vs a passive attacker, not active-MITM protection - GPU acceleration framebuffer only; software rendering - WiFi on bare-metal kernel needs per-chip driver + firmware The real work-week path today: install to disk + rp.web mode Paste this into a fresh Linux or macOS terminal. It installs the Rust toolchain and all required tools, builds the ISO, and launches it in QEMU automatically: curl -sSf https://raw.githubusercontent.com/rfi-irfos/rusty-penguin/main/install-dev.sh | bash What it does: installs rustup nightly + required targets , grub-mkrescue / xorriso , and qemu-system-x86 64 via your system package manager, clones the repo, runs bash iso/build.sh , then launches bash launch.sh . Total time on a fast connection: ~3 minutes. 1. Rust nightly + bare-metal targets curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly source ~/.cargo/env rustup component add rust-src --toolchain nightly 2. QEMU + ISO tools Ubuntu/Debian sudo apt-get install -y qemu-system-x86 grub-pc-bin grub-efi-amd64-bin xorriso 3. Build + launch git clone https://github.com/rfi-irfos/rusty-penguin && cd rusty-penguin bash iso/build.sh && bash launch.sh Flash to USB replace /dev/sdX with your USB drive sudo dd if=rusty-penguin.iso of=/dev/sdX bs=4M status=progress && sync Boot from USB → GRUB menu: "Rusty Penguin bare metal " — pure-Rust kernel + desktop "Rusty Penguin -- Web X11 " — Linux kernel + Chrome/Firefox First time: pick "Console / Install to disk", then: rp-install /dev/nvme0n1 or your disk wifi-setup MyNetwork MyPass if WiFi only bash launch.sh Or with Intel e1000 NIC real laptop test : qemu-system-x86 64 -machine q35 -cdrom rusty-penguin.iso -m 512M \ -netdev user,id=n0 -device e1000,netdev=n0 \ -device qemu-xhci,id=xhci -device usb-kbd,bus=xhci.0 \ -display sdl The preselected GRUB entry, Rusty Penguin bare metal , boots the pure-Rust kernel. For a full work week browser, persistence, Git , use the Web X11 entry after installing to disk. Click the Doom icon in the dock. The kernel suspends the desktop, hands the raw framebuffer to id Software's 1993 shareware DOOM E1M1 via fbDOOM, and restarts the desktop when you quit. No X, no Wayland, no SDL: A separate GRUB entry, Rusty Penguin -- DOOM demoable , boots straight into DOOM without the desktop at all for maximum performance demo . Balanced ternary represents the same range in fewer digits: - 9 trits → ±9841 vs 9 bits → ±255 unsigned - Multiplication maps to shift-and-add on a ternary number line - Neural networks quantized to {-1, 0, +1} skip every zero-weight multiplication — the entire basis of the sparse ai-runtime bash rp$ tri 6 7 6 7 = 42 ternary: 000000+-0 000000+-+ = 0000+---0 rp$ ai 8 4 sparse ternary inference -- 4 layers x dim 8 L0 00000+-0 - +-++-+++ dormancy 79% ... 4 layers avg dormancy 46% skipped 120/256 ops This is the same insight behind BitNet and ternary LLM quantization — implemented here from first principles in Rust, running bare-metal in a bootable OS. Each win is logged, with its honest basis, in docs/TERNARY FINDINGS.md /rfi-irfos/rusty-penguin/blob/master/docs/TERNARY FINDINGS.md . | Module | Source | |---|---| compiler/ | ternlang-core lexer/parser/BET bytecode/VM | filesystem/ | ternlang-fs VFS patterns | ipc/ | ternlang-runtime TernNode actor model | hardware-abstraction/ | ternlang-driver HAL traits | ai-runtime/ | ternlang-ml TritTensor + sparse inference | MIT — see workspace Cargo.toml .