Skip to main content

Proof Over Luck

· 4 min read
Jenning Schaefer
Jenning Schaefer
Founder, Dev

The Moment It Became Real

At first, an OS feels like progress.

Things compile. Services start.
You can point at features and say, “Look—momentum.”

Then the truth shows up:

Most “working” systems are simply lucky systems.
They work until contention shows up. Until timing shifts. Until a second core enters the room.

So we changed the objective.

Not “add more features.”
Not “move faster.”

Replace luck with proof.

Networking: A System, Not a Demo

We kept building the distributed layer the way a microkernel OS needs it: explicit, bounded, testable.

  • dsoftbus advanced into a real cross-VM/session layer—not a placeholder
  • DHCP work continued to make bring-up less magical and more deterministic

This isn’t about “we have networking.”
It’s about being able to say: this is the lifecycle, these are the states, these are the failure modes—and here’s the proof it doesn’t drift.

Observability: When You Can’t Measure, You’re Guessing

A system without trustworthy logs is a system you can’t debug under pressure.

We pushed logd forward, cleaned up host tests and wire parsing, and tightened the parts that tend to rot in OS projects.
It’s the unglamorous edge work where “it probably works” has to become “we can show it works.”

Updates That Don’t Destroy You

Shipping an update mechanism is easy.

Shipping one that doesn’t brick the system is the work.

So we pushed packaging toward what matters operationally:

  • package update with rollback as a first-class principle
  • not “best effort,” not “we’ll fix it if it fails,”
  • but failure-aware design that assumes power can die mid-flight—and still expects correctness

Security Hardening: Entropy That Isn’t Pretend

Security doesn’t start with crypto.
It starts with not lying to yourself about inputs.

We hardened the baseline by pushing rngd toward virtio-mmio entropy—a bring-up step that replaces toy assumptions with production-shaped behavior.

Storage: StateFS Became a Real Subsystem

State isn’t a feature. It’s a contract with the future.

StateFS saw major expansion—moving from “persistence exists” to something closer to “persistence has rules.”
In an OS, storage is where corruption hides and where trust gets tested. Treating it as a disciplined subsystem changes everything downstream.

Virtio: From Legacy Bring-Up to Modern Determinism

We continued the migration from legacy virtio-mmio toward modern virtio-mmio as a deterministic floor.

It’s the kind of work nobody celebrates, but everyone depends on:
less legacy variance, fewer “it boots on my machine,” more reproducible proofs.

The Kernel: Modern Rust, Not Rust-Flavored C

The kernel work wasn’t just “more code.” It was a shift in how we express correctness.

We did serious refactoring and pushed modern Rust concepts into the architecture:

  • ownership that makes lifecycle and authority explicit
  • newtypes that prevent “same integer, different meaning” bugs
  • clarity around Send/Sync instead of hand-wavy concurrency
  • #[must_use] error propagation to kill silent failure paths

This is the quiet difference between a kernel that runs and a kernel you can trust under stress.

SMP: The Second Core Changes the Rules

Single-core is where ideas feel right.

SMP is where systems become honest.

We now bring up a hardcoded second core (SMP).
That forces discipline across scheduling, IPC, timing, and test harnesses. A second core isn’t “more performance.” It’s more truth.

Project Discipline: Tasks, RFCs, and the Machine That Enforces Them

We also cleaned structure—because a project that can’t stay organized cannot scale into an OS.

We’ve laid out tasks all the way to hardware bring-up, and we’re working the way serious systems are built:

  • RFCs as seed contracts (design before drift)
  • tasks as execution truth (proof commands, stop conditions, touched paths)
  • and a workflow layer in .cursor/ that helps enforce preparation, execution, and wrap-up discipline

It’s not bureaucracy.

It’s how you prevent a system from becoming a pile of exceptions.

What This Adds Up To

If you zoom out, the story isn’t “we implemented X.”

The story is:

Open Nexus is converging on a system that can explain itself.
What it does. Why it does it. How it fails. Where the boundaries are.
And what evidence proves it.

That’s the turning point.

Because the future of an OS isn’t written in announcements.
It’s written in contracts—and in proofs that keep passing when the machine stops being polite.

Proof over luck.

Join the discussion on Discord
Contribute to the codebase