OSDev.org

I've hated Windows for a while now, and when I tried Linux, I hated that too. Not being a good enough programmer to start my own OS from scratch (yet ), I can only dream of ways to repair the shortcomings of current OSes.

Here are my OS ideas. What do you think of them? Are they at all original? (I think not; most of them seem pretty obvious.)

User Keys
User keys provide a simple and convenient way to customize any computer. A user key is a small, key-like object that stores user settings and files. All programs are required to store all of their settings information on user keys. All of these settings will be presented in a standard, user-modifiable format. Every setting on a user’s computer, from their password to the toolbar settings in their word processor is stored on their key. The key also stores many of a user's files. When plugged into any computer, the settings on the key are instantly read and the computer's configuration is modified to match. This allows users to easily use any computer as if it were their own.

Settings and files can also be synchronized with any computer that gives them permission. Virtually every user will want to synchronize their key with their own computer. Keeping data on the key and on one or more computers synchronized serves several purposes:

-Allows a key to be removed while maintaining files and settings on a computer.
-Speeds up loading of files and settings by allowing them to be accessed directly from the hard drive.
-A user must have permission from the owner of a computer to be able to synchronize their key with that computer.

There are four degrees of synchronization:

-No synchronization. This option is useful for guests who rarely use a computer.
-Synchronize only settings. This option is useful for guests who will not be using the computer often on a permanent basis.
-Synchronize only files. This option is useful for guests who wish to back up their files on another computer or drop off files for the owner of that computer.
-Synchronize both files and settings. This option is useful for the owner of a computer and any guests who will be using that computer regularly.

To access each of these options, the key is turned in its slot. 90? clockwise for settings only, 90? counterclockwise for files only, and a full 180? for both files and settings.

Security
Tenets:
-Keep safe the user!
-The system must not even allow the possibility of the following:
-Viruses
-Security flaws
-Physical breaches of computer privacy (passwords broken, etc.)
-Breaches of internet privacy
-Taking control or decision-making power over any computer, software, or data away from the respective owner of that computer, software, or data
-Any type of Internet- or network-based attack
-The system must not actively shield against these things; the system must be built so that these things may not exist.

Breaches of Internet Privacy
Privacy is breached when any of the following happen:
-Information is sent from the user’s computer without their knowledge.
-Solution: Information must be sent from the computer in a single, standard way controlled by the OS. All transactions are logged by the OS. The user has access to these logs. These logs are easily understandable, and each information transfer is accurately labeled.
-Information is sent from the user’s computer without their permission.
-There is a permission setting for every type of information transfer. Permissions can be given to specific programs, specific types of transfers, etc. The OS asks the user to allow each new type of transfer upon its first use. Besides that, many types of transfers require deliberate action, such as clicking a button.
-Information is collected or recorded about a user or computer without their knowledge.
-There are no cookies. Website settings are stored as part of a user’s system settings. Therefore, no information, such as unique ID numbers, can be stored without the user’s explicit knowledge. These settings are not created without the user’s knowledge and permission.
-Information is collected or recorded about a user or computer without their permission.
-No information is available for collection or recording. Information may only be sent in the single, standard way described above.
The Security Panel
This panel is an integral part of the security system. The panel is the manifestation of the log of all security-related actions a user takes for their perusal. New security risks are, by default, allowed, but every one of the appears in a slide-in box much like the “New Mail” slide-ins from MSNM. Clicking the box slides out the security panel, where the user may choose exactly how much of the transaction they wish to allow. Completed transactions are logged.

The Security Panel is not some kind of watchdog. It does not scan things as they pass, ready to ask the user whether something is safe or not. It is the interface to the system gatekeeper, an integral part of the OS structure. This gatekeeper controls all traffic outside the computer and a good amount of local traffic as well. Programs attain security clearance for all operations that require more connectivity into the system than the most basic session has.

On the outside, this gatekeeper is a wall. It provides nothing to the outside world.
Security Architecture Basics
Every entity, from hard drives to running programs to the Internet, are surrounded by a protective “sphere”. The only way through this protection is through API calls.

Another idea: The user has authority. The user can grant authority to other entities on their computer (programs, etc.). Anything that the user gives authority can, in turn, give some of its authority to another entity. An analogy is a row of keys, each opening fewer doors as you look down the row. The user has the skeleton key, and gives out as many copies of the other keys as they want to other entities. The entities can give out the extra keys they have, but keep the best key given to them. The receivers of the key handouts from programs can continue to pass them down in a hierarchal structure until all the keys are gone.

The Harmony Filesystem (another name idea: Synthesis?)
One of the core features of Integrity is its database-driven filesystem. Files are stored in a single massive list on the computer. They have a number of properties that allow them to be sorted and filtered for easy organization and system management. Although many standard properties such as size and date modified are available, there are several unique properties in Integrity, which are described below.

Orders
Orders are akin to folders in Windows. However, in Harmony, a file can exist in no order, one order, or many orders. Orders are the main way of filtering files, but due to their database-driven behavior, they are much more flexible.

Physical Location
Because orders cannot be changed from a drop-down list or the like, but only added or removed, it seems more appropriate to give this its own property. A file's physical location is usually a hard drive or network location. The user may change a file's physical location to move it, although if they do not have move permission this option will change to copy. Since files are all stored in a central list, no more detail on physical location is needed than this.

File Explorer
The built-in file explorer for Integrity, codenamed "Insight", has an interface inspired by the Opera web browser. At the top is a tabstrip, listing currently-open file views. On the left is a vertical panel with icons. Each of these icons opens a task pane directly to the right of the selector bar. On the far left of the screen is a very thin vertical bar that, when clicked, show or hides both the selector bar and the currently open task pane. On the far right of the screen is a second task independent of the first, and a matching hider bar on its right.

Task Panes
There are a variety of task panes listed in the selector bar at the left of the screen that assist the user in a variety of file management tasks.

Filter Pane
When a new view is first opened, it lists every file on the user's computer to which that user has access. To narrow this view down to the specific files a user wants to see, they use the filter pane. The filter pane consists of several smaller sections. The most important section allows you to filter based on order. Order rules may be added to a list. These rules consist of simple inclusion or exclusion filters, such as "in order X" or "not in order X". Below the order filtering section are section for other properties, such as physical location and file size.

Saved Views Pane
When the user creates a filter that they like, they may save it here. This acts like a bookmarks listing. Of course, they view itself is saved as a file, but this pane is a listing of those files.

The Property Pane
This is the main pane on the right side of the screen. It displays properties that the currently selected file or files have. When only one file is selected, this pane is fairly predictable, listing the orders it belongs to among other properties. When more then one file is selected, a small menu at the top of the section for each property allows the user to select how they want that property displayed. For example, a user who has selected several files may choose whether they want to display orders that at least one of the files belongs to, all of the files belong to, or a certain percent of the files belong to. Any of the properties displayed may be quickly moved to the left pane and used as a filter.

A more efficient way of doing your user-key system would be using a fingerprint scanner. These already exist so would not require a change to the hardware. And with broadband technology common now, you could transfer the settings over a "secure" connection. The secure bit would be the only complicated part of doing it this way. But overall this would be easy to implement and could probably even be done on top of an existing OS by a program which knew where each of the different programs stored their settings. Using a fingerprint would also be much more secure than a key which could be "nicked". Also a fingerprint is much more secure than any password could be.

Pete

The point of the user key is to force all programs to store their settings in one place for easy backup and customization. Then, the Insight explorer can be used to easily modify any setting. The other main use for a USB drive is to allow users to take their settings with them anywhere.

Of course, other methods should be supported, such as no drive at all or fingerprints or something, but I thought this idea would be the most intuitive for most users, and would also be supported at whatever computer they wanted to visit. Personally, it'd be my method of choice for the latter reason - not everyone has internet fast enough to use to access my files, but almost all have USB.

nice to find some of your Harmony's idea close to what i'd like a filesystem to be ...

I'm less convinced at your "security" ideas. if some misbehaved component is inserted in your system it can still be possible for it to "hide" some information in something that appears to be a "normal" communication (like using the size of emitted packet to convey information, etc)

Saying that the system should not make possible "security flaws" doesn't sound realistic ... Noone intend to allow "flaws" in software (except in fiction movies

I really like your ideas for class-based filetypes. I might just steal parts of that idea... :p

I'm no expert on security. I'm still working out my thoughts on security, but I think that most security problems could be eliminated through OS architecture. This still won't protect against user stupidity, however.

As it is now, Windows lets pretty much every program it runs have full control over the system. It runs programs behind your back, messes with your startup list without your knowledge, and accesses the Internet and hard drive like crazy and at random. The operating system should run the programs, not the other way around.

And please, do you have any better name suggestions for the filesystem? I cringe a little inside every time I hear "Harmony". It sounds the name of a doped-up teenage girl from the 60s. My naming theme is to use a single, positive word that describes the one goal of the component, the thing that makes it different from most OSs today. I'm also looking for a replacement name for "file".

It's fun to get input on this.

I'll just throw in this link: http://www.rootdirectory.de/pro-pos/PosDesign.html

It holds some general scetchy concepts drafted up for Pro-POS before that was discontinued. (Check out "File System", "Security", and "Installation" for my two-pronged approach to system security.) Feel free to be inspired.

Yes, those filesystem and installation ideas fit very closely with mine.

The main difference is that much of your use of registration lists and such are replaced by orders in my system.

Installation of applications is also standardized in my system, but the install applet merely copies the files. They must all be in a shared, exclusive order for that program, and if the user wished, they could put the program executable in the "Start Menu" (or equivalent) order as well.