Plan for an OS
give this file to claude and tell him to pushback on anything that's not great and to answer all questions or misunderstandings where i have them and to offer suggestions/pros/cons on things that are undecided
should use an actual sophisticated ai planning and execution program for making this, i forget what they're called. ask around what the best such program is for a gigantic project that will take years to complete.
suggest to the AI (maybe in claude.md) that he review already existing and successful source code for various things to see efficient ways to implement things, and/or use them as the basis and modify them. Maybe specifically tell him that for a few things too.
The one problem with making the OS with AI is that someone (shamoe) told me that AI isn't particularly good at making performant code. The above mitigation may help that. Another option is to allow a lot of pull requests by people optimizing various things. Probably let the AI review them and test them first. Not all of the OS really needs to be very performant, I'm not sure what % of the OS really does. And maybe that person just didn't tell the AI to optimize the code as much as possible and let it do it incrementally in many passes?
Make sure none of our design is tainted by standard/popular but outdated practices or tuning values.
Ask Claude what good ideas BeOS and Plan 9 had.
At what point in development should we make the API functions stable/freeze them? It depends on how many users use our OS (and why) among other things.
Microkernal, maybe with some drivers working in the kernel. Some other performance-critical stuff might move into the kernel too, maybe after it's been time-tested. Networking?
Option for drivers to be compiled with ada/spark for proven safety, Rust communicates with them through FFI.
Sandboxed drivers using IOMMU (available on all modern systems, but sometimes disabled by default in the BIOS) are much faster than userspace drivers, though not as good in some other ways - provide them as an option for when the 5%-15% speedup matters.
we should probably ask the user to enable IOMMU in their BIOS if we detect that it's disabled (mention that it might not be there if the system is older than XX years), or maybe only do this when the system is set to use an IOMMU driver
SPARK proves the driver logic is correct: no buffer overflows, no integer overflows, no invalid state transitions. The driver code does what its specification says.
IOMMU sandboxing constrains what the hardware device can do via DMA. Even if the driver is perfectly correct, the hardware itself could be malicious (think a compromised USB device or PCIe card) or have firmware bugs that cause it to DMA to unexpected addresses. The IOMMU prevents th
Spark and IOMMU can be combined.
So the layers would be:
Application
↓ syscall
Rust kernel (safe code)
↓ FFI call (near-zero cost)
SPARK driver logic (proven correct, runs in kernel space)
↓ programs the device
Hardware device
↓ DMA (device accesses RAM)
IOMMU (restricts which RAM the device can touch)
↓ allowed DMA only
Physical RAM
Should we support the text-based linux driver specification tree or whatever it's called? does that give us easy support for more hardware?
Many specialized syscalls (Linux has ~450) — each operation gets its own syscall number. Simple to use, but the interface grows over time and accumulates legacy.
Specialized syscalls are faster than fewer syscalls with more parameters, and most programmers never need to touchsyscalls because they're abstracted away.
io_uring style submission queues — userspace writes requests into a shared ring buffer, kernel drains it. Avoids syscall overhead entirely for batched I/O.
Give the programmer the option to use the ring buffer or a normal syscall for most syscalls, some operations, like fork, mmap, and exec may not work well with io_uring.
The purpose of io_uring seems to be to speed up batch i/o operations.
Make our own API, but make a POSIX layer for compatibility with thousands of applications.
Scheduling:
- Priority-based with preemption levels (real-time OSes, Windows) — fixed priority levels, highest priority runnable
thread always runs. Predictable latency, but priority inversion is a problem.
OR
- BFS / MuQSS (Con Kolivas's schedulers) — optimized for desktop interactivity over throughput. Simpler, arguably
better for < 16 cores.
BFS/MuQ5S also support priority levels, many more than Windows.
Don't use CFS, it was designed for hundreds of CPUs with thousands of threads.
If possible, for the first scheduling option, make it so that the user can change the priority level of a process while it's running, pause it, or resume it.
Fix the priority inversion problem with priority inheritance.
Per-CPU queueing.
Would it be possible to abstract out the memory management system so that users can select a workload type for optimization and memory management will still work for all programs?
Abstracting might have to introduce a new layer which would incur a speed hit which would defeat the purpose of optimizing for workload? but maybe it doesn't have to if changing the workload recompiles it? but recompiling the kernel is for power user os's, not a generul use os. but could we have a streamlined way of recompiling parts of the os according to user wants that's simple from a UX perspective and reliable? and we should reload these parts after compiling whenever possible instead of requiring a reboot.
Another thing we might want to abstract out *or* allow recompiling is the scheduling model and/or specific tuning paramaters. Maybe allow tuning specific parameters for memory management too for power users.
Paging model:
- 4 KiB pages (standard on x86) — fine granularity, less waste, but huge page tables for large address spaces and TLB
pressure. - Transparent huge pages (2 MiB / 1 GiB) — fewer TLB misses, but internal fragmentation and memory compaction
overhead. - Variable page sizes — some architectures support this, but it massively complicates the page allocator.
(More said way farther down in 'design decisions.txt')
Linux's Transparent Huge Pages (THP) is essentially variable page sizes bolted onto a fixed-page allocator, and it's
been a source of performance unpredictability for years — sometimes THP helps enormously, sometimes the background
compaction work to assemble huge pages causes latency spikes.
The only major OS using Transparent Huge Pages — the kernel automatically promotes groups of contiguous 4 KiB pages
into 2 MiB pages in the background, without application involvement. As mentioned earlier, this helps when it works
but causes latency spikes from the background compaction work.
Our OS should use 16kb pages instead of 4kb. Wastes a trivial amount of ram with a speed tradeoff, 4kb is more legacy.
Need to define swap tuning parameters
Have an alloc function where the program can allocate X amount of memory and it won't fail as long as the user has that much memory plus space on the filesystem, because the OS swaps the rest? (lazily on write)
Also programs can have a stack that won't run out and doesn't have to be given a size limit on startup - because when it runs out, the cpu exception called calls an allocator that gives it more space - option to have the stack even use storage space like the alloc function
Filesystem:
- Inode-based (ext4, XFS) — separate metadata structure pointing to data blocks. Battle-tested, well understood.
- Copy-on-write / B-tree (Btrfs, ZFS) — never overwrites data in place, writes new copies. Gets you snapshots and
checksums for free, but fragmentation and complexity. - Log-structured (F2FS, LFS) — all writes are sequential appends. Great for flash storage, but garbage collection is
tricky. - Database-as-filesystem (WinFS, never shipped; BeFS was partially this) — rich metadata and queries built into the
filesystem.
Also: do you enforce a filesystem hierarchy (/usr/bin/...) or let it be flat with tags/attributes?
Support Inode-based, support copy-on-write in case the user wants efficient snapshots, support log-structured for flash - F2FS was developde by Samsung and is free, consider developing a database filesystem option
Would be nice to support ext4, NTFS, FAT32, etc. too for reading from and writing to drives from Linux and Windows. FAT16 or FAT32, whichever is the one used for flash drives, is a must. Oh, and we of course have to support ISO for optical discs.
Reuse ext4 or xfs code for inode-based, btrfs/zfs code for copy-on-write? Support those filesystems exactly, and/or make our own modifications?
Filesystem hierarchy, tags are good for a public library of files, but I don't see a need for them in an OS, though they may be useful for the database-as-filesystem option.
/ used as path splitter
what characters should be allowed for filenames? probably all supported by linux and windows for compatibility
Case-sensitive or case-insensitive? case-sensitive is less clownish, but case-insensitive makes it easier to type in filenames, and windows users might expect it
Files generally have filename extensions but don't have to, filename extension determines what app loads it by default, user can (in an easily discoverable way) change what program loads an extension (select from any installed program that's registered to be able to load that file extension, or select from any installed program, or select a particular executable in the filesystem) and also can provide arguments to program including variables
When the same application controls multiple file types, it should be allowed to specify different icons for each extension. I don't know if they currently can do that since they don't seem to do it. For example, if winamp controls video and audio files, I don't want both video and audio files to have the same icon.
if a program that handles a specific file type is uninstalled, switch the program associated with that file type to the previous program that was used for that filetype
Make the file type come before the name rather than after??
example
exec.helloworld
mod.hunter
zip.partitionmagic
that way
-the most general information comes first, as with most other protocols (like file paths, url's, namespaces..)
-listing files alphabetically automatically groups by file type
-a file listing with consecutive filenames of the same type has both the base names and extensions aligned, e.g.
mod.hunter
mod.ele-plan
mod.wasted
vs
hunter.mod
ele-plan.mod
wasted.mod
the latter being harder to read, as well as less pretty, because the extension can start at any column.
disadvantages:
-looks ugly
-filenames not cross-compatible - solution: tools to autorename files to one format or the other for downloading/copying to/from other OSs - PITA - other solution: support both formats, but then our odd format will just never be used except in our OSs own files
-filename completion works slightly less good - e.g., many files will start with .zip, so you'll have to type at least .zip. before you can start your filename completion
What will our extensions be for static libraries, dynamic link libraries, and executables? not so, lib, dll, or exe since it won't be compatible with those. might need an extension for packages too.
Hooks on various changes to files and directories so that programs can do something whenever there's a change (allowing a program to create a hook on something should probably be a capability - hooks can slow the system down or even make things not work right)
journaling? ability of programs to group any writes into an atomic write?
duduplication? as an option?
file/dir metadata:
hash? (not on dirs) (useful, but takes time. optional? or should the hashes go on data blocks? could be both - hash of file is just a hash of all its data blocks hashes)
time created
last time read
last time written
size
directory it belongs to
arbitrary string/comment? what's the max size?
required capabilities list (should be enum values)
ask claude what else is useful
IPC model:
Don't use file descriptors for sockets, "read/write work, but you also need sendmsg/recvmsg with complex msghdr structures for ancillary data
(passing file descriptors, getting sender credentials). The byte stream abstraction leaks everywhere."
Use channels like Fuschia? (message-passing with capability transfer as the primary IPC)
Support shared memory too.
Pipe support (one-way and two-way?)
Support an epoll equivalent, let an epoll request provide a list of any type of thing you might want to wait for - including things that are made inside the app, or should we have another abstraction for supporting combining waiting for different things in the same app (for when the app uses external libraries)
or..
the normal poll method passes a pointer to an array of objects to listen for to the os. the os modifies the array to reflect what's available and what's not. this is inefficient because
a) the os has to scan the array to assimilate it internally however it's used
b) the application has to scan the array searching for sockets with information pending.
how it should be done is that the OS has register and unregister functions for registering and unregistering individual fd's from poll objects, and a function to poll that poll object.
when you register an fd, the os adds a reference to that poll object to whatever info it automatically accesses for that fd when it receives input from the network interface, filesystem or whatever. it then adds that fd with the appropriate flags to a list it's building for the particular poll object. i don't know how many it would add before it returns the list, but the same question applies to the poll method. alternatively it could return only one fd, or the application could pass it a minimum time in addition to the timeout parameter.
in case multiple poll objects wait on the same fd, the os could have a list of poll fd's for each fd, instead of just one. but having multiple poll objects wait on the same fd might be disallowed instead because it doesn't make a lot of sense.
in addition to the fd the register command should accept an arbitrary int, which is included in the return list, so that when the application reads the returned list it doesn't have to look up its relevant info for a given fd with a hashtable. the int could be a pointer to an object or an index to an array, or eve George Washington's birthday if the programmer wishes.
**i looked up iocp after writhing this and this seems to be precisely what iocp does, including the arbitrary int feature
Some way for programs to easily communicate with each other using names to access them by and some common format for passing information and commands, for example COM and DDE
Define a standard for library event loops that allows the programmer to easily combine different event loops. Maybe the above application-level epoll function will supply this.
Find out exactly how IPC works, what the different strategies are, what Windows, macOS and Linux use, what optimizations people have invented, what's fastest and best
Security:
And what about a combination of DAC and cababilities? It should basically be: There are different users, each with
their own capability set, and a user can't create another user with a capability that it itself doesn't have, and
user capabilities include access to specific files and directories. But then that means a user has to have thousands
of capabilities, one for each file.. but then, we could just have named user capabilities and groups of named
capabilities that we can assign to files and directories and a user with the same capability can access that file or
directory.
implement this? file:///D:/soundshop/ccs05-cfi.pdf - ask Claude to read it (may have to convert it a text format first?) and tell me if it's a good system, how effective it is, if it's compatible with my OS plan, what limitations it would incur, and what the performance costs would be.
Users can set capabilities on individual apps and services/executables, too. Obviously, a user can't give a program a capability he himself doesn't have.
Capability-based syscalls for extra protection? They work slightly differently from user/program capabilities, which can have groups, etc., but program capabilities determine the program's syscall capabilities.
We should have a way for programs to lack certain capabilitise by default, and be able to ask the user for them when they install or when they run.
Capability-based users and apps. User capability groups, too, which directories and files can be tagged with.
Problem: How to give a user or process access to, e.g., the whole filesystem except for specific files/directories that have a higher security rank/key?
Solution: file/directory capabilities compose via intersection (AND), meaning that if a file or directory specifies more than one capability, all of them are required by a user or porocess to access it.
capabilities to listen on certain ports or connect to certain domains can also be done this way
We probably don't need to allow a separate list for files and directories that's OR-composed.
If a file or directory has a capability group in its list, do the individual capabilities in the group compose via AND or OR? I think OR is right, that's more in-line with the intention of making the group in the first place and how it's used.
The interesting question is capability granting. How does a process acquire the system capability? Some options:
- Statically at launch time (like Unix setuid — the binary's metadata says "this process starts with system")
- Dynamically via a broker (the process asks a privileged service "may I have system?" and gets it if policy allows)
- Temporarily scoped (the process gets system for one operation, then it's revoked)
When the app asks a user to grant it some capability, it should pass a parameter to the request that's passed along to the user security dialog that tells the user what that particular capability is being asked for for
Capabilities: (some of these are high security risks, should be taken seriously)
RAM limits HD limits, time limits, CPU limits (% of capacity or CPU-time)?
program can install on/affect another user (which users? how do we define that?)
any capability group the user defines
any capability the user put on files and directories in the filesystem for read, write, change, create
capalities to place monitor hooks on various os activities - hooks listed below
capabilities to access things about other programs - how do we make them per-program? i guess have the capability requirements attached to the programs too, like with files and dirs
read memory
write memory
read network traffic to/from
change network traffic to/from
communicate with
COM-like thing
sharing memory
IPC
signals (unless signals are just COM commands)
automate (emulate mouse clicks, keyboard input)
hooks on things they do (some of these could seriously slow them down)
hooks listed farther down
open, close, create, delete, change, read, change metadata of a file or dir
create a hook
create, delete, modify user
load a library
new inbound socket
new outbound socket
write to/read from a socket
listen/stop listening on a port
launch another program
quit
restart (by service manager)
get priority level changed
get blocked (e.g. by a lock placed by another program)
get suspended
crash
lock something/unlock something
create/delete process/thread
automate another program
ipc with another program
share memory with another program
communicate with a driver
create/delete a pipe
get launched (this would actually be a filesystem hook)
allocate/deallocate memory
call a particular syscall or uring buffer call
change global volume
emit sound
emit system sound
show notification in notifictions pane
remove own entry from taskbar
show fullscreen
show always on top
Graphics:
Linux:
- Applications can submit GPU command buffers directly (Vulkan/OpenGL talk to the DRM kernel driver, bypassing the
compositor for rendering)
- The compositor only composites the final output — it takes each application's rendered buffer and combines them onto
the screen
- Fullscreen games can bypass the compositor entirely (DRM direct scanout — the app's buffer is displayed directly
with no compositing step)
Windows:
- Similar model. Applications submit GPU commands directly via the WDDM driver model
- DWM composites the final output
- Fullscreen "exclusive" mode historically bypassed DWM; modern Windows uses "fullscreen optimizations" that keep DWM
in the loop but detect single-app-fullscreen and optimize the composite to a no-op
Probably do it like Linux and Windows.
Init / service management:
Probably something like systemd, it's necessary for ordering correctly with dependencies while allowing tasks to start up in parallel for faster boot and for monitoring services and restartin them after a crash, but do it better than Linux: text logs instead of binary, modularized--the init manager doesn't do tons of other things.
For your OS: You'll need a service manager. The core ideas from systemd — dependency-based parallel startup, socket
activation, automatic restart, cgroup resource limits — are genuinely good and worth adopting. What you can improve:
Make only one or two ways to load programs on startup, not 5 or 6 and that may be hard to find like on Windows.
We need two because our service manager is one way, and then we'll have some simple list of apps, etc. to load (with parameters, maybe commands passed to the shell)
If we allow a shell script to run on startup, that's automatically a third way because it could include loading programs
But on the other hand, a shell script *could* be our 'simple list of apps, etc. to load"
should be able to load them with the option to wait till the last one fully loads or to load immediately
have an os api function to tell the os 'this app is now fully loaded' so we can load apps sequentially, maybe with a fallback of loading next app when no drive activity for X seconds?
ABI stability:
Don't change existing functions, if a function needs fixed in a way that breaks backward compatibility, make a new function, maybe only once the OS is actually out of development stage.
Probably use versioned syscall tables - so after a long time when certain old syscalls are no longer used, we can remove them, but only remove a whole version table of them at a time, makes it simpler which apps are still supported vs which aren't.
Package manager:
Support binary and compile from source, but binary is preferred, binary with source included is even more preferred
Dependencies work like Nix
Atomic updates and rollback:
This is where newer package managers shine. If an update breaks something:
- Traditional (apt, pacman) — you're partially updated, rolling back means manually downgrading packages. Messy.
- Atomic (Nix, OSTree/Silverblue) — the entire system state is versioned. An update either fully applies or doesn't.
Rolling back is switching a pointer to
Possible middle ground for your OS: Use content-addressed packages for isolation and rollback, but support dynamic
linking within a generation. Within one system generation, apps share .so files. A security update rebuilds the shared
library and creates a new generation where apps point to the new .so. You get fast security patches (rebuild one
library, not every dependent) with atomic rollback (switch generation pointer). The cost: you lose Nix's guarantee
that each package is fully self-describing, and you reintroduce the possibility of a shared library update breaking an
app (though rollback mitigates that).
Nix has an exception mode where it stores libraries in the standard accepted directories, specifically for binary program installations, so security fixes can be done for those too
Whenever Nix updates a library by making a whole new instance, it has to go through every program that uses it and change the source and recompile it. There must be a better way: have a middleman somewhere that the source can refer to and the middleman points to the latest update (I guess this change means we have to use dynamic link libraries?). But how is either way different from just replacing the entire library in place anyway? There's something I'm missing. Ask Claude.
How about a central repository for curated and tested apps, support for random user repos, and support for regular commercial/free applications from anyone
or we could auto-curate using ratings and popularity, but that won't guarantee app safety, though the capabilities system might go far for that
Window manager/gui shell features:
light and dark mode, maybe a few other color schemes available, maybe some alternative styles available
gui api functions to retrieve current theme colors - should we define theme colors for things that only apply to the designs of apps, not to os functions, for apps to read with the api?
can pin apps to taskbar on the left, all launched applications go to the right of those, with a small space and a divider between the two sections
option to show app name along with app icon in taskbar
taskbar and/or window titlebars support blurry transparency like the Windows aero theme
optional icons on taskbar like Windows: clock, wifi, emoji input, keyboard layout, date and time, icons that TrayStatus Pro has plus icons for network drives and GPU usage, volume, can open sound mixer that includes volume for any running program (shows programs currently playing sound first)
can drag and drop icons anywhere on the desktop (two options for desktop icon placement: snap to grid, or place freely), anywhere between pinned apps, desktop, and start menu entries
can drag and reorder icons in pinned section and currently running apps section
a system tray like on Windows
can drag and drop icons into and out of the system tray
apps have the option of starting in system tray or minimizing to system tray
can override any app to always start in system tray or in taskbar (or neither?) - have to have some way of distinguishing between the terminal program the program was launched from that it's attached to and the gui window that the program loads
a notification pane like on Windows - option for any notification to not show notifications from that application again
support widgets? why not?
ctrl+r to run a program, like on windows, supports dropdown with completion like on windows, but also shows most recent commands in dropdown.
start menu, contains applications tree, settings icon, terminal, power off, logout, reboot, hibernate?, sleep, reboot in safe mode, reboot the OS but without rebooting the PC?, input field for finding and running apps
should we allow programs to add context menu items? on windows, that makes loading the context menu really slow, but that's probably not necessary. but also, tons of programs add them and then the context menu gets all cluttured. at the very least, don't allow them to add them without asking the user.
must have a model for dragging and dropping various objects from/to apps, from/to file explorer, etc. - windows' is called something like OBE, ask claude what it does
need a better way to drag a file into a file explorer window than windows has, if you drag it onto a file row it opens it in the file, and there isn't necessarily any room anywhere else to drag it to
windows directory drag and drop copy function works well, maybe make ours like that, though with an easier way to tell it "name this file foo (2)", and also a way to skip files that couldn't be copied, same for directory delete
make it atomic - can undo the whole copy or move or delete before it's finished - if copy/move is interrupted somehow (other than deliberately by the user) - such as computer shut down, log off, etc. - give the user the option to abort or resume it when they come back
command-line functions to copy or move a directory but using the same mechanism as file explorer drag drop. command-line options to automatically merge subdirectories, automatically create foo (2)/overwrite foo when foo exists
dual/multiple monitor support?
api feature to define that something is a username or password field - so the OS can autopopulate it with the user's username and password for that program if the user opted to store it the first time he/she entered it -
api call to verify a user's identity by having them type in their OS user password - with optional debouncer in case the user already entered it recently
strongly encourage app designers to set a hover tooltip for any menu option or button that's currently disabled, explaining why it's disabled/how to enable it. we might even enforce this.
how about let's have all the good features from Qt, must explore what they all are
signals and slots
css styles applied to various things like with Qt, but no annoying css overrides unlike Qt
color picker like what's in qtpyrc (have one just like qtpyrc's)
treeview
tristate checkbox treeview - good for selecting files and directories, have function to populate it with a directory
tristate checkboxes - good for yes/no/default, 'default' is useful for cascading option overrides
radio buttons (put them in a logical group to ensure that only one is selected)
allow a way for the user to go back to having no radio button selected? can't think of a good way to do that, other than clicking again on the currently selected one, which isn't a very good way.
tabs view
minimize to tray / startup in tray - should there be a way to have no taskbar entry for the program *and* no system tray entry? a system tray entry is unobtrusive and makes it easier to discover or close what programs you're running
can do fullscreen mode
can start minimized
can be always on top (if the program has the capability key)
menus, text buttons, graphic buttons, labels
grid view
other layout options
layout capabilities (should study existing layout systems): - make them just like Qt? Make them just like the web? a hybrid of both? Use text-based layout descriptions like on the web?
align elements with each other vertically, horizontally
left, right, middle/up, down, middle justify
size item to content
size field/button/label to length of a given piece of text
can dynamically size an item/section according to what's in it/how much room there is outside of it, vertically and/or horizontally
set margin (including color), padding, outline (including edge curvature, thickness, color) on all sides or individual sides
can automatically scale an image according to OS dpi/scale factor
can scale an image to max size that fits in a given space, optionally with no upscaling (in which case we need left/right/middle, top/bottom/middle justify settings), can also scale to fit into a
can read size of a given item/section
can have sections within sections
horizontal/vertical rules
area outline with curved edges
particular length oc height, the first option on this line is actually just specifying both length and height constraints
support for transparency
set/unset focus on app, input field, etc.
modular and non-modular dialogs
simple alert popup with icon?
text windows - support all web formatting, spans - need a simpler variety too for any reason? - unlike Qt, allow a text window to display an emoji without displaying it oversized and resizing the whole line
text window without word wrap - or is this a web formatting option?
vertical/horizontal scroll bars with option to automatically hide when nothing to scroll
tooltips
support for web apps - like electron apps but provide the framework so every web app doesn't have to come with 100MB of electron
good way to snap scrollbar of text view to bottom or even stay scrolled down when new text is added, unlike Qt
copy/paste text with ctrl+c/ctrl+v or right click context menu
api function to disable or enable a menu item/button/input field/checkbox/radio buttons/checkbox treeview, greys or ungreys it out and sets or unsets a tooltip
input text fields - one line or multiline - word wrap or no word wrap - can have that thing where it shows text inside saying what the input field is for whenever there's no content in it
have input field that supports clipboard pastes with formatting and images and optionally has widgets for all formatting options and image insertion?
SVG support
support for LaTeX/mathML/similar things? i recently heard of another one that's supposed to be just as good as or better than LaTeX
no separate "app" type of application like what Windows has from their store
probably shouldn't support other window managers that aren't API compatible with our own, will create a hell of different programs supporting different window managers
Included in the OS:
fast find file function - compatible with linux find
grep - use my python grep?
a bunch of other stardard linux utilities, like curl
that utility that sanitizes filenames
something exactly like Windows' robocopy?
something that does everything DesktopReminder 3 does. And see if we want lakitu's scheduling program?
utility to shut off the monitor like 'nircmd monitor off' does
what else can nircmd do that we want?
good process explorer
can identify the process associated with a clicked on window, and can kill it
can find process by name
can pause, resume, kill, change priority, restart
can show all libraries loaded by a process
can show all subprocesses and threads
can show capabilities of a process, what user it's being run by (or should only one user be allowed to use the system at a time?), priority levels, name of application it belongs to, what launched
see what else process explorer for windows does
it, is it a service, what's currently blocking it if anything, what other process is waiting on a lock it currently has, whether it's running or paused, company it's signed by?, full path to executable or library
can switch to any window a process currently owns or terminal it's attached to
something like tmux? i don't even know what tmux is. something having to do with terminal attachment and unattachment?
browser - prefer chrome, but none of that 'chrome needs to access your wallet/whatever' popup on every start
terminal - make it nice. persistent input history (searchable?), arrow keys and insert work in input, tab autocomplete for file/directory names, find text in backscroll, configurable colors and font, ability to log everything it outputs?, unicode and ansi support of course, resizable, ability to remember last size and location, how about a word wrap option - if no word wrap, you can scroll to the right as far as the longest line of text in the backscroll
comprehensive settings and configuration UI
comprehensive system information explorer (for hardware) - look at that popular hardware information program i have for inspiration - also includes a page about the OS - name, version, web link, maybe certain options, especially ones that require recompilation like paging model/params, scheduling model/parems, filesystem params, and memeory management model/params, maybe mounted drives and network drives and show capacity and free space for each partition/filesystem
shell - powershell has a good scheme for piping data between programs
what will our shell syntax look like? should it be like bash, powershell or some other popular shell? we have to actually study various shells. using bash would let people use their linux bash scripts and knowledge, only if we have all the standard linux utilities too, but bash is kinda lame, for example, only 1d arrays. a lot of people know powershell, too, but as for existing scripts, i think actual powershell scripts are more rare than bash scripts.
ssh
telnet (maybe?)
Python - our compiler and also CPython (latest version)
a number of notification sounds for apps to use
text editor - notepad++? gedit? our own?
file explorer
can type in path (absolute or relative) with autocomplete
can show thumbnails for kind of image or video, and maybe some other things like PDFs
Support detail columns related to all intrinsically supported file types, and (according to user option) in the detail folder view use the subset of possible columns which is the union of the columns relevant to each file in the given folder. I.e., if the folder has 10 mp3's and one jpg. the columns displayed will be size, date, length, bitrate, title, author, width, and height
or possible more columns, because there are many more possible columns that could be displayed, for example
--
whether it's stereo, mono, or joint stereo
whether it's variable bitrate
khz
each tag field in id3v1, id3v2, etc.
time of last access
time of last modification
time of file creation
permissions attributes
each feature in the exif metadata
Therefore the user should be able to choose default columns for individual file types, and then the columns displayed in detail view will be the union of the default columns selected for each file type that occurs in the given folder.
Applications that handle specific filetypes should be able to add their own detail columns (and their file decoders) to the available options.
used as a file save or file(s) load dialog for applications
view options - list, thumbnails (any size), select fields for column view, order by any column, can order some other way if using thumbnail view
photo & video viewer
keynote NF
music player (foobar2000 with my milkdrop2 plugin?)
drivers, at least for things the user will likely need them for
network drive support
WINE-like support for Windows programs
WSL-like support for Linux?
clipboard with history view and select - supports utf-8, images, some sort of structured text like on Windows (so you could e.g. copy text from a website to a word processor with all formatting) - on windows, this is problematic, some formatting code is sometimes carried over that doesn't work as well on the target, can make text invisible, make cursor behave wierdly, can make uneditable objects, etc. - we can either fix these problems if possible or limit what formatting gets carried over. - option to paste as plain text
cmake, gcc and such? (seems obvious to include them, but for some reason linux distros don't)
docker? kubernetes?
an IDE?
Rust - necessary for recompiling the kernel and maybe other parts of the OS
zip file suport, 7-zip file support?, rar support?, tar/gz/tar.gz support.
osi file support (can navigate it, not just extract it)
backup program? we should include our own that has all the features I have listed for a backup program, plus typical backup types that i don't have in that list.
background indexer for fast search of all files in configured file/directory list with configured extensions/filespecs. useful defaults, but indexer does not run by default.
POP3/IMAP email program? ported thunderbird?
ability to use cellphone as a camera (like Windows does as of recently)
should probably be able to use it as a microphone, too
would be nice to have a cellphone-computer integration app like Windows does.
include uncommon but highly optimized keyboard layouts like.. what were those two i had?
make a snapshot or restore from snapshot feature, with branching like a VM does? options for what to include in the snapshot? (files and directories, programs, program data, program settings)
advanced undelete utility?
photoprism? add ocr to it? make our own similar program? (exception to "no AI")
allow programs to put hooks on various things (if the have the capabilities - they can ask the user), but what?
filesystem changes (can only hook changes on files and directories their capabilities give them access to)
rename file or dir
create file or dir
mount or unmount drive
create, resize, delete partition
delete file or dir
change file or dir
read file or dir
read or write error on file or dir
file or dir is corrupted
file or dir is locked
file or dir not found
out of space
capabilities changed on file or dir
other metadata changed on file or dir
program launched
we need a way to not only hook filesystem changes while the program is running, but to detect if there were any filesystem changes (on the specified files/dirs of the specified types) since it last called some api function, even if the program was closed and reopen since then or the os rebooted, etc. useful for a backup program, for example.
program launching?
library loading?
library update?
snapshot created or rolled back to snapshot?
user created or deleted?
user capabilities changed?
system going to sleep? (might sleep before it could do anything, or we could wait for the program, but then it might wait too long)
os errors
out of memory
i/o error
system shut down? (will shutdown every program first anyway)
network activity (what capabilities will define what programs a program has the ability to read internet activity to/from?)
system dpi/scaling factor changed - or should this be an event in the GUI event loop? or not even that, since we'll just redraw the app?
ask claude what else might be useful.
bootup shows everything it's doing in a list of tasks (could make this an option)
try to make bootup as fast as possible - Windows achieved this somehow
"""
Make the kernal as small as possible, at least to the point of still being usable. Let the user start using the computer as soon as the microkernal is loaded (or as soon as the gui or command prompt shell are also loaded), but make functions or app loading wait until any dependencies (libraries and/or services) are also loaded. In the meanwhile, be loading common services and libraries, although many services could be made only to load on-demand instead. Not that they can't be loaded on-demand when they're already prescheduled to be loaded; the OS simply inserts them into the beginning of the schedule.
The loading of these services and libraries can be put on low-priority harddrive access, except for on-demand loading, so that they don't obstruct the user's trying to do stuff that he actually wants to do at the moment. This low prioritization would also include the auto-loading of applications, such as Trillian, a web server, folding@home, and so on.
"""
If possible, don't allow swapping to tie up the system. Throttle the I/O or put it in a user process or give it a lower priority (as in 'Priority HD access') or whatever has to be done so that other apps can be used while one is swapping into/out of memory.
something pretty much exactly like Chrome Remote Desktop would be nice. but that works through google's servers, we couldn't have a bunch of free servers for users because it's not a commercial OS. but I guess it could easily work over the LAN or over the internet if the host has a domain name or dyndns.
signals - tell a program to cleanly shut down, etc. - what are the Linux signals? - our COM or whatever should include commands to programs anyway, should signals just be done
through that instead? ask claude, and ask it whatr COM and DDE actually do.
configuration files will be yaml, processed with ruamel.yaml to preserve user formatting and comments.
recycle bin - can automatically keep items forever until the system needs more free storage space, then delete items as necessary starting with the oldest first, maybe free space reporting should not include recycle bin items in taken-space calculations in that case - can delete files skipping the recycle bin - can move files to recycle bin even when they're deleted from the command line or by other programs - can optionally prune it more lazily/slowly when it exceeds a certain size and/or files are older than a certain age. this way it doesn't thrash the filesystem suddenly having to prune a bunch of recycle bin files when it runs out of space and you're trying to write a lot of new data. though it may not really take that much longer anyway, deleting a file should be must faster than writing one. in any case, an optimization could be that it looks for much larger files that aren't much newer than the oldest files first to delete rather than deleting thousands of tiny files or something.
purposely no AI shit in the OS, and of course no ads.
can always view a history of which programs recently either played a system sound or emitted any sound, with a button to go directly to settings/capabilities for that program for sound
can do speech input, speech output (exceptions to "no AI")
try to allow hot reloads of OS updates like security fixes so that the user doesn't have to reboot all the time - !important, this is a fundamental architectural issue
allow the user to rollback any os update and permanently disable it (or try again in the future if the user wants)
"""
inhahe: and when the service gets a valid message from a trusted source, it launches an application associated with that message, or sensd a message to the app if it's already open
inhahe: applications, usually when you install them, can register with windows to be notified of messages of their type
inhahe: the best use of this would be email
inhahe: so your client doesn't have to check email from your server every 5 minutes and then you only see your new email every 5 minutes and your client always has to be running
inhahe: other examples would be you could receive an IM when AIM hasn't been loaded. or skyp, or msn, etc.
inhahe: e
daemon publishes your ip to all servers in the list, but only when the ip changes, or
the user forces an update
uses:
. email notification
. IM notificition (skype, icq, aim, msn, yahoo, irc?, etc)
. various applications, such as
efax
RDC
a file transfer client or server
Hello
Flock
. websites send you a message to load a url in your default web browser, if \
you've told the website to do that when, for example,
. there's an update to a certain page
. a member sends you a message
. there's a post to a particular thread
. application updates
-actually, it would be better if it could just send you a notification
with a link in it. the daemon should have a rudimentary messagebox
capability. (unlike messenger service, this would ignore any message not from
a trusted source registered with the daemon.)
problem:
a trojan can add itself to the list and then get launched and/or receive
messages right under the firewall's nose.
solutions:
-have the daemon be designed to start when windows starts and monitor the
list for any changes and ask the user when it does (and the daemon itself
did not make the change), and have the process unkillable
-encrypt the list
-don't invoke apps that aren't registered in add/remove programs
-pop up something in the system tray whenever a message is received,
indicating the message source and the application being invoked
-only allow registration of domain names, not ip addresses
-only allow connections from ips that resolve to, e.g., blahblah.com, not
somerandomuser.blahblah.com
-don't ever automatically launch an app, always ask (rather inconvenient)
-don't even send a message to an app without asking (even more inconvenient)
-the daemon can be configured to read its list from a read-only file over
the network or internet
-the daemon can be configured to, whenever it loads, test all the entries
in its list against some public list of blacklisted domains.
it can't be a whitelist; only a blacklist. (this keeps the protocol
decentralized, so that countless apps and websites don't depend on a
particular server or organization to do their functions.)
implementation:
. use a simple binary xml for message passing
. when an app or domain registers, and any time it wants, it tells the daemon
whether or not to launch it if it's not open. this could very well be
something the user opts for within the app. also, when the daemon confirms
with the user it gives a checkbox for this.
. perhaps a message itself has a field that says whether to launch the
app and send it the message if it's not already open.
. before even accepting a connection, do a reverse lookup on the ip to check if
the domain is registered and see which registered domain it is. also do a
lookup on the domain to make sure the ip matches.
. should it use COM on windows, or named pipes/sockets on all platforms?
binary xml:
messages should not be extremely long. if that much data has to be received,
it should merely load send the app an instruction to connect to the source
and download the data itself. perhaps a limit should be imposed on
message length. so we don't need a binary xml format that's particular
amenable to streaming. as such, here are the specifications:
err, actually, just gzip it instead?
also, give option to send the xml as plain text or binary.
the daemon should convert gzip'd xml to text before sending to the app, but
then, why should the daemon care what format the information is in? just
have it pass an arbitrary string along to the application?
either a function name and its parameters, or this specification shoould
define a mandatory function name that accepts specific parameters, like
the message and where it came from.
another idea:
allow it to store messages and then send them to the app the next time it's
launched, when it's not set to be launched automatically?
"""
"""
Always give the user an error message when something fails, and don't give a simple generic error message. Give a traceback and each level of the traceback should have a string error message associated with it. That means lots of "try" clauses, and maybe "throw" statements, with strings attached. This could also be used to try fault-tolerant programming, though. When something fails, just escape the nearest try clause and continue.
problem: always giving traceback requires debug build, which is slower
is there some way to have the benefits of tracebacks without making the app slower? probably. would have to study how debug mode works and what the difference is.
CPU exceptions, such as pagefault and divide by zero, should be easily catchable by the application as any other exception.
When something doesn't work for a reason that's not a bug, per se, still give a meaningful error message -- it just won't be in the form of traceback strings. Give tips on why that might happen, etc.
"""
"""
Don't let the computer become unusable while there's a lot of harddrive activity; let small HD operations pass through without having to wait for larger operations to complete, sort of like the '10 items or less' line in a store.
for when multiple applications are accessing the harddrive at one time, have an option to manage it so that only one file/directory/application is accessing it at once, so that it doesn't have to do lots of seeks. but have a maximum value so that an app can't tie up the harddrive alone for too long. also allow the user to set priorities on applications, at least a low vs. high priority, both in the registry and while the application is running, to make sure certain applications get first dibs, or certain applications use the hd in the background. applications can set their own priorities, too (maybe with the right capability (which tehy may ask the user for), but the user can override them
"""
inherent support for microthreads (like in stackless python)?, so that a microthread can call a blocking operation - whether it's blocked by another thread or waiting for i/o - and automatically be resumed as soon as the block is finished. the idea isn't to make the multitasking of the OS itself cooperative, but to provide OS-level support for tasklets that belong to a particular normal process. how about greenlets too?
make the OS be friendly to being run under a VM
Settings and configuration:
look at Windows settings for inspiration
grub settings (should we use grub? probably. we also need to play nicely with systems that already have it installed.) - is it possible to allow our os to modify grub settings when grub was installed by a linux insallation?
desktop background image - can set animated background? - not just a video, but a program constantly changing it, with various input events such as anything that's happening on the desktop - when setting a background image/video that doesn't fit the desktop's dimensions, give the user the choice of fitting with empty space on the top and bottom or left and right or fitting the other way - filling all space right/left and up/down but having unshown space at the top and bottom or right and left. in the latter case, let the user scroll the image up/down or right/left to center it on the desktop how they want.
Let the user opt to choose a random desktop background each boot-up, to add variety (or perhaps a different one every day). But let them exclude certain desktops if they want, or all animated, non-animated, dynamic, etc.
login screen background image - easy way to make the two the same
desktop style if we have style choices
desktop theme - light, dark, anything else
individual desktop colors? (make your own theme)
maybe an option to list everything it's doing on bootup
change size of swap file (if we're not using a swap partition instead)
screen resolution - automatically revert if user doesn't verify that it works in N seconds?
network settings
ethernet, wifi
wifi selection
password - with option to show password
dns servers or auto
dhcp or auto
ipv4
ipv6
other advanced network options - what does Windows have?
firewall
port range passthroughs in router via UPnP or NATPMP, whatever's detected
can we detect what ip the router is at have a button to load that ip in the browser?
LAN IP address
show internet IP addresses (ipv4, ipv6)
VPN - OpenVPN settings, show if currently using a VPN, including any by any third-party app and what the app is and button to launch the app's interface
mouse pointer
mouse pointer speed
keyboard repeat speed
capability groups
capabilities for users and programs, capability requirements for files and directories
users
memory management model/tuning parameters - may require recompiling, may require rebooting - can select workload type to populate model/tuning parameter fields to default values for that workload type - (tentative) workload type list farther down
scheduling model/tuning parameters - may require recompiling, may require rebooting
paging model/tuning parameters? - may require recompiling, may require rebooting
show advantages and disadvantages of each model/param profile for paging, scheduling, memory management, and filesystem in 'design decisions.txt' is something about one process scheduling model helping enormously but also creating pauses
filesystem tuning parameters? (obviously, would have to change every file and directory in the partition, but we could also set these for a filesystem not yet put onto a partition)
filesystem deduplication
partition manager? (include a warning that the user could lose all their data using that)
reset the OS, like on Windows?
"""
Perhaps there can be a way to separate the settings and files needed for apps, or needed for most apps, from the ones that could be hijacking the OS, and then you can do a reinstallation or a repair and restore the OS to its initial state but import as many applications as possible. (option to have a warning or auto-exclude for re-importing apps that use the dangerous settings level) Also many OS settings could be re-imported (ask the user about whole re-importing whole categories of os settings somehow). Have rollback options. The user should be able to do this without having to copy/rename/remove any directories or having to install a newer or equal version of the OS.
"""
create SSL certificate? (letsencrypt)
programs
set priority
set capabilities
uninstall
keep program files?
keep program settings? - would require a standard way for programs to store their settings, and I think I prefer local storage to a Windows-like registry, but we should probably
recompile with specified parameters - detect if any changes to source since last compile
set notifications - set sound (dropdown of sounds from OS sounds directory, previewable, includes (no sound)), whether to show in notifications pane, maybe have applications register different notifications so that the user can modify or disable them individually
encourage a specific subdirectory under the program's directory to store settings under
wipe program data? - would require a standard way for programs to store their data, we should probably encourage this, just a specific subdirectory under the program's directory
take a snapshot of program or rollback? (option to save only program data and program settings)
snapshots - view, create, delete - snapshot tree like in VMs - select what to include in the snapshot
recompile kernel or os component with specified parameters??? - detect if any changes to source since last compile
can help the user setup a dyndns through an existing dyndns service - preferring the free ones, especially dynu.net (or is there a better free one?)
power options
action on power button press
action on close laptop
turn off screen after N minutes (disablable) - Can wake up as soon as it detects enough change via the webcam or enough sound (or change in sound, or voice) from the mic? So in most cases you could just step into the room and the computer could wake up.
put computer to sleep after N minutes (disablable)`
action on battery level too low (select minutes left threshold or battery percentage threshold - but these may have to be different for shutdown vs sleep vs run a program vs hibernate)
run a particular command/program/script (then shutdown, sleep or hibernate)
shutdown
sleep (shutdown or sleep is the default)
hibernate
hotkeys
set a hotkey - capture from keyboard (shows you the function that's already taken by that if any and lets you modify/delete its hotkey), select function to apply it to, can search for functions, shows you any hotkeys already applied to that function and lets you modify/delete them, can also run an arbitrary command for a hotkey
modify or delete a hotkey from the list - change key combination and/or change what it does
purposely comes with very few (or possibly no) hotkeys enabled by default. having hotkeys everywhere is a fucking pain in the ass.
functions to assign to hotkeys include "put monitor to sleep" and maybe some other things that nircmd.exe can do, minimize all windows (like Windowskey+m on Windows), change desktops (if we allow more than one desktop), logoff,
arbitralily rearrange keyboard layout (starting with the current keyboard layout, the keyboard's actual layout, or any other layout the os has or that we've saved), for example disabling or moving capslock, can save it as a named layout
something like ActiveScript? - can register a scripting language with the OS so that any application that emplo
Installation wizard:
keyboard/layout selection
automatically detect monitor DPI and set default font, etc. scaling according to that, but also show typical results to the user and let him change scaling.
easy installation, or
manual installation - select hard drive, partition, partition manager, size of boot partition, size of swap partition or include swap file in the main partition, delete partition, make partition, resize partition? (warn that it will take a long time, and that if it gets interrupted it could result in data loss, or is there a way around that? our code would also have to be 100% correct so we don't mess up their partition. we could just port a utility for doing this stuff or reuse the code.)
to make sure the user selects the right hard drive and partition, show device name, the usual information, size, filesystem, free space, maybe allow them to navigate and view files
obviously warn about whatever the operation is going to erase, and confirm
have a sanity check for sizes of partitions selected for os, boot, swap
is there really any reason to have a swap partition instead of just a swap file?
workload type? database, server, game dev, gaming, dev, desktop (claude has a different list, only four, it's in design decisions.txt) - will determine memory management, process scheduling, maybe memory paging, filesystem - show notice that these things can be changed later - show memory, process, filesystem settings that were selected by the workload type and let the use change them - do a perform sanity check on user's settings (may be some arbitrarily settable tuning parameters, or some settings may not work well with other settings)
after reboot:
audio device - ask user which one to use if they have more than one
timezone (try to detect by gps)
username, password - option to show password - allow user to leave password blank?
autologin option
choice of browser? (all will probably be installed, but the selected one one will be the default for launching links and html, etc. files)
theme selection
style selection if any other styles available
wifi selection and password (option to show password) or ethernet
option of unattended installation - some way of specifying all configuration options beforehand - using OS defaults, answering all questions in the beginning, passing a yaml file, any combination of the above using fallbacks per setting