This article is more a post on Operating Systems in general, but since I want to design (and implement) my own I thought it would be best served here among the other articles of RobOS.
Security
When I think of security, I'm often drawn to how iptables works. Traditionally there's 2 types of configurations:
- Deny ALL, Allow some
- Allow ALL, Deny some
Currently my iptables script conforms to #2 because I'm not that focused on security at our company. It's high on my list, but having to poke holes for every possible service is something I can't really do at the moment. There are guides for most of the applications and services we use, but there are some that have no information and will require me to sniff packets to tell which ports I should open. Even then it's not an exact science and I'm sure one rogue application will cause me to pull my hair out because of it. I plan on doing it when my hair is long enough so that maybe I don't look like a hippy when I'm done.
Windows, OS X, Linux, and Unix all follow this same method. They allow you to do anything you want on the system, but only block a very specific subset of things. In Windows the dllcache keeps you from obliterating important files. In Linux I have no clue what can't be done, because I most likely could trash my system very easily without any kind of warning. Linux was derived from Unix, so I suspect BSD and other flavors to be just as bad though BSD is inherently more secure than Linux. My girlfriend has a laptop with OS X and since it's not mine, I haven't tried to crash it nor would I know if it has certain “deny” policies in place. Knowing Apple I would suspect so, but since it is a BSD derivative it may not have any system in place.
Deny All, Allow some
This is probably the hardest thing to do when developing an Operating System. Who are you to say what a person can or can't do? The only justification I have for this is when it's harmful to let a user do otherwise. Personally I would sacrifice a slight bit of openness for a completely secure and tamper-proof system. Designing such a system is a challenge, especially if you're just trying to conceptualize how it'll work.
I do believe such a system is possible to design and build. It would be a nightmare at first because you would have to punch a good number of holes out so that legitimate programs and services are allowed to function normally.
End Users in Mind
End users are what is driving my concepts. I'm not like most programmers in that I don't get paid to program though it is a primary function of my job. I deal with end users daily so if I can cater to their needs and develop a system the people in my office can use, I feel that anyone on the planet can be able to benefit from it as well.
When people use their computers, most of them see it as a tool and nothing more. Some of us, though rare, actually take the time to learn how each piece operates or at the very least can figure out how to fix problems on their own. We are not the typical user of a computer though, and that is a very hard thing to get across to most people. The typical user of a computer just wants it to function and do what they tell it. They don't want to learn complicated manuals or take training courses. They just want to make their day easier, and computers are a way to do that.
Windows and OS X cater to the typical computer user. Most users can turn on a computer and figure out Windows or OS X without the need of a complicated manual or formal training. This is the very reason both Operating Systems take up almost all of the Desktop market. Linux, BSD and Unix on the other hand cater more towards people like me who instinctively know their computers and take pride in figuring out their issues with the computer themselves. I love Linux personally, but I'll probably never switch my mom over to Linux and that's saying a lot.
Conclusion
RobOS is going to be designed with a “Deny All, Allow some” approach to everything it does. I also plan on making it flexible so that if there is a need to allow, it'll be pretty easy to implement and change. There will never be an “Allow All” in the system whatsoever but there may possibly be a “Deny All, Allow almost everything” so that power users can have more flexibility over their system than other users.
The main focus of the OS will be the typical end user. Since I'm not a typical end user, I'm not about to design a system that ties my hands too much. I believe I can strike a happy medium that can lure all types of users, not just your grandparents.