I'm not starting in any particular order here. I've had many 'sessions' of me scribbling ideas in my little notepad about how RobOS should be. One of these sessions involved ideas for a client/server approach.
Longhorn as I understand is basically going to have simply a Client and Server. Basically this will be exactly like Windows XP Professional and Windows Server 2003. Of course one doesn't really associate the 2 as client/server but Longhorn should hopefully change that if they stick to the naming convention.
My idea is something I don't believe has been done before and probably won't be done once I lay it all out. That's fine though, I don't expect Apple or Microsoft to pick up on this because it'll severely impact the money they intend to make. Linux may like the approach though I won't hold my breath.
Client Design
The client will be basically what XP Pro is right now. This is what the end user will use when they want to do something like say edit an image, play music, produce music, code, or any thing people generally use their computers for. The client will have an AI 'helper' that will be behind the scenes protecting itself from possible harm by the end user or worse, intruders. I've sometimes done more harm to my computer than any virus, so I realize that its sometimes good that the OS protects itself when necessary. It will also be there to hopefully help the end user become more productive. Rather than do the same things over and over, hopefully it can suggest better ways so that the end user improves and they get more out of their computing experience.
Server Design
I run Slackware Linux on my firewall machines. They're old machines that run server daemons and iptables firewall scripts to setup NAT on our network. The server will pretty much serve just this purpose. It will run a httpd daemon, ftpd, any tcp service and basically anything that is 'hosted' so to speak. It will not have any client functionality in it but there will be certain availability that may be necessary like DNS lookups or other client-like functions. I typically define a client as something that connects out, where as servers typically are the ones accepting connections. Any connection that is 'accepted' or 'listened' will originate on the server side while any connection that is outbound will originate on the client side. It'll be a bit to implement but it makes complete sense to me.
Chroot Jail
The client will have full rights. The AI will basically control all access to the client. The server will be in essence, a mini OS but in a completely chrooted jail. I use Slackware and I have bind chrooted, so I do understand the concept. Unlike a typically chroot it is a complete OS independent from the client. The client sets up trust relationships between how the server acts and reacts to the hardware. This way the server has its own IP address, and if it ever does get hacked there is no way that a hacker can gain access back into the client. The client will connect to the server as if it's a separate entity not actually ran inside of the client code.
Server redundancy
I have a huge problem right now with Windows 2000 Server. I have 1 server and no backup. Our backup server is a dual booted machine that has a copy of Windows 2000 on it that will only run in the event that the initial backup dies. It has died before due to hardware failure and our company cannot afford to go more than a day without operating. This method works but because it's configured the same yet different, I can't simply backup and restore certain things in the OS. I'd love to but Microsoft has made it impossible to prevent piracy. I understand why it's needed but I absolutely have to have a backup. If we had 2 servers (we're getting 1 more soon thank God) this won't be necessary.
To prevent this from happening on this OS, the Server will be able to be a backup server completely. The architecture will be designed so that if you have backups of one machine, you can restore all of the settings and bring up a backup server in minutes if done correctly. I need a backup server and the possibility that every client can function as a backup is something I've been wanting for a long time.
I plan on deploying a automated server redundancy tool or something embedded into the OS. I don't want people to have to even think about when their server goes down. If a designated machine senses the server is down and gets the OK by an administrator to 'take over responsibility' then it should be able to do so automatically without any intervention from IT. You won't want it to produce any false positives but that can be worked out pretty easily.
Right now my backup server takes an hour to run the restore script, and at least an hour or so of tweaking every time I make it the primary server. This is stuff I can't automate correctly and there really is no way that I probably could ever. I've accepted it and moved on. I've luckily broken down a lot into a batch script I run but that's not always going to be perfect
Key master
The AI will basically hold all of the keys when it comes to the client and how it interacts with the server. It's going to protect itself at all costs, even the cost of a perfectly good server. The trust relationship will be built from the client to the server and never backwards. The server couldn't possibly understand security the way the AI will be able to, so giving it that kind of power will be superbly ignorant and not even possible. This may mean that if the client is broken, everything thats trusted is broken too but hopefully I can find a way to promote security while not letting the 'other side' dictate how the client reacts at all.