ROS (Roving OS) is a proposed future
platform-independent operating system. Your files, configurations and apps logically
appear to follow you around the world as you globe trot. They just appear in your
hotel room when you sit down at the hotel’s computer, (or at your desk down the
ROS conceptually runs on the
web, not in a single computer. Its job mainly is to make sure all data is instantly
available to whoever has permission to see it using a predictive caching scheme. It
is not up to the provider of the information to serve it or deliver it, merely to
maintain the master copy. You never again need fear being SlashDotted. The closest thing we have to the decentralised
file/message distribution system I envision is Napster.
Almost all programming can be viewed as an exercise in caching.ROS
spends much of its time ensuring that no one else can pry on that data or modify it.
Everything is encrypted and digitally signed.
ROS spends the rest of its
time pretending to be a computer-friendly search engine, finding and retrieving
information from the web, filtering the tidal wave of information down to a
~ Terje Mathisen
Like the JVM (Java Virtual Machine), the ROS
runs on a simulated highly evolved computer that has intelligent peripherals only,
somewhat cleverer that today’s device drivers. They don’t need device
drivers. This simplifies ROS
and makes it more robust and secure. Various real OS (Operating System)
’s will host it (e.g. you can logically install an SQL (Standard Query Language)
engine peripheral). Eventually ROS
might develop some native iron to host it directly.
Many of my student projects
are designed to be protypes for parts of this future operating system. It builds on
top of the platform independence of Java, moving it from the language to the
OS level. Have a look
in particular at the following student projects:
All files have considerable descriptive information tacked onto them.
Users don’t install apps, the just add them to their
convenience menus. To users it is as if all apps ever written were already installed.
There are rigid control on which apps can process which files. Apps
can’t meddle with their competitor’s apps.
Apps and files are automatically kept up to date. This is the software
vendor’s totally responsibility.
keep themselves defragment via marthaing.
Passes files about sending only compressed, encrypted changes.
maintains a variety of indexes to its files so it can rapidly find what it needs
wants in the exploding haystack of information.
It is based on memory mapped applications and files that load instantly.
The OS provides a wide variety of data collection mechanisms
that can be implemented by special purpose hardware.
Much of the focus on the OS
is collapsing the huge mound of data to something manageable by intelligent filtering
and predictive caching.
The OS takes the DNS (Domain Name Service)
concept that something can move to a new location and everyone can still find it as
the prime directive.
Users act as if they had infinite disk space all
magically backed up and restored automatically as needed by some magic. It is handled
by a general purpose web caching mechanism.
sits atop other OS ’s but makes it looks if the other
OS supported a
standard very intelligent file system.
mail is delivered and delivered only to those you want to read it. Also it ensures
you can’t receive spam. Mail and newsgroup message delivery is just a special
case of speculatively cached, auto updating, global objects.
Frank Sinatra might like ROS.
You can do it your way. Every app has to use the F7 key for Search
if that is the way you like it.
ROS delivers technical
documentation in a way designed to avoid information overload. It can also be used to
efficiently distribute books, movies, or anything else that can be described with a
binary file and keep those books up to the minute current.
is based on a 64-bit operating system. From its point of
view, nearly everything it wants is already resident in RAM (Random Access Memory).
You usually rent software, rather than buy
it. You can’t pirate it when ROS
is properly implemented on CPUs (Central Processing Units)
with dark rooms.
based on Unicode. You can work in Tibetan or Chinese if you please. You can customise
almost anything and all apps are forced to do it your way.
Even technical tools presume the use of colour and font.
ROS is self-checking and
self-healing. If somebody meddles with it, it detect that and repairs itself.
will eventually use communication protocols designed for interplanetary communication
that don’t require such frequent acks as TCP/IP (Transmission Control Protocol/Internet Protocol).
SCID (Source Code In Database)
Programmers write code
for ROS using tools that makes
today’s look like the quill pen.
Again you have great control to control how your user interface works.
Applications must conform to your demands.
The promise of the Internet was access to gigabytes of information.
In practice the real problem is wading through it all. ROS
focuses on tools for filtering and condensing that wave of data.
works very hard to compress all transmission maximally before sending them. It avoids
sending anything the receiver already has. Current operating systems
are very sloppy about this.
are king in ROS. No
vendor can put an app on your screen you did not ask for.
Everything in ROS
is bandied about on the Internet. It has to be routinely encrypted. For truly
sensitive information it uses one time XOR (exclusive OR)
pads that cannot be cracked just by intercepting
may have to be developed outside to USA to avoid their silly anti-encryption laws.
How do you authenticate and how to do prevent indentity
theft by a dishonest provider of a ROS
terimal? See my essay on the dark room
concept. You would carry a smart card that handled authentication and decrypting data
for you. The intermediate service providers that did backup and shuffled data from
machine to machine the background would never see unencrypted data.
The catch is, you don’t really want the ROS
terminal seeing your keystrokes, your screen displays, or your unencrypted data.
Perhaps the smart card could be powerful enough to act as CPU (Central Processing Unit)
and dark room, so that at least the
ROS terminal never saw
unencrypted data even if it saw the other two.
Perhaps you need a government certification on ROS
terminals to ensure they don’t cheat, that they forget everything once you pull
your smart card. Perhaps brand names on ROS
terminals attesting to tamper proofing will be
Anthony Yen wrote: What is to prevent a hostile computer from compromising your
migrated sessions’ authentication tokens? Instead of a smart card inserted into
the new desktop and the new desktop can attempt to break the smart card without the
user’s knowledge or have a keylogger that pulls passwords entered at the
keyboard, what if you could assume the availability of a cellular phone that is in
the physical possession of the user? Then password challenges are negotiated through
a device trusted and possessed by the user.
If you go to a hotel in Switzerland, there will be a computer in your hotel room.
You sit down at it and your cellphone automatically receives a locater code (
IP (Internet Protocol) address or something more
generic for NAT’d devices) from the computer via Bluetooth. You identify
yourself with a passphrase on your cellphone, which makes a secure connection to your
backup server and instructs it to open a secure connection to the computer in the
hotel at the given locater code. You acknowledge a question from you backup server on
your cellphone that you see the session so that no hijacked sessions are possible by
passing incorrect locator codes. At that point all your files and applications appear
on the desktop, just as you left them at home.
Using this technique, no access passphrases are ever negotiated across hardware
that is not personally trusted, possessed and verified by the individual user. Using
one time pads, the final authorization step prevents hijack and replay attacks. The
only attacks that remain are mirrored sessions, where someone installs hardware on
the compromised system that shows what you see on the display. But if your data is so
sensitive that you are worried about mirrored sessions, you probably would be using
your own system all the time.
Perhaps you will not use ROS in
the early stages of evolution for anything highly confidential.