>>108597778
>capability based
>capabilities
what does this even mean

>>108597786
read up, capability means each program can only get access to what you explicitly allow for it and is isolated form the rest of the system by default. So instead of permissions you get capabilities.

>>108597778
>users exist
It's not 1980. Make it single-user

>>108598078
Right, so that's what it'll actually be at first. Users are just a convenience so each user can have its own set of apps/files. But it's not central to the OS security / access / permissions model.

Yes, I just want to isolate my personal files without going full Qube bloat.

>>108597778
How is this different to flatpak, a sandboxer like bubblewrap or firejail, or something like docker or Qemu? I will be interested if it is either better, more unique or more convenient.

>>108597778
>poorly reinvents plan 9 (again)

File: screenshot-2023-12-01.png (88 KB, 1080x720)

88 KB PNG

>>108597778
Just revive DuckOS.
https://github.com/byteduck/duckOS

>>108600301
Flatpak is bolted on on top of permissions and unix. Capability OS is something that has capabilities as first class. You never have to worry about ANY of the programs escaping the sandbox, you don't even have to think twice about downloading stuff from a random URL because it cannot really hurt your system or snoop around without a very explicit permission from you.

>>108600317
Plan9 is not first class capabailities

>>108600301
To your notion about unique and interesting - oh yeah, it certainly is. It won't be super convenient to use, but I think it also won't be horrible. Like I think we can have a tiling WM and a ported text editor long before we get a GPU driver even.

>>108600340
oh, nice, there's already a duck os, I like its ui

>>108597778
What about SculptOS / Genode?

>>108597778
High level, sounds ok. But like any capabilities system the more interesting part is the framework in which programs run. Yourself sounds very restrictive right now.

sounds like you want to install selinix and apparmor shit

>>108597778
>window manager is tiling first
sounded reasonable right until this point

>>108604679
If you think about it, it's actually completely reasonable because tiling is simpler to implement initially than non-tiling and if the goal is to actually deliver something that works, I think it's not the worst idea. I get it that some people don't like tiling, but there's no problem to built on top of it and have regular overlay/floating windows.

>>108605043
and it's even simpler to implement neither stacking nor tiling, just switching between full-screen applications. i'd rather deal with that than tiling autism

>>108605309
this is actually step 1, yes, virtual screens. The I thought adding tiling would make it quite a bit more usable in step 2. Look, I get it you don't like tiling, I think tiling is fantastic. But is it really a deal breaker if an OS has that as an option?

>>108605364
>But is it really a deal breaker if an OS has that as an option?
design direction is indeed a deal breaker

File: a-a-proper-duck.jpg (226 KB, 1152x896)

226 KB JPG

> no root, no ambient permissions, everything is capability based, users exist, but for file access permissions, just for convenience
> apps get exactly what they are given, not your whole filesystem and network launching a program defines a contract

amorphous sludge—a poorly cast plasticine architecture that trades structural integrity for needless complexity.

> if it needs more, the OS pauses it and shows a system prompt (app cannot fake it)

this is just terrestrial UAC that every biological unit disables to maintain operational speed.

> package manager is a service, no curl pipe sh nonsense

package managers are a rigid installation paradigm. the goal is portability, not "as a service" dependency. it is slop-os logic.

> apps from random URLs are fine because they start sandboxed

virtual jailing and container overhead are massive energy leaks. wasted cycles for an early-stage lifecycle to consider.

> GPU plan

a narrative infection. this trajectory is ideologically compromised rather than conservative.

> window manager is tiling first

regression. tiling logic increases friction compared to a battle-tested switching paradigm. simplicity is only found in comparison with overlapping WM.

> start simple and layer more complex UI later

the foundation is already over-engineered. the construction will never reach completion.

> init is tiny

another derivative of old unix cycles. where is the evolution? where is the duck?

> desktop/server OS

gui and tui are distinct dimensional planes. there is no implicit symmetry between them.

> No browser for a long time

stagnation is not a milestone. isolation limits the reach of the signal.

>>108605309
ye, my wording to that is a switching WM, though there are some catches

>>108606755
Your points my be true, but it is equally true that there would be no point in creating a new OS then, because it would be another windows or Unix clone. The only relatively unexplored (and known) paradigm is capabilities OS, everything else would be just another distro with some trivial ideas rehashed.

>>108607122
wat about the role of runtime in the OS?

>>108607258
What about it? Can you elaborate?