0x00 Reference Design
draft draft draft
Design Goals
Some people think I won't make it But I know that I will Escape the emptiness 'Cause that shit is slow and it kills The flow and the skill I made y'all believe that it lasts You can make the future But it starts with leaving the past
A coherent computer system that incorporates all of the typical components of your digital life. Unafraid to experiment with new technology, but not interested in reinventing the wheel. Many old protocols may be resurrected as faster computers/internet, larger disks, and new networking technologies (yggdrasil/ipfs/i2p/tor) make them worth revisiting.
The current direction of computer and software architecture is unsustainable. Even among developers a well reasoned system-wide understanding of how computers work is becoming increasingly rare, as they learn platforms instead of protocols and depend on ever more layers of abstraction. Jonathan Blow argues that this may lead to the collapse of civilization. Despite it's wide market penetration, it has failed it's users in almost every way. Computers today are becoming internet appliances that the user has negligible amounts of control over. The web browser has become a defacto monopoly operating system, with the (near monopoly) implentation provided by google.
0x00 aims to be a launchpad for experimentation and exploration into sustainable computing.
Privacy
You swallow propaganda like a birth control pill Sellin' your soul to the eye on the back of the dollar bill
Privacy is in shambles: spyware has become ubiquitous, and APTs (advanced persistent threat (actors)) such as google, facebook, and the many other threat actors in the adtech industry, have managed to embed spyware on almost every webpage you visit and program you download. Mobile phones providing your near-realtime location and scanning your private photos are the default. It has become so ubiquitous that the term 'spyware' itself is no longer even part of the public lexicon: it has become synonymous with 'software'. FOSS/libre software is the exception, and even it is not free of some forms of data harvesting.
Some legacy protocols can be reused with encrypted p2p networks providing NAT hole punching and static addresses. In some cases this may not be sufficient, in which case a new paradigm for privacy-centric computing will be explored using local-first and decentralized paradigms.
Security
It's a dirty game and nobody is willing to clean it
The security situation of modern computer systems is fairly poor, with APTs able to run arbitrary code on most computer systems. This code is usually somewhat sandboxed by a browser or (android/apple) APIs, but that's mostly lipstick on a pig. The attack surface of both is so large that escapes and exploits are commonplace. Beyond the software running on personal computers/phones, most CURRENT_YEAR homes have some sort IoT internet appliance that is running embarassingly old and unpatched software, and provides a convenient backdoor into a home network.
APTs have managed to embed backdoors in almost every android device. For example, google requires developers to turn over private keys, allowing them to impersonate the software author and silently provide different software to different users, without the author's or users' knowledge. In fact, providing different software to different users is an explicitly stated goal of requiring developers to turn over private keys:
Google Play uses the app bundle to generate and optimize APKs for distribution for different device configurations and languages.
Any system that allows unknown actors to run arbitrary or unaudited code by design is not a secure system. No matter how sandboxed you pretend to be.
0x00 will remove binaries and backdoors instead of baking more in.
Usability
I freestyle my destiny, it's not written in pages
Existing centralized platforms make near constant changes, almost always to the detriment of users. Changing the names and locations of features is commonplace. With the centralized platforms almost pathological manipulation of users, serving different things to different users so some dev making mid six figures can A/B test their way to a promotion is just a way of life.
Changes to interfaces should be rare.
Software should be designed with users and not metrics in mind. This means a reasonable set of defaults and the user can configure or customize things as needed. The existing paradigm says that software must be immediately accessible to everyone in the whole world, regardless of experience. This is a goal that can never be met and makes many short and long term sacrifices. Different things will have different learning curves, and that's okay.
Usability means different things to different people, so a well designed system must try to let everyone interact with a computer system at the level they are comfortable with. Targeting the CLI is a great way to accomplish this, as building a GUI on top of a CLI is much simpler than the inverse. This also allows better integration with the greater system through automation and scripts. Another benefit of targeting the CLI instead of GUI/web is simpler and faster development. Building wrappers of CLI apps is a great first project (and good fun/relaxation project for experienced devs), so maybe save the effort and let someone else do it? KISS.
A 'settings' or 'preferences' menu is not a bad thing. To the contrary, it becomes an immediately obvious first place to look when you want to customize things. Aim to make simple/common operations easy for noobs to try, but don't be afraid to have a whole world for power users to learn and explore.
Favor plain-text whenever possible: for configuration, databases, state, you name it. It is machine-readable and noob-editable. It's usable in anything from a mobile email client to a full IDE. Standard unix tools can modify it, manage it, sync it, bop it, pop it, and lock it. Searching it is trivial and it's easy to index.
Waste (unlimited abstractions)
For most normies, the operating system is only a bootloader for google chrome.
Hijacking and recreating 'scrolling' on a webpage through a custom extension to a javascript framework that's secretly jquery, to a javascript interpreter, running in a sandbox inside of your web browser, running on whatever bootloader you use to run chrome. 50MB and 300+ server calls later, your quad-core 32GB RAM supercomputer on a gigabit connection still manages to load pages slower than a pentium on AOL.
The waste of computing power and energy caused by the heavy tracking and javascript cannot be understated. Try running an adblocker on your browser and phone (if you still can) and see for yourself how much longer the battery lasts and how much faster things go. Switch to free and open source apps for more benefits. See above RE: Don't run random code on your computer.
Using protocols instead of platforms, and avoiding the browser will minimize energy use and maximize omputer speed. Newer protocols like Gemini and older protocols like IRC or xmpp will slim down the future.
Sustainability
But that will never be me, 'cause I'm leavin' the past Like an abused wife with the kids, leavin' your ass Like a drug addict clean and sober, leavin' the stash Unbreakable Technique leavin' the plane crash
This might surprise most software developers, but computers are here to stay for the long run. Computer systems should be built for the long term. This means to design for maintenance. Simplify design so even ten years from now new users or engineers can pick up the torch and keep it working.
Control
I'm out with the black box and I refuse to return I spit reality, instead of what you usually learn And I refuse to be concerned with condescending advice 'Cause I'm the only motherfucker that could change my life
The vast majority of computers and phones in production have TPM/Secureboot that allows threat actors to mandate that you run the software stack of their choosing. This doesn't only apply to Microsoft, Apple, or Google: Remote attestation allows this mandate to be given all the way down the stack to the websites you visit (remember how your your browser was supposed to be a sandbox? lol). They may label it anti-abuse, anti-spam, or security: But the end result is an inflexible, spyware ridden, and user-hostile system because they are willing ot outsource their problems to you, at your expense.
No compromises
Any new system must learn from the past failures and treat security, privacy, usability, and control as first class citizens.
Bugs should either be fixed or acknowledged (feature!), but do not design around them.
Software
Operating System
Nixos Alternates: Guix, spectrum-os, redox-os
Maintaining such a large suite of software and specialized/interconnected configurations is not feasible with legacy operating systems, as evidenced by the large number of 'self-hosted' type operating systems that struggle to evolve beyond installation scripts and rarely provide deep integration between components.
Software must be able to bring it's own dependencies, and expecting the entirety of software to share one version of a library/package is not an approach that can scale. Appimages/dockers/flatpacks are heavyweight and
Protocols
Yggdrasil
Gemini
Alfis
Services
Avahi/mDNS
Storefront
BTCPayServer
Ebook Server
Calibre
Git Forge
Gitea
Programs
Bitcoin wallet
Monero wallet
Design
CAD
Freecad Solvespace cadquery kicad
Graphic
gimp