1. Every file is owned by application.
2. A file-store application is the custodian of files meant to be used by multiple applications.
3. An application that needs to edit a file must take ownership of the file for the duration of the editing.
4. An application that needs to read a file must borrow the files.
5. A file can be borrowed by multiple applications, but owned by only one.
6. Applications can provide the ability for shared ownership, but those would by specialized applications capable of handling and merging simultaneous changes.
This is a straw-man solution, and I am sure multiple problems will have to be solved before such a system can become a reality.
> As an example, most people would want to be able to import an image into a word processor regardless of where that image is located (local drive, network drive, floppy disk, etc.). To support that, most end user programs would want to be offered access to the entire filesystem. The moment two applications do this at once, you have all the shared mutable state problems we do now.
I don't see why the custodian of photos can't be a photo management application. In fact, a filesystem is the lowest common denominator. It is possible to build higher level abstractions like PhotoStore, MusicStore, MovieStore, CodeStore etc. which accommodate and make use of the properties of individual data types to offer an enhanced experience.
It may be time for something completely different. Just stop calling it a filesystem.
I am not calling it a filesystem. Let’s call it a data bank?
First that comes to mind is etcd.
> Applications can provide the ability for shared ownership, but those would by specialized applications capable of handling and merging simultaneous changes.
Finally, as I said, it is a straw-man proposal -- I haven't spent time working out all the kinks.
So flock() and file permissions then?
There are improvements that could be made here -- app-level permissions in addition to user-level permissions for example. But it's still fundamentally a filesystem.
We are talking about what the user/application sees and is capable of accessing.
But how is that different than a filesystem?
Suppose we add application-based ACLs to file permissions. Then the app does open("/path/to/file", O_RDONLY) as ever. If the app has permission to the file, it gets the new fd. If it doesn't, it gets EACCES as usual. Or the OS displays a dialog asking whether the app should have permanent or one-time access to that file, and then the call doesn't return until the user chooses one.
I don't see a fundamental change here. The application wouldn't necessarily even have to be modified.
Historically mostly because of swap, so the OS can move a page from memory to disk and then back to a different physical memory location without modifying the application's pointers. On large systems with 32-bit applications it was advantageous because the system may have had more memory than 32-bit pointers can address and then each application can have its own address space. ASLR nowadays.
But filesystems already have the equivalent abstraction. If you run out of space on /dev/sda you can add /dev/sdb, copy /home to it and then mount /dev/sdb1 /home and the application that reads /home/alice/file is blissfully unaware that anything has changed. Heck, half the time you're not even reading from the physical drive, the data is cached in memory and you're really reading it out of the page cache.
3. Ownership cannot be transferred. A file remains in the same application throughout its lifecycle.
4. An application can give another application read-only access to a namespace containing one or more files.
6. An application can give another application read/write access to a namespace containing one or more files through a transaction mechanism.
Do you see any advantages or disadvantages of both approaches from your point of view?
Who owns all the unassigned stuff? The file system. Give it a different name and you change nothing.
Compressed files are containers for files -- they are nothing on their own.
> Applications themselves are files.
Sure -- they go into ApplicationStore -- which tailored for say, quick application discovery and launch.
> Who owns all the unassigned stuff? T
What exactly is the unassigned stuff? Files taken from other machines? I don't see why they can't be put into an appropriate store based on type.
> I create my own file formats.
I assume you create your own file formats because you develop your own applications? In that case, your application will be the owner of the file in question.
Is the application store the only way to start at app? If I bind a global hotkey to start an app how is that handled?
I use this for example to open links in mpv with a singular line in my config file for the addon, tridactyl,
bind V hint -W ! mpv this means show a hint on links and for the given link send the chosen link to mpv, wherein mpv will look at the link and if it can read it will use youtube-dl to download the link to a temp dir and display the video.
Who owns what there?
Do I have to access my photos via a a singular photo manager? I can imagine images accessed in 17 different contexts by 30 different apps does each of them need permission to access each dir which contains images or just generically to access images.
Does this mean that a singular permission would control both access to the browsers cached image of the ycombinator logo on this page and some ones nude selfies?
I just don't think you can cleanly map apps -> files beyond the trivial cases without making something inflexible that sucks to use.
What does any of this have to do with a GUI? And for transporting, extract the data into a portable bundle, or take the entire store.
> Is the application store the only way to start at app? If I bind a global hotkey to start an app how is that handled?
Again, what does any of this have to do with how the applications are stored? Can you see the files that make up an iOS app? You can still start them, can’t you? A macOS app is a folder called Something.app, the actual binary lies somewhere inside. Do you typically need to poke inside the .app folder?
As far as the computer is concerned, you are merely starting a process. Again, what does that have to do with how applications are stored. They can be triggered however and wherever they are stored.
> Do I have to access my photos via a a singular photo manager? I can imagine images accessed in 17 different contexts by 30 different apps does each of them need permission to access each dir which contains images or just generically to access images
This is already being handled on iOS and Android. Photos apps is merely the default interface for the PhotoStore. You can access your photos from any app.
> Does this mean that a singular permission would control both access to the browsers cached image of the ycombinator logo on this page and some ones nude selfies?
Namespaces inside individual stores, or separate stores.
2. An actual filesystem allows you to run things that aren't in an app store bundle
3. Which app owns the files when An app starts an addon which starts a process which runs an app which accesses a file. Does the last app in the chain own the file? This is challenging because plenty of apps could do things based on arguments passed in that involve modifying the filesystem.
4. The way ios and android handle 2 apps accessing the same file is only acceptable if someone has envisioned the way you want this to happen to some degree on both ends. A file picker works on any type of file and an OS that can't have a file picker seems to be objectively worse whereas adding an image picker would be an upgrade. I enjoy using calibre to manage how ebooks are stored and beets for music but neither is bounded by an underlying system designed by others and neither locks said files into said structure or limits access according to it. Its trivial to all out to calibre including via the cli get the full path to a book for example and do something with it.
It seems fairly clear to me that there several layers of filesystem access.
Applications that should never have access to your filesystem because they are malicious. Avoided by installing only from trusted sources to avoid malware in the first place the best possible line of defense. This also makes it possible to get a list of applications that ought to be revoked and communicate this to users.
Apps that run as the user on their behalf that accesses the filesystem.
You appear to want to pile a layer on top of the last. This appears to only work for the simpler cases and I'm not even clear what the benefits are supposed to be.
Where does the file come from? Suppose you create a file in your terminal application, then it lives inside the terminal and you can use your terminal to run it.
> 2. An actual filesystem allows you to run things that aren't in an app store bundle
Neither a global namespace (file system) nor an appstore are required to execute a program.
> Which app owns the files when An app starts an addon which starts a process which runs an app which accesses a file.
This should be at the discretion of the application developer. This is also the way browsers already work with sandboxed addons.
> This appears to only work for the simpler cases and I'm not even clear what the benefits are supposed to be.
If you don't put everything in the same global namespace, you get more security, cohesion and compatibility.
That's why we use VMs, containers, sandboxes, and various user accounts instead of doing everything in a single filesystem using the root user.
It not even optimally secure. Why for example would your image editor need access to all your image files instead of just the ones passed in via a secure system dialog?
In that instance the dialog would be the checkpoint not the some weird file system borrow checker.