Teflon Computing
Pete Albrecht sent me a link to an article that means well but doesn't quite hit the bullseye. No one seems to be asking, Is Vista really necessary? What does all that complexity actually buy us? Why is Vista better than XP? Or how about that now mostly abandoned but still pertinent question, Why is XP better than 2000? I'll allow myself a little cynicism to state that much of what Microsoft is doing these days seems focused on making the world safer...for Microsoft. There doesn't seem to be much in Windows evolution for the rest of us, and my suspicion is that Vista will reach new heights of un-trusted computing-meaning that we will not be able to trust it not to turn on us under the suspicion that we're pirates.
We need to completely re-invent the idea of an operating system. I myself envision something eight or ten years from now taking full advantage of hardware-assisted virtualization along with eight-core CPUs. I see every app as running in its own virtual machine, over a custom kernel based on Linux or BSD that exposes the API that the app was written to use. Wine isn't that bad, and with a few more years to mature, most non-MS Windows software will run on it.
Let's call a compact kernel plus an API emulator like Wine a KUP (Kernel with User Presentation) and when we install an app, the hypervisor prepares a KUP for it, and the software is installed in the KUP. Each KUP has its own network stack and IPv6 address. The software in the KUP assumes that the KUP is the OS, and it writes its data files locally to the virtual machine.
Outside the virtual machine is a hyperfilesystem, which periodically peeks into the KUP to see if new files have been written. If so, the hyperfiler reaches in and copies out the most recent copy of any changed files. The hyperfiler keeps a second virtual machine running for each KUP, in which backup copies of the KUP's data-and the KUP's execution image-are stored. The KUP's shadow VM stores a compressed snapshot (or series of snapshots, depending on the configuration) of the KUP, as well as software to test the files saved by the app in the KUP. The hyperfiler attempts to open the KUP's files in the shadow VM, and it watches for execution activity. Unless the app is known to be something that generates executables (i.e., a developer suite) the presence of attempted execution tells the hyperfiler that malware has infected the KUP. The KUP's last known clean VM snapshot is then written over the infected KUP. Beat that, Mr. Rootkit!
Even if no malware is detected, a clean execution snapshot of the KUP is swapped in every 24 hours, and its data updated from the shadow VM. The desktop interface manager is just another (slightly) privileged app in a KUP, and the hypervisor peeks into the desktop KUP every few milliseconds to see if any of the app KUPs need repositioning, clipboard data management, or shaking-by-the-neck.
The really important part of an OS, the only part that carries any enduring value, is the API libraries. Everything else is just gears and clutches, and can be replaced by a sharp little kernel running over a hypervisor. If computing stagnates in the coming decade, it will be because we can't bring ourselves to rethink what really matters. The hypervisor's job is not to integrate separate pieces of software (as we sometimes think OSes are supposed to do) but in fact to keep applications from seeing one another at all. This may make certain "cool hacks" impossible, but it may compensate by making computing a lot more stable. The hypervisor can see into every KUP, but nothing in any KUP can see the hypervisor, or anything beyond the boundaries of the KUP. The hypervisor itself will run its essential components in electrically protected memory, and will be designed to defeat subversion.
It's a tall order, but that's the end point toward which I see a lot of modern virtualization technology converging. We'll need more memory and more cycles, but we get more of those every year. Sooner or later cores will be cheap, RAM almost free, and Microsoft mostly a seller of APIs-even if they don't want to be. Let's see: Install Vista, delete everything but the API files, and then pour what's left into a KUP.
I'll drink to that!