Imho turning Linux into a microkernel + a grab-bag of drivers etc, would be wise at this point. Security advantages outweigh (perceived) performance impact for most uses.
Many pieces are already in place. See eg. L4Linux, seL4, Genode, various types of hypervisors etc.
But it would require defining stable interfaces between many moving parts which are currently in-kernel. Which in Linux land... is not a thing. Changing that would need consensus between an overwhelming majority of kernel developers.
So you could say: inertia, and the plethora of virtualization / isolation options are "good enough" for most users.
As for AI mass-discovering bugs: just a temporary rough patch (no pun intended). Linux is a massive codebase. But a lot of it is high-quality, and the # of bugs hiding in there is finite. The ceiling is not in how powerful AI becomes, it's the (finite) # of pre-existing bugs. So at some point it'll be back to a situation where only new code can bring in additional bugs. Probably AI will help there too.
Also note that the bulk of Linux is driver code for various hardware & technologies: system busses, memory management, file systems, disk caching, networking stacks, encryption, GPU, sound, etc etc. A lot of code may never be loaded or executed, bugs in there not applicable, system not vulnerable. Okay: maybe not a safe assumption. But often true nonetheless. EDIT: oh and not all bugs are vulnerabilities.
The microkernel argument makes sense in theory, but the real bottleneck has always been driver complexity. If LLMs can reliably generate verified drivers with formal correctness guarantees, that changes the equation significantly. Until then, Linux's ecosystem inertia wins every time.
Imho turning Linux into a microkernel + a grab-bag of drivers etc, would be wise at this point. Security advantages outweigh (perceived) performance impact for most uses.
Many pieces are already in place. See eg. L4Linux, seL4, Genode, various types of hypervisors etc.
But it would require defining stable interfaces between many moving parts which are currently in-kernel. Which in Linux land... is not a thing. Changing that would need consensus between an overwhelming majority of kernel developers.
So you could say: inertia, and the plethora of virtualization / isolation options are "good enough" for most users.
As for AI mass-discovering bugs: just a temporary rough patch (no pun intended). Linux is a massive codebase. But a lot of it is high-quality, and the # of bugs hiding in there is finite. The ceiling is not in how powerful AI becomes, it's the (finite) # of pre-existing bugs. So at some point it'll be back to a situation where only new code can bring in additional bugs. Probably AI will help there too.
Also note that the bulk of Linux is driver code for various hardware & technologies: system busses, memory management, file systems, disk caching, networking stacks, encryption, GPU, sound, etc etc. A lot of code may never be loaded or executed, bugs in there not applicable, system not vulnerable. Okay: maybe not a safe assumption. But often true nonetheless. EDIT: oh and not all bugs are vulnerabilities.
You don't need stable interfaces in a monorepo.
The microkernel argument makes sense in theory, but the real bottleneck has always been driver complexity. If LLMs can reliably generate verified drivers with formal correctness guarantees, that changes the equation significantly. Until then, Linux's ecosystem inertia wins every time.