[RetroTechie]

Imho turning Linux into a microkernel + a grab-bag of drivers etc, would be wise at this point. Security advantages outweigh (perceived) performance impact for most uses.

Many pieces are already in place. See eg. L4Linux, seL4, Genode, various types of hypervisors etc.

But it would require defining stable interfaces between many moving parts which are currently in-kernel. Which in Linux land... is not a thing. Changing that would need consensus between an overwhelming majority of kernel developers.

So you could say: inertia, and the plethora of virtualization / isolation options are "good enough" for most users.

As for AI mass-discovering bugs: just a temporary rough patch (no pun intended). Linux is a massive codebase. But a lot of it is high-quality, and the # of bugs hiding in there is finite. The ceiling is not in how powerful AI becomes, it's the (finite) # of pre-existing bugs. So at some point it'll be back to a situation where only new code can bring in additional bugs. Probably AI will help there too.

Also note that the bulk of Linux is driver code for various hardware & technologies: system busses, memory management, file systems, disk caching, networking stacks, encryption, GPU, sound, etc etc. A lot of code may never be loaded or executed, bugs in there not applicable, system not vulnerable. Okay: maybe not a safe assumption. But often true nonetheless. EDIT: oh and not all bugs are vulnerabilities.

[cayleyh]

A compounding problem is that lots of the key drivers depend on binary blobs provided by the vendors, making updating and porting that much harder. I know there has been some work to have translation layers between "linux driver api surface" --> "other OSs" but that feels problematic to trust & maintain unless it's driven from the linux kernel team itself.

[snvzz]

The microkernel-based systems (LionsOS, Genode and so on) already have sane interfaces.

What is needed in that regard is just to port more drivers over.

[wmf]

You don't need stable interfaces in a monorepo.