There have, historically, been two competing models of operating systems development. There’s the UNIX mentality, of small pieces loosely joined. That is, you have a whole bunch of little, stand-alone applications that all work together to accomplish more complex tasks running atop a svelte kernel that doesn’t know — or need to know — about the pieces its running. Then you have the “everything and the kitchen sink” mentality, used by Microsoft. All versions of Microsoft Windows have huge dependency chains, and what is rightly called “Windows” is a dizzying amalgamation of interdependent pieces of software, none of which can do much on their own. If you’ve ever wondered why your Windows-powered web server included Windows Media Player, or Solitaire, that’s the reason: the “stuff” that makes up Windows is highly interdependent.
There’s been work going on inside Microsoft for years to try to pare down the Windows system, to tame the beast so to speak. Dubbed “MinWin“, the effort aims to make a successive series of layers, with each layer depending only on the stuff immediately below it. So one layer might handle file system access and network protocols. The Internet Information Server would depend on that layer, but nothing in any of those sub-layers would depend on anything inside IIS. In a similar way, the Explorer shell and Internet Explorer can be more easily separated, so that you don’t need to have MSIE installed on every single server you run.
There are lots of changes associated with the MinWin project, and even though initial efforts are available for public viewing, the long-term payout is still quite a ways away. Some of the elements of that long-term payout include a more customizable installation footprint with an easier-to-update system, since you’d only be updating those components you’re actually using for your server; tighter system security; and enhanced system integrity, since faults in applications ought not be affecting lower level routines.
There’s an excellent write-up of MinWin at Ars Technica. It’s definitely worth a read. This quote, regarding system security, really caught my attention:
Fully two-thirds of the security patches released for Windows Server 2003 offered no actual increase in security for dedicated servers, but still required software to be installed and reboots to be performed on a near-monthly basis.
What’s ironically funny to me is that this entire initiative is, in many ways, a validation of the UNIX mentality that’s been driving Linux development since the very beginning. Microsoft has touted the superiority of it’s GUI, and the Microsoft Management Console (MMC) and its snap-ins, as the best and easiest way to manage complex services. I think we can all agree, now, that that’s more than a bit of hyperbole: GUIs and the MMC make some administrative tasks easier, while simultaneously making other tasks much harder. The resurgence of command-line administration in MinWin, and the Server Core installation option of Windows Server 2008 (original, and R2 flavors) is clear indication that a GUI is not the end-all-be-all of systems management.