"Avoid shared-kernel attack surfaces" is not an unreasonable proposition in 2026.

It is very good practical advice.

It also saddens me greatly, imagining what computing could look like if systems evolved differently.

Virtual machines are still the best design and has been for something like 20 years

Containers are good, as long as they all share the same purpose (read: same application, no multi-tenant)

We all know that multi-users systems (and thus, containers) have a very wide attack surface, while VM attack surface is very limited ..

This is why I am totally convinced that:

  - redhat and friends are a terrible idea (licencing forces collocation which reduces segmentation)
  - per-instance pricing (read: cloud public, but not only that) are terrible: for the same reason. Paying per consumed CPU/ram is sane, paying per VM unit is damageful