Go on, admit it. You thought the U3 consortium idea of carrying around your very own PC environment in a flash memory card was a pretty flaky idea. But IBM has a research project aimed at the very same idea and it looks feasible at first sight. Whether we will ever see product is a different thing of course.
The U3 project allows a user to carry a PC environment around with them. Skype has signed up with the consortium so that users could plug their flash drive into a PC and make Skype voice-over-Internet phone calls (VOIP).
The IBM research site describes SoulPad thus: "Essentially, SoulPad enables a user to hibernate a PC session to a pocket form-factor device and carry the device to some another PC and resume his session on that PC." In IBM's conception the hardware of a PC and the installed software constitutes its 'body'. What a user actually does with that PC - the applications used, the browser bookmarks, the e-mail application, the desktop icons and settings and so forth - make up the fancifully named 'soul'.
How is this done? It can't be done by working directly with a host PC because it, obviously, may not have the user's applications installed. Instead a virtual machine environment is used. The host PC, in effect, runs an application from the USB pocket drive which is a suspended virtual machine environment. The application on the SoulPad USB drive is actually booted and it is an auto-configuring operating system.
It starts a virtual machine monitor which has the user's total computing environment inside it. This includes the installed applications, the desktop configuration, any running applications and open windows.
What is going on here is that a user hibernates a session on one host PC. It's saved to the SoulPad. The user arrives at another PC, plugs in the SoulPad and resumes the hibernated session.
It sounds attractive, doesn't it? Instead of carrying a desktop computer around with you, you make do with a USB flash memory or USB-connected microdrive device with the SoulPad software stack, and plug it into any PC you happen to be nearby.
But that's the problem. Would I let a stranger plug their USB device into my PC? Would I heck! Data theft or virus transfer could result. The data on the SoulPad can be encrypted, with an AES128 block cipher being used to encrypt the virtual machine state. But that's not the real problem which is the access of the host PC.
Secondly the target PC BIOS has to be able to boot from the USB device. This is not, for most of us users, a standard operation.
A PC could be put aside for travellers in, say, an Internet cafe. Users could add the SoulPad software stack to their MP3 player or cell phone, if it had the storage and software capability, and plug it into that PC. But, to do much useful work the host PC requires a network connection and there's the problem again.
You expect me to plug a device into a networked PC I own, to boot an encrypted operating system whose state I cannot assess and let it have free rein of my PC and the network? I'm afraid not. Unless the SoulPad can somehow be authenticated and verified I'm not going to let it touch my PC with a bargepole, let alone a USB 2 plug.
This problem may also affect the U3 devices. Unless they are authenticated and validated any sensible user would reject their use. Plug-and-play at the dumb peripheral level is fine and good. Plug-and-play at the intelligent device level is another thing entirely and will founder on these security issues.
Bootable PC environments stored on USB pocket form-factor devices look like engineers' solutions in search of a problem. To this user they look exactly like a major problem that doesn't solve anything but creates a whole new security vulnerability.
My PC is not going to enjoy any form of soul food whatsoever. Go on, admit it. You thought the idea of carrying a PC environment around in a USB device was flaky. You could be right.