Researchers have fabricated a MD5 collision (different message, same hash) and then enacted a practical exploitation by way of a rogue Certification Authority cert. It has been a while that the community has known that MD5 is long in the tooth. When we wrote the standard for securing SANs over IP protocols (RFC3723), we were already warned of MD5 vulnerabilities and steered clear of MD5 as much as we could help it.

Intriguingly, these researchers have executed their crypto algorithms on a cluster of 200 playstation 3. In their use case, a playstation 3 is deemed to yield 40 times the work of a single core general-purpose processor.

I came across this excellent OSDI 08 paper by Robert Morris & team at MIT. They look into the widening gap between traditional system software and many-core hardware. Their approach is to zero on needlessly shared kernel fixtures and to seek-out application’s participation, for the application to sanction what really needs to be shared and amongst which things, no more and no less.

I fully resonate with the problem statement and the solution scope. We are actively moving from 8-core to 16-core servers and are stumbling precisely on these issues.  These days, I repeat myself that “what got you here won’t get you there”.  More of this journey in upcoming blog entries.

We often say that a picture is worth a thousand words. Their figure 2 is just brilliant. It really put my finger on the disparity in memory access timings among the 16 cores. 

When talking about kids that accidentally stumble upon improper content on the Internet, a colleague at work mentioned that he only lets his children perform searches within Wikipedia. This gave me an idea. How about setting the browser’s homepage such that the browser starts on wikipedia and displays a new article every time it is started? It wasn’t long before I found that this URL http://en.wikipedia.org/wiki/Special:Random does the trick. I put it into the browser’s configuration and voila, it’s the gift that keeps on giving. Before playing games or going to Club Penguin, my children must read the wikipedia page displayed at startup and write a one-paragraph summary on the topic that they have just stumbled upon. Don’t like that one? Just hit the home button!

I recently had the pleasure of visiting Microsoft Research Silicon Valley. Mihai Budiu (whom I met at a November event) kindly invited me over. There, I found some great and vibrant teams. Their logistics are nice too — I love their walled offices and lounge areas, it reminded me of what we had at the OSF RI in Cambridge MA (researchers need their space!).

I talked about datacenter issues, scale-out themes and “clouds” (in fact, I covered much of the material that I presented at the Cisco Cloud Symposium back in November). I had the privilege to meet Chuck Thacker in person. I sat down with Chuck’s team first and then with the DryadLINQ team (who were just back from presenting their work at OSDI 08). Dryad + LINQ piqued my interest for this particular use case …. I need to crawl log entries (at eBay, we generate 2+ TB worth every day) and mine the relationships amongst logical/physical entities, in a cross-tier fashion.