I know that I’ve worked on a technology that stands the test of time if, after some 20 years, there’s still some buzz around it at a conference.

This is obviously the case of Unix.

It must be the case of Mach as well. This week, I made an appearance at Black Hat 2009 and stumbled upon a session entirely dedicated to Mach-based rootkits for Mac OS X. The presenter, Dino Dai Zovi, did a good job at describing Mach. Why would someone hack Mach nowadays? Because it’s possible and is a fun thing to do It turns out that Mach is a fairly obscure piece in the Mac OS X ensemble and makes a hacker’s maneuvers a lot less likely to be detected.

Among things, Dino talked about MiG stubs (I did a total overhaul of MiG in 1993) and Mach-O. He recreated a sort of NetMsgServer (which has never been adopted by Apple Inc. as far as I can tell) with which he can siphon or inject Mach IPC messages. In my last Mach endeavor, I created a NetMsgServer that could work over INET.

Back in the days,  Rick Rashid opened Mach conferences by saying that the Mach crowd used to fit inside an elevator.  Twenty some years later, a couple hundred people still crowd a conference room for a solid Mach speech.

I’ve had the fortune to hone my system skills on Mach 3.0 along with a terrific team at the Open Software Foundation and the proxies into the team at CMU.  I’m obviously very pleased that Mach still beats inside my home desktop, laptop, and smartphone. I believe that Dino’s public contribution makes a compelling case for code hardening and pen-testing of the venerable Mach (which I surely hope it will happen on time for Snow Leopard!).

Today morning, I tuned to some concerning news in Bruce Schneier’s blog. Bruce writes about a new attack against 10-round AES-256. He defines it as impressive, practical, and more devastating attack that we have ever seen against AES.

Full AES-256 has 14 rounds, thus there still is some margin left … however, we also know that when there’s smoke there’s fire. Cryptography is an interesting science (and art). It would appear that AES with a 128-bit key is totally immune from these attacks and is as strong as ever. Uhm. I’ve heard that this is due to AES-256’s key schedule being ill-designed. The reason why is beyond me.

Rijndael (as it was called before being awarded the contest) was heralded as the transform for the new century. For the first time in ages, it featured a radical new design.  These research results are coming out way too soon. Concerned.

The Tarte Tatin is an upside apple cake. It used to be my favorite dessert when I lived in France. Yum.

Eating a Tarte Tatin on a lovely summer afternoon while catching up on Google Chrome OS (yeah, I’ve fallen way behind due to my ever demanding day job plus a pile of papers to review out of conference TPC duties).

Google Chrome OS (and other browser OS wannabes) makes me think of an upside cake, just like the Tarte Tatin. Let me explain. In the mid 90s, the Web browser rocketed into the scene. It became the pinnacle of our stack. Fast forward 15 years. With the Google Native Client, one can load and launch native x86 code in the browser without giving up on security (what could possibly be worse than PHP anyway…). Application management is quickly moving to the Cloud (SaaS, PaaS, the-whole-Enchillada-as-a-Service). Likewise, resource management has to play out in the Cloud. Thus, the new-wave browser must underpin both application management and resource management. The browser has become a shim layer buried deep near the bottom of the stack. Voila the upside down cake.

Have we seen other examples of upside down cakes in technology? For sure. Take the Internet. In the 70s, the revolutionary packet networking movement started off as a geeky use case that piggybacked on the very circuit switched network laid out for telephony. This set-up worked well for a long time, until data traffic outweighed voice traffic, in sheer volumes as well as business pull-through. The packet network then moved to the bottom of the pile, with telephony running as an application (VoIP) atop of it, along many others. Voila another upside down cake.

Legend has it that the Tarte Tatin was the lucky byproduct of a bad day in the kitchen. Unlike the Tarte Tatin, there’s little serendipity in what’s happening to the browser and what has happened to the Internet long before. Rather, they are huge R&D undertakings. In my career, I want to see some more of these upside down cakes! Along with chilled passito wine, please, for which I don’t have a geeky metaphor just yet.