Something that I found very interesting recently is Capsicum. It's a pretty interesting way of supplying capabilities to programs. It's very interesting. Basically it checks whether or not you have read/write access on unix file descriptors. FreeBSD 9 will include this and hopefully migrate over to using it in the future for all it's programs. There is already a chrome port running on FreeBSD.
It would be great to see the iPhone get this functionality in the future. Hacking through font rendering would be a thing of the past. If you get a chance, read their paper.
