The view from my office balcony:

I have barely talked about the RSA key side channel leak, when it just became apparent that it is possible to turn on a MacBook's video camera without also turning on the (hardwired) LED indicator light. That makes it possible for an attacker (once they gain access to your machine remotely) to record video of whatever you do without you knowing. The last stand against this kind of (popular) extortion has just fallen - it is no longer possible to trust the LED indicator to determine whether the camera is recording or not.

I have solved this once and for all. If you can decode my face from the below photo, then you have defeated my ingenuity.

It seems like a highly unlikely source of side channel leakage has successfully been compromised. Researchers found a way to retrieve the signing RSA key from a GnuPG encryption algorithm in about an hour's time by using a mobile phone's microphone while the phone is left close to a computer. With specialized microphones it is even possible to be about 4 meters away from the computer and still retrieve the key.

In the real word, this means it is possible if someone has physical access to the vicinity of your computer, and about an hour of time to waste they can crack your RSA key. The old adage is very true - cracking only ever gets better, never worse with time.