The view from my office balcony:

I have barely talked about the RSA key side channel leak, when it just became apparent that it is possible to turn on a MacBook's video camera without also turning on the (hardwired) LED indicator light. That makes it possible for an attacker (once they gain access to your machine remotely) to record video of whatever you do without you knowing. The last stand against this kind of (popular) extortion has just fallen - it is no longer possible to trust the LED indicator to determine whether the camera is recording or not.

I have solved this once and for all. If you can decode my face from the below photo, then you have defeated my ingenuity.

It seems like a highly unlikely source of side channel leakage has successfully been compromised. Researchers found a way to retrieve the signing RSA key from a GnuPG encryption algorithm in about an hour's time by using a mobile phone's microphone while the phone is left close to a computer. With specialized microphones it is even possible to be about 4 meters away from the computer and still retrieve the key.

In the real word, this means it is possible if someone has physical access to the vicinity of your computer, and about an hour of time to waste they can crack your RSA key. The old adage is very true - cracking only ever gets better, never worse with time.

Olympus BioScapes 2013

Scientific American

A competitive market forces all of us to cut corners in order to try and stay ahead of the pack. If you don't, you'll fall behind and is replaced faster than a neutrino can travel through your body. This applies to most professions alike. In the software development industry, there is an endless tug of war between timelines, features and budget. For the non technically minded readers, here is a short explanation of each.

1. Timelines - It takes a finite amount of time to engineer a software based system. Companies want to be competitive, so the shorter time it takes to build something, the faster you get it to market and the bigger your advantage.
2. Features - the more features a software system has, usually the better the company can promote it as being superior to the competition. More features equals more sales.
3. Budget - naturally each software project is budget limited in some form or another. The cost to build software directly translates to the amount of profit that can be had.

Unfortunately these three aspects are mutually perpendicular to each other, kind of like a cartesian axis in 3D space. To improve on any one of them, you need to sacrifice one of the others. It is not possible to improve on all three alike at the same time. Since companies want all three improved all the time, this causes a huge predicament. Think about it - if the request comes down from management to get the release out of the door faster, i.e. reducing timelines, the only two ways you can possibly do this is to either reduce the features (i.e. reduce the work input), or to increase the budget (by adding more resources). Likewise for the other aspects.