Chuckellania for October 12th, 2021

This is not a new insight, but it bears repeating: when implementing cryptography yourself, it is rather easy to make a mistake you won't notice, potentially reducing the security.

Here's a case of this happening to a JS library called keypair.

There's also a bug (that wouldn't be as likely in languages with a stricter type discipline) where the library checks for window.crypto's availability to use the browser's built-in random-number generator where possible, but then actually re-declares that variable, so this check is always false.

But the main flaw is also a typing issue: it calls:

String.fromCharCode(String.fromCharCode(next & 0xFF))

Instead of just:

String.fromCharCode(next & 0xFF)

If the parameters and return of fromCharCode were strongly-typed, the outer call of fromCharCode wouldn't accept its argument, and if the language were statically typed, this would become obvious at compile time.'

Ultimately:

The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9.

Oops.

via

---

So far, it seems The Problem With Jon Stewart¹ is trying to be "60 Minutes but with some jokes", and I'm not sure it's working. I guess they needed a way to not be "Last Week Tonight but With Jon Stewart Instead"?

---

Oh hey, Apple announces another event!

We'll almost certainly be seeing new MacBook Pros. The 16-inch is almost two years old now, which is hopefully not the kind of cycle we'll see a lot of any more.

What else will we be seeing?

I don't think Apple can fill an event just showing 14- and 16-inch laptops. Even if they pad it with a lot of talk about the M1X², that would only be about half an hour.

The M1 event was 47 minutes long, with 5 minutes each of intro and wrap-up, 18 minutes to talk about the chip in general, 7 minutes for the MacBook Air, 5 for the Mac mini, and another 7 for the 13-inch MacBook barely-a-Pro.

The iMac event totaled 61 minutes, but that also included other topics like AirTags and a purple iPhone. The iMac segment was 19 minutes, and the iPad Pro segment was 21 minutes.

Now, those MacBook Pros (MacBooks Pro?) will likely introduce design changes, whereas the M1 event really "just" featured the same Macs but with new internals. So they will, just like with the iMac, have a fair amount more to talk about. But they'll probably be siblings to each other, i.e. very similar in design language.

So maybe 19 minutes for the 16-inch, then another 7 for the 14-inch. Before that, maybe 10 minutes for the M1X (I don't think it's as exciting for the general audience as the M1 was). That's only 38 minutes, and I think that means we'll need another topic.

New AirPods?

But then, the AirPods rarely get any event coverage at all (neither the AirPods Pro nor the Max were introduced at an event), and also, that seems rather off- topic.

More Macs? A high-end mini, perhaps.

How about software? Another introducting of macOS Monterey, perhaps with a previously unannounced feature? And maybe an upgrade to some app, like Final Cut Pro?

---

Silverlight support ended today.

It came from a very different era, where Microsoft tried to do things themselves that already existed, like XPS instead of PDF, or Windows Media.

Unlike XPS, I feel Silverlight at least had a compelling developer story; running .NET code in the browser, on multiple platforms was, at least on paper, interesting.

(My understanding is the macOS Silverlight plug-in helped early development of the macOS .NET Core runtime, so that's a fun twist ending to that story.)

---

Speaking of MacBook Pros: will they still have the Touch Bar, and if so, why did Apple never iterate on it by adding haptic feeedback?

I've never understood that. The trackpad does. The iPhone obviously does. Even the digital crown on the Apple Watch now does, when scrolling. Surely their Taptic Engine would be awesome at letting you feel virtual button edges better?