By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: March 4, 2022

Friday, 4 March 2022

9to5Mac: ‘Mac Studio’ – New Desktop Mac, Between Mac Mini and Mac Pro ★

Filipe Espósito, reporting for 9to5Mac:

Based on information seen by 9to5Mac, the new Mac Studio is primarily based on the Mac mini, but with much more powerful hardware. Apple has two versions of Mac Studio under development. One features the M1 Max chip (the same as the 2021 MacBook Pro) and the other a variant of the Apple Silicon chip that is even more powerful than the current M1 Max.

According to our sources, the new Mac Studio is known internally by the codename “J375”.

Although the name “Mac Studio” may change, it represents a new category between Mac mini and Mac Pro aimed at professional users. The brand also matches the “Apple Studio Display” that the company has been working on, which suggests that Apple will widely advertise both products as a perfect combo for professional work.

I don’t understand the “primarily based on the Mac Mini” part if it uses the M1 Max and an as-yet-unannounced chip even more powerful than the M1 Max, but this “Mac Studio” pretty much sounds like the mythical “xMac” many Mac nerds have been clamoring for — for almost 20 years. Stranger things have happened — “Wouldn’t it be cool if Apple made a stripped-down version of the Mac’s OS that could run on a handheld?” used to be just a spitball idea, too.

As linked in the blockquote above, Espósito also reported today on an “Apple Studio Display” with 7K resolution. He has no idea how big the display is, or whether it’s a replacement for the Pro Display XDR or a new lower-priced display. But if the names are right it sure sounds like a new prosumer-priced display.

Disney+ to Introduce an Ad-Supported Subscription Later This Year ★

Disney press release:

In a first for Disney’s premier direct-to-consumer streaming service, Disney+ will expand its offerings for consumers by introducing an ad-supported subscription in addition to its option without ads, beginning in the U.S. in late 2022, with plans to expand internationally in 2023.

“Expanding access to Disney+ to a broader audience at a lower price point is a win for everyone — consumers, advertisers, and our storytellers,” said Kareem Daniel, Chairman, Disney Media and Entertainment Distribution.

Note that they’re talking about a lower price, not free.

The thing that gets me, and will never stop getting me, is that when we first started using computers to watch TV, with TiVo and other DVRs in the late 1990s and early 2000s, we were able to use them to skip, or at least fast-forward, commercials. The computerization of TV, in that early era, worked for us, the viewers.

Today, with streaming, the computerization of viewing leaves us with un-skippable, un-fast-forwardable commercials. I find that endlessly depressing. I’d rather not subscribe to a streaming service at all than subscribe to a tier with un-skippable ads.

Samsung Encryption Flaw in Over 100 Million Recent Phones ★

Bruce Schneier:

Gadzooks. That’s a really embarrassing mistake. GSM needs a new nonce for every encryption. Samsung took a secure cipher mode and implemented it insecurely.

Here’s a link to the paper (PDF) from three researchers at Tel-Aviv University. Abstract:

In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices.

Matthew Green, associate professor of computer science at the Johns Hopkins Information Security Institute, in a tweet thread:

Ugh god. Serious flaws in the way Samsung phones encrypt key material in TrustZone and it’s embarrassingly bad. They used a single key and allowed IV re-use.

So they could have derived a different key-wrapping key for each key they protect. But instead Samsung basically doesn’t. Then they allow the app-layer code to pick encryption IVs. This allows trivial decryption.

Dieter Bohn Leaves The Verge to Join Google ★

Dieter Bohn:

Ten years after we founded it, The Verge continues to be the best place to discover the import and impact of technology’s place in our culture — but after today, the team will be doing that without me. After 20 years in media, I’ve decided it’s time to do something new. If you’ve been a Vergecast listener, you know that disclosure is our brand, so here’s mine: I’m headed to Google to work on the Platforms & Ecosystems team. I am excited to help shape the future of software platforms like Android and Chrome — and continue to work at the nexus of technology and culture, just in a different way.

File this as another media departure I did not see coming. (I never see them coming.)

See also: Bohn has a poignant — and philosophical — goodbye video on YouTube, and he joined Nilay Patel and special guest Walt Mossberg for a goodbye on The Vergecast noodlepants.

Most Apple Employees Will Begin Returning to Offices on April 11 ★

Tim Cook, in a company-wide email to employees:

While many of you have been coming in regularly for quite some time, we are now looking forward to welcoming those of you who shifted to working remotely back to our corporate offices. In the United States, beginning on April 11, we’ll begin the phased approach to the hybrid pilot, with teams returning to the office initially one day a week, and then, beginning in the third week, two days a week. This transitional period will now be extended from four to six weeks.

We will then begin the hybrid pilot in full on May 23, with people coming to the office three days a week — on Monday, Tuesday, and Thursday — and working flexibly on Wednesday and Friday if you wish.

Cities across the nation (and world) are dropping mask mandates, including here in Philly. Went shopping without a mask indoors yesterday for the first time since last summer. Feels both weird and very good.