apple_badger

I'm going to respectfully disagree here. Speaking as someone who heads up Information security for an organization, this may not be as quite bad as it gets (it won't kill your dog), but it's darn close. A remote code execution flaw in webkit paired with the ability to execute arbitrary code with kernel privileges is really, really, *really* bad. 

hal301 said:

One other difference, although not clearly mentioned by Apple, is that the LG monitor has an internal power supply - the power cord plugs directly into the back of the monitor.  The Studio Display most likely uses the same (or at least very similar) external brick that the 24" iMac uses. So one more small box on the floor.

The Studio Display does not use an external power brick. It's just a power cord from the back of the display to a standard wall plug. 

lkrupp said:

Remember, people, this is the former 'Facebook security chief’. Facebook and security are mutually exclusionary terms. It’s like trying to put a square peg into a round hole. It ain’t happening.

Stamos is *highly* respected in the information security community. Speaking as someone who's job title includes the words chief, information, security, and officer, when he says something I almost always find it worth considering and never dismiss it outright based on where he's worked. For what it's worth, by all account his time at Facebook wasn't a harmonious one. 

He's guest hosted the Risky Business security podcast numerous times. If you want to get a sense of the guy, I recommend listening to those episodes. 

I just taped a piece of cardboard to the front of my iPad and tried to close the MagicKeyboard... and it closed just fine. I suspect that this is a nonissue that's on its way to becoming the next something-gate. 

anome said:

Upping the security isn't that much of an improvement if it isn't end-to-end. The whole architecture of Zoom is basically a man-in-the-middle vulnerability.

I keep seeing people decry its lack of end-to-end encryption. Their initial instance that they provide it was stupid, as was how long they held on to that claim before eventually dropping it, but beyond that I do not understand the shortcoming. There is no video conference service that offers end-to-end encryption at scale for large, multipoint sessions. How could that possibly work? That's a genuine question, not rhetorical. I cannot fathom how multiple video sessions could be combined into a single session without a central server that decrypts the individual sessions, combines them, and then sends the combined stream to each percipient. The alternative would be fully meshed connections of each endpoint to all the others but that can't scale out.