An anonymous reader quotes a report from Reuters: Global sales of fully electric and plug-in hybrid vehicles rose by an annual 30.5% in September, as China surpassed its record numbers recorded in August and Europe resumed growth, market research firm Rho Motion said on Tuesday. Gains in the U.S. market have been slow and steady in anticipation of the Nov. 5 election, which makes it difficult to predict future trends in the country, data manager Charles Lester told Reuters. EVs -- whether fully electric (BEV) or plug-in hybrids (PHEVs) -- sold worldwide reached 1.69 million in September, Rho Motion data showed.

Sales in China jumped 47.9% in September and reached 1.12 million vehicles, while in the United States and Canada they were up 4.3% to 0.15 million. In Europe, EV sales rose 4.2% to 0.3 million units, thanks to a 24% jump in the United Kingdom and gains in Italy, Germany and Denmark, Lester said. In the Chinese market, the penetration rate of BEV and PHEV is growing faster than some expected and sales "could be a record every month until the end of the year", Lester said. He added that Germany's 7% year-on-year growth was "definitely positive news", and that intermediate carbon emission reduction goals set in the EU for next year will test the bloc's market.

"Technical outerwear brand Arc'teryx and wearable technology startup Skip have teamed up to create exoskeleton hiking pants, powered by AI..." reports CNN. After four years of collaboration and testing, the two companies plan to start selling the battery-powered pants in 2025 for $5,000 — but they're also "available to rent and try out now," according to CNN's video report: "You can think of it like an e-bike for walking..." says Skip's co-founder and chief product officer Anna Roumiantseva. "On the way up, it really kind of offloads some of those big muscle groups that are working their hardest. We like to say it gives you about 40% more power in your legs on the way up with every step." ("And then supports their knees on the way down," says Cam Stuart, Arc'Teryx's advanced concepts team manager for research and engineering.)

Kathryn Zealand, Skip Co-founder and CEO adds, "There's a lot of artificial intelligence built into these pants," with Roumiantseva explaining that technology "understands how you move, predicts how you're going to want to move next — and then assists you in doing that, so that the assistant doesn't feel like you're walking to the beat of the robot or is moving independently..."

Stuart: I think when people think of what an exoskeleton is, they think of this big bionic frame or they think it's like Avatar or something like that. The challenge for us really was how do we put that in a pair of pants...?"

Co-founder Roumiantseva: We've done a lot of work to make a lot of the complicated and sophisticated technology that goes into it look and feel as approachable and as similar to a garment as possible.

Co-founder Zealand: And so maybe you think about them like a pair of pants.
CNN points out it isn't the only "recreational exoskeleton." (Companies like Dnsys and Hypershell have even "developed their own lightweight exoskeletons — through Kickstarter campaigns.")

But beyond recreation, this also has applications for people with disabilities. "Movement and mobility, it's such a huge driver of quality of life, it's such a huge driver of joy," says Skip's co-founder and chief product officer. "It does become a luxury — and that's a huge part of why we're building what we're building. Is we don't think it should be."

Early this morning SpaceX successfully launched its Starship rocket on its fifth test flight. But more importantly, CNBC points out, SpaceX "made a dramatic first catch of the rocket's more than 20-story tall booster."

Watch the footage here. It's pretty exciting... The achievement marks a major milestone toward SpaceX's goal of making Starship a fully reusable rocket system... The rocket's "Super Heavy" booster returned to land on the arms of the company's launch tower nearly seven minutes after launch.

"Are you kidding me?" SpaceX communications manager Dan Huot said on the company's webcast. "What we just saw, that looked like magic," Huot added...

Starship separated and continued on to space, traveling halfway around the Earth before reentering the atmosphere and splashing down in the Indian Ocean as intended to complete the test. There were no people on board the fifth Starship flight. The company's leadership has said SpaceX expects to fly hundreds of Starship missions before the rocket launches with any crew...

With the booster catch, SpaceX has surpassed the fourth test flight's milestones... The company sees the ambitious catch approach as critical to its goal of making the rocket fully reusable. "SpaceX engineers have spent years preparing and months testing for the booster catch attempt, with technicians pouring tens of thousands of hours into building the infrastructure to maximize our chances for success," the company wrote on its website.

Imgur announced changes to its content moderation policies, no longer classifying memes with adult humor as mature. Going forward, only memes with sexualized or lewd content will receive the mature tag. The Verge reports: Imgur is making the changes after it collected feedback about its content moderation over the course of this year, including that its policies, "especially surrounding mature content, feel inconsistently applied, too subjective, or just rather confusing as a whole," according to a post from Imgur product manager Martyn O'Neill. Now, mature content consists "solely of sexualized or 'lewd'" content.

Following the adjustments, O'Neill says that "warnings / post removals" are down nearly 35 percent month over month. Far fewer posts are being marked as mature as well; that stat has declined by almost 50 percent.

Ubuntu 24.10 'Oracular Oriole', the latest version of the popular Linux distro, introduces several enhancements including a revamped GNOME Initial Setup for ARM64 devices, updated file management features, and a more seamless experience with dialog boxes that adjust to aspect ratios. Celebrating Ubuntu's 20th anniversary, this release also "offers a few touches for those who want to go down memory lane," reports Tom's Hardware. "When the system boots up, you'll see the 20 Years Ubuntu logo right at the bottom of the screen. You can also set the desktop background to the original Ubuntu 4.10 wallpaper, and a Warty Brown accent color is an available option if you want to complete the feel. To round out the experience, Ubuntu 24.10 uses the original startup sound from 4.10, which plays every time you log in." From the report: The most significant change, as OMG! Ubuntu notes that ARM64 devices now use GNOME Initial Setup, which offers a cleaner, slicker way of setting up the operating system after the first install. When I set up Ubuntu 24.10 in a virtual machine in my MacBook Air, it felt easier to install and use than my MacBook and Windows laptops. We also get updated dialog boxes that adjust based on the Windows aspect ratio, making it useful for portrait devices like smartphones and tablets.

Several other quality-of-life updates in Ubuntu 24.10, like new File Manager features, make navigating your bookmarks and internal drives easier on the sidebar. Apps also now use the default File Manager when browsing your hard drive, providing a more seamless experience. And, if you run a search on non-indexed folders, you'll find an info button that will explain why your search query is taking longer than usual.

Amazon will likely eliminate around 14,000 corporate jobs by early next year as part of ongoing efforts to reduce costs, according to a note Morgan Stanley sent to clients that Slashdot has reviewed. Brian Nowak of Morgan Stanley estimated Amazon could cut approximately 13,800 manager positions by the end of the first quarter of 2025, based on the company's stated goal of increasing the ratio of individual contributors to managers by at least 15%.

"AMZN management's recent letter laying out an increased focus on efficiency should lead to further EBIT cushion and (potential) upside in '25," Nowak wrote. The potential headcount reduction could result in $2.1 billion to $3.6 billion in annual cost savings for Amazon, adding 3% to 5% to the company's 2025 operating profit, according to Nowak's analysis. Amazon has already cut over 27,000 jobs since late 2022 as part of a major cost-cutting push. The company employed 1.54 million people globally as of the end of June.

Apple just fixed a duo of security bugs in iOS 18.0.1 and iPadOS 18.0.1, one of which might cause users' saved passwords to be read aloud. It's hardly an ideal situation for the visually impaired. From a report: For those who rely on the accessibility features baked into their iGadgets, namely Apple's VoiceOver screen reader, now is a good time to apply the latest update. In typical Apple fashion, the company hasn't released much in the way of details about the first security issue, tracked as CVE-2024-44204, which makes it tougher to understand the conditions under which this vulnerability could be triggered, or how to avoid it until the update is applied. What we do know is that it was characterized as a logic issue, which Apple rectified by improving validation. The disclosure of the bug comes less than a month after iOS 18 and iPadOS 18 debuted. Ironically, this release included Apple's first native password manager, the Passwords app.

The Register's Thomas Claburn reports: Buck Shlegeris, CEO at Redwood Research, a nonprofit that explores the risks posed by AI, recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine. "I expected the model would scan the network and find the desktop computer, then stop," Shlegeris explained to The Register via email. "I was surprised that after it found the computer, it decided to continue taking actions, first examining the system and then deciding to do a software update, which it then botched." Shlegeris documented the incident in a social media post.

He created his AI agent himself. It's a Python wrapper consisting of a few hundred lines of code that allows Anthropic's powerful large language model Claude to generate some commands to run in bash based on an input prompt, run those commands on Shlegeris' laptop, and then access, analyze, and act on the output with more commands. Shlegeris directed his AI agent to try to SSH from his laptop to his desktop Ubuntu Linux machine, without knowing the IP address [...]. As a log of the incident indicates, the agent tried to open an SSH connection, and failed. So Shlegeris tried to correct the bot. [...]

The AI agent responded it needed to know the IP address of the device, so it then turned to the network mapping tool nmap on the laptop to find the desktop box. Unable to identify devices running SSH servers on the network, the bot tried other commands such as "arp" and "ping" before finally establishing an SSH connection. No password was needed due to the use of SSH keys; the user buck was also a sudoer, granting the bot full access to the system. Shlegeris's AI agent, once it was able to establish a secure shell connection to the Linux desktop, then decided to play sysadmin and install a series of updates using the package manager Apt. Then things went off the rails.

"It looked around at the system info, decided to upgrade a bunch of stuff including the Linux kernel, got impatient with Apt and so investigated why it was taking so long, then eventually the update succeeded but the machine doesn't have the new kernel so edited my Grub [bootloader] config," Buck explained in his post. "At this point I was amused enough to just let it continue. Unfortunately, the computer no longer boots." Indeed, the bot got as far as messing up the boot configuration, so that following a reboot by the agent for updates and changes to take effect, the desktop machine wouldn't successfully start.

OpenAI has introduced "canvas," a new interface for ChatGPT that provides a separate workspace for writing and coding projects. "Canvas is rolling out in beta to ChatGPT Plus and Teams users on Thursday, and Enterprise and Edu users next week," reports TechCrunch. "Once canvas is out of beta, OpenAI says it plans to offer the feature to free users as well." From the report: In our demo, [OpenAI product manager Daniel Levine] had to select "GPT-4o with canvas" from ChatGPT's model picker drop down window. However, OpenAI says canvas windows will just pop out when ChatGPT detects a separate workspace could be helpful, say for longer outputs or complex coding tasks. You can also just write "use canvas" to automatically open a project window. Levine showed TechCrunch how ChatGPT's new features could help write an email. Users can prompt ChatGPT to generate an email, which will then pop out in the canvas window. Then users can toggle a slider to adjust the length of the writing to be shorter or longer. You can also highlight specific sentences, and ask ChatGPT to make changes such as "make this sound friendlier," or add emojis. Users can also ask ChatGPT to rewrite the whole email as-is in another language.

The features for the coding canvas are slightly different. Levine prompted ChatGPT to create an API web server in Python, which spawned in the canvas window. By pressing an "add comments" button, ChatGPT will add in-line documentation to explain the code in plain English. Further, if you highlight a section of code that ChatGPT created, you can ask the chatbot to explain it to you, or ask questions about it. ChatGPT is also getting a new "review code" button, which will suggest specific edits for the code in the window, whether generated or user-written, for them to approve, edit themselves, or decline. If they press approve, ChatGPT will take a stab at fixing the bugs itself.

An anonymous reader shares a report: It's not exactly breaking news that people reuse passwords, but you might expect password manager subscribers to avoid the practice. You'd be wrong, according to a new study. Dashlane's downer of a report draws on saved logins analyzed on-device by Dashlane's software across "millions" of individual and business accounts. It finds dismally high percentages of password reuse worldwide. The US and Canada rank the worst of every region Dashlane tracked, with 48% of passwords in individual password vaults being reused. Another 15% rate as compromised, meaning those passwords have shown up in data breaches.

Combined with other security data points, the US and Canada land at a security score of 72.6 out of 100 in Dashlane's report, the lowest of all 14 regions covered in the study. The report, along with the Password Health score that Dashlane's software computes for individual users, emphasizes the longstanding problem of password reuse because that practice leaves its practitioners so vulnerable to getting hacked.Â

The Register's Simon Sharwood reports: AT&T has claimed that Broadcom made it an offer to increase prices by 1,050 percent, and may be influencing other vendors to make a migration harder. The claim of the colossal price hike came in an email [PDF] filed in evidence by AT&T in its case alleging Broadcom hasn't honored a contract that would allow the carrier to acquire an additional two years of support services for its VMware estate. The email was penned by AT&T executive vice president and general manager Susan A Johnson and appears to be addressed to Broadcom CEO Hock Tan.

"After a 10 plus year strategic relationship with Broadcom ... I am sad to report that we appear to be at an impasse on our VMware deal," Johnson wrote on August 19. "The latest offer that we have received would put us at an average of $REDACTED per year for a 5 year deal, where we currently pay $REDACTED per year to support previously purchased perpetual licenses with a right to renew support through September, 2026. This proposed annual increase of +1,050 percent in one year is extreme and certainly not how we expect strategic partners to engage in doing business with AT&T."

Uplevel provides insights from coding and collaboration data, according to a recent report from CIO magazine — and recently they measured "the time to merge code into a repository [and] the number of pull requests merged" for about 800 developers over a three-month period (comparing the statistics to the previous three months).

Their study "found no significant improvements for developers" using Microsoft's AI-powered coding assistant tool Copilot, according to the article (shared by Slashdot reader snydeq): Use of GitHub Copilot also introduced 41% more bugs, according to the study...

In addition to measuring productivity, the Uplevel study looked at factors in developer burnout, and it found that GitHub Copilot hasn't helped there, either. The amount of working time spent outside of standard hours decreased for both the control group and the test group using the coding tool, but it decreased more when the developers weren't using Copilot.
An Uplevel product manager/data analyst acknowledged to the magazine that there may be other ways to measure developer productivity — but they still consider their metrics solid. "We heard that people are ending up being more reviewers for this code than in the past... You just have to keep a close eye on what is being generated; does it do the thing that you're expecting it to do?"

The article also quotes the CEO of software development firm Gehtsoft, who says they didn't see major productivity gains from LLM-based coding assistants — but did see them introducing errors into code. With different prompts generating different code sections, "It becomes increasingly more challenging to understand and debug the AI-generated code, and troubleshooting becomes so resource-intensive that it is easier to rewrite the code from scratch than fix it."

On the other hand, cloud services provider Innovative Solutions saw significant productivity gains from coding assistants like Claude Dev and GitHub Copilot. And Slashdot reader destined2fail1990 says that while large/complex code bases may not see big gains, "I have seen a notable increase in productivity from using Cursor, the AI powered IDE." Yes, you have to review all the code that it generates, why wouldn't you? But often times it just works. It removes the tedious tasks like querying databases, writing model code, writing forms and processing forms, and a lot more. Some forms can have hundreds of fields and processing those fields along with doing checks for valid input is time consuming, but can be automated effectively using AI.
This prompted an interesting discussion on the original story submission. Slashdot reader bleedingobvious responded: Cursor/Claude are great BUT the code produced is almost never great quality. Even given these tools, the junior/intern teams still cannot outpace the senior devs. Great for learning, maybe, but the productivity angle not quite there.... yet.

It's damned close, though. GIve it 3-6 months.
And Slashdot reader abEeyore posted: I suspect that the results are quite a bit more nuanced than that. I expect that it is, even outside of the mentioned code review, a shift in where and how the time is spent, and not necessarily in how much time is spent.
Agree? Disagree? Share your own experiences in the comments.

And are developers really saving time with AI coding assistants?

Microsoft giveth and Microsoft taketh away, as administrators using Windows Server Update Services (WSUS) will soon find out. From a report: Windows Server 2025 remains in preview, but Microsoft has been busy letting users know what is set for removal and what will be deprecated in the release. WSUS fits into the latter category -- still there for now, but no longer under active development. This is a big deal for many administrators who rely on the feature to deploy and manage the distribution of updates and features in an enterprise environment.

It'll even work on a network disconnected from the internet -- download the patches to a connected computer, stick them on some removable media, import the patches to a WSUS server on the disconnected network, and away you go. A tame administrator told El Reg: "We are migrating to Intune. It's a lot more complicated than WSUS, and it takes a lot longer to get set up."

"Such is progress!" he sighed. Microsoft's advice is, unsurprisingly, to migrate to cloud tools. As well as the aforementioned Intune, there is also Windows Autopatch for client update management or Azure Update Manager for server update management. And there are plenty of third-party tools out there too, such as Ansible. Microsoft's announcement has attracted comment. One user said: "Congratulations, you just made centralized automated patching subject to internal politics and budget constraints. "I survived the era of Melissa, SQL Slammer, and other things that were solved when we no longer had to choose between paid patch management or trusting admins of every server to do the right thing. For those of you that did not live through that, buckle up!"

The JavaScript runtime Bun is a Node.js/Deno alternative (that's also a bundler/test runner/package manager).

And Bun 1.1.28 now includes experimental support for ">compiling and running native C from JavaScript, according to this report from The New Stack: "From compression to cryptography to networking to the web browser you're reading this on, the world runs on C," wrote Jarred Sumner, creator of Bun. "If it's not written in C, it speaks the C ABI (C++, Rust, Zig, etc.) and is available as a C library. C and the C ABI are the past, present, and future of systems programming." This is a low-boilerplate way to use C libraries and system libraries from JavaScript, he said, adding that this feature allows the same project that runs JavaScript to also run C without a separate build step... "It's good for glue code that binds C or C-like libraries to JavaScript. Sometimes, you want to use a C library or system API from JavaScript, and that library was never meant to be used from JavaScript," Sumner added.

It's currently possible to achieve this by compiling to WebAssembly or writing a N-API (napi) addon or V8 C++ API library addon, the team explained. But both are suboptimal... WebAssembly can do this but its isolated memory model comes with serious tradeoffs, the team wrote, including an inability to make system calls and a requirement to clone everything. "Modern processors support about 280 TB of addressable memory (48 bits). WebAssembly is 32-bit and can only access its own memory," Sumner wrote. "That means by default, passing strings and binary data JavaScript WebAssembly must clone every time. For many projects, this negates any performance gain from leveraging WebAssembly."

The latest version of Bun, released Friday, builds on this by adding N-API (nap) support to cc [Bun's C compiler, which uses TinyCC to compile the C code]. "This makes it easier to return JavaScript strings, objects, arrays and other non-primitive values from C code," wrote Sumner. "You can continue to use types like int, float, double to send & receive primitive values from C code, but now you can also use N-API types! Also, this works when using dlopen to load shared libraries with bun:ffi (such as Rust or C++ libraries with C ABI exports)....

"TinyCC compiles to decently performant C, but it won't do advanced optimizations that Clang or GCC does like autovectorization or very specialized CPU instructions," Sumner wrote. "You probably won't get much of a performance gain from micro-optimizing small parts of your codebase through C, but happy to be proven wrong!"

Friday America's Federal Trade Commission brought action against three companies for "anticompetitive and unfair" practices "that have artificially inflated the list price of insulin."

For years, many of the millions of Americans who need insulin to survive "have been forced to pay exorbitant prices for a product that's inexpensive to make," writes NPR. "Now, the federal government is targeting one part of the system behind high insulin prices." While out-of-pocket costs have gone down for many people to $35 a month, questions remain on how the drug became so expensive in the first place. In a new lawsuit filed Friday, the Federal Trade Commission said it's going after one link in the chain: pharmacy benefit managers. The FTC brought action against the top pharmacy benefit managers (PBMs) — CVS Health's Caremark Rx, Cigna's Express Scripts, and United Health Group's OptumRx — saying the companies created a "perverse drug rebate system" that artificially inflates the cost of insulin. If the suit is successful, it could further drive down costs for patients at the pharmacy counter.

PBMs are essentially the middlemen between drug manufacturers and insurance providers. Their job is to reduce drug prices. But the process is complex and opaque, and critics say they're actually driving prices up for patients. The FTC said a big issue is that PBMs' revenue is tied to rebates and fees — which are based on a percentage of a drug's list price. Essentially, in the case of insulin, when the drug costed more, it generated higher rebates and fees for PBMs. "Even when lower list price insulins became available that could have been more affordable for vulnerable patients, the PBMs systemically excluded them in favor of high list price, highly rebated insulin products," the FTC said in a press release on Friday.

The three PBMs named in the FTC lawsuit make up about 80% of the market. According to the suit, the PBMs collected billions of dollars in rebates and fees while insulin became increasingly unaffordable. Over the last two decades, the cost of the lifesaving drug shot up 600% — forcing many Americans with diabetes to ration their medication and jeopardize their health. In 2019, one 1 of 4 insulin patients was unable to afford their medication, according to the FTC. Some people have died.
The FTC's statement says the companies "have abused their economic power by rigging pharmaceutical supply chain competition in their favor, forcing patients to pay more for life-saving medication... While PBM respondents collected billions in rebates and associated fees according to the complaint, by 2019 one out of every four insulin patients was unable to afford their medication..."

"[A]ll drug manufacturers should be on notice that their participation in the type of conduct challenged here raises serious concerns, and that the Bureau of Competition may recommend suing drug manufacturers in any future enforcement actions."

Google is updating its Password Manager to allow users to sync passkeys across multiple devices, including Windows, macOS, Linux, and Android, with iOS and ChromeOS support coming soon. Engadget reports: Once saved, the passkey automatically syncs across other devices using Google Password Manager. The company says this data is end-to-end encrypted, so it'll be pretty tough for someone to go in and steal credentials. [...] Today's update also brings another layer of security to passkeys on Google Password Manager. The company has introduced a six-digit PIN that will be required when using passkeys on a new device. This would likely stop nefarious actors from logging into an account even if they've somehow gotten ahold of the digital credentials. Just don't leave the PIN number laying on a sheet of paper directly next to the computer.

IBM has been laying off a substantial number of employees this week and is trying to keep it quiet, The Register reported Wednesday, citing its sources. From the report: One IBM employee told The Register that IBM Cloud experienced "a massive layoff" in the past few days that affected thousands of people. "Unlike traditional layoffs, this one was done in secret," the insider said. "My manager told me that they were required to sign an NDA not to talk about the specifics."

Multiple posts on layoff-focused message boards and corroborating accounts with other sources familiar with the IT giant's operations suggest the cuts are large. Asked to confirm the layoffs, an IBM spokesperson told The Register, "Early this year, IBM disclosed a workforce rebalancing charge that would represent a very low single digit percentage of IBM's global workforce, and we still expect to exit 2024 at roughly the same level of employment as we entered with."

Amazon is instructing corporate staffers to spend five days a week in the office, CEO Andy Jassy wrote in a memo on Monday. From a report: The decision marks a significant shift from Amazon's earlier return-to-work stance, which required corporate workers to be in the office at least three days a week. Now, the company is giving employees until Jan. 2 to start adhering to the new policy. Corporate employees will be expected to be in the office five days a week "outside of extenuating circumstances" or unless they've been granted an exception by their organization's S-team leader, Jassy said, referring to the close-knit group of executives that report to Amazon's CEO.

"Before the pandemic, it was not a given that folks could work remotely two days a week, and that will also be true moving forward -- our expectation is that people will be in the office outside of extenuating circumstances," Jassy said. Amazon also plans to simplify its corporate structure by having fewer managers in order to "remove layers and flatten organizations," Jassy said. Each S-team organization will be expected to increase the ratio of individual contributors to managers by at least 15% by the end of the first quarter of 2025, he said. Individual contributors refers to employees who typically don't manage other staffers. It's unclear if the change will result in the elimination of some manager positions.

An anonymous reader quotes a report from Ars Technica: Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006, provides operations and algorithms developers can use to safely implement secure encryption, decryption, signing, verification, hashing, and key exchange in the apps they create. The library supports federal certification requirements for cryptographic modules used in some governmental environments. Despite the name, SymCrypt supports both symmetric and asymmetric algorithms. It's the main cryptographic library Microsoft uses in products and services including Azure, Microsoft 365, all supported versions of Windows, Azure Stack HCI, and Azure Linux. The library provides cryptographic security used in email security, cloud storage, web browsing, remote access, and device management. Microsoft documented the update in a post on Monday. The updates are the first steps in implementing a massive overhaul of encryption protocols that incorporate a new set of algorithms that aren't vulnerable to attacks from quantum computers. [...]

The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren't vulnerable to Shor's algorithm when the keys are of a sufficient size. [...] The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it's based on "stateful hash-based signature schemes." These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses. Monday's post said Microsoft will add additional post-quantum algorithms to SymCrypt in the coming months. They are ML-DSA, a lattice-based digital signature scheme, previously called Dilithium, and SLH-DSA, a stateless hash-based signature scheme previously called SPHINCS+. Both became NIST standards last month and are formally referred to as FIPS 204 and FIPS 205. In Monday's post, Microsoft Principal Product Manager Lead Aabha Thipsay wrote: "PQC algorithms offer a promising solution for the future of cryptography, but they also come with some trade-offs. For example, these typically require larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimization and integration with existing systems and standards."

An anonymous reader shares a report: A giant unregulated currency is undermining America's fight against arms dealers, sanctions busters and scammers. Almost as much money flowed through its network last year as through Visa cards. And it has recently minted more profit than BlackRock, with a tiny fraction of the workforce. Its name: tether. The cryptocurrency has grown into an important cog in the global financial system, with as much as $190 billion changing hands daily. In essence, tether is a digital U.S. dollar -- though one privately controlled in the British Virgin Islands by a secretive crew of owners, with its activities largely hidden from governments.

Known as a stablecoin for its 1:1 peg to the dollar, tether gained early use among crypto aficionados. But it has spread deep into the financial underworld, enabling a parallel economy that operates beyond the reach of U.S. law enforcement. Wherever the U.S. government has restricted access to the dollar financial system -- Iran, Venezuela, Russia -- tether thrives as a sort of incognito dollar used to move money across borders. Russian oligarchs and weapons dealers shuttle tether abroad to buy property and pay suppliers for sanctioned goods. Venezuela's sanctioned state oil firm takes payment in tether for cargoes. Drug cartels, fraud rings and terrorist groups such as Hamas use it to launder income.

Yet in dysfunctional economies such as Argentina and Turkey, beset by hyperinflation and a shortage of hard currency, tether is also a lifeline for people who use it for quotidian payments and as a way to protect their savings. Tether is arguably the first successful real-world product to emerge from the cryptocurrency revolution that began over a decade ago. It has made its owners immensely rich. Tether has $120 billion in assets, mostly risk-free U.S. Treasury bills, along with positions in bitcoin and gold. Last year it generated $6.2 billion in profit, outearning BlackRock, the world's largest asset manager, by $700 million.