Slashdot reader storagedude shared this report from The Cyber Express: A security researcher discovered an exploitable timing leak in the Kyber key encapsulation mechanism (KEM) that's in the process of being adopted by NIST as a post-quantum cryptographic standard. Antoon Purnal of PQShield detailed his findings in a blog post and on social media, and noted that the problem has been fixed with the help of the Kyber team. The issue was found in the reference implementation of the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) that's in the process of being adopted as a NIST post-quantum key encapsulation standard. "A key part of implementation security is resistance against side-channel attacks, which exploit the physical side-effects of cryptographic computations to infer sensitive information," Purnal wrote.

To secure against side-channel attacks, cryptographic algorithms must be implemented in a way so that "no attacker-observable effect of their execution depends on the secrets they process," he wrote. In the ML-KEM reference implementation, "we're concerned with a particular side channel that's observable in almost all cryptographic deployment scenarios: time." The vulnerability can occur when a compiler optimizes the code, in the process silently undoing "measures taken by the skilled implementer." In Purnal's analysis, the Clang compiler was found to emit a vulnerable secret-dependent branch in the poly_frommsg function of the ML-KEM reference code needed in both key encapsulation and decapsulation, corresponding to the expand_secure implementation.
While the reference implementation was patched, "It's important to note that this does not rule out the possibility that other libraries, which are based on the reference implementation but do not use the poly_frommsg function verbatim, may be vulnerable — either now or in the future," Purnal wrote.

Purnal also published a proof-of-concept demo on GitHub. "On an Intel Core i7-13700H, it takes between 5-10 minutes to leak the entire ML-KEM 512 secret key using end-to-end decapsulation timing measurements."

Reuters reports: A special uranium fuel planned for next-generation U.S. nuclear reactors poses security risks because it could be used without further enrichment as fissile material in nuclear weapons, scientists said in an article published on Thursday. The fuel, called high-assay low-enriched uranium, or HALEU, is enriched to levels of up to 20%, compared with about 5% for the fuel that powers most existing reactors.

Until recently it was made in commercial amounts only in Russia, but the United States wants to produce it to fuel a new wave of reactors... "This material is directly usable for making nuclear weapons without any further enrichment or reprocessing," said Scott Kemp, one of five authors of the peer-reviewed article in the journal Science. "In other words, the new reactors pose an unprecedented nuclear-security risk," said Kemp, a professor at the Massachusetts Institute of Technology and a former science adviser on arms control at the State Department. A bomb similar in power to the one the U.S. dropped on Hiroshima, Japan in 1945 could be made from 2,200 pounds (1,000 kg) or less of 19.75% enriched HALEU, the article said. "Designing such a weapon would not be without its challenges, but there do not appear to be any convincing reasons why it could not be done," it said.

The authors said if enrichment is limited to 10% to 12%, the supply chain would be far safer with only modest costs...

TerraPower, a company backed by Bill Gates that has received funding from the [U.S.] Energy Department, hopes to build its Natrium nuclear plant in Wyoming by 2030 to run on HALEU. TerraPower in late 2022 delayed Natrium's launch date by at least two years to 2030 due to a lack of HALEU. A TerraPower spokesperson said Natrium will use HALEU as it allows more efficient energy production and reduces nuclear waste volumes. "TerraPower has made reduction of weapons risks a foundational principle" the spokesperson said, adding that its fuel cycle eliminates the risk of proliferation.
Reuters notes that America's 2022 climate legislation "included $700 million for a HALEU availability program including purchasing the fuel to create a supply chain for planned high-tech reactors."

But the study's authors argue that if it becomes a standard reactor fuel, it could eliminate the distinction between peaceful and nonpeaceful nuclear programs — in countries around the world.

Thanks to Slashdot reader locater16 for sharing the article.

Bruce66423 shares a report from The Independent: A potential disaster was narrowly avoided when a packed passenger plane took off just seconds before it was about to run out of runway because of a software glitch. The Boeing aircraft, operated by TUI, departed from Bristol Airport for Las Palmas, Gran Canaria on 9 March with 163 passengers on board when it struggled to take off. The 737-800 plane cleared runway nine with just 260 metres (853ft) of tarmac to spare at a height of 10ft. It then flew over the nearby A38 road at a height of just 30 metres (100ft) travelling at the speed of around 150kts (about 173mph). The A38 is a major A-class busy road, connecting South West England with the Midlands and the north.

The Air Accidents Investigation Branch (AAIB), part of the Department for Transport, said the incident was the result of insufficient thrust being used during take-off. Pilots manually set the thrust level following a software glitch that Beoing was aware of before take-off. "A Boeing 737-800 completed a takeoff from Runway 09 at Bristol Airport with insufficient thrust to meet regulated performance," the AAIB report said. "The autothrottle (A/T) disengaged when the takeoff mode was selected, at the start of the takeoff roll, and subsequently the thrust manually set by the crew (84.5% N1 ) was less than the required takeoff thrust (92.8% N1 ). Neither pilot then noticed that the thrust was set incorrectly, and it was not picked up through the standard operating procedures (SOPs)."

Fans have noticed that, over the last few months, Sony quietly removed any mention of 8K on the PlayStation 5 boxes. "I have been endlessly bitching since the PS5 released about that 8k Badge," writes X user @DeathlyPrice. "It is false Advertising and Sony should be sued for it." Others shared their grievances via PlayStation Lifestyle and a Reddit thread. GameSpot reports: A FAQ on Sony's official site in 2020 stated that "PS5 is compatible with 8K displays at launch, and after a future system software update will be able to output resolutions up to 8K when content is available, with supported software." But to date, the only game that offers 8K resolution on PS5 is The Touryst, which looks more like Minecraft than a game with advanced visuals.

The reality is that 8K has not been widely adopted by video game developers, or even by filmmakers at this point. There are 8K televisions on the market, but it may be quite some time, if ever, before it becomes the standard for either gaming or entertainment.

Apple has quietly added a Thread radio to nearly all of its newest iPads, MacBooks, and iMacs. The Verge reports: While the company doesn't list Thread on the specs of any of these products, FCC reports indicate that many of Apple's latest devices have had Thread radios tested for compliance. Generally, you don't test a radio that's not there. We found evidence of Thread testing in the following models: iPad Pro 13-inch (M4) (Wi-Fi + Cellular), iPad Pro 11-inch (M4) (Wi-Fi + Cellular), iPad Pro 11-inch (M4) (Wi-Fi), iPad Air 11-inch (M2) (Wi-Fi + Cellular), iPad Air 13-inch (M2) Wi-Fi, MacBook Air 15-inch (M3), MacBook Pro 14-inch (M3), MacBook Pro 14-inch (M3 Pro or M3 Max), MacBook Pro 16-inch (M3 Pro or M3 Max), iMac (M3, two ports), and iMac (M3, four ports).

The FCC requires manufacturers to list every radio contained in a device and to test them in every possible scenario to make sure they comply with its transmission regulations. Tom Sciorilli, director of certification for Thread Group, told The Verge that the FCC reports reference FCC 15.247, "which confirms the device will essentially 'stay in its lane' and not interfere with other radios when operating." The reports we found are tests of the IEEE 802.15.4 transmitter functionality -- 802.15.4 is the radio standard Thread runs on. While it supports a number of technologies, the reports mention Thread explicitly.

Thread is the primary wireless protocol for the new smart home standard Matter, which Apple helped develop and that is now the underlying architecture for its Apple Home smart home platform. A low-power, low-bandwidth, mesh networking protocol specifically designed for IoT devices, Thread is shown to be faster than Bluetooth and offers better range, making it ideal for connecting products like smart lights, locks, thermostats, and sensors. [...] So why is it there? The Apple Home app runs on Macs and iPads, and Thread radios could allow them to communicate directly with smart home devices and act as Thread border routers. It's possible Apple is planning to turn your Mac or iPad into a home hub, but iPads used to be home hubs, and the company discontinued that capability for its new Apple Home architecture. Those iPads didn't have Thread radios, though.

An anonymous reader shares a report: A Chinese research team says it has uncovered a significant security flaw in processor design that could have a wide impact on China's booming domestic chip industry. China was relying on the structure of the world's largest open-source CPU architecture to build their own CPUs and bypass the US chip ban, and was paying attention to any weaknesses, they said. The issue was found in RISC-V, an open-source standard used in advanced chips and semiconductors. Compared with mainstream CPU structures -- such as X86 used by Intel and AMD --RISC-V offers free access and can be modified without restriction.

The flaw allows attackers to bypass the security protections of modern processors and operating systems without administrative rights, leading to the potential theft of protected sensitive information and breaches of personal privacy. The vulnerability was confirmed by the team of Professor Hu Wei at Northwestern Polytechnical University (NPU), a major defence research institute in Shaanxi province. The researchers are experienced in hardware design security, vulnerability detection and cryptographic application safety. It was first reported by the National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT) on April 24, and NPU gave further details in an official announcement on May 24.

AmiMoJo shares a report: The world is off track to meet the goal of tripling renewable electricity generation by 2030, a target viewed as vital to enable a swift global transition away from fossil fuels, but there are promising signs that the pace of progress may be picking up.

Countries agreed last December on a tripling of renewable power by the end of this decade. But few have yet taken concrete steps to meet this requirement and on current policies and trends global renewable generation capacity would only roughly double in developed countries, and slightly more than double globally by 2030, according to an analysis by the International Energy Agency.

Governments should include targets and policies on renewables in their national action plans for the climate (called nationally determined contributions, or NDCs), which are a requirement under the Paris agreement, the IEA found. Many currently fail to do so, even though vast increases in renewable power are essential to meeting the treaty's aspiration of limiting temperature rises to 1.5C above pre-industrial levels.

The IEA, the gold standard for global energy research, analysed the domestic policies and targets of nearly 150 countries, and found they would result in about 8,000GW of renewable energy capacity by 2030. That amount is about 70% of what is necessary to reach 11,000GW of capacity, the amount needed for the tripling goal agreed at the Cop28 UN climate summit in Dubai last year.

Slashdot reader storagedude shares a provocative post from the cybersecurity news blog of Cyble Inc. (a Ycombinator-backed company promising "AI-powered actionable threat intelligence").

The post delves into concerns that the new "Recall" feature planned for Windows (on upcoming Copilot+ PCs) is "a security and privacy nightmare." Copilot Recall will be enabled by default and will capture frequent screenshots, or "snapshots," of a user's activity and store them in a local database tied to the user account. The potential for exposure of personal and sensitive data through the new feature has alarmed security and privacy advocates and even sparked a UK inquiry into the issue. In a long Mastodon thread on the new feature, Windows security researcher Kevin Beaumont wrote, "I'm not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC."

In a blog post on Recall security and privacy, Microsoft said that processing and storage are done only on the local device and encrypted, but even Microsoft's own explanations raise concerns: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry." Security and privacy advocates take issue with assertions that the data is stored securely on the local device. If someone has a user's password or if a court orders that data be turned over for legal or law enforcement purposes, the amount of data exposed could be much greater with Recall than would otherwise be exposed... And hackers, malware and infostealers will have access to vastly more data than they would without Recall.

Beaumont said the screenshots are stored in a SQLite database, "and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.... Recall enables threat actors to automate scraping everything you've ever looked at within seconds."
Beaumont's LinkedIn profile and blog say that starting in 2020 he worked at Microsoft for nearly a year as a senior threat intelligence analyst. And now Beaumont's Mastodon post is also raising other concerns (according to Cyble's blog post):

• "Sensitive data deleted by users will still be saved in Recall screenshots... 'If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.'"

• "Beaumont also questioned Microsoft's assertion that all this is done locally."

The blog post also notes that Leslie Carhart, Director of Incident Response at Dragos, had this reaction to Beaumont's post. "The outrage and disbelief are warranted."

London's famed Evening Standard newspaper has announced plans to end its daily outlet, "bringing an end to almost 200 years of publication in the capital," reports The Guardian. Going forward, the company plans to launch "a brand new weekly newspaper later this year and consider options for retaining ES Magazine with reduced frequency," while also working to increase traffic to its website. "In its 197-year history the Evening Standard has altered its format, price, content and distribution models," notes The Guardian. "But giving up on producing a daily print newspaper is the biggest change yet." From the report: The newspaper said it has been hit hard by the introduction of wifi on the London Underground, a shortage of commuters owing to the growth of working from home and changing consumer habits. The Standard lost 84.5 million pounds in the past six years, according to its accounts, and is reliant on funding from its part-owner Evgeny Lebedev. Its other shareholders include a bank with close links to the Saudi government. Industry sources suggested Lebedev had been willing to consider selling the outlet in recent years but no buyer was found.

Paul Kanareck, the newspaper's chair, told staff on Wednesday morning: "The substantial losses accruing from the current operations are not sustainable. Therefore, we plan to consult with our staff and external stakeholders to reshape the business, return to profitability and secure the long-term future of the number one news brand in London." Kanareck said there would be an "impact on staffing," with journalists bracing themselves for further job losses on top of years of redundancies, while design staff on the print edition are expected to be hit hard. Distributors who hand out the newspaper across London are also likely to be out of work, and billboards outside railway stations advertising the day's headline will stand empty on most days.

He suggested there would be a change in focus for the weekly outlet: "A proposed new weekly newspaper would replace the daily publication, allowing for more in-depth analysis of the issues that matter to Londoners, and serve them in a new and relevant way by celebrating the best London has to offer, from entertainment guides to lifestyle, sports, culture and news and the drumbeat of life in the world's greatest city." Closing the Evening Standard will mean that for the first time in centuries, Londoners will have no general-interest daily print newspaper. The finance-focused City AM, which was recently saved by the billionaire Matthew Moulding, will continue to publish four days a week and has recently increased its distribution. Further reading: So it's goodbye to London's Standard, my old paper -- and to the heart of democracy, local news (Opinion; The Guardian)

An anonymous reader shares a CR report: Based on the name, you'd think Filmmaker Mode is strictly for watching movies. But in our labs, we find that it can get you pretty close to what we consider to be the ideal settings for all types of programming. Filmmaker Mode is the product of a joint effort by the Hollywood film community, TV manufacturers, and the UHD Alliance to help consumers easily set up their TVs and watch shows and films as they were meant to be displayed. The preset has been widely praised by a host of well-known directors, including J.J. Abrams, Paul Thomas Anderson, James Cameron, Patty Jenkins, Rian Johnson, Christopher Nolan, Jordan Peele, and Martin Scorsese, as well as actors such as Tom Cruise. Right now, you can find Filmmaker Mode on TVs from Hisense, LG, Philips, Samsung, and Vizio. And more sets may get the feature this year.

Most newer TVs have fancy features that manufacturers say will improve the picture. But these features can actually have the opposite effect, degrading the fidelity of the image by altering how it was originally intended to look. To preserve the director's original intent, Filmmaker Mode shuts off all the extra processing a TV might apply to movies and shows, including both standard (SDR) and high dynamic range (HDR) content on 4K TVs. This involves preserving the TV's full contrast ratio, setting the correct aspect ratio, and maintaining the TV's color and frame rates, so films look more like what you'd see in a theater. For most of us, though, the biggest benefit of Filmmaker Mode is what the TV won't be doing. For example, it turns off motion smoothing, also referred to as motion interpolation, which can remove movies' filmlike look. (This is one of three TV features that it's best to stop using.) Motion-smoothing features were introduced because most films, and some TV shows, are shot at 24 frames per second, while most TVs display images at 60 or 120 frames per second. To deal with these mismatches, the TV adds made-up (interpolated) frames, filling in the gaps to keep the motion looking smooth. But this creates an artificial look, commonly called the soap opera effect. Think of a daytime TV show shot on video.

Framework, a company known for its modular laptops, has announced a fourth round of iterative updates and upgrade options for its Framework Laptop 13. The upgrades include motherboards and pre-built laptops featuring new Intel Meteor Lake Core Ultra processors with Intel Arc dedicated GPUs, lower prices for AMD Ryzen 7000 and 13th-gen Intel editions, and a new display with a higher resolution and refresh rate.

The Core Ultra boards come with three CPU options, with prices starting at $899 for a pre-built or DIY model. Upgrading from an older Intel Framework board requires an upgrade to DDR5 RAM, and Framework charges $40 for every 8GB of DDR5-5600, which is above market rates. The new 13.5-inch display has a resolution of 2880x1920, a 120 Hz refresh rate, and costs $130 more than the standard display.

Google is introducing the Gemini AI chatbot to Chromebook Plus models, enhancing features like text rewriting, image editing, and hands-free control. Here are a few of the top new features coming to ChromeOS, as summarized by Wired: The first notable feature is Help Me Write, which works in any text box. Select text in any text box and right-click -- you'll see a box next to the standard right-click context menu. You can ask Google's AI to rewrite the selected text, rephrase it in a specific way, or change the tone. I tried to use it on a few sentences in this story but did not like any of the suggestions it gave me, so your mileage may vary. Or maybe I'm a better writer than Google's AI. Who knows?

Google's bringing the same generative AI wallpaper system you'll find in Android to ChromeOS. You can access this feature in ChromeOS's wallpaper settings and generate images based on specific parameters. Weirdly, you can create these when you're in a video-calling app too. You'll see a menu option next to the system tray whenever the microphone and video camera are being accessed -- tap on it and click "Create with AI" and you can generate an image for your video call's background. I'm not sure why I'd want a background of a "surreal bicycle made of flowers in pink and purple," but there you go. AI!

Here's something a little more useful: Magic Editor in Google Photos. Yep, the same feature that debuted in Google's Pixel 8 smartphones is now available on Chromebook Plus laptops. In the Google Photos app, you can press Edit on a photo and you'll see the option for Magic Editor. (You'll need to download more editing tools to get started.) This feature lets you erase unwanted objects in your photos, move a subject to another area of the frame, and fill in the backgrounds of photos. I successfully erased a paint can in the background of a photo of my dog, and it worked pretty quickly.

Then there's Gemini. It's available as a stand-alone app, and you can ask it to do pretty much anything. Write a cover letter, break down complex topics, ask for travel tips for a specific country. Just, you know, double-check the results and make sure there aren't any hallucinations. If you want to tap into Google's Gemini Advanced model, the company says it is offering 12 months free for new Chromebook Plus owners through the end of the year, so you have some time to redeem that offer. This is technically an upgrade from Google One, and it nets you Gemini for Workspace, 2 terabytes of storage, and a few other perks. New features coming to all Chromebooks include easy setup with Android phones via QR code for sharing Wi-Fi credentials, integration of Google Tasks into the system tray, a Game Dashboard for mapping controls and recording gameplay as GIFs, and a built-in screen recorder tool. Upcoming enhancements also include Hands-Free Control using face gestures, the Help Me Read feature with Gemini for summarizing websites and PDFs, and an Overview screen to manage open browser windows, tabs, and apps.

You can check if your Chromebook is compatible with the Chromebook Plus OS update here.

A Rust Foundation blog post begins by reminding readers that Rust programs "are unable to compile if memory management rules are violated, essentially eliminating the possibility of a memory issue at runtime."

But then it goes on to explore "Unsafe Rust in the wild" (used for a small set of actions like dereferencing a raw pointer, modifying a mutable static variable, or calling unsafe functions). "At a superficial glance, it might appear that Unsafe Rust undercuts the memory-safety benefits Rust is becoming increasingly celebrated for. In reality, the unsafe keyword comes with special safeguards and can be a powerful way to work with fewer restrictions when a function requires flexibility, so long as standard precautions are used."

The Foundation lists those available safeguards — which "make exploits rare — but not impossible." But then they go on to analyze just how much Rust code actually uses the unsafe keyword: The canonical way to distribute Rust code is through a package called a crate. As of May 2024, there are about 145,000 crates; of which, approximately 127,000 contain significant code. Of those 127,000 crates, 24,362 make use of the unsafe keyword, which is 19.11% of all crates. And 34.35% make a direct function call into another crate that uses the unsafe keyword [according to numbers derived from the Rust Foundation project Painter]. Nearly 20% of all crates have at least one instance of the unsafe keyword, a non-trivial number.

Most of these Unsafe Rust uses are calls into existing third-party non-Rust language code or libraries, such as C or C++. In fact, the crate with the most uses of the unsafe keyword is the Windows crate, which allows Rust developers to call into various Windows APIs. This does not mean that the code in these Unsafe Rust blocks are inherently exploitable (a majority or all of that code is most likely not), but that special care must be taken while using Unsafe Rust in order to avoid potential vulnerabilities...

Rust lives up to its reputation as an excellent and transformative tool for safe and secure programming, even in an Unsafe context. But this reputation requires resources, collaboration, and constant examination to uphold properly. For example, the Rust Project is continuing to develop tools like Miri to allow the checking of unsafe Rust code. The Rust Foundation is committed to this work through its Security Initiative: a program to support and advance the state of security within the Rust Programming language ecosystem and community. Under the Security Initiative, the Rust Foundation's Technology team has developed new tools like [dependency-graphing] Painter, TypoMania [which checks package registries for typo-squatting] and Sandpit [an internal tool watching for malicious crates]... giving users insight into vulnerabilities before they can happen and allowing for a quick response if an exploitation occurs.

OpenAI has reversed its decision requiring former employees to sign a perpetual non-disparagement agreement to retain their vested equity, stating that they will not cancel any vested units and will remove non-disparagement clauses from departure documents. CNBC reports: The internal memo, which was viewed by CNBC, was sent to former employees and shared with current ones. The memo, addressed to each former employee, said that at the time of the person's departure from OpenAI, "you may have been informed that you were required to execute a general release agreement that included a non-disparagement provision in order to retain the Vested Units [of equity]." "Regardless of whether you executed the Agreement, we write to notify you that OpenAI has not canceled, and will not cancel, any Vested Units," stated the memo, which was viewed by CNBC.

The memo said OpenAI will also not enforce any other non-disparagement or non-solicitation contract items that the employee may have signed. "As we shared with employees, we are making important updates to our departure process," an OpenAI spokesperson told CNBC in a statement. "We have not and never will take away vested equity, even when people didn't sign the departure documents. We'll remove non-disparagement clauses from our standard departure paperwork, and we'll release former employees from existing non-disparagement obligations unless the non-disparagement provision was mutual," said the statement, adding that former employees would be informed of this as well. "We're incredibly sorry that we're only changing this language now; it doesn't reflect our values or the company we want to be," the OpenAI spokesperson added.

An anonymous reader quotes a report from The Guardian: Hopes that replacement fuels for airplanes will slash carbon pollution are misguided and support for these alternatives could even worsen the climate crisis, a new report has warned. There is currently "no realistic or scalable alternative" to standard kerosene-based jet fuels, and touted "sustainable aviation fuels" are well off track to replace them in a timeframe needed to avert dangerous climate change, despite public subsidies, the report by the Institute for Policy Studies, a progressive thinktank, found. "While there are kernels of possibility, we should bring a high level of skepticism to the claims that alternative fuels will be a timely substitute for kerosene-based jet fuels," the report said. [...]

In the U.S., Joe Biden's administration has set a goal for 3 billion gallons of sustainable aviation fuel, which is made from non-petroleum sources such as food waste, woody biomass and other feedstocks, to be produced by 2030, which it said will cut aviation's planet-heating emissions by 20%. [...] Burning sustainable aviation fuels still emits some carbon dioxide, while the land use changes needed to produce the fuels can also lead to increased pollution. Ethanol biofuel, made from corn, is used in these fuels, and meeting the Biden administration's production goal, the report found, would require 114m acres of corn in the U.S., about a 20% increase in current land area given over to to the crop. In the UK, meanwhile, 50% of all agricultural land will have to be given up to sustain current flight passenger levels if jet fuel was entirely replaced. "Agricultural land use changes could threaten global food security as well as nature-based carbon sequestration solutions such as the preservation of forests and wetlands," the report states. "As such, SAF production may actively undermine the Paris agreement goal of achieving greatly reduced emissions by 2050." Chuck Collins, co-author of the report, said: "To bring these fuels to the scale needed would require massive subsidies, the trade-offs would be unacceptable and would take resources aware from more urgent decarbonization priorities."

"It's a huge greenwashing exercise by the aviation industry. It's magical thinking that they will be able to do this."

Phil Ansell, director of the Center for Sustainable Aviation at the University of Illinois, added: "There's an underappreciation of how big the energy problem is for aviation. We are still many years away from zero pollution flights. But it's true that the industry has been slow to pick things up. We are now trying to find solutions, but we are working at this problem and realizing it's a lot harder than we thought. We are late to the game. We are in the dark ages in terms of sustainability, compared to other sectors."

Companies working with the US government may be required to start protecting their data and technology from attacks by quantum computers as soon as July. From a report: The National Institute for Standards and Technology, part of the Department of Commerce, will in July stipulate three types of encryption algorithms the agency deems sufficient for protecting data from quantum computers, setting an internationally-recognized standard aimed at helping organizations manage evolving cybersecurity threats. The rollout of the standards will kick off "the transition to the next generation of cryptography," White House deputy national security adviser Anne Neuberger told Bloomberg in Cambridge, England on Tuesday. Breaking encryption not only threatens "national security secrets" but also the the way we secure the internet, online payments and bank transactions, she added.

Neuberger was speaking at an event organized by the University of Cambridge and Vanderbilt University, hosting academics, industry professionals and government officials to discuss the threats posed to cybersecurity by quantum computing, which vastly accelerates processing power by performing calculations in parallel rather than sequentially and will make existing encryption systems obsolete.

An anonymous reader shared this report from the blog OMG Ubuntu: Ubuntu first switched to using Wayland as its default display server in 2017 before reverting the following year. It tried again in 2021 and has stuck with it since. But while Wayland is what most of us now log into after installing Ubuntu, anyone doing so on a PC or laptop with an NVIDIA graphics card present instead logs into an Xorg/X11 session.

This is because NVIDIA's proprietary graphics drivers (which many, especially gamers, opt for to get the best performance, access to full hardware capabilities, etc) have not supported Wayland as well as as they could've. Past tense as, thankfully, things have changed in the past few years. NVIDIA's warmed up to Wayland (partly as it has no choice given that Wayland is now standard and a 'maybe one day' solution, and partly because it wants to: opportunities/benefits/security).

With the NVIDIA + Wayland sitch' now in a better state than before — but not perfect — Canonical's engineers say they feel confident enough in the experience to make the Ubuntu Wayland session default for NVIDIA graphics card users in Ubuntu 24.10.

The thinktank InfluenceMap produces "data-driven analysis on how business and finance are impacting the climate crisis." Their web site says their newest report documents "How automaker lobbying threatens the global transition to electric vehicles." This report analyses the climate policy engagement strategies of fifteen of the largest global automakers in seven key regions (Australia, EU, Japan, India, South Korea, UK, US). It shows how even in countries where major climate legislation has recently passed, such as the US and Australia, the ambition of these policies has been weakened due to industry pressure. All fifteen automakers, except Tesla, have actively advocated against at least one policy promoting electric vehicles. Ten of the fifteen showed a particularly high intensity of negative engagement and scored a final grade of D or D+ by InfluenceMap's methodology. Toyota is the lowest-scoring company in this analysis, driving opposition to climate regulations promoting battery electric vehicles in multiple regions, including the US, Australia and UK. Of all automakers analyzed, only Tesla (scoring B) is found to have positive climate advocacy aligned with science-based policy.
CleanTechnica writes that Toyota "led on hybrid vehicles (and still does), so it's actually not surprising that it has been opposed to the next stage of climate-cutting auto evolution — it's clinging on to its lead rather than continuing to innovate for a new era."

More from InfluenceMap: Only three of fifteen companies — Tesla, Mercedes Benz and BMW — are forecast to produce enough electric vehicles by 2030 to meet the International Energy Agency's updated 1.5 degreesC pathway of 66% electric vehicle (battery electric, fuel cell and plug-in hybrids) sales according to InfluenceMap's independent analysis of industry-standard data from February 2024. Current industry forecasts analyzed for this report show automaker production will reach only 53% electric vehicles in 2030. Transport is the third-largest source of greenhouse gas emissions globally, and road transport is failing to decarbonize at anywhere near the rate of many other industries. InfluenceMap's report also finds that Japanese automakers are the least prepared for an electric vehicle transition and are engaging the hardest against it.
"InfluenceMap highlights that these anti-EV efforts in the industry are often coming from industry associations rather than coming directly from automakers, shielding them a bit from inevitable public backlash," writes CleanTechnica.

"Every automaker included in the study except Tesla remains a member of at least two of these groups," InfluenceMap reports, "with most automakers a member of at least five."

Thanks to Slashdot reader Baron_Yam for sharing the news.

Western Digital has unveiled new 6TB external hard drives -- "the first new capacity point for this hard drive drive form factor in about seven years," reports Tom's Hardware. "There is a catch, though: the HDD is slow and will unlikely fit into any mobile PCs, so it looks like it will exclusively serve portable and specialized storage products." From the report: Western Digital's 6TB 2.5-inch HDD is currently used for the latest versions of the company's My Passport, Black P10, and G-Drive ArmorATD external storage devices and is not available separately. All of these drives (excluding the already very thick G-Drive ArmorATD) are thicker than their 5 TB predecessors, which may suggest that in a bid to increase the HDD's capacity, the manufacturer simply installed another platter and made the whole drive thicker instead of developing new platters with a higher areal density.

While this is a legitimate way to expand the capacity of a hard drive, it is necessary to note that 5TB 2.5-inch HDDs already feature a 15-mm z-height, which is the highest standard z-height for 2.5-inch form-factor storage devices. As a result, these 6TB 2.5-inch drives will unlikely fit into any desktop PC. When it comes to specifications of the latest My Passport, Black P10, and G-Drive ArmorATD external HDDs, Western Digital only discloses that they offer up to 130 MB/s read speed (just like their predecessors), feature a USB 3.2 Gen 1 (up to 5 GT/s) interface using either a modern USB Type-C or Micro USB Type-B connector and do not require an external power adapter.

Apple is developing a significantly thinner version of the iPhone [non-paywalled source] that could be released as early as 2025, The Information reported Friday, citing three people with direct knowledge of the project. From the report: The slimmer iPhone could be released concurrently with the iPhone 17, expected in September 2025, according to the three people with direct knowledge and two others familiar with the project. It could be priced higher than the iPhone Pro Max, currently Apple's most expensive model starting at $1,200, they said.

The people familiar with the project described the new iPhone, internally code-named D23, as a major redesign -- similar to the iPhone X, which Apple marketed as a technological leap from previous generations and which started at $1,000 when it was released in 2017. Several of its novel features, such as FaceID, the OLED screen and glass back, became standard in subsequent models.