The facts are _really_ clear: The current factorization record without trickery and deception is 21. Might as well predict that "magic" will break classical crypto in any meaningful time with about the same level of justification.

Well, my current estimate id +5 effective qbits every 50 years. That linear scaling may be massive overestimating things, chances are the real scaling is inverse exponential, but lets assume it is linear for the moment. RSA130 needs around 450 effective qbits in a long calculation. We are currently able to factor 21, i.e. 5 bits. Hence we may see RSA130 fall to a QC in something like 4500 years.

I have absolutely no problem with QCs as physics experiments and for advancing some areas of Math. But pushing them as future computing mechanisms is dishonest and should count as scientific misconduct.

And that is just for them breaking even. Anybody thinks they can push ad revenue 150 times higher?

Indeed. Also note that "basically no progress" can be a lot faster than "basically no progress". At the glacial pace that QCs are making, and with the laughably low performance they currently have (factoring 21 after 50 years of research, seriously???) relative speeds are strongly subject to meaningless artefacts.

We are not going to get AGI this century. The people that claim that are lying (Altman) or are delusional. AGI is not a question of throwing more computing power at the problem. Something fundamental is missing and we have no idea what. Also note that most humans may not actually have any meaningful amount of general intelligence. Only about 10-15% are independent thinkers and can fact-check. And that is basically what AGI would need to be able to do to qualify. Unless we find out a lot more, we cannot even make predictions on whether machines can have AGI.

Now, given that state of affairs and tech history, this indicates we are at the very least 100 years away. And that is if we get a credible and practical theory how AGI works tomorrow. The one mechanisms we have that is AGI (automated theorem proving) does not scale at all in practice due to exponential effort and that is a hard limit. We do not have any other mechanisms. And some quasi-mysticism like "put in all human knowledge and AGI will result" is just bullshit and has no scientific value.

Yes. Not quite there, may take another 20 years or so, but I had an opportunity to see where they where 35 years ago. And they already were deep in the details at that time back when. But the thing is, self-driving is a classical problem and classical problems can be divided, parallelized, special cases and maps put into databases, etc. Self-driving is conceptually _easy_. The practical aspects are not. None of that is true for Quantum Computations. Quantum Computations are all-or-nothing and you cannot break them down into smaller parts.

That said, AGI is still completely out of reach and may not even be in reach of machines in this universe. There is far too much unknown to even credibly speculate. Going to Mars might be possible at this time, but you go there to die. Colonization is at least 100 years away and makes no sense. "Colonizing" the desserts and oceans on earth would be far, far easier and I do not see anybody doing that...

QCs exist. With extreme effort and some trickery, they can even factorize 21 now (35 is still a fail at this time). That is 5 effective qbits in a somewhat complex computation. It makes for a nice physics experiment. But that is after about 50 years of research. And it looks very likely that QC effort scales exponentially in two dimensions of the the size of the computation (qbits and steps in the computation). Hence, if we progress at this speed, we may be able to factor 10 bit numbers with a QC in, say, 50 years. The current recommendations for RSA keys are 2048 bits. That needs about 7000 effective qbits to factor. If we assume the current scalability (+5 effective qbits every 50 years) continues, a current RSA 2048 key will be within reach in about 70'000 years.

The whole thing is nice for Physics, but completely meaningless for Computer Science.

how many more Muslims will America have to kill to demonstrate their commitment to peace?

The sad thing is that at this time, disabling the warning is probably the most secure thing to do. Of course, that comes with other problems.

AWS-256 will remain quantum resistant forever. QCs only get you a halving of the bits for block-ciphers. Hence AES-256 gets you a computational safety of 2^128 and that is unbreakable in this universe and even more so with dog-slow QCs that cannot do long computations and is about the most unsuitable mechanism for brute-forcing anything that is imaginable. The real threat to AES is conventional attacks getting within reach (reducing the effective key-length to something like 80 bit), but AES is built on top of half a century of research and has survived very well for 25 years now.

Also take into account that breaking, say, RSA-2048 needs a long and complex computation with about 7000 fully entangled effective qbits. The current factorization record for QCs is 21 (when you discount trickery and deception and even that was not with the general algorithm you need to use for any real factorization). That is 5 effective qbits. After about 50 years of research. The whole thing is a total non-starter as computing mechanisms. It is interesting for other reasons, namely to check quantum theory at precisions never reached before (which should be reached at around 60...100 effective qbits and that may be within reach), but it will not be a useful computing mechanisms, ever, unless we find some fundamental, and at this time completely unknown, loopholes in quantum reality and essentially break Quantum Theory. That is a possibility. Nobody knows whether it is a likely one or not.

It is far worse: ECC uses significantly shorter keys, hence the QCs needed to break it are exponentially easier to build. May still be out of reach, but the safety margins are much smaller.

The reality of things is that unless you have stuff that needs to stay secret for, say, > 20 years, classical algorithms with currently recommended key-lengths are entirely fine. And there is not a lot of things that really need to stay secret that long. The whole push to actually put post-quantum crypto in production is massively irrational. Yes, have them in reserve and have crypto agility. But use them? There is no rational reason for that. And it is a huge risk as these algos need something like 20-30 years of additional research to get where classical algos are now in security. Theoretical research (and that is what we have here, 90% theory, 10% for actual attacks) is slow.

Probably. The whole thing is deeply irrational (or active sabotage by the USA), hence ignoring the alerts may be the safer choice. But it may also not be. The whole thing is a complete mess and there seem to be real surveillance-fascism interests at work in the background.

It is not actually that hard. And it exists. The Ogg codecs are it. But because they are FOSS, large parts of the industry is irrationally scared of them.

As to AV1, it may not infringe in any way. But it is a commercial target because of the backers behind it and they can get endless litigation and maybe even a settlement even if it is perfectly fine, just from sabotaging its use via a broken legal system.

Sorry, but that is a KISS violation. If there is no credible threat (and there is none from QCs at this time), it is utterly irrational and decreases security to add countermeasures for non-credible threats. A push to do so does raise a couple if questions though, like why the push exists, and there are not good answers given. And that makes the whole endeavor a giant big red flag.

As to resistance of these algorithms, it will require something like 20-30 years of research to bring them up to current classical algorithms in strength against classical attacks, and there is no way to bypass that time. We have seen some indications (and not only that failed finalist) that this maturing period is very much non-optional.

These do not work and cannot work. The core needs to be 100% quantum with full entanglement or you are not getting the gains. And that gets you two really bad bottlenecks: Number of effective Qbits (with very likely exponentially increasing effort) and length of the computation (with very likely exponentially increasing effort).

All "hybrid" schemes get you is that it becomes easier to hide how utterly pathetic real-world QC performance is. I mean, factoring 35 is not even a challenge for a dog-slow, ultra low power and ultra cheap 4 bit microcontroller. Yet no real-world QC can do it without trickery and deception.