Google's describes their new Gemini-powered foldable phone as "an epic display of Google AI" (also calling it "unfoldgettable").

The Android Authority blog says the phone is "impressive," "incredibly thin" — and, at $1,800, expensive.

But long-time Slashdot reader mprindle notes some complaints from the YouTube channel JerryRigEverything ("known for in-depth testing of phones and other devices".) The blog 9to5Google summarizes some of the video's findings: - When exposed to dirt and sand, we hear the hinge start grinding since there's no dust protection...

- A closed bend test reveals no problems for the Pixel 9 Pro Fold, but the issues arise when it's open and bent from the back. Despite the left/right back panels meeting and covering the spine of the hinge, "there doesn't appear to be a whole lot of resistance."
"Not sure why Google thought it was a good idea to put an antenna line right here at the weakest point in an already thin frame," the video notes (arguing it's "like putting an exhaust port in the Death Star...")

But they also tell their 8.8 million subscribers that "One cool thing that Google has done is that they've made every single part of this metal frame from recycled aluminum." And "Out of the box, I'm already a huge fan of how it looks," the video begins. "It feels amazing, and folds completely shut and appears like the hardware has finally caught up to the folding form factor to where it looks just natural."

One thing to note... "Moving to the inner display, I start to get the vibe that when Google says 'super durable', they mean 'regular durable', since the inner display is made from the same soft flexible plastic that we've seen on every folding phone so far, which scratches at level two. Even fingernails can leave very permanent marks on the center screen. This is absolutely normal for a folding phone, though, and really not too big of a deal if you take care it, making sure there are no bits of dust or dirt in the screen when you close it will go a long way to keeping things pristine, since there's not a lot of room between the two halves."

iFixit makes an interesting observation: "Over half of the phone's internal area is occupied by the lithium polymer battery cells!" (They've also created another teardown video available on YouTube.)

"There's no denying that the inner screens are delicate and prone to damage," according to an accompanying iFixit blog post, "and the mechanical nature of the hinge mechanism provides additional avenues for dust and liquid ingress that may eventually become a problem."

But it also applauds "the less obvious repairability wins, from repair guides and a detailed Bill of Materials to spare parts that are available without malicious restrictions... [T]he Pixel team has gone to great lengths to support your right to repair the device you paid for and own" — and from Day One. There's really only a single criticism I'd direct at the Pixel 9 Fold from my own disassembly experience: the battery removal tabs. These tabs simply do not work, with or without the application of heat. They are flimsy and break often, require a second pair of hands to secure the device, and they fail to cut through adhesive reliably. Whether they should even try to cut through adhesive is debatable. Stretch release adhesive might age and break over time but at least they give you a chance at removing the adhesive. Pull tabs don't even work when the adhesive is brand new, they literally have no redeeming qualities when compared to other battery release mechanisms. Even the more robust pull tabs Samsung uses in its phones work better than this, though they aren't necessarily the easiest to use either.

As for the device itself, it prompted one of my colleagues — an iPhone user since forever — to say "this is nice, I'd switch to Android for this"... Setting aside the downsides of owning a foldable smartphone, I am excited to see Google and the Pixel team devoting so much time and energy towards improving the overall repairability of the device. The effort is seen and appreciated by device owners and as a technician, I look forward to seeing how manufacturers will continue to innovate for repairability.
Slashdot reader mprindle reminds us that when it comes to waterproofing, the JerryRigEverything video "noted that the footnotes say the device is rated IP68 yet the Sim tray is rated at IPx8."

Wired published some thoughts from Hans Peter Brondmo, the former head of "Google's seven-year mission to give AI a robot body".

An anonymous reader shared this report from Axios: Building AI-powered robots that can flexibly operate in the real world is going to take much longer than Silicon Valley believes and promises, according to the former head of Google's robotics moonshot project, writing in Wired...

Everyday Robotics spent seven years and a small Google fortune developing a one-armed robot on a wheeled platform. By the time Google pulled the plug on the project in February 2023, the robots were helping clean up researchers' desks and sorting trash during the daytime; in the evening, they were improvising dances. [Google hired a professional dancer as an artist-in-residence who teamed with "a few other engineers" to build an AI algorithm trained on the dancer's choreography preferences...]

Google founder Larry Page — favored moving directly to "end to end" (e2e) learning, where you'd hand robots a general task and they'd be able to figure out how to execute it. That, Page felt, was a goal worthy of a moonshot. But it also turned out to be out of reach. "I have come to believe," Brondmo writes, "it will take many, many thousands, maybe even millions of robots doing stuff in the real world to collect enough data to train e2e models that make the robots do anything other than fairly narrow, well-defined tasks...." ["Building robots that perform useful services — like cleaning up and wiping all the tables in a restaurant, or making the beds in a hotel — will require both AI and traditional programming for a long time to come. In other words, don't expect robots to go running off outside our control, doing something they weren't programmed to do, anytime soon."]

The bottom line: So far, robot hype is outpacing robot reality. Boston Dynamics' back-flipping humanoid and quadruped bots have wowed YouTube viewers — but you wouldn't want to let them anywhere near your office or home.
It's an interesting look back. "My job: help figure out what to do with the employees and technology left over from nine robot companies that Google had acquired," Brondmo writes: Andy "the father of Android" Rubin, who had previously been in charge, had suddenly left. Larry Page and Sergey Brin kept trying to offer guidance and direction during occasional flybys in their "spare time...." I knew from firsthand experience how hard it was to build a company that, in Steve Jobs' famous words, could put a dent in the universe, and I believed that Google was the right place to make certain big bets. AI-powered robots, the ones that will live and work alongside us one day, was one such audacious bet.

Eight and a half years later — and 18 months after Google decided to discontinue its largest bet in robotics and AI — it seems as if a new robotics startup pops up every week. I am more convinced than ever that the robots need to come. Yet I have concerns that Silicon Valley, with its focus on "minimum viable products" and VCs' general aversion to investing in hardware, will be patient enough to win the global race to give AI a robot body. And much of the money that is being invested is focusing on the wrong things...

When I arrived, the lab had already hatched Waymo, Google Glass, and other science-fiction-sounding projects like flying energy windmills and stratospheric balloons that would provide internet access to the underserved... [But] in January 2023, two months after OpenAI introduced ChatGPT, Google shut down Everyday Robots, citing overall cost concerns. The robots and a small number of people eventually landed at Google DeepMind to conduct research. In spite of the high cost and the long timeline, everyone involved was shocked.
They'd tackled the problem with earnestness. ("[S]even robots working for months to learn how to pick up a rubber duckling? That wasn't going to cut it... So we built a cloud-based simulator and, in 2021, created more than 240 million robot instances in the sim.ma")

Brondmo adds this his mother had advanced Parkinson's disease, and hoped that one day robots could support her. "Our frequent conversations toward the end of her life convinced me more than ever that a future version of what we started at Everyday Robots will be coming. In fact, it can't come soon enough.

"So the question we are left to ponder becomes: How does this kind of change and future happen? I remain curious, and concerned."

Samba is "a free software re-implementation of the SMB networking protocol," according to Wikipedia. And now the Samba project "has secured significant funding (€688,800.00) from the German Sovereign Tech Fund to advance the project," writes Jeremy Allison — Sam (who is Slashdot reader #8,157 — and also a long standing member of Samba's core team): The investment was successfully applied for by [information security service provider] SerNet. Over the next 18 months, Samba developers from SerNet will tackle 17 key development subprojects aimed at enhancing Samba's security, scalability, and functionality.

The Sovereign Tech Fund is a German federal government funding program that supports the development, improvement, and maintenance of open digital infrastructure. Their goal is to sustainably strengthen the open source ecosystem.

The project's focus is on areas like SMB3 Transparent Failover, SMB3 UNIX extensions, SMB-Direct, Performance and modern security protocols such as SMB over QUIC. These improvements are designed to ensure that Samba remains a robust and secure solution for organizations that rely on a sovereign IT infrastructure. Development work began as early as September the 1st and is expected to be completed by the end of February 2026 for all sub-projects.

All development will be done in the open following the existing Samba development process. First gitlab CI pipelines have already been running and gitlab MRs will appear soon!
Back in 2000, Jeremy Allison answered questions from Slashdot readers about Samba.

Allison is now a board member at both the GNOME Foundation and the Software Freedom Conservancy, a distinguished engineer at Rocky Linux creator CIQ, and a long-time free software advocate.

An anonymous Slashdot reader writes: Haiku (the MIT-licensed operating system, inspired by BeOS) has released its fifth beta for Haiku R1.

Some new features include improved UI color management, improved dark mode coloring, Tracker improvements, TUN/TAP support for VPN connections, TCP throughput improvements, performance optimizations, UFS2 (BSD's filesystem) read-only support, new FAT filesystem driver, improved hardware support, improved POSIX compliance, improved performance, and more.
Slashdot has been covering the fate of the BeOS since 2000 (as well as the short-lived derivative project ZETA — and Haiku).

And now "With a history of over two decades and previously known as OpenBeOS, today's Haiku is pushing forward..." writes the site NotebookCheck: Haiku is a spiritual successor to BeOS, with a focus on a clean and user-friendly design paired with low system requirements. The minimum system requirements are still an Intel Pentium II/AMD Athlon CPU or better, at least 384 MB RAM, an 800x600 screen, and at least 3GB storage. It works on both 32-bit and 64-bit x86 PCs, and the 32-bit version can run many unmodified BeOS applications. It might be the best desktop open-source operating system not based on Linux or Unix... It works well in a virtual machine like VirtualBox or UTM.

An anonymous reader quotes a report from Ars Technica: Researchers still don't know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections. "At the moment, the source of the TV boxes' backdoor infection remains unknown," Thursday's post stated. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access." The following device models infected by Vo1d are: [R4, TV BOX, KJ-SMART4KVIP].

One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What's more, Doctor Web said it's not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models. Further, while only licensed device makers are permitted to modify Google's AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user. "These off-brand devices discovered to be infected were not Play Protect certified Android devices," Google said in a statement. "If a device isn't Play Protect certified, Google doesn't have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety."

Users can confirm if their device runs Android TV OS via this link and following the steps here.

iFixit has created its own USB-C soldering iron and portable power station called FixHub, "designed to allow all types of users to handle soldering work wherever they may be," reports MacRumors. From the report: The Portable Power Station serves as the command and power center for FixHub, including a 55-watt-hour battery to support over eight hours of continuous soldering on a single charge. The power supply delivers up to 100 watts to a pair of USB-C ports, allowing it to run two soldering irons simultaneously, and the fact that it's simply a USB-C power output device means you can also use it to power or recharge an array of devices like phones.

The solidly built power station includes a handy display to show the status of your soldering iron, along with a convenient dial for adjusting the power being delivered to the iron, supporting temperatures up to 400C (750F). A flip-up bracket raises the front of the power station a bit to make the display easier to see while in use, while attachment points on the left and right side allow you to clip on the soldering iron's cap for convenient access as a stand. A USB-C port on the rear of the power station allows for up to 45 watts of input to recharge the station, and iFixit says it is safe to leave continuously connected to power so it's ready whenever you need it. [...]

iFixit is of course known for more than just hardware, and it has hundreds of free soldering guides on its website, ranging from the basics of soldering to specific repair projects. It also wouldn't be an iFixit product without repairability being front of mind, so the FixHub system is designed to allow for easy repairs and iFixit will be releasing a number of guides to help users replace batteries, repair parts, and more. Supplementing the FixHub is an optional Portable Soldering Toolkit, which provides an extensive set of tools and consumables to get you going on soldering projects. The USB Smart Soldering Iron and Portable Soldering Station are priced at $79.95 and $249.95, respectively.

Dell and HP executives have acknowledged a delay in the anticipated commercial PC refresh cycle. Michael Dell, speaking at the Citi 2024 Global TMT conference, stated that the refresh cycle "has been delayed for sure." The Register adds: Without offering any reasons for postponement -- and not being pressed for one by the analyst interviewing him -- the billionaire reckoned the size of the refresh is "going to be even bigger" because of it. "So first of all we have a certain date with Windows 10 end-of-life and we're almost within a one year window of that, and as you get in that one-year window, the enterprise IT people start screwing around and saying, 'Oh, we better do something about this'," said Dell.

Enrique Lores, CEO at rival PC maker HP, who spoke at the Goldman Sachs Communacopia + Technology conference this week, agreed enterprises are also about to invest in new lines. "First of all there is a large and aging installed base on PCs. Many of these PCs were bought during COVID and now we are four [or] five years after they were bought and they will have to be replaced. "We also see an opportunity driven by the Windows 11 refresh that is only starting now... this is what is behind some of the strength that we see on the commercial side. Microsoft⦠will start discontinuing their support for the previous versions, and this always ties the replacement and upgrade," he said, adding "this is going to be driving demand in the coming quarters."

United Airlines said that it will outfit its entire fleet with Starlink internet service, aiming to keep fliers loyal by offering zippier, more reliable browsing and downloads that the carrier expects will mirror what travelers are used to on the ground. From a report: United's deal is a bet that Starlink's technology can propel it above rival carriers in offering fast, free Wi-Fi. The airline is in the midst of a broader effort to burnish its premium and business travel bona fides, which has included retrofitting planes with lots of power outlets and seat back screens.

The airline said it would begin testing the Starlink service early next year, with the first passenger flights likely equipped later in 2025. United said Starlink's service will be more reliable, particularly over oceans and other remote areas -- a key advantage for the airline's network of long-haul international flights that cross the Atlantic and Pacific oceans. It will allow passengers to access live TV and streaming, and to use several devices at once.

Can AI kill the enterprise software app industry that's led by companies such as Salesforce and Workday? The Information: That's the trillion-dollar question at the heart of recent comments from the CEO of Klarna, Sebastian Siemiatkowski, who's made a name for himself -- and drawn some skepticism too -- as a chief cheerleader of OpenAI's software. In the latest example from a couple of weeks ago, Siemiatkowski told investors in his buy now, pay later firm that it's shutting down a lot of the enterprise software apps it uses, including some run by the above-mentioned CRM and HR firms, because it can replicate them with AI. SeekingAlpha picked up those comments, which went viral in recent days.

The idea behind the comments is the following: Conversational AI can understand natural-language commands and be ordered to write software code, so companies can cheaply and quickly build customized apps that do most of the things that traditional enterprise apps can do, especially if most of what those apps do is manage corporate data. Siemiatkowski expanded on the comments in a Wednesday X post, saying he wasn't looking to primarily save money on software license fees "even though that is nice upside."

An anonymous reader quotes a report from InsideEVs: General Motors is joining forces with EVgo, one of the biggest electric vehicle charging operators in the United States, to build 400 ultra-fast DC chargers nationwide to support the growing number of battery-powered cars hitting U.S. roads. To be clear, these are individual stalls, not charging stations. However, the two companies describe the new locations as "flagship destinations" which will feature 350-kilowatt DC chargers, ample lighting, canopies, pull-through spots and security cameras. Most locations will feature up to 20 ultra-fast charging stalls, but some will have even more -- good news for those crowded holiday road trips. GM and EVgo said the fancy new stations would be located near shopping areas offering dining, coffee shops and other amenities.

We don't know exactly where the new stations will be built, but EVgo mentioned that the "flagship destinations" will be deployed coast to coast, including in metropolitan areas in states like Arizona, California, Florida, Georgia, Michigan, New York and Texas. The stalls will be co-branded EVgo and GM Energy -- the automaker's charging and energy management division. The first new "flagship station" is expected to open next year. The new stalls will make use of EVgo's prefabrication approach which can reduce the total cost of a new station by 15% and the deployment time by 50%. Similar to Tesla's prefabricated Supercharger stalls, EVgo's ready-made structures come with stalls and accompanying equipment already mounted on a metal base plate which is transported from the factory to the charging site.

Google is testing a "desktop windowing" feature for Android tablets that "will let you resize apps freely and arrange them on your screen at will," reports The Verge. It's currently available as a developer preview. From the report: Currently, apps on Android tablets open in full-screen by default. When the new mode is enabled, each app will appear in a window with controls that allow you to reposition, maximize, or close the app. You'll also see a taskbar at the bottom of your screen with your running apps. [...] Once the feature is rolled out to everyone, you can turn it on by pressing and holding the window handle at the top of an app's screen. If you have a keyboard attached, you can also use the shortcut meta key (Windows, Command, or Search) + Ctrl + Down to activate desktop mode. (You can exit the mode by closing all your active apps or by dragging a window and dragging it to the top of your screen.)

Google notes that apps locked to portrait orientation are still resizable, which might make things look a bit weird if certain apps aren't optimized. However, Google plans to address this in a future update by scaling the UI of non-resizable apps while maintaining their aspect ratio.

Mobile phone location data has linked site visits by US securities watchdogs to the headquarters of companies with measurable drops in their share prices -- even when no enforcement action is taken. From a report: When insiders sold shares right around a non-public visit by staff from the Securities and Exchange Commission, they avoided average losses of 4.9 per cent in the three months after the visit, according to a study led by researchers at four Midwestern universities. By matching commercially available data with share price moves, the study offers a window into the secretive world of securities enforcement beyond publicly announced cases. It also raises questions about the rules around insider trading.

"Maybe we should be thinking about what the rules are when the SEC shows up," said Marcus Painter, assistant professor of finance at Saint Louis University and one of the authors. The research used geolocation data to identify mobile phones that spent significant amounts of time at the SEC's various offices around the country. They then tracked those phones to corporate headquarters around the world in the 12-month period right before Covid-19 lockdowns led to extensive working from home.

In a statement today, the White House said it has received commitments from several AI companies to curb the creation and distribution of deepfake porn, also known as image-based sexual abuse material. Engadget reports: The participating businesses have laid out the steps they are taking to prevent their platforms from being used to generate non-consensual intimate images (NCII) of adults and child sexual abuse material (CSAM). Specifically, Adobe, Anthropic, Cohere, Common Crawl, Microsoft and OpenAI said they'll be: "responsibly sourcing their datasets and safeguarding them from image-based sexual abuse."

All of the aforementioned except Common Crawl also agreed they'd be: "incorporating feedback loops and iterative stress-testing strategies in their development processes, to guard against AI models outputting image-based sexual abuse" and "removing nude images from AI training datasets" when appropriate. [...] The notable absences from today's White House release are Apple, Amazon, Google and Meta.

AMD has introduced Variable Graphics Memory (VGM) for its AI 300 "Strix Point" laptops, allowing users to convert up to 75% of their system memory into dedicated VRAM via the AMD Adrenalin app, enhancing gaming performance for titles requiring more VRAM. The Verge reports: You might be wondering: does that extra video memory actually make a difference? Well, it depends on the game. Some games, like Alan Wake II, require as many as 6GB of VRAM and will throw errors at launch if you're short -- Steam Deck, Asus ROG Ally, and Lenovo Legion Go buyers have been tweaking their VRAM settings for some time to take games to the threshold of playability. But in early testing with the Asus Zenbook S 16, a Strix Point laptop that's already shipped with this feature, my colleague Joanna Nelius saw that turning it on isn't a silver bullet for every game. With 8GB of VRAM, the laptop played Control notably faster (65fps vs. 54fps), but some titles had smaller boosts, no boost, or even slight frame rate decreases.

Microsoft announced plans to modify Windows, enabling security vendors like CrowdStrike to operate outside the operating system's kernel. The move follows the July incident where a faulty CrowdStrike update caused widespread system failures. From a report: Microsoft says it has now "discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors" with partners like CrowdStrike, Broadcom, Sophos, and Trend Micro.

[...] While Microsoft isn't directly saying it's going to close off access to the Windows kernel, it's clearly at the early stages of designing a security platform that can eventually move CrowdStrike and others out of the kernel. Microsoft last tried to close off access to the Windows kernel in Windows Vista in 2006, but it was met with pushback from cybersecurity vendors and regulators.

Some executives are embracing old technology like dumbphones and fax machines, seeking digital detox and prioritizing focus. They see these vintage tools as power moves, allowing them to control their time and avoid constant distractions, WSJ writes in a story. These bosses believe old tech enhances leadership, enabling them to be present and productive.

OpenAI has launched a new AI model, named "o1", designed for improved reasoning and problem-solving skills. o1, part of a new series of models and available in ChatGPT and the API, can tackle complex tasks in science, coding, and math more effectively than their predecessors. Notably, o1 models have shown promising results in standardized tests and coding competitions. While o1 models represent a significant advancement in AI capabilities, they currently lack features like web browsing and file uploading. The Verge adds: But it's also more expensive and slower to use than GPT-4o. OpenAI is calling this release of o1 a "preview" to emphasize how nascent it is.

ChatGPT Plus and Team users get access to both o1-preview and o1-mini starting today, while Enterprise and Edu users will get access early next week. OpenAI says it plans to bring o1-mini access to all the free users of ChatGPT but hasn't set a release date yet. Developer access to o1 is really expensive: In the API, o1-preview is $15 per 1 million input tokens, or chunks of text parsed by the model, and $60 per 1 million output tokens. For comparison, GPT-4o costs $5 per 1 million input tokens and $15 per 1 million output tokens.

The training behind o1 is fundamentally different from its predecessors, OpenAI's research lead, Jerry Tworek, tells me, though the company is being vague about the exact details. He says o1 "has been trained using a completely new optimization algorithm and a new training dataset specifically tailored for it."

A Google executive told colleagues the goal for the company's then-nascent online advertising business in 2009 was to "crush" rival advertising networks, according to evidence prosecutors presented at the tech titan's antitrust trial on Wednesday. From a report: The statements underscored the U.S. Department of Justice's claim that Google has sought to monopolize markets for publisher ad servers and advertiser ad networks, and tried to dominate the market for ad exchanges which sit in the middle. On the third day of the trial, prosecutors began to introduce evidence of how Google employees thought about the company's products at the time when the government alleges it set out to dominate the ad tech market.

"We'll be able to crush the other networks and that's our goal," David Rosenblatt, Google's former president of display advertising, said of the company's strategy in late 2008 or early 2009, according to notes shown in court. Google denies the allegations, saying it faces fierce competition from rival digital advertising companies. Rosenblatt came to Google in 2008 when it acquired his former ad tech company, DoubleClick, and left the following year. The notes of his talk showed him discussing the advantages of owning technology on both sides and the middle of the market. "We're both Goldman and NYSE," he said, he said, according to the notes, referring to one of the world's biggest stock exchanges at the time and one of its biggest market makers. "Google has created what's comparable to the NYSE or London Stock Exchange; in other words, we'll do to display what Google did to search," Rosenblatt said.

Unity is canceling the Runtime Fee and reverting back to its existing seat-based subscription model, albeit with a price increase for Unity Pro and Unity Enterprise users. From a report: The engine maker introduced the controversial levy around a year ago. Initially, the Runtime Fee sought to charge developers a per install tariff once projects had passed certain milestones. It was a decision that left many users reeling, resulting in a colossal backlash that ultimately forced the company to rework-but not ditch-the policy.

The fallout, however, was enormous. A number of high-profile creators lambasted Unity and threatened to ditch the engine over what they felt was a huge betrayal of trust. Unity's inability to quickly resolve the issue and communicate effectively with customers only added fuel to that fire. Two weeks after the debacle, Unity CEO and president John Riccitiello departed the company. Unity Create boss Marc Whitten eventually followed suit. Unity is now attempting to course correct under the leadership of new CEO Matthew Bromberg, who hopes canceling the Runtime can reestablish a partnership "built on trust."

An anonymous reader quotes a report from Ars Technica: Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006, provides operations and algorithms developers can use to safely implement secure encryption, decryption, signing, verification, hashing, and key exchange in the apps they create. The library supports federal certification requirements for cryptographic modules used in some governmental environments. Despite the name, SymCrypt supports both symmetric and asymmetric algorithms. It's the main cryptographic library Microsoft uses in products and services including Azure, Microsoft 365, all supported versions of Windows, Azure Stack HCI, and Azure Linux. The library provides cryptographic security used in email security, cloud storage, web browsing, remote access, and device management. Microsoft documented the update in a post on Monday. The updates are the first steps in implementing a massive overhaul of encryption protocols that incorporate a new set of algorithms that aren't vulnerable to attacks from quantum computers. [...]

The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren't vulnerable to Shor's algorithm when the keys are of a sufficient size. [...] The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it's based on "stateful hash-based signature schemes." These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses. Monday's post said Microsoft will add additional post-quantum algorithms to SymCrypt in the coming months. They are ML-DSA, a lattice-based digital signature scheme, previously called Dilithium, and SLH-DSA, a stateless hash-based signature scheme previously called SPHINCS+. Both became NIST standards last month and are formally referred to as FIPS 204 and FIPS 205. In Monday's post, Microsoft Principal Product Manager Lead Aabha Thipsay wrote: "PQC algorithms offer a promising solution for the future of cryptography, but they also come with some trade-offs. For example, these typically require larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimization and integration with existing systems and standards."