A teacher in southeastern B.C. has had his teaching certificate suspended for two days after he allowed students to handle dry ice with few restrictions — leading to an explosion that left a hole in a ceiling tile.

AOMedia Video 1 (AV1) was invented by a group of technology companies to be an open, royalty-free alternative to other video codecs, like HEVC/H.265. But a lawsuit that Dolby Laboratories Inc. filed this week against Snap Inc. calls all that into question with claims of patent infringement.

Numerous lawsuits are currently open in the US regarding the use of HEVC. Relevant patent holders, such as Nokia and InterDigital, have sued numerous hardware vendors and streaming service providers in pursuit of licensing fees for the use of patented technologies deemed essential to HEVC.

It’s a touch rarer to see a lawsuit filed over the implementation of AV1. The Alliance for Open Media (AOMedia), whose members include Amazon, Apple, Google, Microsoft, Mozilla, and Netflix, says it developed AV1 “under a royalty-free patent policy (Alliance for Open Media Patent License 1.0)” and that the standard is “supported by high-quality reference implementations under a simple, permissive license (BSD 3-Clause Clear License).”

Yet, Dolby’s lawsuit filed in the US District Court for the District of Delaware [PDF] alleges that AV1 leverages technologies that Dolby has patented and has not agreed to license for free and without receiving royalties. The filing reads:

[AOMedia] does not own all patents practiced by implementations of the AV1 codec. Rather, the AV1 specification was developed after many foundational video coding patents had already been filed, and AV1 incorporates technologies that are also present in HEVC. Those technologies are subject to existing third-party patent rights and associated licensing obligations.

Dolby is seeking a jury trial, a declaration that Dolby isn’t obligated to license the patents in questions under FRAND (fair, reasonable, and non-discriminatory) licensing obligations, and for the court to enjoin Snap from further “infringement.”

Dolby claims infringed patents are “critical” to Snapchat’s business

Dolby is accusing Snap of infringing upon four of its patents: U.S. Patent No. 10,855,99 “Inter-plane prediction”; U.S. Patent No. 9,924,193 “Picture coding supporting block merging and skip mode”; U.S. Patent No. 9,596,469 “Sample array coding for low-delay”; and U.S. Patent No. 10,404,272 “Entropy encoding and decoding scheme.”

The San Francisco-headquartered company claims that Snapchat relies heavily on HEVC for video and has acquired HEVC patent licenses through a patent pool, but that its mobile app also “accepts AV1-compliant videos, and Snap will decode and encode these videos into other formats for delivery and viewing across a range of devices.”

“Snap’s software further tracks whether AV1 decoding is supported on a given device to stream AV1 video when appropriate,” Dolby’s suit says.

Dolby asserts that AV1 “reuses” concepts from HEVC, for which implementation is generally understood to come with licensing and royalty fees, and that the codecs "are 'based on the same hybrid block-based video-coding flow' and employ nearly the same approach to dividing images into coding units... and blocks," citing a paper published by the IEEE in 2019 and titled "Fast Hevc-to-Av1 Transcoding Based On Coding Unit Depth Inheritance." 

Dolby said that it and Access Advance, which it says runs a patent pool administering AV1 and HEVC-related patents held by Dolby, have been contacting Snap to get it to license AV1 patents through an Access pool. It also claimed that Snap has been informed of the option to “seek bilateral licenses from individual” licensors.

“Despite these efforts, Snap remains unlicensed. Snap has continued to use Dolby’s patented technology without paying any royalties,” the lawsuit says.

Dolby is arguing that its patented technologies are “critical to Snap’s business, driving the efficiency and quality of the videos that help keep users engaged on the application” and that Snapchat gains “an unfair competitive advantage” by not licensing the technologies.

AV1 in question

Despite AOMedia’s goal of creating a video codec that could be adopted without concerns about fees and lawsuits, numerous tech companies outside of the group dispute if AV1 meets those claims. Two patent pool administrators, Access and The Sisvel Group, are administering AV1-related patent licenses, despite AOMedia’s objections.

“The legal framework around video codecs is well established, and incorporating patented technology carries clear licensing obligations," Access CEO Peter Moller said in a statement accompanying an announcement of Dolby’s lawsuit. "Labeling a codec ‘royalty-free’ does not eliminate underlying patent rights."

Besides Dolby, InterDigital is also suing over AV1 [PDF] and is accusing some Amazon Fire streaming devices of infringing on its patents by supporting the codec.

Additionally, European Union (EU) antitrust regulators investigated AOMedia’s licensing policy in 2022 but closed the investigation in 2023 “for priority reasons,” an EU spokesperson told Reuters at the time, noting that “the closure is not a finding of compliance or non-compliance of the conduct in question with EU competition rules.”

The results of Dolby’s and InterDigital’s lawsuits could have lasting implications for AV1 adoption, which lags behind that of HEVC eight years after its release.

“Only because Big Tech says a codec should be royalty-free doesn't mean that it is. … Given that all codecs use somewhat similar techniques, the risk of an infringement of patents belonging to parties who did not offer royalty-free licenses is substantial,” intellectual property activist and commentator Florian Mueller told Ars Technica.

Mueller said that many streaming services have operated without video codec licenses for years as patent holders prioritized collecting royalties on hardware and software products. That has changed in recent years amid the growth of streaming.

“Companies like Amazon and Disney would like to persuade courts that after many years of no one, or at least no major player, knocking at their doors, they don't have to pay now,” Mueller, who runs the online publication IP Fray, said.

Although the debate over whether a codec can be truly royalty-free goes back years, the debate around AV1 is getting more attention than previous discussions. Dolby’s lawsuit in particular could have resounding implications on the AV1 standard should a judge decide that Dolby is not obligated to license patented technologies said to be leveraged by AV1.

As Mueller pointed out, HEVC was created with most essential patent holders signing a FRAND licensing pledge, which differs from AV1’s creation:

With AV1, it could turn out that there are far more patent holders out there with essential patents but no FRAND licensing obligation. In that case, they could theoretically ask for anything, even extortionate amounts, up to the point where someone would then stop implementing AV1. And the really bad thing here, which I'm sure is not Dolby's objective but it could be someone else's, is that someone could purposely make prohibitive royalty demands for AV1 in order to discourage use of the standard.

Dolby and Snap didn’t respond to requests for comment. An AOMedia spokesperson acknowledged receipt of our questions but didn’t provide responses ahead of publication.

Read full article

Comments

Memory and storage shortages and price hikes that started hitting PC components late last year have steadily rippled outward across all kinds of consumer tech—some products have disappeared, gone out of stock, or been delayed, and others have undergone multiple rounds of price hikes.

Today's bad news comes from Sony, which is raising prices for PlayStation 5 consoles in the US just eight months after their last price hike. The drive-less Digital Edition will increase from $500 to $600; the base PS5 with an optical drive will increase from $550 to $650; and the PS5 Pro is going up from $750 to a whopping $900. At the beginning of 2025, these consoles cost $450, $500, and $700, respectively.

Sony, Microsoft, and Nintendo had all announced one or more price increases for one or more consoles throughout 2025, though these were driven more by the Trump administration's tariffs on imported goods than component shortages. Game console price cuts had already become less common over the course of the 2010s, making consoles like the 5-plus-year-old PS5 historically expensive compared to older consoles at this point in their lifespans.

RAM and flash memory chips are in short supply primarily because of demand from AI data centers—memory manufacturers have shifted more production toward making the kind of memory found in AI accelerators like Nvidia's H200, leaving less for the consumer market.

And the situation is unlikely to improve any time soon, barring a major shift in demand from the AI industry. Manufacturers like Kioxia have said that their capacity is already sold out through the end of 2026. The complexity of chipmaking means it takes months or years to ramp up additional manufacturing capacity, and chipmakers can be slow to do it because they don't want to end up with a glut of memory they can't sell if market conditions change. In the short-to-medium term, this all means these high prices will probably stick around for a while.

Read full article

Comments

Iran-linked hackers successfully broke into FBI Director Kash Patel's personal email, the Department of Justice confirmed to Reuters on Friday.

Reuters could not authenticate the leaked emails themselves but noted that the Gmail address matched an email account "linked to Patel in previous data breaches ⁠preserved by the dark web intelligence firm District 4 Labs." The DOJ suggested the emails appeared to be authentic.

On their website, the Handala Hack Team boasted that Patel "will now find his name among the list of successfully hacked victims." The hacker group taunted Patel by sharing photos of him sniffing cigars and holding up a jug of rum, along with other documents that Reuters reported were from 2010 to 2019.

"Soon you will realize that the FBI's security was nothing more than a joke," the group posted, as documented in screenshots from the website shared widely on X.

The hack came after the DOJ disrupted some of the hacker group's websites earlier this month. In a press release, Patel threatened to "hunt" down the group, which Reuters reported "calls itself a group of pro-Palestinian vigilante hackers." After detailing four attacks this month that the group had taken credit for, Patel offered rewards of up to $10 million for information on its members.

"Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents," Patel said. "We took down four of their operation's pillars and we're not done. This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them."

The group, which Western researchers believe is "one of several personas used by Iranian government cyberintelligence units," opposes US support for Israel, Reuters reported. Their cyberattacks on US entities followed a major military attack from the US and Israel that killed Iran's Supreme Leader Ayatollah Ali Khamenei. In their press release, the DOJ quoted from emails in which the group sent death threats to dissidents in the US.

"We the Handala Hack team, the loyal followers of the supreme leader Ali Hosseini Khamenei, declare war on all the enemies of Islam in the West," the group said.

On Friday, the group confirmed on their website that the hack on Patel's email was in retaliation against the domain seizures:

Today, once again, the world witnessed the collapse of America's so-called security legends. While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala Hack members, we decided to respond to this ridiculous show in a way that will be remembered forever.

Hackers claimed that their data grab included confidential information about Patel, but that could not be independently verified.

"The so-called 'impenetrable' systems of the FBI were brought to their knees within hours by our team," the group said on their website. "All personal and confidential information of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download."

The FBI has yet to comment on the hack, and Patel has not posted about it on his X account as of this writing.

Read full article

Comments

Google is dramatically shortening its readiness deadline for the arrival of Q Day, the point at which existing quantum computers can break public-key cryptography algorithms that secure decades' worth of secrets belonging to militaries, banks, governments, and nearly every individual on earth.

In a post published on Wednesday, Google said it is giving itself until 2029 to prepare for this event. The post went on to warn that the rest of the world needs to follow suit by adopting PQC—short for post-quantum cryptography—algorithms to augment or replace elliptic curves and RSA, both of which will be broken.

The end is nigh

“As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline,” wrote Heather Adkins, Google’s VP of security engineering, and Sophie Schmieg, a senior cryptography engineer. “By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.”

Separately, Google detailed its timeline for making Android quantum resistant, the first time the company has publicly discussed PQC support on the operating system. Starting with the beta version, Android 17 will support ML-DSA, a digital signing algorithm standard advanced by the National Institute for Standards and Technology. ML-DSA will be added to Android's hardware root of trust. The move will allow developers to have PQC keys for signing their apps and verifying other software signatures.

Google said it now has ML-DSA integrated into the Android verified boot library, which secures the boot sequence against manipulation. Google engineers are also beginning to move remote attestation to PQC. Remote attestation is a feature that allows a device to prove its current state to a remote server to, for example, prove to a server on a corporate network that it's running a secure OS version.

Google further said it's adding ML-DSA support to the Android Keystore so that developers can generate ML-DSA keys and store them within the secure hardware of the device directly. Google is also planning to migrate the Play Store, and the developer signatures on every app listed in it, to PQC.

The additions are likely to put a significant workload on Android developers.

So what's spooking Google so much?

Wednesday's hard deadline came as a surprise to many cryptography engineers, including those who have been active in the PQC transition for years.

"That is certainly a significant acceleration/tightening of the public transition timelines we've seen to date, and is accelerated over even what we've seen the US government ask for," Brian LaMacchia, a cryptography engineer who oversaw Microsoft’s post-quantum transition from 2015 to 2022 and now works at Farcaster Consulting Group, said in an interview. "The 2029 timeline is an aggressive speedup but raises the question of what's motivating them."

Google didn't lay out the rationale for the revision in either of its posts. A spokeswoman didn't immediately provide answers to questions sent by email.

Estimates for when Q Day will arrive have varied widely since the mid-1990s, when mathematician Peter Shor first showed that a quantum computer of sufficient strength could factor integers in polynomial time, much faster than classical computers. That put the world on notice that RSA’s days were limited. Follow-on research showed quantum computers provided a similar speed-up in solving the discrete log problem that underpins elliptic curves.

The timeline for this arrival is based on when existing quantum computers will contain the required number of qubits that can correct inevitable errors. In 2012, most estimates were that a 2048-bit RSA key could be broken by a quantum computer with a billion physical qubits. By 2019, the estimate was lowered to 20 million physical qubits. A running joke among researchers has been that Q Day has been 10 to 20 years away for the past 30 years.

Last June, Google published research that once again drastically lowered the expected threshold for breaking RSA. It showed that a 2048-bit RSA integer could be factored in less than a week with a quantum computer with 1 million “noisy qubits,” meaning qubits that are prone to errors resulting from environmental conditions that disrupt the quantum state. The research was led by Craig Gidney, the same scientist behind the 2019 estimate.

In preparation for Q Day, cryptographers have devised new encryption algorithms that rely on problems that quantum computers don't have an advantage over classical computers in solving. Rather than factoring or solving the discrete log, one approach involves mathematical structures known as lattices. A second approach involves a stateless hash-based digital signature scheme. The National Institute of Standards and Technology has advanced several algorithms that have yet to be broken and are presumed to be secure.

In 2022 the NSA set a deadline for PQC readiness in national security systems by 2033 and for 2030 for a few specific applications.

More recently, deadlines have been in flux as both the Biden and Trump administrations have issued executive orders prioritizing quantum readiness. Currently, the NSA is adhering to a 2031 deadline.

PQC algorithms have made their way into a variety of products and protocols, although largely in piecemeal fashion. Last year, the Signal messenger added ML-KEM-768, an implementation of the CRYSTALS-Kyber algorithm, to its existing encryption engine. Software and services from Google, Apple, Cloudflare, and dozens of others have also done the same.

“Quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures,” Google’s Wednesday morning post stated. “The threat to encryption is relevant today with store-now-decrypt-later attacks, while digital signatures are a future threat that require the transition to PQC prior to a Cryptographically Relevant Quantum Computer (CRQC). That’s why we’ve adjusted our threat model to prioritize PQC migration for authentication services—an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit.”

Read full article

Comments