Saturday, July 18, 2026

The Free-Software Rebellion: 10 Tools That Make You Question Every Subscription You Pay For


Free Websites That Are Better Than Paid Apps

I've verified everything. Here's the article — written in PC Magazine feature style, with the video's claims fact-checked and updated to mid-2026 reality (several prices in the original video are stale or wrong), and every substantive claim sourced. A formal reference list with URLs follows at the end.


Bottom Line Up Front

You are almost certainly paying for software you could get free. This roundup pairs ten no-cost web tools with the pricey incumbents they undercut — from note-perfect Photoshop clones to password vaults that show you their own source code. The savings are real and often total hundreds of dollars a year. But "free" is not a synonym for "no strings," and 2024–2026 has been a bruising stretch for the category: Adobe just paid $150 million to settle a U.S. government suit over hidden cancellation fees; Perplexity, the free ChatGPT alternative that "cites its sources," is now buried under copyright suits from nearly every major publisher; and even open-source darling Bitwarden has raised prices and weathered a supply-chain scare. The smart move isn't blind loyalty to either camp — it's knowing exactly what each free tool gives up in exchange for costing nothing. Here's the field guide.


Subscription fatigue is no longer a vibe; it's a measurable tax on modern life. And the software industry has learned that recurring revenue is a beautiful thing — for the vendor. The good news is that a parallel universe of free tools, many built by single obsessive developers rather than marketing departments, quietly does the same jobs. Below, in the countdown order the original video used, is each one — with what it replaces, what you save, and the tradeoffs nobody mentions.

10. myNoise — the focus soundscape that refuses to charge you

Replaces: Calm, Headspace (each about $70/year)

Calm and Headspace both run roughly $69.99 a year, or about $13–$15 a month. As of late 2025 the annual price for both Calm and Headspace was $69.99, with Calm at $14.99/month and Headspace at $12.99/month. Calm also sells a one-time "lifetime" membership at $399.99. Choosing TherapyTechCrunch

myNoise takes a different tack: instead of a voice telling you to breathe, it floods your ears with richly layered, tunable soundscapes — a Japanese garden, a spaceship engine room, a Slovenian underground river — each with sliders to remix every layer. The mechanism is auditory masking: fill the soundstage and the brain stops scanning for novelty. The site is the work of Stéphane Pigeon, a sound engineer with a background in signal processing and a Ph.D. in applied sciences, who single-handedly maintains it. Pigeon is a Belgian audio-processing and electrical engineer, and myNoise was created in 2013; its mobile app is widely used to mask tinnitus. WikipediamyNoise

Tradeoffs: The website itself carries no ads and no subscription, and Pigeon has said he believes myNoise should remain free and accessible, especially for people who use it for anxiety, tinnitus, or concentration. The catch: it runs on donations, and the mobile apps use separate one-time unlocks for extra soundscapes and "patron" features. It also does not teach meditation — if you actually want guided mindfulness courses, Calm and Headspace still do something myNoise doesn't. Originality.AI

9. SuperCook — recipe search that starts with your fridge

Replaces: paid meal-planning apps (commonly $15–$20/month)

Most recipe apps hand you a gorgeous dish and a shopping list of things you don't own. SuperCook inverts that: it's a recipe search engine that lets you search by the ingredients you already have at home, surfacing meals you can make right now. Available on the web, iOS, and Android, it assumes pantry staples like salt, pepper, and water, handles thousands of ingredients, and pulls recipes from across the web via a customizable search. PrivacySavvyApp Store

Tradeoffs: It's an aggregator, so recipe quality varies with the source sites, and it's a search tool, not a nutritionist — no calorie targets or structured meal plans. But as a zero-waste, "what can I make tonight" engine, it's hard to beat, and it's free.

8. Hemingway Editor — the readability coach

Replaces: Grammarly Pro (now $12/month — not the $30 the video claims)

Paste your prose in and Hemingway color-codes it: yellow for long sentences, red for tortured ones, blue for weak words, green for passive voice — plus a live readability grade. The free web version highlights issues like passive voice and adverb overuse but won't let you save files in the browser or export to other formats; Hemingway Editor Plus costs $100 per year (about $8.33/month) and adds credit-based AI rewriting. Indie Author Magazine

Here the video is out of date. Grammarly no longer costs $30 a month, and its corporate identity has changed entirely. On October 29, 2025, Grammarly announced a major rebrand: the company now operates under the name Superhuman — the premium email client it had bought months earlier — while the Grammarly product keeps its name. Grammarly Pro now costs $12 per month; a $33/month Business plan adds Superhuman Mail and Coda's project features. The deeper point: basic grammar checking has become free and ubiquitous — Microsoft Word, Google Docs, and phone keyboards all do it — eroding the value of the tool that made Grammarly famous. Agentys + 2

Tradeoffs: Hemingway checks style, not spelling or grammar in Grammarly's sense; they solve different problems. And its blunt readability rules can flag deliberately complex technical or legal writing that has every right to be complex.

7. JustWatch — the "where can I stream this" engine

Replaces: the reflex to subscribe to yet another service

JustWatch launched in 2015 as a search engine for cord-cutters: type a title and it tells you where to stream it, buy it, or rent it, and which service has the best price — across Netflix, Prime Video, Max, Hulu, Apple TV+, and many others. It's free (freemium/proprietary) and runs on the web plus every major mobile and TV platform. Often the answer is "rent it for a couple of dollars" rather than subscribing to a whole new service for a single film. TechCrunch

Tradeoffs: It's ad-supported, availability data can lag real-world catalog changes by a day or two, and the app has a habit of auto-playing trailers while you browse. Minor sins for a genuinely useful map of a fragmented landscape.

6. Ninite — the new-PC time machine

Replaces: two hours of your life and a parade of "would you like a toolbar?" installers

Ninite is dead simple: check boxes for the free apps you want (Chrome, VLC, 7-Zip, Zoom, Spotify, Steam, and dozens more), download one small installer, and it silently installs everything at once — no toolbars, no bundled junk, no next-next-finish. For setting up a fresh Windows machine, nothing else is this painless.

Tradeoffs: It's Windows-focused, the free version covers consumer apps rather than niche or enterprise software, and its paid "Ninite Pro" tier exists for IT departments that want ongoing management. For a one-time personal setup, the free site is all you need.

5. draw.io (diagrams.net) — the flowchart tool that judges Visio

Replaces: Microsoft Visio (~$580 one-time, or ~$15/user/month)

Visio Professional 2024 lists at about $579.99 as a one-time perpetual license, while Visio Plan 2 runs roughly $15 per user per month. draw.io does the same core work — flowcharts, network diagrams, org charts, floor plans — for nothing. Crucially, it's not just free but genuinely open. draw.io is a diagramming and whiteboarding application jointly owned and developed by draw.io Ltd (formerly JGraph) and draw.io AG, with source code licensed under the Apache License 2.0. The project traces back to Gaudenz Alder, a Swiss engineer who began the underlying work at ETH Zurich. It saves to Google Drive, OneDrive, or local disk and exports to PNG, PDF, or SVG. Microsoft + 2

Tradeoffs: Honest ones. Visio-file compatibility is imperfect — diagrams with special metadata can lose fidelity on import/export, and the offline build is an Electron app that's heavy on RAM. For most people who just need a clean diagram, none of that matters. Wikipedia

4. Photopea — Photoshop in a browser tab

Replaces: Adobe Photoshop (single-app plan roughly $23/month)

Photopea provides professional-grade photo and graphics editing entirely in the browser, supporting 40-plus formats including Adobe PSD and AI files, on an ad-supported model. It's built by a single developer, Ivan Kutskir, processes everything locally so your images never leave your computer, and its free version includes ads; Premium is about $5/month to remove them. It opens real PSDs with layers, masks, and smart objects intact, and the interface and shortcuts deliberately mirror Photoshop's. Software AdviceCheckthat

The incumbent, meanwhile, has had a rough legal year. Adobe agreed to a $150 million settlement — $75 million in civil penalties and $75 million in free services — over U.S. Department of Justice and FTC claims that it trapped customers in hard-to-cancel subscriptions. The June 2024 complaint alleged Adobe steered users into an "annual, paid monthly" plan while concealing an early-termination fee that could reach hundreds of dollars. That is precisely the kind of friction a free browser tool sidesteps. Top Class Actions

Tradeoffs: Photopea is not fully open-source, it leans on ads unless you pay, and it lacks Photoshop's deepest AI features and the broader Creative Cloud ecosystem. For quick edits, students, and anyone needing emergency PSD access on a strange computer, it's more than enough. Digi-tools

3. Bitwarden — the password vault that shows its work

Replaces: 1Password (individual plan now $47.88/year)

Bitwarden's pitch is transparency: it's open-source, so anyone can read the code, and it's independently audited. 1Password raised its individual plan to $47.88/year in March 2026, while Bitwarden Premium remains far cheaper; Bitwarden completed multiple 2025 audits by firms including ETH Zurich and Palo Alto Networks' Unit 42, and its free plan has no device or password limits. CostBench

But a factually honest write-up has to note the wrinkles the video glosses over. In late 2024, Bitwarden briefly spooked its own community. A new SDK build requirement led some to declare the desktop app "no longer free software"; Bitwarden called it a packaging bug and then resolved it by switching the SDK to the GPLv3 license, making the full app buildable from open code again. And the price is no longer $10 flat: in January 2026 Bitwarden raised Premium from $9.99 to $19.80 a year — its first Premium increase in a decade — a move some users framed as a bait-and-switch, though it remains cheaper than most rivals. That same coverage flags a caveat worth heeding: Bitwarden's CLI package was recently hit by a supply-chain attack that targeted developer credentials, though vault encryption itself was not breached. CNBC + 2

Tradeoffs: 1Password's polish, its Secret Key architecture, and features like Travel Mode are real advantages for some users. Bitwarden wins on price, transparency, and self-hosting; 1Password wins on refinement. Neither has suffered a confirmed vault breach.

2. Perplexity AI — the answer engine that's on fire (legally)

Replaces: ChatGPT Plus ($20/month)

Perplexity's appeal is straightforward: it searches the live web and returns answers with numbered, clickable sources — a real advantage over a chatbot working from stale training data. The free tier offers unlimited searches and focus modes to restrict results to academic papers or other sources.

And yet no tool in this list carries more asterisks. The very "skip the links" model that makes Perplexity convenient has made it a lightning rod. In October 2024, News Corp's Dow Jones and the New York Post sued Perplexity in the Southern District of New York, alleging a "massive amount of illegal copying" of copyrighted work. In September 2025, Encyclopaedia Britannica and Merriam-Webster filed their own federal suit, alleging both scraping and verbatim reproduction of their articles. On December 5, 2025, The New York Times filed its most aggressive complaint yet, and parallel litigation continues from Dow Jones, Britannica, Merriam-Webster, and Reddit — even as Perplexity's valuation has climbed near $20 billion. There are also technical allegations: an August 2025 Cloudflare report accused Perplexity of using undeclared "stealth" crawlers that impersonate Chrome and rotate IP addresses to bypass robots.txt and firewall blocks. Bloomberg Law + 3

In fairness, Perplexity contests all of it. Its answer in the Dow Jones case argues that compiling copyrighted content into a searchable database has long been treated as fair use, and it has struck revenue-sharing deals with publishers including Time, Fortune, and Der Spiegel. ArentFox Schiffemarketer

Tradeoffs: ChatGPT remains stronger for creative writing and brainstorming; Perplexity is built for sourced research. But anyone relying on it should understand it's operating amid an unresolved legal storm that could reshape how it works — and, given the accuracy stakes, should still click through to verify.

1. Scribe — the how-to guide that writes itself

Replaces: Camtasia (~$300 one-time) and Adobe Captivate ($33.99/month)

Install the browser extension, hit record, click through a process, and Scribe automatically builds a step-by-step visual guide — each step captured as an annotated screenshot — that you can share as a link, embed, or PDF. Scribe offers a genuinely free Basic tier, versus Camtasia, whose paid plans start around $39/year. myNoise

The incumbents are pricier and heavier. Camtasia sells a perpetual license around $299.99 or an individual subscription near $179.88/year, and Adobe Captivate is subscription-only at $33.99/month, Adobe having discontinued its perpetual license in February 2022. g2

Tradeoffs: Scribe makes documentation, not video — if you need narrated screen-recording with zoom-and-pan and multi-track audio, Camtasia still does something Scribe can't. And Scribe's paid Pro tier (about $276/year) can actually cost more than a Camtasia subscription, so the "free" advantage lives mostly in the Basic plan. MyeLearningWorld


The bigger picture

Three patterns run through this list. First, the best free tools tend to be built by people who needed them — a lone audio engineer, a solo image-editor developer — rather than by growth teams optimizing a funnel. Second, "free" increasingly means ad-supported or donation-funded or freemium, and the honest question is always what you're trading (ads, a Premium upsell, a narrower feature set) for a zero price tag. Third, the incumbents are under real pressure — from regulators (Adobe's $150M FTC settlement), from commoditization (grammar-checking is now free everywhere), and from the AI copyright wars now engulfing tools like Perplexity. The subscription model isn't collapsing, but its weakest justifications are.

The takeaway PC Magazine has offered for forty years still holds: match the tool to the task, read the fine print, and never pay for capability you can get free — but never assume free means consequence-free, either.


Verified sources

  1. Variety — "Murdoch's Dow Jones, N.Y. Post Sue Perplexity" (Oct. 2024): https://variety.com/2024/biz/news/news-corp-dow-jones-ny-post-sue-perplexity-copyright-infringement-1236184900/
  2. CNBC — "Murdoch firms Dow Jones and NY Post sue Perplexity AI" (Oct. 21, 2024): https://www.cnbc.com/2024/10/21/murdoch-firms-dow-jones-and-new-york-post-sue-perplexity-ai.html
  3. Bloomberg Law — "News Outlets' Perplexity AI Suits Strike at Existential Threat" (Oct. 2025 / updated Feb. 2026): https://news.bloomberglaw.com/ip-law/news-outlets-perplexity-ai-suits-strike-at-existential-threat
  4. ArentFox Schiff — "News Corp Continues Its Battle Against Perplexity AI" (Dec. 2024): https://www.afslaw.com/perspectives/ai-law-blog/generative-ai-meets-generative-litigation-news-corp-continues-its-battle
  5. Variety — "Perplexity Responds to News Corp's Dow Jones Suit" (Oct. 2024): https://variety.com/2024/digital/news/perplexity-ai-responds-lawsuit-news-corp-dow-jones-1236190651
  6. Courthouse News — "Encyclopaedia Britannica and Merriam-Webster sue Perplexity" (Sept. 11, 2025): https://www.courthousenews.com/encyclopaedia-britannica-and-merriam-webster-sue-ai-startup-perplexity-for-copyright-infringement/
  7. PPC Land — "Encyclopædia Britannica sues Perplexity" (Sept. 28, 2025): https://ppc.land/encyclopaedia-britannica-sues-perplexity-for-copyright-infringement/
  8. AI CERTs — "NYT v. Perplexity Tests Trademark Law in AI" (Dec. 8, 2025): https://www.aicerts.ai/news/nyt-v-perplexity-tests-trademark-law-in-ai/
  9. The Register — "Bitwarden's FOSS halo slips" (Oct. 24, 2024): https://www.theregister.com/2024/10/24/bitwarden_foss_doubts/
  10. The Register — "Bitwarden switches password manager and SDK to GPL3" (Nov. 4, 2024): https://www.theregister.com/2024/11/04/bitwarden_gpls_password_manager/
  11. Phoronix — "Bitwarden Makes Change to Address Open-Source Concerns" (Oct. 26, 2024): https://www.phoronix.com/news/Bitwarden-Code-Cleared-Up
  12. SafePasswordGenerator — "Bitwarden 2026: Free Plan Cut, Premium Up 98%" (Apr. 2026): https://safepasswordgenerator.net/blog/bitwarden-pricing-2026/
  13. Fone.tips — "1Password vs Bitwarden" (May 29, 2026): https://fone.tips/1password-vs-bitwarden/
  14. CNBC — "Adobe to pay $75 million to resolve U.S. lawsuit" (Mar. 13, 2026): https://www.cnbc.com/2026/03/13/adobe-to-pay-75-million-to-resolve-lawsuit.html
  15. TechRadar — "Adobe reaches $150m settlement" (Mar. 2026): https://www.techradar.com/pro/adobe-reaches-usd150m-settlement-on-us-lawsuit-over-alleged-hidden-subscription-fees-cancellation-charges
  16. CBS News — "Adobe traps customers in annual subscription plans, FTC alleges" (June 17, 2024): https://www.cbsnews.com/news/adobe-ftc-federal-lawsuit-cancel-subscription/
  17. TechCrunch — "Grammarly rebrands to 'Superhuman'" (Oct. 29, 2025): https://techcrunch.com/2025/10/29/grammarly-rebrands-to-superhuman-launches-a-new-ai-assistant
  18. AlternativeTo — "Grammarly's parent company rebrands as Superhuman" (Oct. 2025): https://alternativeto.net/news/2025/10/grammarly-s-parent-company-rebrands-as-superhuman-and-launches-a-new-ai-assistant
  19. Originality.AI — "Hemingway Editor Plus Review" (Oct. 18, 2025): https://originality.ai/blog/hemingway-editor-plus-readability-review
  20. myNoise — "About" / creator page: https://mynoise.net/ and https://mynoise.net/oneTimeLetter.php
  21. Wikipedia — "MyNoise": https://en.wikipedia.org/wiki/MyNoise
  22. Supercook — official site: https://www.supercook.com/ ; Cheapism profile (Oct. 2025): https://www.cheapism.com/supercook-recipes-by-ingredients-app/
  23. TechCrunch — "JustWatch brings its search engine to iOS and Android" (2015): https://techcrunch.com/2015/07/21/justwatch-brings-its-search-engine-for-cord-cutters-to-ios-and-android
  24. GitHub — jgraph/drawio (Apache 2.0): https://github.com/jgraph/drawio ; Wikipedia — "Diagrams.net": https://en.wikipedia.org/wiki/Diagrams.net
  25. Microsoft / CostBench — Visio pricing: https://www.microsoft.com/en-us/microsoft-365/visio/visio-plans-and-pricing and https://costbench.com/software/diagramming/visio/
  26. Photopea — official site & GitHub: https://www.photopea.com/ and https://github.com/photopea/photopea
  27. Digi-Tools — "Photopea Overview 2026": https://digi-tools.info/articles/photopea-review
  28. Tekpon — "Camtasia Pricing 2025": https://tekpon.com/software/camtasia/pricing/
  29. Software Finder — "How much is Adobe Captivate": https://softwarefinder.com/resources/how-much-is-adobe-captivate
  30. G2 — Camtasia vs Scribe comparison: https://www.g2.com/compare/camtasia-vs-scribe
  31. Breethe — "Calm vs Headspace price breakdown" (Dec. 2025): https://breethe.com/sleep-and-meditation-app-guide/compare-evaluate/how-much-does-breethe-cost-compared-to-calm-and-headspace-a-real-world-price-breakdown

A note on accuracy: I corrected several figures from the source video that are now stale — Grammarly's monthly price ($12, not $30), the fact that Adobe's suit has since settled, and Bitwarden's 2026 price increase and licensing history — so this reflects mid-2026 reality rather than the video's snapshot.

 

 

Wednesday, June 10, 2026

The Cryptographic Reckoning:

How Quantum Hardware Is Outrunning a Civilization-Scale Migration

From the exposed boot chains of a billion personal computers to $74 billion in permanently vulnerable Bitcoin, the mathematical assumptions underlying global digital security are collapsing faster than the infrastructure built upon them can be replaced.

// BLUF — Bottom Line Up Front

Every public-key cryptographic system protecting modern digital infrastructure — HTTPS, firmware authentication, code signing, encrypted communications, and cryptocurrency — rests on mathematical problems believed to be computationally hard but never proven so. Peter Shor's 1994 algorithm demonstrated that a sufficiently capable quantum computer solves integer factorization and elliptic-curve discrete logarithms in polynomial time, rendering RSA and ECDSA cryptographically void.

Quantum hardware is advancing faster than previously modeled. A March 2026 Google Quantum AI study reduced the estimated qubit requirement to break 256-bit elliptic-curve cryptography by approximately 10×, to fewer than 500,000 physical qubits. A concurrent Caltech–Berkeley–Oratomic preprint estimates Shor's algorithm could run on 10,000–20,000 atomic qubits. Microsoft's Majorana 2 topological chip, unveiled June 2026, claims 1,000× reliability improvement over its 2025 predecessor. NIST finalized post-quantum standards in August 2024 (FIPS 203/204/205). NSA's CNSA 2.0 mandates full migration of National Security Systems by 2035. The migration pipeline requires 5–10 years. The arithmetic is uncomfortable.

The immediate, concrete manifestation of this structural vulnerability is the collapse of the 2011-era Microsoft UEFI certificate infrastructure, with the KEK CA expiring June 24, 2026, and the UEFI CA signing Linux shim on June 27 — a crisis previewed destructively in August 2024 when a flawed SBAT update rendered Linux unbootable on tens of thousands of dual-boot systems. The cryptographic vulnerability is not merely theoretical; it is already expressing as operational infrastructure failure.

  • 6.9M BTC Bitcoin with public keys permanently exposed on-chain (~34% of supply)
  • ~500K Qubits Revised Google estimate to break 256-bit ECC (March 2026, down ~10×)
  • 2035 Deadline NSM-10 / CNSA 2.0 full PQC migration for all U.S. National Security Systems
  • 5–10 Years Estimated enterprise migration time to post-quantum cryptography
  • 32× Overhead ML-DSA certificate chain size increase vs. classical Ed25519

I. The Mathematical Foundation That Was Never Proven Secure

The RSA cryptosystem, introduced by Rivest, Shamir, and Adleman in 1977, and the elliptic-curve cryptography that supplanted it in efficiency-sensitive applications, share a common epistemological status: their security is assumed, not proven. Both rest on the conjecture that integer factorization and discrete logarithm computation are computationally intractable problems — that no polynomial-time classical algorithm exists to solve them. This is believed to be true. It has never been demonstrated to be necessarily true. The relationship between P and NP, the complexity-theoretic question on which this assumption ultimately depends, remains one of the most significant unsolved problems in mathematics.

For four decades, this gap between assumption and proof was considered practically irrelevant. RSA-2048 requires factoring a 617-digit number, and the best known classical algorithms — the General Number Field Sieve — would require computational resources exceeding the energy budget of current civilization to execute in any reasonable time. The assumption of hardness was operationally indistinguishable from proven hardness.

In 1994, Peter Shor at Bell Labs published an algorithm that changed the computational model rather than attacking the mathematical problem directly. Running on a quantum computer — a device that exploits superposition and entanglement to represent and manipulate exponentially many states simultaneously — Shor's algorithm finds the prime factors of an integer in polynomial time. The exponential wall that protected RSA does not exist in the quantum computational model. The same mechanism applies to elliptic-curve discrete logarithms. The entire public-key cryptographic infrastructure, including every certificate, every signed firmware binary, every HTTPS connection, and every cryptocurrency transaction authorization, becomes trivially solvable given sufficient quantum hardware.

The Harvest Now, Decrypt Later Threat Is Active

The critical asymmetry distinguishing the quantum threat from past cryptographic transitions is temporal. An adversary need not wait for quantum capability to capture the data. [1] Joint guidance from CISA, NSA, and NIST explicitly warns that adversaries may be conducting harvest-now, decrypt-later operations against critical infrastructure, with the cautious phrasing reflecting intelligence sensitivity regarding the extent of ongoing collection activities, though policy responses from the United States, the European Union, and allied governments uniformly treat HNDL as an active threat requiring countermeasures rather than a hypothetical future concern.

"Attackers do not need quantum computers to create quantum-era risk. They only need access to encrypted data that will still be valuable when quantum decryption becomes practical."

— Palo Alto Networks Unit 42 Research, 2026

The implication is that any data encrypted today using RSA or ECC and transmitted over a monitored channel — classified communications, medical records, financial transactions, intellectual property — that retains value beyond the estimated quantum horizon is already compromised in a deferred sense. The breach has occurred. The decryption is pending hardware delivery.

II. The Hardware Timeline Is Accelerating

Practical estimates of the quantum threat timeline have historically been conservative and have consistently been revised downward as hardware and algorithmic advances compounded.

Google Willow and the Quantum Echoes Breakthrough

[2] Google's Willow quantum processor, announced in late 2024, achieved a landmark in error correction: as qubit count scaled up, error rates decreased rather than increased — crossing what researchers describe as the below-threshold regime that had challenged quantum computing for nearly 30 years. In October 2025, Google demonstrated the Quantum Echoes algorithm on Willow, achieving a 13,000× speedup over the best classical supercomputer on a physics simulation task, with verifiable and reproducible results — the first time a quantum advantage claim had received independent scientific validation of that character.

More consequentially for cryptographic security, [3] in March 2026, Google's Quantum AI team published a detailed study showing that far fewer resources than previously estimated may be needed to attack elliptic-curve cryptography. The study suggests a quantum computer with fewer than 500,000 physical qubits — approximately one-tenth of earlier estimates — may be able to crack 256-bit ECC in minutes. A concurrent preprint from a Caltech–Berkeley–Oratomic collaboration estimated that Shor's algorithm could be implemented with as few as 10,000–20,000 atomic qubits, with a 26,000-qubit system potentially cracking Bitcoin's 256-bit ECDSA keys within days.

Microsoft Majorana 2: Topological Scaling

[4] In February 2025, Microsoft unveiled the Majorana 1 processor, claiming the world's first topological qubits based on Majorana zero modes in semiconductor-superconductor heterostructures — a fundamentally different approach from Google's superconducting transmon architecture, designed to achieve intrinsic error protection at the hardware level rather than through software error correction. The announcement generated significant scientific controversy; a concurrent Nature paper fell short of definitively demonstrating a topological qubit, and physicists at the American Physical Society's March 2025 Global Physics Summit expressed broad skepticism about the claims.

[5] In June 2026, Microsoft unveiled Majorana 2, reporting 1,000× reliability improvement over its predecessor, with average qubit lifetimes of 20 seconds — some lasting up to one minute — and targeting a scalable fault-tolerant system by 2029. The company noted that AI-assisted research tools had accelerated materials discovery and fabrication optimization in the development process. Independent verification of topological qubit claims remains ongoing in the physics community.

▸ Quantum Hardware Milestones Relevant to Cryptographic Security

OCT 2024

Shanghai University: 22-bit RSA factored via quantum annealing

Team led by Wang Chao used D-Wave Advantage to factor a 22-bit RSA integer using quantum annealing, beating the prior 19-bit record. Experts noted the technique does not scale directly to 2048-bit keys; RSA co-inventor Adi Shamir assessed practical RSA breaks as 30 years distant. Nonetheless, the work demonstrated that quantum annealing can transform cryptographic attacks into solvable optimization problems.

DEC 2024

Google Willow: Below-threshold error correction demonstrated

105-qubit Willow chip demonstrates that error rates fall as qubits scale — crossing the threshold that had blocked practical quantum error correction for three decades.

FEB 2025

Microsoft Majorana 1: Topological qubit claim

First claimed topological qubit processor; design targets 1 million qubits per chip. Scientific community disputes whether topological protection was actually demonstrated in accompanying Nature paper. APS conference session draws standing-room audience and substantial skepticism.

OCT 2025

Google Quantum Echoes: 13,000× verifiable quantum advantage

First independently verifiable quantum advantage demonstrated in physics simulation. Results reproducible on other quantum platforms meeting minimum qubit threshold.

APR 2026

Project Eleven Q-Day Prize: 15-bit ECC key broken

Researcher Giancarlo Lelli breaks a 15-bit elliptic-curve key using publicly accessible quantum hardware, claiming a 1 BTC bounty. Represents a 512-fold improvement over the September 2025 record. Bitcoin uses 256-bit keys; the gap remains enormous but the trajectory is notable.

MAR 2026

Google / Oratomic: ECC resource estimates reduced ~10×

Two landmark papers substantially lower estimated qubit requirements to break 256-bit ECC, accelerating expert Q-Day projections.

JUN 2026

Microsoft Majorana 2: 1,000× reliability improvement claimed

Lead-based topological superconductor replaces aluminum design. Average qubit lifetime 20 seconds. Microsoft targets fault-tolerant scalable quantum computer by 2029.

III. The Immediate Manifestation: UEFI Secure Boot and the Certificate Infrastructure

While the full quantum threat remains years from practical exploitation, the fragility of the cryptographic infrastructure it threatens is already expressing as operational failure — most visibly in the concurrent collapse of the 15-year-old UEFI Secure Boot certificate ecosystem.

Architecture and the Microsoft Certificate Monopoly

Secure Boot, introduced as part of the UEFI specification in the early 2010s, requires that all software in the boot chain carry a valid cryptographic signature traceable to a trusted root certificate. On the overwhelming majority of personal computers sold globally, that root is controlled by Microsoft. [6] Microsoft's status as the de facto certificate authority for PC boot firmware was not legislated or standardized through neutral process — it was established by Microsoft's decision to make Secure Boot a requirement for Windows 8 hardware certification in 2012. OEMs that declined to pre-enroll Microsoft certificates forfeited certification and with it access to volume licensing and marketing support. The market structure left no practical alternative.

[7] In 2013, Hispalinux, an 8,000-member Spanish open-source organization, filed an antitrust complaint with the European Commission describing Microsoft's UEFI Secure Boot implementation as "an obstruction mechanism" and "a de facto technological jail for computer booting systems." The European Commission responded that it was monitoring the situation but found no evidence of antitrust violations. The complaint was not pursued further. The architecture remained intact.

Linux distributions navigated this environment through a component called shim — a thin first-stage bootloader signed by Microsoft's UEFI CA that then loads the actual Linux bootloader using distribution-specific keys. [8] When Secure Boot became mandatory on Windows 8 certified hardware in 2012, Linux had no path to Secure Boot compatibility that did not involve Microsoft signing every bootloader. Shim was an engineering workaround for a structural subordination.

The August 2024 SBAT Incident

On August 13, 2024, Microsoft released Windows update KB5041585, intended to deploy Secure Boot Advanced Targeting (SBAT) revocations blocking older, vulnerable shim versions associated with the BlackLotus UEFI bootkit (CVE-2023-24932). Microsoft's documentation stated the update would not apply to dual-boot systems. The dual-boot detection logic failed.

[9] On systems running both Windows and Linux, the SBAT revocation list was applied despite the presence of Linux installations. Firmware subsequently refused to load now-revoked shim versions. Affected users — running Ubuntu, Debian, Linux Mint, and other distributions — encountered the error message: "Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed." Their Linux installations became unbootable. Microsoft provided a registry-based workaround within days but did not release a permanent fix — corrected detection logic — until [10] the May 13, 2025 Patch Tuesday update (KB5058405), nine months after the incident. The episode required tens of thousands of users to manually intervene in their firmware configuration to restore functionality.

"This known issue only occurs with the installation of the August 2024 security and preview updates. The September 2024 security update and later updates do not contain the settings that caused this issue."

— Microsoft Windows Release Health Dashboard, May 2025

The incident demonstrated concretely what critics had warned since 2012: a unilateral decision by a single company, pushed through an automated update mechanism to hundreds of millions of machines, could render competing operating systems non-functional without advance notice, user consent, or legal accountability.

The June 2026 Certificate Expiration

The certificates Microsoft deployed when Secure Boot was first mandated in 2011 are now expiring. [11] Three certificates on a staggered schedule define the transition:

▸ Microsoft UEFI Certificate Expiration Schedule

CertificateExpirationFunctionImpact of Expiry
Microsoft KEK CA 2011 June 24, 2026 Authorizes Windows Update to push DB/DBX changes No new Secure Boot revocations deliverable via Windows Update; frozen security posture
Microsoft UEFI CA 2011 June 27, 2026 Signs third-party bootloaders including Linux shim New shim binaries cannot be signed with old key; new installations may fail on systems with only 2023 certs
Microsoft Windows PCA 2011 October 19, 2026 Signs the Windows bootloader itself Windows boot chain signing transitions to 2023 PCA

A critical clarification that has been obscured in popular reporting: [12] Secure Boot firmware does not enforce certificate expiration dates at boot time. The firmware has no reliable access to a verified clock during the pre-OS boot sequence, so machines with already-installed shim binaries signed by the 2011 key will continue to boot after June 27. What expires is Microsoft's ability to sign new binaries with the old key. The operational impact falls on new installations, on machines whose OEMs never deploy the 2023 certificate set, and on the long-term ability to receive boot-level security revocations.

[13] Red Hat released dual-signed shim packages — carrying both 2011 and 2023 certificate signatures — for RHEL 9 and 10 in May 2026 and for RHEL 8 in June 2026. Ubuntu, Fedora, and Debian have followed parallel release schedules. The approach of dual-signing provides backward compatibility across hardware generations but depends on older UEFI firmware implementations correctly processing multiple Authenticode signatures in a single binary — a behavior not universally implemented in firmware from the 2012–2015 era.

The post-quantum dimension of the certificate transition adds a layer the current migration does not address. [14] The 2023 Microsoft UEFI CA replacement certificates use the same RSA-based cryptography as the 2011 certificates they replace. The current transition rotates keys; it does not change the underlying algorithm. A future post-quantum migration of the UEFI certificate infrastructure faces the physical constraints discussed in Section V — NVRAM capacity, early-boot compute budgets, and the bootstrapping problem of signing the migration itself using the algorithm being replaced.

IV. Cryptocurrency: The Permanent Harvest

The "harvest now, decrypt later" threat that intelligence agencies describe as an active operation against encrypted communications has a structural analogue in cryptocurrency that is simultaneously simpler and more severe: the harvest is already complete, permanent, and publicly accessible to any future attacker.

Bitcoin's security model for transaction authorization rests on ECDSA over the secp256k1 elliptic curve. When a wallet spends funds, it reveals the public key corresponding to the signing address as part of the transaction broadcast. That revelation is permanent and immutable — recorded in every copy of the Bitcoin blockchain worldwide. Any future entity possessing a cryptographically relevant quantum computer can take any revealed public key, run Shor's algorithm against the elliptic-curve discrete logarithm, recover the private key, and authorize arbitrary transactions from the corresponding wallet.

[15] Project Eleven, a post-quantum security research organization, estimates that approximately 6.9 million BTC — roughly one-third of total supply — sit in addresses where the public key is already exposed on-chain. This includes every Pay-to-Public-Key (P2PK) output from Bitcoin's first two years, approximately 1.7 million BTC believed to include coins mined by Satoshi Nakamoto, and every address that has sent at least one transaction, thereby revealing its public key in the spending signature.

[16] A May 2026 Citi Research report identified Bitcoin as more exposed than Ethereum to the quantum threat, citing Bitcoin's slower governance and upgrade process. Proof-of-stake networks such as Ethereum may adapt more quickly because protocol upgrades do not require the same conservative consensus process. Ethereum targets quantum resistance via its Strawmap roadmap by 2030; Ripple has published a four-phase quantum-proofing plan targeting 2028.

BIP-360 and BIP-361: The Migration Debate

[17] BIP-360, proposed in February 2026, introduces Pay-to-Merkle-Root (P2MR), a new Bitcoin output type using NIST-approved ML-DSA signatures that provides quantum resistance for newly created addresses. The proposal establishes the technical foundation for a migration path but deliberately scopes itself narrowly — it does not address the 6.9 million BTC with already-exposed public keys.

[18] BIP-361, proposed in April 2026, extends the framework to address legacy exposure through a structured multi-year migration with legally and philosophically unprecedented features. Phase A, three years after activation, stops the network from accepting new deposits to legacy vulnerable address types. Later phases contemplate freezing or eventually burning coins that have not migrated — including, if Satoshi's coins remain unmoved, approximately 1.7 million BTC currently valued at approximately $74 billion. The authors cite Satoshi Nakamoto's own writings about the network's capacity to adapt, but the proposal would constitute the first instance in Bitcoin's history of the community deliberately nullifying property rights by protocol consensus.

⚠ Critical Technical Constraint: Short-Exposure Attacks

BIP-360 addresses "long-exposure" attacks — quantum derivation of private keys from public keys sitting permanently on-chain. It does not address "short-exposure" attacks, where a quantum computer fast enough to derive a private key from the public key revealed during the mempool window before transaction confirmation could authorize a competing spend. Protection against short-exposure requires post-quantum signature schemes at the transaction level, work that remains in early proposal stages. A sufficiently fast quantum computer could, in principle, intercept and redirect any Bitcoin transaction in flight even after BIP-360 deployment.

V. The Post-Quantum Migration: Standards, Mandates, and Physical Constraints

NIST FIPS 203/204/205: The New Standards

[19] On August 13, 2024, NIST released the first three finalized post-quantum cryptographic standards after a six-year international competition involving 82 candidate algorithms:

▸ NIST Post-Quantum Cryptography Standards (August 2024)

StandardAlgorithmBasisApplication
FIPS 203 ML-KEM (CRYSTALS-Kyber) Module Lattice (MLWE problem) Key encapsulation / general encryption
FIPS 204 ML-DSA (CRYSTALS-Dilithium) Module Lattice (MLWE problem) Digital signatures, certificates
FIPS 205 SLH-DSA (SPHINCS+) Hash-based (stateless) Digital signatures (conservative fallback)

These algorithms replace the P≠NP hardness assumption with different mathematical structures: lattice problems (finding the shortest vector in a high-dimensional lattice) and hash function collision resistance. Neither has been proven unconditionally hard; both are believed resistant to known quantum algorithms. The epistemological status is improved — the problems are less well-studied by attackers and the lattice hardness literature is deeper — but the fundamental posture remains assumption rather than proof.

The size penalty of the transition is substantial. [20] An ML-DSA-65 signature is 3,309 bytes against 64 bytes for classical Ed25519 — a 52× increase. A depth-2 certificate chain with ML-DSA-65 reaches approximately 17,500 bytes of overhead, a 32× increase over classical Ed25519. For UEFI firmware, where certificate databases live in non-volatile RAM chips with fixed capacity, this is not an abstract inefficiency — it is a physical barrier that cannot be overcome by software update on existing hardware.

The Government Mandate Architecture

The U.S. regulatory framework for post-quantum migration is unusually specific by historical standards of cryptographic policy. [21] National Security Memorandum 10 (NSM-10), signed by President Biden in May 2022, directs all Federal Civilian Executive Branch agencies, Department of Defense components, Intelligence Community agencies, and federal contractors to complete migration to quantum-resistant cryptography by 2035. The Quantum Computing Cybersecurity Preparedness Act, signed December 2022, codified this requirement in statute — making it resistant to executive reversal. The Trump administration's June 2025 executive order streamlined certain procurement mandates while explicitly preserving NSM-10 as the foundational document, a rare piece of bipartisan continuity in cybersecurity policy.

[22] NSA's CNSA 2.0 framework translates NSM-10 into operational specificity: ML-KEM-1024 for key establishment, ML-DSA-87 for digital signatures. New National Security System acquisitions must support CNSA 2.0 by January 2027. Legacy systems unable to support CNSA 2.0 must complete transition by December 31, 2030. All covered systems must exclusively use CNSA 2.0 algorithms by December 31, 2031, with full quantum resistance required by 2035.

For organizations in the defense-industrial base, the planning phase is operationally over. RFPs written today for systems with 18–36 month development timelines must incorporate CNSA 2.0 requirements to avoid delivering non-compliant systems into a 2027 mandate environment.

The Firmware Bootstrapping Problem

The deepest technical challenge in post-quantum migration at the firmware level has no clean solution within the constraints of existing hardware. To upgrade UEFI firmware to support post-quantum cryptographic verification, the upgrade package itself must be signed and verified using the existing RSA-based trust chain — because there is no other trust chain available on existing hardware. The transition to post-quantum verification is necessarily signed with the algorithm it is replacing. The first machine that is genuinely quantum-safe at the boot layer is one that was manufactured with post-quantum-capable verification hardware from the start.

[23] The UEFI Forum has published a white paper on post-quantum cryptography specification updates, describing the Forum's approach to incorporating PQC considerations into future UEFI specifications. The operative framing is forward-looking: future hardware, future specifications, future OEM implementations. Machines manufactured before approximately 2028–2030 will almost certainly lack the NVRAM capacity and early-boot compute resources needed to implement a post-quantum Secure Boot chain. The current 2023 certificate rotation — the one expiring this week — is migrating from one quantum-vulnerable RSA infrastructure to another quantum-vulnerable RSA infrastructure. It solves the expiration problem. It does not touch the quantum problem.

VI. Structural Assessment: The Emperor and the Infrastructure

Examined together, the UEFI certificate crisis, the cryptocurrency exposure, and the post-quantum migration deadline share a common structural signature: large-scale infrastructure optimized for present performance has accumulated future liability at a rate that exceeds the capacity of governance and engineering to address it before the liability becomes acute.

The Microsoft UEFI certificate monopoly was not a conspiracy. It was the natural downstream consequence of market power in operating systems, deployed through hardware certification leverage, producing a structural position whose implications were warned about clearly in 2012 and are expressing as operational failure fourteen years later. The institutions that could have regulated this arrangement — the European Commission in 2013, the U.S. Department of Justice — declined on the grounds that no evidence of current harm existed. The harm was deferred, not absent.

The cryptocurrency quantum exposure was not an oversight. It was a known property of ECDSA that the Bitcoin community has discussed for years. The blockchain's permanent, public record of exposed keys is a feature — transparency and immutability are central to the value proposition — that doubles as an unlimited-duration attack surface against any future adversary with sufficient quantum capability. The migration path requires consensus from a deliberately decentralized and conservative governance structure operating against a hardware timeline it does not control.

The post-quantum migration itself faces a version of the same problem. [24] A realistic enterprise migration timeline is 42–54 months from initiation to compliance. With full quantum resistance required for national security systems by 2035, and with most expert estimates placing cryptographically relevant quantum computers in the 2030–2035 range, the margin is narrow and not uniformly distributed across the global infrastructure that depends on the same mathematical assumptions.

"Quantum computing is not a forecast — it is an ongoing operation. The breach may already have occurred, the data may already be in adversarial hands, and the organization may not know it until years from now."

— Cloud Security Alliance, AI Infrastructure and Post-Quantum Research, May 2026

The post-quantum cryptographic standards finalized in August 2024 represent a genuine engineering achievement. The NIST process, spanning six years and engaging cryptographers globally, produced algorithms that are more robustly analyzed against quantum attacks than any predecessor. The lattice-based problems underlying ML-KEM and ML-DSA are harder to attack with known quantum algorithms than integer factorization is for Shor's. The transition, if executed, improves the security posture materially.

What the transition does not resolve is the epistemological condition. The new standards rest on different mathematical assumptions, not on proven hardness. The history of cryptography suggests that this is the best available posture rather than a remediable condition: information-theoretically secure cryptography exists (one-time pads) but is operationally impractical at civilizational scale. Computational hardness assumptions are what make practical cryptography possible. The quantum transition moves those assumptions to a different class of mathematical problems. The emperor has new clothes. They are better clothes. The emperor is still not naked. And the question of what the next Shor — the next computational model change that sidesteps the hardness assumption entirely — might look like remains genuinely open.

For the practicing engineer, the actionable conclusion is straightforward even if the philosophical condition is not: migrate to post-quantum standards now, before the migration becomes urgent. Conduct cryptographic inventories. Update UEFI firmware where OEM support permits. Move cryptocurrency holdings to address types that do not expose public keys and monitor BIP-360 deployment for migration to quantum-safe addresses. Plan system acquisitions around CNSA 2.0 requirements. The 2035 deadline is not distant when the migration pipeline is 5–10 years long and the hardware timeline is accelerating faster than models predicted.

The emperor's wardrobe is not empty. But the tailors are working faster than the weavers.


References and Verified Sources

  1. Joint CISA/NSA/NIST Advisory. "Quantum-Readiness: Migration to Post-Quantum Cryptography." CISA Advisory, 2023. Cited in: Cloud Security Alliance, "AI Infrastructure Post-Quantum Harvest-Now-Decrypt-Later," May 2026.
    https://labs.cloudsecurityalliance.org/research/ai-infrastructure-post-quantum-harvest-now-decrypt-later-v1/
  2. Google Quantum AI. "Meet Willow, our state-of-the-art quantum chip." Google Blog, December 2024; Quantum Echoes algorithm paper, October 2025.
    https://blog.google/innovation-and-ai/technology/research/google-willow-quantum-chip/
    https://blog.google/technology/research/quantum-echoes-willow-verifiable-quantum-advantage/
  3. The Conversation / Nature News. "Quantum computers are coming to break our codes faster than anyone expected." April 12, 2026. Covers Google Quantum AI ECDLP-256 paper and Oratomic/Caltech preprint.
    https://theconversation.com/quantum-computers-are-coming-to-break-our-codes-faster-than-anyone-expected-280303
  4. Microsoft Azure Quantum Blog. "Microsoft unveils Majorana 1, the world's first quantum processor powered by topological qubits." February 19, 2025.
    https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/
    Scientific skepticism: https://link.aps.org/doi/10.1103/Physics.18.68
  5. Decrypt. "Microsoft Reveals '1,000x More Reliable' Quantum Chip as Bitcoin Threat Draws Nearer." June 2026. Covers Majorana 2 announcement.
    https://decrypt.co/369811/microsoft-1000x-more-reliable-quantum-chip-bitcoin-threat-draws-nearer
  6. DEV Community / ISMS Core. "The Certificate Nobody Checked: Secure Boot's Fifteen-Year Blind Spot." April 24, 2026.
    https://dev.to/isms-core-adm/the-certificate-nobody-checked-145c
  7. The Register. "Red Hat engineer renews attack on Windows 8-certified secure boot." September 26, 2011. Hispalinux antitrust complaint, March 27, 2013.
    https://www.theregister.com/2011/09/26/uefi_linux_lock_out_row_latest/
    https://www.theregister.com/2013/03/27/hispalinux_microsoft_antitrust_suit/
  8. DEV Community / ISMS Core. "The Certificate Nobody Checked." April 2026. On shim architecture and Microsoft signing dependency.
    https://dev.to/isms-core-adm/the-certificate-nobody-checked-145c
  9. Techzine Global. "Windows patch prevents Linux from booting on dual-boot systems." August 21, 2024.
    https://www.techzine.eu/news/devices/123609/windows-patch-prevents-linux-from-booting-on-dual-boot-systems/
  10. Bleeping Computer. "Microsoft fixes Linux boot issues on dual-boot Windows systems." May 14, 2025.
    https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-linux-boot-issues-on-dual-boot-windows-systems/
  11. University of Wisconsin–Madison DoIT Knowledge Base. "Microsoft Secure Boot Certificate Expiration 2026." 2026.
    https://kb.wisc.edu/159935
    Eclypsium analysis: https://eclypsium.com/blog/microsoft-secure-boot-certificates-expire-2026/
  12. CIQ. "No, your Secure Boot certificate is not expiring in June." June 2026. Clarification of firmware expiration behavior.
    https://ciq.com/blog/secure-boot-uefi-ca-key-rotation-2026
  13. Red Hat Customer Portal / Red Hat Developer. "Secure Boot Certificate Changes in 2026: Guidance for RHEL Environments." Updated May–June 2026.
    https://access.redhat.com/articles/7128933
    https://developers.redhat.com/articles/2026/02/04/secure-boot-certificate-changes-2026-guidance-rhel-environments
  14. Microsoft Tech Community. "Secure Boot playbook for certificates expiring in 2026." May–June 2026.
    https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235
  15. Project Eleven; Phemex Research. "Bitcoin is going quantum-proof. Inside BIP-360 and the migration." Crypto News, June 2026. On 6.9M BTC exposure estimate.
    https://cryptonews.net/news/bitcoin/32981892/
    https://phemex.com/blogs/bitcoin-quantum-resistant-address-bip-360
  16. Citi Research / CoinDesk. "Bitcoin more exposed to quantum risks than Ethereum, Citi says." May 18, 2026.
    https://www.coindesk.com/tech/2026/05/18/bitcoin-faces-outsized-quantum-threat-as-computing-breakthroughs-accelerate-citi-says
  17. BIP-360 Official Site / DAIC Capital. "BIP 360: Pay-to-Merkle-Root (P2MR)." February 2026.
    https://bip360.org/
    https://daic.capital/blog/bip-360-bitcoin-quantum-safe
  18. Quasa.io / Bitcoin Developers. "Bitcoin Developers Propose BIP-361: Quantum-Proof Migration That Would Freeze Millions of Legacy Coins." April 19, 2026.
    https://quasa.io/media/bitcoin-developers-propose-bip-361-quantum-proof-migration-that-would-freeze-millions-of-legacy-coins
  19. NIST. "NIST Releases First 3 Finalized Post-Quantum Encryption Standards." August 13, 2024. FIPS 203, FIPS 204, FIPS 205.
    https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
    Holland & Knight analysis: https://www.hklaw.com/en/insights/publications/2024/08/nist-releases-three-post-quantum-cryptography-standards
  20. arXiv / Merkle Tree Certificate PQC. "Merkle Tree Certificate Post-Quantum PKI for Kubernetes and Cloud-Native 5G/B5G Core." arXiv:2604.04191, 2026. On ML-DSA certificate size overhead.
    https://arxiv.org/pdf/2604.04191
  21. CyberScoop / NSM-10 / OMB M-23-02. "Why federal IT leaders must act now to deliver NIST's post-quantum cryptography transition." September 22, 2025.
    https://cyberscoop.com/why-federal-it-leaders-must-act-now-to-deliver-nists-post-quantum-cryptography-transition-op-ed/
    NSM-10 text: https://qtonicquantum.com/nsm-10
  22. NSA / PostQuantum.com. "CNSA 2.0: Complete Guide to NSA's PQC Requirements." Updated June 2026.
    https://postquantum.com/cnsa-2-0/complete-guide/
    Original CNSA 2.0 advisory: https://postquantum.com/quantum-policy/nsa-cnsa-2-0-pqc/
  23. UEFI Forum. "Post-Quantum Cryptography: UEFI Specification Updates." White paper, 2025–2026.
    https://uefi.org/
    Hardware constraint analysis: https://eprint.iacr.org/2024/1345.pdf
  24. AxelSpire / NIST IR 8547. "CNSA 2.0 and NIST PQC Deadlines 2026–2035." May 2026. On 42–54 month migration timeline.
    https://axelspire.com/business/pqc-timeline-mandates/
    NIST IR 8547 (Transition to Post-Quantum Cryptography Standards): https://csrc.nist.gov/pubs/ir/8547/ipd
  25. Wang Chao et al., Shanghai University. "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage." Chinese Journal of Computers, October 2024. Expert response: https://www.techtarget.com/searchsecurity/news/366613737/Experts-slam-Chinese-research-on-quantum-encryption-attack
  26. The Quantum Insider. "Q-Day Just Got Closer: Three Papers in Three Months Are Rewriting the Quantum Threat Timeline." March 31, 2026.
    https://thequantuminsider.com/2026/03/31/q-day-just-got-closer-three-papers-in-three-months-are-rewriting-the-quantum-threat-timeline/
  27. European Parliament / EC Competition Commissioner. Written question E-002247/2013 on UEFI Secure Boot and Microsoft as single point of trust. March 2013.
    https://www.europarl.europa.eu/doceo/document/E-7-2013-002247_EN.html
  28. Federal Reserve Board. "Harvest Now Decrypt Later: Examining Post-Quantum Risks to Cryptocurrency." FEDS Working Paper 2025-093.
    https://www.federalreserve.gov/econres/feds/files/2025093pap.pdf
  29. arXiv. "Securing Cryptography in the Age of Quantum Computing and AI: Threats, Implementations, and Strategic Response." arXiv:2603.06969, March 2026.
    https://arxiv.org/pdf/2603.06969
  30. Windows Latest. "Microsoft answers what you must do as Windows 11 Secure Boot deadline hits in days." June 8, 2026. Coverage of Microsoft AMA session with Arden White, Scott Shell, et al.
    https://www.windowslatest.com/
This report was synthesized from primary sources, peer-reviewed preprints, official government advisories, and industry research current as of June 2026. The views expressed reflect the technical record as documented in cited sources. This is an independently produced analysis in the style of IEEE Spectrum; it is not an official IEEE publication.