SIGGRAPH 2022: A tale of USD, Hydra, and the sheer power of Dreamworks MoonRay – RedShark News

Why DreamWorks' releasing MoonRay under the Apache open source license is akin to Panavision giving away Millennium DXLs along with the blueprints.

Back in the 90s, when someone mentioned RenderMan most would think of a rendering engine from Pixar. In reality however, RenderMan wasn't actually a rendering engine at all, but rather an open standard for rendering engines; Pixar's version was called PhotoRealistic RenderMan (PRMan).

The heart of the RenderMan standard was a scene description language and a shader language. Being open, anyone developing a rendering engine could write a parser for both, and anyone developing a 3D animation system could implement an exporter for them.

Open source software is a very different beast. One of the most famous open source applications on the internet is Blender3D. Anyone can download the source code for Blender, including the well loved Cycles rendering engine. Some studios have even taken advantage of Blender's open source nature to customize it for their own in-house production pipelines.

Because of the license that Blender is released under, in spite of having huge amounts of funding from companies like Epic, Ubisoft, and Bethesda, the application is still completely open source. The pace of Blender improvements now rivals that of DaVinci Resolve, yet the source code remains freely available.

Pixar has developed a new standard for 3D animation systems to share data called USD: Universal Scene Description. Along with that are the Open Shading Language (OSL) and ILM's MaterialX specification. Part of the specification includes what is termed a USD Hydra Delegate, which is a much simpler idea than it sounds like; it's essentially a plug-in interface for a rendering engine.

SideFX Software got on board with USD early and has a mature, production ready implementation of it now in Solaris, which is a Houdini workspace designed for scene assembly, look development, lighting, and rendering. Since Solaris is based on USD, it can render to any Hydra Delegate. From the user's point of view, switching renderers requires no more effort than dropping down an appropriate node in the Solaris environment.

Houdini has two production rendering engines now. One is the older, CPU only Mantra which is well respected for image quality, features, and robustness. It does not however use GPU compute, so it falls well short of most of its contemporaries in the speed department thanks to the meteoric rise of GPU computing power in recent years. The second option now available is Karma, which is faster than Mantra but more importantly includes an XPU option which uses both the CPU and GPU compute. Karma is also a USD Hydra delegate with (beta) support for MaterialX shaders.

For SIGGRAPH 2022, a few of Intel's developers implemented a prototype USD Hydra delegate using Intel's open source Embree rendering system. Being a Hydra delegate, it sits in Solaris just like Karma does, allowing Intel an opportunity to tease us with the might of its next generation GPU.

Because USD is an open standard, a certain well known and well loved open source 3D animation system supports it also: Blender. AMD has implemented full USD Hydra delegate support as one of the features of ProRender for Blender.

Dreamworks is well known for its stylized animation, but the studio also does photorealistic visual effects for film, commercials, and TV. Rather than relying on a 3rd party production renderer, DreamWorks developed its own in house.

Called MoonRay, DreamWorks in house renderer is a state of the art distributed path tracer. It supports the usual laundry list of features like Cryptomatte, and deep output, a flexible and extensible suite of layerable shaders, light filters, volumetric rendering, and light filters.

While the rendering features by themselves don't set MoonRay apart from the likes of Arnold, V-Ray, Redshift, and even Cycles, there are a few areas where MoonRay is leading the pack.

First is its XPU mode. One of the challenges that render engine developers face is that CPUs and GPUs handle math slightly differently. While in a purely integer world there would be no differences, that's not the case in floating point; it's entirely possible to have two different processors execute exactly the same instructions and end up with different results. Because there are standards for floating point arithmetic defined by the IEEE, the nature of floating point arithmetic makes it nearly impossible for every compute architecture to deliver identical results. The differences are not large by any means, they're typically limited to the last few decimal points in each operand, but over the course of several iterations they can add up. If every node is the same, there's nothing to worry about, but if the GPU is running 200 iterations of a shader and the CPU is running the other 200, then the two sets of resulting pixels can look different enough to manifest as a rendering glitch.

Because of this, most of the GPU accelerated rendering systems on the market currently use either the CPU or the GPU, and rarely both. In most cases both means render on the CPU and then use the GPU for output filters like noise reduction, so that the issue of differences in rounding affect the entire image, and in a way that is consistent throughout an image sequence.

SideFX and Isotropix are working on XPU renderers that can use both the CPU and the GPU to render an image with pixel perfect accuracy, so that there will be no difference between pixels rendered on the GPU vs pixels rendered on the CPU.

DreamWorks is already there with MoonRay; its XPU mode is able to use the GPU as a supplemental compute node, instead of only as a stage in the rendering process.

This is actually a bigger deal than it sounds at first, because GPU rendering actually performs pretty poorly unless the entire scene and all of its textures is able to reside in the GPU's memory. Being able to efficiently load balance the rendering effort across the CPU and GPU is a big deal for performance, because it lets the renderer boost performance by using the GPU but without being limited by GPU memory.

MoonRay's other banner feature set is also performance oriented. It's vectorized from the bottom up, and has been from the start of development. MoonRay uses Intel's Embree for ray tracing, and DreamWork's own vectorized ray integrator and shading and texturing engines.

The other side of MoonRay's performance feature set is its cloud based distributed rendering framework called Arras. The Arras SDK is designed to simplify connecting to a renderfarm, and also to integrate MoonRay with a client application. The MoonRay demos show examples of artists interactively working in Houdini connected to a 32-node MoonRay cluster that uses the system GPU for denoising, and the result is a blazing fast interactive viewport render, a tremendous boon for look development.

Another feature of MoonRay is that it supports the Hydra Render Delegate standard, so out of the box artists with applications like Houdini and Katana will be able to use MoonRay as an interactive as well as production rendering engine.

Since DreamWorks is releasing MoonRay under the Apache open source license and the USD Hydra specification is open, expect to see MoonRay pretty much everywhere in the near future.

Choosing a render engine for an animation project is akin to choosing a camera for a film project, such as Eevee for realtime, interactive work which makes it great for look development and Cycles for final rendering to take advantage of the physically based ray traced output.

In that analogy, DreamWorks' releasing MoonRay under the Apache open source license is akin to Panavision giving away Millennium DXLs, along with the blueprints.

DreamWorks uses MoonRay in Linux, so the Windows and OSX ports are currently in limited beta. There are some application developers already working on integrating MoonRay into their software as well.

Since it's in beta testing, DreamWorks doesn't have a time table for releasing MoonRay to the public yet, but it's a good bet that it's going to become very popular very quickly when it launches and raises the bar for third party rendering engines.

Excerpt from:

SIGGRAPH 2022: A tale of USD, Hydra, and the sheer power of Dreamworks MoonRay - RedShark News

Websites may write to the clipboard in Chrome without user permission – Ghacks

@Anonymous123s new nick

> something feels wrong with them

Starting out with a strong argument, I see.

> the code has become basically a mini-os

Well yeah, Chrome OS is a thing. That being said, all current browser codebases are the size of operating systems.

> a monopoly also

Where did Safari and Firefox go all of a sudden?

> and there are way too many things going on with Javascript

Both good and bad, the web would be a worse and way less interactive place without JS. Without JS, we would be stuck with the web of 1995.

> security issues

As you said yourself, the codebase has the size of an operating system, so no surprises there.

> bugs etc constantly getting patched

which is a good thing.

> too popular

Thats not a thing. People use what they want to use. Too bad for you that its not Deplatformingfox.

> Some people actually believe that chromium browsers have the best security

Its not a matter of belief, bud. Belief belongs to the realm of religion.

That Chromium has strong sandboxing and real site isolation is not belief, it is fact, verifiable via the open source code.

> Firefox, gets nowhere near the security issues of browsers like Chrome

Yeah, because its not a valuable target with 3% market share. Not because it is well-engineered (which it isnt, its garbage).

> Firefox, gets nowhere near the security issues of browsers like Chrome, Edge, Brave and Vivaldi.

Because nobody uses it.

> What browser is safer to use? Firefox is!

LOL, nope. You cant have it both ways. You claim Firefox is secure based on its irrelevancy (which is a shoddy argument in itself, but hey, lets ride with it), but when more people start using it, it will become a more attractive target of hackers, invalidating the irrelevancy factor.

> Firefox is the only FOSS browser maintained by well paid developers

Evidently false. Chromium is open source. So is WebKit. And Deplatformingfoxs devs are actually paid by Google.

> Google chrome is a proprietary browser where an ad tech company bloats the code.

So what? Chrome is just a closed source variant of Chromium, which is open source. And ad tech? Where do you think Mozzarellas money comes from? Did I miss the part where Mozzarella publicly came out against ads?

> No thanks. Firefox is much safer.

Nice ad. Want a job in the ad tech industry?

Quality of gHacks posts went downhill ever since they said bye bye to fact-based arguments for the most part.

Read more:

Websites may write to the clipboard in Chrome without user permission - Ghacks

A Bug In Open Source Makes Millions Of Websites Vulnerable To Attack – Open Source For You

Experts have cautioned that hundreds of thousands of websites, including many utilising the.gov name, could suffer data loss. Git, an open source development platform, has a weakness that, if left unfixed, gives threat actors access to the kingdoms secrets, according to cybersecurity specialists from Defense.com.

It appears that there are several.git folders that ought to be hidden but are frequently not. Although a major problem, the researchers claim that Git users disregard for recommended practises is more to blame. A threat actor may locate these folders and download their contents with the aid of a custom Google dork.

These folders files typically store the full history of the codebase, past code changes, comments, security keys, sensitive remote paths containing secrets, and plain-text password files. In addition to the apparent risk of revealing passwords and sensitive information, there is a hidden risk that hackers may analyse the code and discover more vulnerabilities that they will likely not be correcting but rather exploiting.

Additionally, these folders might have API keys and database login information, providing threat actors even more access to private user information. According to Defense.com, 332,000 websites in total, including 2,500 on the.gov domain, were identified as potentially susceptible.

Open source(opens in new tab) technology always has the potential for security flaws, being rooted in publicly accessible code. However, this level of vulnerability is not acceptable, commented Oliver Pinson-Roxburgh, CEO of Defense.com. Organizations, including the UK government, must ensure they monitor their systems and take immediate steps to remediate risk.

According to Pinson-Roxburgh, Git is a very well-liked open source version control system with more than 80 million active users, and this kind of vulnerability on such a well-liked platform can have severe ramifications for affected organisations.

Go here to see the original:

A Bug In Open Source Makes Millions Of Websites Vulnerable To Attack - Open Source For You

Crypto hackers have stolen nearly $2 billion this yearHere’s why it’s a growing problem – CNBC

Hackers have already stolen nearly $2 billion worth of cryptocurrency in 2022 and the year is only half over.

As of July, $1.9 billion in crypto has been stolen by cybercriminal hacks, according to Chainalysis' "Mid-year Crypto Crime Update."

At this point last year, hackers had stolen $1.2 billion, according to the report. That's a spike of nearly 60% compared to a year ago.

"Despite the misconception that cryptocurrency is anonymous, it remains easier to run away with coins or tokens," says Max Krupyshev, co-founder and leader of crypto payment ecosystem CoinsPaid. "I don't think that crypto hackers are stronger than the 'usual' kinds, it's just that crypto platforms are new and hold valuable assets."

Bad actors are increasingly targeting decentralized finance (DeFi) protocols, which are uniquely vulnerable to hacking, according to the report. DeFi programs are the underlying blockchain technology that enable financial transactions to occur outside of traditional banks. These programs primarily utilize the Ethereum blockchain.

DeFi programs are public and use open-source code, which can be helpful because it typically allows for security issues to be discovered and fixed quickly.

However, since open-source code is available for anyone to review, cybercriminals are able to extensively study the code and find vulnerabilities that can be exploited and used to steal crypto funds, according to the report.

And hackers aren't likely to stop any time soon. They have already stolen $190 million from crypto startup Nomad and $5 million from several Solana digital wallets during the first week of August, Chainalysis reports.

"The only way to stop them is for the industry to shore up security and educate consumers on how to find safe projects to invest in," the report advises.

There are plenty of virtual wallets that can safely store your crypto and secure it against online attacks, too, says Krupyshev. However, it's important to do thorough research first to determine which type of wallet makes sense for you.

It's also crucial to do your own research before investing in anything in order to avoid potential scams.

There are "fake opportunities and Ponzi [schemes] shining with their neon lights all over the place," Krupyshev warns. "No secure wallet can save a young investor from them."

Additionally, law enforcement must continue to develop its ability to seize stolen cryptocurrency so that hacks are no longer attractive to cybercriminals, Chainalysis reports.

Although many investors are drawn to the unregulated nature of cryptocurrency, the lack of a central regulating authority means investors typically don't have the same protections offered by traditional financial institutions like banks.

And remember, crypto assets can be highly volatile and subject to wild price valuations. There's no guarantee of making a return on your investment, which is why experts recommend only investing as much as you're prepared to potentially lose.

Sign up now: Get smarter about your money and career with our weekly newsletter

Don't miss: Fake crypto apps have stolen over $42 million from investors in under a year, warns FBIhow to stay safe

Go here to see the original:

Crypto hackers have stolen nearly $2 billion this yearHere's why it's a growing problem - CNBC

SD Times Open-Source Project of the Week: SvelteKit – SDTimes.com

SvelteKit is a framework for building high-performance web apps that can handle things like build optimizations, offline support, prefetching pages, and configurable rendering.

It combines Vite with the Svelte plugin to provide a feature-rich developer experience and uses Hot Module Replacement (HMR) to have developers see their changes to the code reflected in the browser.

Each page of the app is a component of Svelte, which is a UI framework that compiles components to optimize vanilla Java that also took the top spot as the most loved framework in a Stack Overflow survey. Developers can also create projects by adding files to the src/routes directory of a project which will be server-rendered to improve app speed.

Unlike single-page apps, SvelteKit doesnt compromise on SEO, progressive enhancement or the initial load experience but unlike traditional server-rendered apps, navigation is instantaneous for that app-like feel, the projects website, which contains additional details states.

SvelteKit, which is still in early development, uses fetch for getting data from a network and the Fetch API includes the interfaces Request, which contains useful methods like request.json() and request.formData() for getting data that was posted to an endpoint, an instance of Response, and the Headers interface to read incoming request.headers and set outgoing response.headers. The project also uses Stream, URL, and Web Crypto APIs.

Continued here:

SD Times Open-Source Project of the Week: SvelteKit - SDTimes.com

Android 13 is already working on Qualcomm Robotics RB3 and RB5 platforms – CNX Software

Qualcomm Robotics RB3 (aka DragonBoard 845c) and Robotics RB5 boards can already support Android 13, just a few days after the source code was pushed to AOSP (Android Open Source Project).

Once upon a time (i.e. a few years ago), it would have taken weeks, and more likely months, to port the latest version of Android (AOSP) to a specific single board computer. But thanks to initiatives such as Project Treble, Android reference boards such as DragonBoard 845c (RB3), HiKey 960, Khadas VIM3, and Qualcomm Robotics Board RB5 can now get the latest version of Android up and running in a matter of days.

Android 13 was released on August 15, and Linaro wrote about RB3 and RB5 support on August 18, and while Linaro engineers collaborated with Google engineers before the AOSP, it is still an impressive feat.

Amit Pundir, Linaro Engineer, explains how this was made possible:

Over the years Linaro has worked together with Google to constantly keep 96Boards development boards working and in-sync with the upstream Kernel versions and AOSP. Hardware with good software support is essential for testing and validation of the latest AOSP and latest stable and upstream kernels. The collaboration with Google and the upstream community, combined with the upstreaming efforts of Linaros Android team and Linaros landing team for Qualcomm have brought us to where we are today. And while there is always more work to do, being able to boot the latest Android release on a development board straight out of the box is a great satisfaction!

Two images are available, one based on the android13.0.0_r3 tag used by the Pixel 6a and the other using AOSP master. Those are unified images, meaning they can run on either RB3 or RB5 without modifications. There are still a few issues here and there, notably WiFi and Bluetooth regressions which are being worked on.

Ive also asked Khadas whether VIM3/3L boards would get Android 13 support since there are listed as official Android reference boards, and I was told that while the boards are supported by the official Android AOSP mainline, not all features are supported. Amlogic does not plan to provide an Android 13 SDK for the A311D processor, so it may explain why. Khadas also informed me their software engineers focused their efforts on Ubuntu and their OOWOW system, which should make sense since most SBC users are probably using Linux.

Back to Android 13 support on the RB3 and RB5 platforms You can find more details and follow the development progress on the Software Device Enablement for Android Upstream page, and/or attend the virtual Linaro and Qualcomm Tech Day on September 6 to learn more about Linaros Android team efforts to support the reference boards in AOSP.

Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.

Continued here:

Android 13 is already working on Qualcomm Robotics RB3 and RB5 platforms - CNX Software

Capital One And Akamai Joins The Open Source Security Group – Open Source For You

Dedicated to protecting open source software, the Linux Foundation is a non-profit organisation that has added 13 new members from the business world, the financial world, and academia. More than a dozen new organisations will join the Open Source Security Foundation (OpenSSF), according to an announcement made on Wednesday. Capital One, a financial powerhouse, will be a premium member and hold a seat on the foundations governing board. The other new members include ZTE, the Eclipse Foundation, Perdue University, the TODO Group, Indeed, Akamai, Kasten by Veeam, Scantist, SHE BASH, Socket Security, Sysdig, Timesys, and SHE BASH.

Notable IT and open source firms including GitHub, Google, IBM, Microsoft, AWS, Meta, Fidelity, Morgan Stanley, Tencent, and others are already members of the organisation. While some of the foundations they establish are more restrictive, David A. Wheeler, director of open source supply chain security at the Linux Foundation, told SC Media in an interview that the requirements for membership in OpenSSF are as broad as the impact of the issue theyre trying to collectively solve.

Every different foundation has rules about who can join and who cant, but in the case of the OpenSSF, its extremely broad and intentionally so because basically everybody is impacted by the security or lack of security in open-source software, Wheeler said.

Additionally, there is a financial incentive because organisations must pay a membership fee that supports OpenSSFs operations. According to their website, there are no fees associated with participating in the foundations activities, and steering committees and project maintainers make choices on working groups and projects regardless of membership. But Wheeler did mention that organisations like Capital One that choose the more expensive premier memberships are awarded board seats.

Open source code is widely utilised in commercial software as well as in systems created by governments, non-profits, and universities. While open source software is neither more or less fundamentally dangerous than proprietary software, it has been a focus of both government and industry. While prominent cyber incidents like Log4j frequently make the news, malevolent hackers are increasingly using open source code corruption to target the businesses and other entities who use it.

For instance, Sonatype reported in March that it had discovered over 130 typosquatting packages aimed towards npm and over a dozen that were directed at popular Python repositories. The ultimate results of the Python attacks have included everything from installing cryptomining software, collecting login information, and establishing covert backdoors to gain access to victim systems.

More recently, at the Open Source Security Summit held in May at the White House, OpenSSF revealed a 10-point strategy. This strategy will be implemented through 10 different workstreams, including establishing a framework for incident response teams that can be deployed throughout the open source community, conducting annual third-party reviews of the top 200 most critical open source software components, finding ways to speed up the process of patching open source software, developing new metrics to track code and components, and moving the industry away from non-memory safe programming languages that make it difficult to find and fix vulnerabilities.

Read the original post:
Capital One And Akamai Joins The Open Source Security Group - Open Source For You

What is Julia Programming Language? – Definition from Techopedia – Techopedia

What Does Julia Programming Language Mean?

Julia is an open source high-level, high-performance dynamic programming language designed at MIT for large-scale, partial-differential equation simulations and distributed linear algebra.

Julias ability to support scientific computing makes it a good choice for designing machine learning models and AI simulations.

The Julia programming language has a sophisticated compiler and supports distributed parallel execution. It is known for its numerical accuracy and mathematical function library, as well as its robust ecosystem of tools for optimization, statistics, parallel programming and data visualization.

Julia is expected to play an important role in the future of data science and artificial intelligence because it combines Pythons user-friendly scripting features with the high performance of compiled languages like C++.

Julia is one of the few open-source platforms for training machine learning models. (Until recently, machine learning models have been trained or developed primarily in R and Python.)

While Julia is considered to be a general-purpose language, data scientists are using many of its features for numerical analysis and computational science.

Compared to other platforms, Julia is known for being easy to use. It is also known for being:

Julia is made available under the MIT license and the source code is available on GitHub.

Original post:
What is Julia Programming Language? - Definition from Techopedia - Techopedia

Anaconda and Oracle Partner to Help Secure the Open-Source Pipeline – Database Trends and Applications

Anaconda Inc., provider of a data science platform, is partnering with Oracle Cloud Infrastructure to offer secure open-source Python and R tools and packages. By embedding and enabling Anacondas repository across OCI Artificial Intelligence and Machine Learning Services customers will have access to Anaconda services directly from within OCI without a separate enterprise license.

Together, Anaconda and Oracle are looking forward to bringing open-source innovation to the enterprise, helping apply ML and AI to the most important business and research initiatives.

We are committed to helping enterprises secure their open-source pipelines through the ability to use Anaconda anywhere, and that includes inside the Oracle Cloud, said Peter Wang, CEO and co-founder of Anaconda. By combining Anacondas package dependency manager and curated open-source repository with OCIs products, data scientists and developers can seamlessly collaborate using the open-source Python tools they know and trustwhile helping meet enterprise IT governance requirements.

Python has become the most popular programming language in the data science ecosystem, it is a widely-accessible language that facilitates a wide variety of programming-driven tasks. Because the velocity of innovation powered by the open-source community outpaces any single technology vendor, more and more organizations are adopting open-source Python for enterprise use.

For more information about this news, visit http://www.oracle.com.

See more here:
Anaconda and Oracle Partner to Help Secure the Open-Source Pipeline - Database Trends and Applications

Tornado Cash’s sanction has the tech industry watching nervously – Grid

How do you ban an open-source software project and make it stick?

Thats the question facing the Treasury Department, which last week added open-source cryptocurrency mixer Tornado Cash to a U.S. government list of individuals and entities blacklisted for violating sanctions. In this case, Tornado Cash which helps keep cryptocurrency transactions private made the list for violating sanctions against North Korea.

Hear more from Benjamin Powers about this story:

But Tornado Cash isnt a company. Its an open-source software project based on the Ethereum blockchain, maintained by people and servers spread around the globe. As the team wrote in a 2020 blog post, From now on, Tornado.cash is largely living by the precepts that code is law. No one can modify the smart contracts and the protocol is decentralized and unstoppable, as long as Ethereum isnt changed or taken down.

The U.S. action raises a host of questions about whether any government can effectively sanction open-source code, rather than individuals, and what widespread effects that might have for not just future open-source projects, but anyone who has used Tornado Cash. There have been 12,243 unique user deposits on Tornado Cash, according to Dune Analytics, a blockchain analytics platform.

They werent just sanctioning a specific entity or user like from, in this case, North Korea, said Seth For Privacy, the pseudonym of a privacy educator whose work focuses on the cryptocurrency ecosystem.

Instead, theyre sanctioning the entire tool, the entire open-source tool of decentralized smart contracts on [the cryptocurrency] Ethereum, he said. They went after the entire tool itself that had been used by an entity that was sanctioned. So that was a big, big shift from previously where normally sanctions are targeting an entity using a tool.

The Treasury Department added Tornado Cash to the sanctions list known as the Specially Designated Nationals and Blocked Persons List (SDN list) for allegedly facilitating millions of dollars in cryptocurrency transactions to the North Korean government at the hands of government-affiliated hackers.

In its statement, the Treasury Department said Tornado Cash has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. This includes over $455 million stolen by the Lazarus Group, a state-sponsored North Korean hacking group that was sanctioned by the U.S. in 2019, which the department described as the largest-known virtual currency heist to date.

Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks, said Undersecretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson in a statement. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.

Contrary to popular belief, few cryptocurrency transactions are private.

Public blockchains, which can be thought of as digital ledgers, keep a record of all transactions. While cryptocurrency wallets or alphanumeric addresses where funds are sent are pseudonymous, the people behind them can be identified.

Indeed, people publicly post their wallet addresses online, and blockchain analytics or analysis companies like Chainalysis and Elliptic have made whole business models off of opening up the curtains and tracking cryptocurrency transactions.

They do things like identify, categorize and track addresses in real time, using modeling and visual representations to track changes on a blockchain and identify behaviors. In a sense, they follow the money.

Tornado Cash is a mixer, meaning that it helps obfuscate the origins and destinations of cryptocurrency transactions and makes them harder to trace, even for law enforcement. People can send funds to a smart contract on the Ethereum blockchain, which then mixes the funds, which are then withdrawn from another address. That contract address was on the sanctions list even though no one owns it; its merely a series of ones and zeros executing a task.

Chainalysis, a blockchain analytics company that has done multimillion-dollar business with the U.S. military and law enforcement, estimated that 18 percent of the funds received by Tornado Cash were from sanctioned entities, but said almost entirely, we should note, before those entities were sanctioned.

Detractors of the mixer service argue that its used solely by criminals for money laundering. Proponents tout the privacy-preserving function, which is also used by a significant number of law-abiding people.

While we and many others have been working alongside both sides in the aisle in a positive direction on crypto and privacy, this move blindsided everyone, said Josh Swihart, senior vice president of growth, product strategy and regulatory affairs at Electric Coin Company, creators and supporters of the anonymity-enhancing cryptocurrency Zcash.

After the government announced the sanctions against Tornado Cash, Microsoft deleted the accounts of Tornado Cash contributors and the project itself from GitHub, a platform where developers collaboratively create and maintain open-source software. It has over 83 million users.

Thirty years of hard legal work to establish first amendment protections around software distribution, blown up in a day by GitHub/Microsoft, tweeted Johns Hopkins University cryptography professor Matthew Green.

Trade laws require GitHub to restrict users and customers identified as Specially Designated Nationals (SDNs) or other denied or blocked parties, or that may be using GitHub on behalf of blocked parties, said a GitHub spokesperson in a statement. At the same time, GitHubs vision is to be the global platform for developer collaboration. We examine government sanctions thoroughly to be certain that users and customers are not impacted beyond what is required by law.

The move to sanction a tool, rather than, for example, a cryptocurrency wallet address directly affiliated with a national security threat, has sent shock waves through the cryptocurrency community.

The implications of [the Treasury Department] adding the Tornado Cash protocol to the sanction list was actually greater for the world beyond crypto than for crypto itself, said Omid Malekan, an adjunct professor at Columbia Business School who teaches courses on crypto and blockchain.

The U.S. government took the drastic step of sanctioning an open-source, decentralized protocol specifically actually adding the Ethereum addresses of the smart contracts where the code lives, along with the addresses to access the service, he said.

That effectively criminalizes the act of seeking financial privacy, Malekan said, and opens up a can of worms around open source such as whether the government will charge someone who wrote code because a criminal later used that code.

Seth For Privacy said there may also be risks for users of the Tornado Cash service. He wonders what will happen with any of their funds that interacted with Tornado Cash and whether that money would be subject to criminal action.

On Friday, Dutch authorities announced they had arrested a 29-year-old for being suspected of involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies through the decentralized Ethereum mixing service Tornado Cash.

Authorities said multiple arrests could not be ruled out.

Because crypto wallets cannot reject incoming transactions, an anonymous Twitter user out to prove a point started sending a slew of incredibly small, unsolicited transactions of Ethereum that had interacted with Tornado Cash to the public wallets of celebrities, in theory implicating them in potential violations of sanctions laws.

Malekan performed a similar public experiment on Twitter by donating a small amount of Ethereum, via Tornado Cash, to Planned Parenthood and to a secret group of Russians helping Ukrainian refugees. In both cases, he said, he committed a crime, but did so to illustrate that privacy itself should not be criminalized.

There are 10,000 vanilla reasons why somebody would want to use Tornado Cash for something completely mundane in a way that is not remotely criminal or illicit, he said.

Hailey Lennon, a shareholder at the law firm Anderson Kills Technology, Media and Distributed Systems Group, said the further sanctions regimes get from a direct connection to helping terrorists and covering the source of funds, the more you get toward developers and open source that gets really sticky.

She also pointed out that there is a tension between national security and privacy in this case, with national security used as a justification for intruding on privacy. Similar debates play out around encrypted communications, for example.

When 9/11 happened, it gave the Patriot Act sharper teeth, she said. It changed the way we travel and how financial institutions surveil transactions.

The governments actions have already made it harder for Tornado Cash users to access the service, although whether sanctions can truly eliminate an open-source project remains to be seen. In addition to Microsoft removing the code and contributors from GitHub, two major application programming interface and infrastructure providers, Alchemy and Infura, have blocked API access to Tornado Cashs front-end interface. That means users trying to access it through these APIs software intermediaries that let apps talk to each other cannot see Tornado Cash. Users can still reach the Tornado Cash service, but its going to get increasingly harder and more complicated over time.

I think the main things for a project to be prepared for when building their project is to make sure its built for adversarial environments, said Seth for Privacy. Not assuming that the current environment will last forever, or that their tool itself will always be considered above board and OK.

Thanks to Lillian Barkley and Alicia Benjamin for copy editing this article.

Original post:
Tornado Cash's sanction has the tech industry watching nervously - Grid