Tech News

Last week, the AMD team released v-2019.Q1.2 version of AMD Open Source for Vulkan (AMDVLK). This release comes with fairly small updates including a DXVK fix, one new Vulkan extension, and some more updates. What’s new in v-2019.Q1.2 The XGL code exposes YUV planes directly to allow applications to implement their own color conversion. Symbols are now not included when building the driver in its release confirmation, which could help with performance. The default WgpMode is updated from wgp to cu The performance regression introduced by the updates that added support for the LOAD_INDEX path for handling pipeline binds is now fixed. AMDVLK architecture: The following diagram shows its architecture: Souce: GitHub AMD open-sourced AMDVLK in 2017, which was earlier the part of AMDGPU-PRO driver. It is a Vulkan driver for Radeon graphics adapters on Linux and is built on top of AMD’s Platform Abstraction Library (PAL). PAL provides hardware and OS abstractions for Radeon (GCN+) user-mode 3D graphics drivers. It also provides users with a consistent experience across platforms, including support for recently released GPUs and compatibility with AMD developer tools. As PAL does not come with a shader compiler, clients are expected to use an external compiler library that targets PAL's Pipeline ABI to produce compatible shader binaries. Shaders compile a VkPipeline object as a single entity by shaders using the LLVM-Based Pipeline Compiler (LLPC) library. LLPC is built on the existing shader compilation infrastructure of LLVM for AMD GPUs to generate code objects that are compatible with PAL’s pipeline ABI. To know more in detail about AMDVLK, you can check out its GitHub repository. AMD ROCm GPUs now support TensorFlow v1.8, a major milestone for AMD’s deep learning plans AMD open sources V-EZ, the Vulkan wrapper library AMD’s $293 million JV with Chinese chipmaker Hygon starts production of x86 CPUs

Yesterday a remote code execution bug was found in the APT high-level package manager used by Debian, Ubuntu, and other related Linux distributions. Max Justicz, the security researcher who discovered the bug, says that the bug "allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package.” Justicz’s blog post states that the vulnerable versions of APT don't properly sanitize certain parameters during HTTP redirects. An attacker can take advantage of this and perform a remote man-in-the-middle attack to inject malicious content, thus tricking the system to install certain altered packages. HTTP redirects while using apt-get command help Linux machines to automatically request packages from an appropriate mirror server when other servers are unavailable. If the first server fails, it returns the location of the next server from where the client should request the package. Justicz has also demonstrated this man-in-the-middle attack in a short video: https://justi.cz/assets/aptpoc.mp4 Justicz told The Hacker News that a malicious actor intercepting HTTP traffic between APT utility and a mirror server, or just a malicious mirror, could execute arbitrary code on the targeted system with the highest level of privileges, i.e. root. He further adds, "You can completely replace the requested package, as in my proof of concept. You could substitute a modified package as well if you wanted to”. The APT is also used by major Linux distributions like Debian and Ubuntu, who have also acknowledged and released security patches for this vulnerability. Hacker News also points how this flaw comes around the time when cybersecurity experts are fighting over Twitter, in favor of not using HTTPS and suggesting software developers to rely on signature-based package verification since the APT on Linux also does the same. They further add that the APT exploitation could have been mitigated if the software download manager was strictly using HTTPS to communicate securely. The developers of APT have released version 1.4.9 that fixes the issue. The bug has also been fixed in APT 1.2.29ubuntu0.1, 1.7.0ubuntu0.1, 1.0.1ubuntu2.19, and 1.6.6ubuntu0.1 packages, as well as in APT 1.4.9 for the Debian distribution. You can head over to Max Justicz official blog for more insights on this news. Kali Linux 2018 for testing and maintaining Windows security – Wolf Halton and Bo Weaver [Interview] Black Hat hackers used IPMI cards to launch JungleSec Ransomware, affects most of the Linux servers Homebrew 1.9.0 released with periodic brew cleanup, beta support for Linux, Windows and much more!

Wine 4.0 stable version has been released yesterday. It comes with four main features including support for Vulkan, Direct3D 12, Game controllers and High-DPI support on Android. In total, there are over 6,000 individual changes and improvements. Wine is an implementation of the Windows Application Programming Interface (API) library. makes it possible to run Windows programs alongside Linux or any other Unix-like operating system. Wine can also be used to recompile a program into a format that Linux can understand more easily, though access to the Windows program source code is required. Major improvements in Wine 4.0 Direct3D 12 support Wine 4.0 provides initial support for Direct3D 12 and requires the vkd3d library and a Vulkan-capable graphics card. The Direct3D graphics card database recognizes more graphics cards. The Multi-Threaded Command Stream feature is enabled by default. The OpenGL core contexts are always used by default when available to all graphics cards, and all versions of Direct3D before 12. Several Direct3D 11 interfaces have been updated to version 11.2, and DXGI interfaces have been updated to version 1.6. Support for using the correct swap interval is implemented, for both DXGI and DirectDraw applications. Application-configurable frame latency is implemented for Direct3D 9Ex and DXGI applications. Vulkan Support In Wine 4.0, Vulkan driver is implemented, using the host Vulkan libraries under X11, or MoltenVK on macOS. Wine 4.0 also provides a built-in vulkan-1 loader as an alternative to the SDK loader. A number of Direct2D interfaces have been updated to version 1.2. Other features: ARGB visual can be used as default X11 visual. The old 16-bit DIB.DRV driver is implemented using the DIB engine. For large polygons, polygon drawing is much faster in the DIB engine. Improvements made in Kernel Support for running DOS binaries under Wine is removed. In wine 4.0, all the CPU control and debug registers can be accessed by kernel drivers, including on 64-bit. Events, semaphores, mutexes, and timers are also implemented in kernel mode for device drivers. The WaitOnAddress synchronization primitives are supported. Application settings, compatibility information, and execution levels are also recognized in application manifests. Other changes Wine 4.0 supports the new version of the Android graphics buffer allocator API to enable graphics support on Android version 8 and above. Android x86-64 platforms are supported also in 64-bit mode. New external dependencies The Vulkan library is used to implement the Vulkan graphics driver. The Vkd3d library is used to implement Direct3D 12 on top of Vulkan. The SDL library is used to support game controllers. The GSSAPI library is used to implement Kerberos authentication. These are a select few changes. For a full list of improvements and additions, check out the release notes. Red Hat releases Red Hat Enterprise Linux 8 beta; deprecates Btrfs filesystem Homebrew 1.9.0 released with periodic brew cleanup, beta support for Linux, Windows and more. Microsoft releases ProcDump for Linux, a Linux version of the ProcDump Sysinternals tool

Yesterday, Facebook launched a petition feature called Community Actions, which enables community users to request changes from their local and national elected officials and government agencies, as reported by TechCrunch. This feature has been rolled out to users across the United States. Users can create a petition, tag public officials or organizations, and also get their friends to support their cause. Supporters can discuss the topic related to a specific petition with fellow supporters on the page, and also create events and fundraisers. Facebook will display the number of supporters behind a Community Action, but users will be able to see the names of those they are friends with or can view pages or public figures. This feature comes with a one-click Support option, which is quite visible on the news feed and it reduces the time required for signing up. This, in turn, helps the organizations and individuals to maximize the size of their community. In a statement to TechCrunch, a Facebook spokesperson said, “Building informed and civically engaged communities is at the core of Facebook’s mission. Every day, people come together on Facebook to advocate for causes they care about, including by contacting their elected officials, launching a fundraiser, or starting a group. Through these and other tools, we have seen people marshal support for and get results on issues that matter to them. Community Action is another way for people to advocate for changes in their communities and partner with elected officials and government agencies on solutions.” Lately, Facebook has been working towards a number of features designed to get people more involved in their communities. Features such as Town Hall, which gives access to local officials and Candidate feature that allows politicians to pitch on camera, are few of the steps in this direction. According to TechCrunch, there are some limits wherein users can’t tag President Donald Trump or Vice President Mike Pence. This might prevent users from expressing themselves and putting up petitions for or against them. Though Facebook will use a combination of user flagging, proactive algorithmic detection, and human enforcers, the new feature might get misused in some way or the other. This feature could be used in a way to pressurize or bully politicians and bureaucrats. A major issue with this feature is that users can’t stand against a Community Action. The discussion feed might not include the negative points as only the supporters can discuss on the thread. But this might also lead trolls to falsely back them and disturb the entire discussion thread. In a statement to TechCrunch, Facebook said, “Users will have to share a Community Action to their own feed with a message of disapproval, or launch their own in protest.” The Community Actions might be used to spread some fake awareness and bring petitions which are not for the well-being of the users. If the support count gets manipulated, it might cause trouble as a wrong petition would get support. For example, a few of the communities could falsely manipulate users by using Facebook groups or message threads so that it would look like there’s much more support for a misleading cause. Another example is if a politician causes a community for backing and further manipulating votes based on their false posts and comment threads. With Facebook’s WhatsApp now working towards preventing the spread of fake news by restricting the forwards to 5 individuals or groups, Facebook’s Community Actions feature might work against it. Users are giving mixed reactions to this news. Some of the users seem to be excited about this new feature. One of the comments on HackerNews reads, “That's interesting. I see that Facebook develops more feature to support different initiatives (FB groups, charity pages) and even petition pages.” Some users think that Facebook would gather users’ data based on political views. This would help the company in organizing various ad campaigns and generating revenue. One of the users commented on HackerNews, “Facebook really doesn't care too much what the petitions are about, but is mostly interested in gathering more data on its users' political beliefs so they can allow domestic and foreign campaign spending groups to better target advertisements meant to change or reinforce those beliefs (or suppress civic participation of those with such beliefs) and increase FB's total share of campaign-related ad spend.” Some of the users don’t trust Facebook anymore and they think that the new features won’t be secure. Another comment on HackerNews reads, “I'm going to have a really hard time taking any new development coming out of Facebook as genuine, honest or non-privacy invasive. I simply do not foresee my opinion of Facebook, Zuckerberg or anyone still working there changing radically in the near future.” Others are not interested in any sort of political engagement on social media as they think the views would be manipulated there. Users are requesting for better sign up or verification process which would help keep the fake accounts away. FTC officials plan to impose a fine of over $22.5 billion on Facebook for privacy violations, Washington Post reports Facebook takes down Russian news agency, Sputnik’s pages for engaging in “coordinated inauthentic behavior” Facebook open sources Spectrum 1.0.0, an image processing library for better mobile image production

On Monday, Russian’s popular watchdog, Roskomnadzor said that it opened a civil case against Twitter and Facebook for failing to explain how they plan to comply with local data laws, the Interfax news agency reported. According to Interfax, Facebook and Twitter “have not submitted specific plans and deadlines for the localization of databases of Russian users in the Russian Federation.” Alexander Zharov, Roskomnadzor’s head of the department, said, “companies have a month, after which the regulator will proceed to concrete actions in their attitude.” Roskomnadzor reported that it received responses from Facebook and Twitter to a request for providing information on the localization of Russian data in the territory of the Russian Federation and analyzes them. “Russia has introduced tougher internet laws in the last five years, requiring search engines to delete some search results, messaging services to share encryption keys with security services and social networks to store Russian users’ personal data on servers within the country”, the Reuters reported. On December 17, last year, the ministry sent letters to Twitter and Facebook about the need to comply with legislation on the localization of data storage for Russian users in the Russian Federation. If companies refuse to demand or ignore it, they will be fined 5,000 rubles each, and then they will again be given a period of six months to a year to localize the data, said department head Alexander Zharov. To know more about this news in detail, visit Reuter’s website. Facebook takes down Russian news agency, Sputnik’s pages for engaging in “coordinated inauthentic behavior” Monday’s Google outage was a BGP route leak: traffic redirected through Nigeria, China, and Russia FTC officials plan to impose a fine of over $22.5 billion on Facebook for privacy violations, Washington Post reports

On 18th January, W3C Publishing Working Group published their updated scope and goals The PWG will be focusing on two things: how to define an ordered sequence of web resources, and how to express metadata about that collection of resources. The W3C defines web publishing as: “A web publication is a single logical entity that may be built from numerous web resources, with a defined order to the content-- chapter two always comes after chapter one.” The official documentation states that the team will now work in a very modular fashion “to meet the needs of a particular segment of the industry.” Taking into consideration that user agent should remember where a user stopped reading, allow users to customize the display of the publication; the team will move the descriptions of these affordances, user agent behaviors, and use cases to their Use Cases and Requirements document. Lastly, they will be updating the timeline of their milestones and deliverables to reflect this focus- change . Users can check main WP spec and the WP Explainer in the next few days for more information on the same. Users can look forward to an upcoming specification that will define an audiobook format -usable on both the web and in packaged contexts. Other goals: The HTMLelement now has a semantic meaning. It represents a paragraph-level thematic break to depict a transition to another topic within a section of a reference book. Accessibility information for each of the 26 components in The Australian Government Design System A second, inner border color can be obtained for an element with background-clip. You can head over to W3C’s official documentation for more insights on this news. CNCF releases 9 security best practices for Kubernetes, to protect a customer’s infrastructure TensorFlow team releases a developer preview of TensorFlow Lite with new mobile GPU backend support Elixir 1.8 released with new features and infrastructure improvements  

Yesterday, Facebook Inc’s WhatsApp decided to put a global limit on the number of times a user can forward a message, as per Reuters’ report. Users will now be blocked from forwarding messages to more than five individuals or groups, according to new rules set by Whatsapp worldwide, in order to fight the spread of fake news and misinformation. Victoria Grand, Facebook’s Global Head for policy programs, announced the policy at an event in Jakarta, yesterday. With 1.5 billion users on the platform, the concern is that Whatsapp forwards could be used to spread fake news via manipulated texts, photos, videos, and audio hoaxes. Initially, users could forward a message to 20 individuals or groups on WhatsApp. After the spread of rumors on social media in July which led to killings and lynching attempts in India, the new policy has been put in place to fight against such fake news on social media. Facebook has previously been used by bad foreign actors to manipulate U.S. elections. Last October, WhatsApp caused trouble in Brazil’s presidential election, wherein, Jair Bolsonaro, the far-right candidate, faced claims of using WhatsApp for spreading falsehoods related to his opponent. It’s a matter of concern, how such platforms are influencing the political scenario. In a statement to the Guardian, Carl Woog, the head of communications at WhatsApp, said, “We settled on five because we believe this is a reasonable number to reach close friends while helping prevent abuse.” A forwarded text is marked in a light grey color which otherwise is much similar to other messages. This means that the segregation done by the team at WhatsApp doesn’t really solve the purpose. According to few critics, “The design strips away the identity of the sender and allows messages to spread virally with little accountability.” WhatsApp took few steps to over the challenges introduced few measures. Last year, the company introduced a feature to label forwarded messages and for removal of a quick-forward button next to images, video and audio clips. According to the report by The Guardian, these measures reduced forwarding by 25% globally and more than that in India, which has one of the highest forwarding rates in the world. Users have raised questions with regards to this news. With the biggest question being, if the fake news gets shared by simply copy-pasting the text, then how will it get monitored in such cases. Few users think that the limit of 5 is still too much and they recommend 2 instead. The idea behind this policy doesn’t look much relevant because a group can have up to 256 users in it.f I the message is forwarded to 5 groups then it is equivalent to sending it to atmost 1,280 users. This is surely not slowing the spread of fake news. One of the users commented, “You can still fwd to 5*256 people.” Others suggest having a blacklist. A comment on Hacker news reads, “You can have a blacklist of message texts that are sent to the apps as hashes.” According to some users, this is a good step taken by the team at Facebook. One of the comments read, “It seems like a valid and useful way to slow the rate of propagation of fake news. Much of the current problem is that fake news spreads faster than moderators can make a decision on it, or journalists can fact-check it. If you can keep it in a "slow burn" phase longer, where it's being forwarded along to a handful of people at a time, it's easier to combat.” Fake news is a danger to democracy. These researchers are using deep learning to model fake news to understand its impact on elections. Facebook COO, Sandberg’s Senate testimony: On combating foreign influence, fake news, and upholding election integrity Is Anti-trust regulation coming to Facebook following fake news inquiry made by a global panel in the House of Commons, UK?

TiDB, an open source cloud-native distributed database, made its data migration platform (DM)  available as open source today. Data Migration (DM) by TiDB is an integrated data synchronization task management platform that provides support for full data migration as well as the incremental data migration from MySQL/MariaDB into TiDB.  It helps reduce the operations cost and also make the troubleshooting process easy. The Data Migration tool by TiDB comes with three major components, namely, DM-master, DM-worker, and dmctl. Data Migration DM Master handles and schedules the operation of all the data synchronization related tasks. It stores the topology information of the DM cluster and keeps a track on the running state of DM worker processes and data synchronization tasks. DM-worker, on the other hand, handles the execution of only specific data synchronization tasks. It manages the storage of configuration information of the data synchronization subtasks and also monitors their running state. The third component in DM tool, called, dmctl is a command line tool that helps control the DM cluster. It creates/updates/drops data synchronization tasks. So, it checks the running state of these tasks, handles any errors that occur during these tasks, and also verifies their configuration correctness. DM is licensed under the Apache License, Version 2.0, allowing users to freely use, and modify the platform. This will also allow users to contribute new features or track any bug fixes to make the platform better for everyone. For more information, check out the official DM tool documentation. FoundationDB open-sources FoundationDB Record Layer with schema management, indexing facilities and more Red Hat drops MongoDB over concerns related to its Server Side Public License (SSPL) Facebook open sources Spectrum 1.0.0, an image processing library for better mobile image production

Yesterday, Kent C. Dodds, a JavaScript engineer at PayPal, shared in a post that now every app created at PayPal uses TypeScript by default replacing its previous type checker, Flow.  He also shared why it took them so much time to migrate to TypeScript and what are the drawbacks of using Flow which TypeScript solves. Dodds works on a toolkit called paypal-scripts, which is a package of all the tools common to PayPal applications and published modules. It was created to replace the huge list of devDependencies in the package.json and all the config files with a single entry in the devDependencies. Keeping all the tools and config in a single package, also made updating very easier. Now, this paypal-scripts module is also merged with their base GitHub repo named “sample-app”, to ensure that every new application will get their start with modern technology and tools. These applications will also be statically typed with TypeScript and tested with Jest. It took Dodds so long to adopt TypeScript because he was hesitant towards leaving Babel and ESLint. He was using these tools for several years and enjoyed building custom plugins for both. Also, earlier, TypeScript users faced some challenges when using Babel and ESLint. A common theme was that Babel users found it difficult to set up TypeScript. The linting experience also needed some improvement, so the TypeScript team started working on improving TypeScript’s compatibility for ESLint. This meant for Dodds that he did not have to give up these tools to adopt TypeScript, and that is why he decided to replace Flow with TypeScript. Dodds mentions that the regular unreliability of Flow made him take this decision. Explaining the challenges, he wrote, “The editor plugins only sometimes worked (full disclosure, I never tried Nuclide and maybe my life would’ve been different if I had, but I tried Flow in Atom and VSCode) and I would get issues like the one all the time. It was incredibly frustrating because I could never trust my type checker. There were other issues as well.” Read more in detail on Kent C. Dodds’ post: Why every new web app at PayPal starts with TypeScript. Future of ESLint support in TypeScript The Angular 7.2.1 CLI release fixes a webpack-dev-server vulnerability, supports TypeScript 3.2 and Angular 7.2.0-rc.0 Announcing ‘TypeScript Roadmap’ for January 2019- June 2019

Python team released NumPy version 1.16 last week. The latest release explores new features, deprecations, and other improvements. NumPy 1.16 is the last release to support Python 2.7 and it will be maintained as a long term release with the bug fixes until 2020. Let’s have a look at some of the major highlights of this release. New features Integrated squared error (ISE) estimator has been added to histogram in NumPy 1.16. ISE is a non-parametric method that is based on cross-validation. NumPy 1.16 comes with max_rows keyword which has been added for np.loadtxt. This sets the maximum rows for the content to be read after skiprows, as in numpy.genfromtxt. New modulus operator support added for np.timedelta64 operands. These operands may have different units and the return value will always match the type of the operands. NumPy 1.16 offers improved support for the ARM CPUs. They can now accommodate 32 and 64 bit targets, and also big and little-endian byte ordering. The matmul function is now a ufunc, meaning that both the function and the __matmul__ operator can now be overridden by __array_ufunc__. The implementation of matmul function has also been changed and uses the same BLAS routines as numpy.dot. New Deprecations In NumPy 1.16, type dictionaries numpy.core.typeNA and numpy.core.sctypeNA have been deprecated. These type dictionaries were buggy and will be removed in the 1.18 release. Users can make use of `numpy.sctypeDict` instead. The numpy.asscalar function has been deprecated. The numpy.set_array_ops and numpy.get_array_ops functions are also deprecated. The numpy.unravel_index keyword argument dims is deprecated, users can use shape instead. Other improvements and changes NumPy builds can no longer interact with the host machine shell directly in NumPy 1.16. The exec_command has been replaced with subprocess.check_output.   Earlier, a LinAlgError used to be raised during cases when empty matrix/empty matrices (with zero rows and/or columns) were passed in. Now linalg.lstsq, linalg.qr, and linalg.svd can work with empty arrays.   numpy.angle and numpy.expand_dims can now work on ndarray subclasses in NumPy 1.16.     +array is now enabled with raising a deprecation warning for non-numerical arrays Earlier, +array unconditionally returned a copy. NDArrayOperatorsMixin can now implement matrix multiplication. For more information, check out the official release notes. NumPy 1.15.0 release is out! NumPy drops Python 2 support. Now you need Python 3.5 or later. Introducing numpywren, a system for linear algebra built on a serverless architecture

Recently, four commits were made in Android’s Gerrit source code management, under the title “Carrier restriction enhancements for Android Q.” These new commits specify that Android Q (the next in line Android OS) powered devices will give more control to network carriers to specify which networks devices will and will not work on. What this means is that Android Q will consist of blacklist and whitelist carriers called “allowed” and “excluded” to specify carriers, what will and won’t work on a particular phone. According to a report by 9to5 Google, “this can be done with a fine-grained detail to even allow blocking virtual carrier networks that run on the same towers as your main carrier.” This will also eliminate allowing carriers to set individual restrictions for each SIM slot. WIth Android Q, writes 9to5 Google, “carriers will be able to lock out the second slot unless there’s an approved SIM card in the first slot. This SIM lock restriction is applied immediately and will persist through restarting the phone and even doing a factory reset.” Emergency phone calls will still work the same. Last week, XDA confirmed that Android Q will feature a system-level “Dark mode” that can be enabled in Display settings and features an “Automatic (based on time of day)” option. 7 Android Predictions for 2019 Implementing a home screen widget and search bar on Android [Tutorial] Android Studio 3.3 released with support for Navigation Editor, C++ code lint inspections, and more.

Last week, the researchers at PEAR (PHP Extension and Application Repository) reported a security breach on PEAR’s web server, http://pear.php.net. They found that the go-pear.phar was breached. Following this, the PEAR website itself has been disabled until a known clean site can be rebuilt. The community tweeted that “a more detailed announcement will be on the PEAR Blog once it's back online”. https://twitter.com/pear/status/1086634389465956352 According to researchers, the users who have downloaded the go-pear.phar in the past six months should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If the hashes are different, this indicates that the user may have the infected file. The community is in the process of rebuilding the site; however, they are not sure of the ETA yet. To stay updated, keep a close watch on PEAR’s twitter account. Symfony leaves PHP-FIG, the framework interoperability group Internal memo reveals NASA suffered a data breach compromising employees social security numbers Justice Department’s indictment report claims Chinese hackers breached business  and government network  

A group of Chinese, Tibetan, Uighur Muslims and human rights activists organized campaign demonstrations outside Google’s offices and headquarters in ten different countries around the world, last Friday. The campaign was aimed at urging Google to drop its censored search engine for China, codenamed “Project DragonFly”, last week. Project DragonFly is a censored search engine by Google for China.“The app would restrict searches for forbidden or sensitive topics, including ‘human rights’, ‘democracy’, ‘Tiananmen’ and ‘Tibet’..would also facilitate Chinese state surveillance by linking users’ search history with their telephone numbers”, state the protestors. The campaign consists of a coalition of communities that have suffered persecution by the Chinese government. As a part of the campaign, leaflets were handed out to Google employees and the public, outside of the Google offices, making Google employees and the general public aware of the dangers related to Project DragonFly. Moreover, the organizers have also stated that this will be the first of a series of protests and will continue till the time Google executives confirm that Project DragonFly has been cancelled. This is not the first time when Google’s Project DragonFly has gotten under the spotlight. It has been facing constant criticism from the public, human rights groups, as well as the company’s own employees. In November 2018, around 300 Google employees signed a petition protesting Project DragonFly. “We are Google employees and we join Amnesty International in calling on Google to cancel project DragonFly”, they wrote on Medium. Earlier, a report from the Intercept revealed how internal conversations around Google shut out its legal, privacy, and security teams over Project DragonFly, back in November. The whole project was maintained as a secret from the company during the 18 months of its development. Then in December 2018, the Intercept revealed that “internal dispute” led to Google shutting down its data analysis system used for the search engine. “This had effectively ended the project, sources said, because the company’s engineers no longer had the tools they needed to build it”, states the Intercept. Also, 170 Tibet coalition groups sent a letter to Google CEO Sundar Pichai in August 2018, informing him of the serious human rights risks posed by DragonFly, but they never received a response. “By choosing to develop Dragonfly, Google is sending a clear message that censorship is okay and is endorsing the government of China’s crackdown against freedom of speech, online freedom and other human rights”, states the letter. Moreover, Google hasn’t spoken out directly related to the Project DragonFly. When Sundar Pichai (Google CEO) was asked about Google’s Project Dragonfly during the Congress hearing in December, he said that “us (Google) reaching out and giving users more information has a very positive impact and we feel that calling but right now there are no plans to launch in China”, which was considered quite evasive by many. Google has been surrounded in a barrage of criticism and controversies lately. For instance, last week, a group of Googlers launched a public awareness social media campaign to fight against the forced arbitration policy within Google. Similarly, a group of over 85 coalition groups sent letters to Google, Amazon, and Microsoft, last week, asking them to not sell their facial surveillance technology to the government. Two shareholders sued Alphabet’s board members for protecting senior execs accused of sexual harassment, earlier this month. “It is utterly shameful that Google’s directors are doing China’s dirty work. Google’s directors must urgently take heed of calls from employees and tens of thousands of global citizens demanding that they immediately halt project dragonfly. If they don’t, Google risks irreversible damage to its reputation,” said Gloria Montgomery, Director at Tibet Society. OK Google, why are you ok with mut(at)ing your ethos for Project DragonFly? As Pichai defends Google’s “integrity” ahead of today’s Congress hearing, over 60 NGOs ask him to defend human rights by dropping DragonFly 1k+ Google employees frustrated with continued betrayal, protest against Censored Search engine project DragonFly

A developer knows by the handle ‘Urban Guacamole’ has launched a new version of the Torrent-Paradise, powered with IPFS (Interplanetary File System) that provides decentralized torrent searching. This is in contrary to Pirate Bay that has a centralized nature and has been suffering from regular downtimes. The system works very similar to BitTorrent and makes it possible to download files without the need for a central host. Even though the BitTorrent protocol has a decentralized nature, TorrentFreak(TF) states that the ecosystem surrounding it has some weak spots. Torrent sites that use centralized search engines face outages and takedowns thus disrupting service to users. In a statement to TF, Urban says: “I feel like decentralizing search is the natural next step in the evolution of the torrent ecosystem. File sharing keeps moving in the direction of more and more decentralization, eliminating one single point of failure after another”. Urban further explains that each update of Torrent Paradise is an IPFS hash, so the site is always available as long as someone is seeding it even if the servers are down. Decentralization will help search results to be shared between large numbers of systems. This will help the performance of the site as well as improve stability and privacy. According to betanews, by using IPFS, Torrent-Paradise will free itself from the risk of servers going down and also become resistant to blocking and censorship. A few issues of using IPFS as highlighted in TF is that, it needs to be installed and configured for the server to become a node. Also, IPFS gateways like Cloudflare can allow anyone to access sites such as Torrent-Paradise through a custom URL, however, this doesn't help sharing the site. Another issue is that the site relies on a static index which is only updated once a day rather than being updated in near real-time. The regular Torrent-Paradise website is still accessible to all along with the new ad- free  IPFS version. Torrent-Paradise can possibly be an alternative to Pirate Bay? We will leave that open for discussion! Head over to Torrentfreak for more insights on this news. BitTorrent’s traffic surges as the number of streaming services explode MIDI 2.0 prototyping in the works, 35 years after launch of the first version Hyatt Hotels launches public bug bounty program with HackerOne

The French data regulator, National Data Protection Commission (CNIL) has imposed a financial penalty on Google for 50M euros for failing to comply with GDPR. After a thorough analysis, CNIL observed that information provided by Google is not easily accessible for users, neither is it always clear or comprehensive. CNIL started this investigation after receiving complaints from None Of Your Business and La Quadrature du Net. They complained about Google “not having a valid legal basis to process the personal data of the users of its services, particularly for ads personalization purposes.” https://twitter.com/laquadrature/status/1087406112582914050 https://twitter.com/NOYBeu/status/1087458762359824385 Following its own investigation, after the complaints, CNIL also found Google guilty of not validly obtaining proper user consent for ad personalization purposes. Per the committee, Google makes it hard for people to understand how their data is being used by using broad and obscure wordings. For example, CNIL says, “in the section “Ads Personalization”, it is not possible to be aware of the plurality of services, websites and applications involved in these processing operations (Google search, Youtube, Google home, Google maps, Play store, Google pictures…) and therefore of the amount of data processed and combined.” Google is also violating GDPR rules when new Android users set up a new phone and follow Android’s onboarding process. The committee found that when an account is created, the user can modify some options associated with the account by clicking on the ‘More options’. However, the display of the ads personalization is pre-ticked. This violates GDPR’s rule of ‘consent being ambiguous’. Furthermore, GDPR states that the consent is “specific” only if it is given distinctly for each purpose. However Google violates it as before creating an account, the user is asked to tick the boxes « I agree to Google’s Terms of Service» and « I agree to the processing of my information as described above and further explained in the Privacy Policy» in order to create the account. Therefore, the user gives his or her consent in full, for all the processing operations purposes carried out by Google. Netizens feel that 50M euros are far too little to pay as a fine for a massive organization like Google. However, a hacker news user counter argued the statement saying that “Google or any other company does not get to just continue their practices, as usual, the fine is pure "punishment" for the bad behavior in the past. Google would gladly pay them if it meant they could continue their anti-competitive practices, it would just be a cost of doing business. But that's not the point of them. The real teeth are in the changes they will be forced to make.” Twitteratis were also in support of CNIL. https://twitter.com/AlexT_KN/status/1087466073161641984 https://twitter.com/mcfslaw/status/1087552151377797120 https://twitter.com/chesterj1/status/1087387249178750983 https://twitter.com/carlboutet/status/1087471877143085056 A Google spokesperson spoke to Techcrunch with the following statement, “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.” Googlers launch industry-wide awareness campaign to fight against forced arbitration EU slaps Google with $5 billion fine for the Android antitrust case Google+ affected by another bug, 52M users compromised, shut down within 90 days