Daily Archives: January 9, 2017

Hubble Detects ‘Exocomets’ Taking the Plunge Into a Young Star

Interstellar forecast for a nearby star: Raining comets! NASA’s Hubble Space Telescope has discovered comets plunging onto the star HD 172555, which is a youthful 23 million years old and resides 95 light-years from Earth.

The exocomets — comets outside our solar system — were not directly seen around the star, but their presence was inferred by detecting gas that is likely the vaporized remnants of their icy nuclei.

This illustration shows several comets speeding across a vast protoplanetary disk of gas and dust and heading straight for the youthful, central star. These “kamikaze” comets will eventually plunge into the star and vaporize. The comets are too small to photograph, but their gaseous spectral “fingerprints” on the star’s light were detected by NASA’s Hubble Space Telescope. The gravitational influence of a suspected Jupiter-sized planet in the foreground may have catapulted the comets into the star. This star, called HD 172555, represents the third extrasolar system where astronomers have detected doomed, wayward comets. The star resides 95 light-years from Earth.
Credits: NASA, ESA, A. Feild and G. Bacon (STScI)

HD 172555 represents the third extrasolar system where astronomers have detected doomed, wayward comets. All of the systems are young, under 40 million years old.

The presence of these doomed comets provides circumstantial evidence for “gravitational stirring” by an unseen Jupiter-size planet, where comets deflected by its gravity are catapulted into the star. These events also provide new insights into the past and present activity of comets in our solar system. It’s a mechanism where infalling comets could have transported water to Earth and the other inner planets of our solar system.

Astronomers have found similar plunges in our own solar system. Sun-grazing comets routinely fall into our sun.  “Seeing these sun-grazing comets in our solar system and in three extrasolar systems means that this activity may be common in young star systems,” said study leader Carol Grady of Eureka Scientific Inc. in Oakland, California, and NASA’s Goddard Spaceflight Center in Greenbelt, Maryland. “This activity at its peak represents a star’s active teenage years. Watching these events gives us insight into what probably went on in the early days of our solar system, when comets were pelting the inner solar system bodies, including Earth. In fact, these star-grazing comets may make life possible, because they carry water and other life-forming elements, such as carbon, to terrestrial planets.”

Grady will present her team’s results Jan. 6 at the winter meeting of the American Astronomical Society in Grapevine, Texas.

The star is part of the Beta Pictoris Moving Group, a collection of stars born from the same stellar nursery. It is the second group member found to harbor such comets. Beta Pictoris, the group’s namesake, also is feasting on exocomets travelling too close. A young gas-giant planet has been observed in that star’s vast debris disk.

The stellar group is important to study because it is the closest collection of young stars to Earth. At least 37.5 percent of the more massive stars in the Beta Pictoris Moving Group either have a directly imaged planet, such as 51 Eridani b in the 51 Eridani system, or infalling star-grazing bodies, or, in the case of Beta Pictoris, both types of objects. The grouping is at about the age that it should be building terrestrial planets, Grady said.

A team of French astronomers first discovered exocomets transiting HD 172555 in archival data gathered between 2004 and 2011 by the European Southern Observatory’s HARPS (High Accuracy Radial velocity Planet Searcher) planet-finding spectrograph. A spectrograph divides light into its component colors, allowing astronomers to detect an object’s chemical makeup. The HARPS spectrograph detected the chemical fingerprints of calcium imprinted in the starlight, evidence that comet-like objects were falling into the star.

As a follow-up to that discovery, Grady’s team used Hubble’s Space Telescope Imaging Spectrograph (STIS) and the Cosmic Origins Spectrograph (COS) in 2015 to conduct a spectrographic analysis in ultraviolet light, which allows Hubble to identify the signature of certain elements. Hubble made two observations, separated by six days.

Hubble detected silicon and carbon gas in the starlight. The gas was moving at about 360,000 miles per hour across the face of the star. The most likely explanation for the speedy gas is that Hubble is seeing material from comet-like objects that broke apart after streaking across the face of the star.

The gaseous debris from the disintegrating comets is vastly dispersed in front of the star. “As transiting features go, this vaporized material is easy to see because it contains very large structures,” Grady said. “This is in marked contrast to trying to find a small transiting exoplanet, where you’re looking for tiny dips in the star’s light.”

Hubble gleaned this information because the HD 172555 debris disk surrounding the star is slightly inclined to Hubble’s line of sight, giving the telescope a clear view of comet activity.

Grady’s team hopes to use STIS again in follow-up observations to look for oxygen and hydrogen, which would confirm the identity of the disintegrating objects as comets.

“Hubble shows that these star-grazers look and move like comets, but until we determine their composition, we cannot confirm they are comets,” Grady said. “We need additional data to establish whether our star-grazers are icy like comets or more rocky like asteroids.”

Source: NASA

Advertisements

Panasonic Develops a Flexible Battery

Today wearable devices are so big, because of their bulky batteries that are a solid block. That’s why smartwatches are so big on your wrist. Panasonic showed a prototype unit of flexible rechargable battery at the Japanese technology fair called CEATEC 2016.

l-en160929-8-1

The prototype is 0.55mm thick and after more than 1000 repeated bending and twisting it maintains 99-100% of its capacity. It holds a 17mAh charge, but two other larger versions hold 40mAh and 60mAh (Apple Watch contains a 205mAh battery). Bendable battery is very hard wearing and suitable for everyday use.

Flexible batteries open up new horizonts we can go, with the various types of gadgets we can create. There are already prototypes of roll up displays, that now it might have a battery stuck to the back of them.

Panasonic is set to ship this prototype out to manufacturers later this month, but we shouldn’t expect it used in any commercial devices until 2018. No doubts that those first devices will be watch straps and smart cards, but we will see. See review video below.

Source: Panasonic

 

What are APIs and how to make them secure

APIs (Application Program Interface) are an emerging technology in a digital world, integrating applications and building on well-known techniques. Their popularity has surged in recent years, due to the accessibility and ease-of-use they offer to businesses and clients around the world. In fact, it’s a well of possibilities, as they help companies in creating functional opportunities and customers or developers to innovate the industry.

In this article, Alexander Leigh, Managing Director at payment gateway and merchant services provider Total Processing, highlights the importance of ensuring API security levels are at their very best before explaining how this can be done.

When data is made available through API, enterprises can pursue business opportunities and follow new revenue streams. With several using this option by creating it in open source, such as Microsoft’s Windows, it encourages the development of more features. This open approach can improve partnerships, cloud integration, and even enhance the quality of service to customers. However, if third parties have access to sensible data, so do hackers.

Users and developers are essentially given a map to the core of the application, and an in-depth understanding of its implementation and details that would’ve otherwise remain hidden. This can give black-hat hackers valuable information and clues, such as insight into internal objects or internal database structure. Thus, the availability and visibility that makes APIs such a powerful tool are also opening them up to security risks.

Whether a small or large business, any company can be open to cyber security risks unfortunately. Snapchat suffered a major data breach back in 2014 that affected around 4.6 million people. The leak was indirectly blamed on insecure APIs, as hackers gained access to users’ phone numbers. A major business witnessed the dangers of sharing the functionality and data between applications. Unfortunately, similar issues can happen within even more secure domains, such as the payment sector.

Clients have access to data through payment gateways, which implies that their personal and financial information alike falls in the risk an API can have. That means that sensitive information can be hacked into and used by malicious third parties. In spite of their worldwide use and popularity, it is clear that APIs have vulnerabilities that can be exploited. That is why it’s crucial to use a secure gateway from reliable providers and find the best option that makes customers feel safe. A strong payment gateway should provide the following:

  • Gives customers a wide array of payment options so that no transaction is lost.
  • Provides many transaction enhancing tools so that the merchant can expand the scope of his online business.
  • Strong with risk management and fraud containment activities.
  • Features which lets the merchant keep up with the changing online transaction environment.

Before understanding what needs to be done to make APIs more secure, first, we must gain knowledge of the potential attack vectors that may interfere with secure transactions of data, information, or money.

  • Parameters – The most common form of attack is SQL injections, which is an attempt at manipulating the system that exploits the data sent to an API. This includes URL, query parameters, HTTP headers, or several others. It’s an exploitation of the application’s behavior.
  • Identity – This form of attack targets API keys, which can usually stay hidden inside the code of a calling client application. They are identification keys that comprehend which application is calling for the API and often used for client management or rate limiting. That way, a more popular app cannot monopolize the API to the detriment of others.  While developers often conceal these codes, they are easy to find and exploit.
  • Man-in-the-Middle – The attacker moves in between the sender of data and the receiver. They might pose as one or the other, and use the opportunity to exploit or steal unencrypted data or sensitive information. It’s a common threat to APIs that are not secured using SSL/TLS or implementing it wrong.

The stakes are high, and the ability to secure transportation of data is of paramount importance in the API world. In spite of their best efforts, developers still make mistakes that compromise their security, and adjustments should be made for future improvement.

It Needs to Start During Development

One of the greatest mistakes developers make is failing to create an API without security in mind. That places both the application and the data at risk. While the concept itself seems foolproof, the code often lacks in the security department. The solution would be for it to be manually checked by an expert, both during development and before release. Careful testing is crucial to ensuring the security of the application, so attack vectors will be unable to breach it. Prevention is key and easier than fixing future issues. That is why matters such as documentation are vital.

Developers should have it ready to express clearly how to call an API, what data will it return, in what format, and, more importantly, what errors should developers expect. That goes beyond the documentation of who has access to view, edit, or delete the data. It implies the need for a secondary authentication, such as machine ID, which most developers neglect.

One efficient way is to create a schema that will validate all incoming data. It’s one of the best solutions against parameter attacks, by creating a “cookbook” that will mitigate some of the vulnerabilities. For a schema to be useful, though, it should be restrictive, detailed, and using explicit whitelisting, typing, ranges, and sets. It’s often that these terms are too broad and fail at identifying all potential threats. If implementation starts early, developers can use their understanding of the API to constrain inputs. This goes for XML and JSON data types alike, as there are various schema languages to help create restricted content models or even a constrained structure.

TSL/SSL Encryption Should Be a Necessity, Not A Luxury

Calls for an API can come from untrusted sources. Many developers commit a major mistake when failing to implement TSL/SSL when it’s accessed through a non-browser application. That is often the case, for example, when it’s called from a smartphone. In the 21st century, adding TSL/SSL encryption should no longer be a luxury, but an absolute requirement. However, it should also be implemented correctly because it’s the most effective way to secure an API against man-in-the-middle attacks. First off, it provides integrity in data exchanges and access tokens, such as those in OAuth.

Also, TSL/SSL provides certificates for authentication on the client’s side. At the very least, a basic model is easy to implement because it doesn’t require any extra libraries. It’s often in the standard framework of an API and included in the language library. The issue here stands that it offers the lowest security option out of all the common protocols. It’s less than OAuth 1.0a or OAuth2. That means there are no advanced settings for using it, only the regular username plus password in Base64 code. That is why it’s crucial to make TSL/SSL a necessity. Otherwise, the username and password could be decoded with ease.

Focus On Mastering Existent Measures Before Creating New Ones

When it comes to making APIs more secure, developers should cease creating new protocols and instead use those already proven to be efficient. There are excellent options in practice, so there is no reason to add more API security frameworks to the list.  What isn’t fully understood yet is that the issue is not within the measures themselves, but how they are implemented.

What needs to be done to make APIs secure is simple on the surface: treat security as a different tier. Unfortunately, it’s a problem that experts currently have. It’s a viable solution to a complicated problem. For one, it would free the developer to focus on matters such as design and smooth integration between apps. Furthermore, this could place issues of API security in the hands of an expert, who will treat it better and more focused. They will be allowed to create their own schema of validation that will protect against attacks. This includes SQL or script injections that will more easily be recognized by a well-established security protocol after scanning the raw input.

Another prevented attack would be denial-of-service (DoS) because the networking infrastructure could be leveraged to instantly detect network-level attacks or exploits. That implies large messages or complex data structures that consume the resources of the API without need and compromise its ability to function for users. Instead of creating new API security, developers should also make more use of virus protection for all encoded content. It should submit all input to server-grade scanning before transferring the file in a vital system where it could potentially activate with negative impact.

OAuth, for example, is becoming the go-to resource for a reason where it concerns API authorization focused around the user. To APIs even more secure, developers should take other practical factors into consideration, such as IP address, device, access time windows, geolocation, and several others. That way, the schema will not be based on broad identity context that might overlook certain issues. It will be able to successfully track down common patterns of attacks. Developers should root their API security in well-understood and popular options, and use existing libraries instead of taking the time to create their own.

Questioning the Who and the What

It’s crucial to have a definite answer to these questions for “who gains access?” There are myriads of security standards that sometimes make it difficult to settle what makes most sense regarding authorization. However, developers should focus on understanding them in order to assure the security of their API first and foremost.

The second question of “what needs to be protected?” might not always have a clear answer. That’s because companies view their data differently, depending on industry and government standards. What this implies is that the information type may be unique, so it should have a similarly unique solution for every situation. An API developer or manager needs to have a comprehensive plan so that the data is secure in the face of a variety of attacks, such as SQL injections, DoS, JavaScript, or many others.

Managing all the security-related elements of an API is vital. It needs to be comprehensive and smoothly assure the integration of the app while enforcing the collaboration in a safe environment. However, the most important lesson to take to make APIs more secure is that the attention should focus more on how they’re implemented. The potential is already there, so all that’s required is a careful, clever, and concise way to use it. A poorly written code is a dangerous one.

Technology: 3D Printing in Additive Manufacturing

Additive manufacturing based on 3D-printing is a process of building of a 3D object by adding layer-upon-layer, in contrast to the subtractive technology.

The subtractive technology is a process of mechanical removal of the material excess from a solid workpiece.

History of 3D printers

The very first device to create a 3D-prototype was an American SLA-apparatus, which used stereolithography and was developed and patented by Charles Hull in 1986. At the same time Hull founded the 3D Systems company that produced the first device for 3D printing called Stereolithography Apparatus.

In 1990 a new method of obtaining 3D “printed impressions” ( a method of fusing) was used. It was developed by Scott Crump, the founder of the Stratasys company, and his wife. They both continued the 3D-printing technology development.

The modern historical stage of 3D-printing development started in 1993 with the foundation of the Solidscape company. It manufactured inkjet printers, precursors of the three-dimensional. In 1995 two students of the Massachusetts Institute of Technology modified an ink-jet printer.

The RepRap project was founded by Adrian Bowyer. His idea, for the first time introduced in March of 2005 in the RepRap project blog, included creation of the machine (with the open-source drawings and software), capable of replicating itself, which gave the name to the project. The Reprap-printer cannot print electronics or extruders, but it can print the basic kinematics details.

The most popular and widespread technology is FDM (fused deposition modeling), known also as FFF (fused filament fabrication). The majority of companies apply this technology in numerous printers, both of “amateur” and of “professional” classes. A polymeric filament yarn is fed to the extruder, where it melts and, when extrudes, starts forming a physical object in accordance with the sectional configuration of the CAD- virtual model.

Feeding mechanism

1. Direct

The extruder consists of two parts: a hot-end and a cold-end. At first the printer feeds the plastic filament thread to the heating zone to melt it. The plastic coils themselves are outside the extruder, namely at the cold end. Typically, the cold end consists of a stepper motor and a pressure roller pushing the thread to the heating zone. This arrangement is called direct. Now let’s turn to the second part of the extruder: the hot end, where thread melting and its extrusion to the platform are provided. The most important parts in the construction are a heating element, a temperature control sensor (thermistor), an extruder barrel, a thermal barrier, and a nozzle.

2. Bowden

The constructive distinction between the Bowden and the Direct extruders   lies in the fact that the extruder components in the Bowden are set apart and connected by means of a long hollow Teflon tube, through which the filament is pushed from the cold-end to the hot-end, where the plastic melts and then extrudes to the platform.

bowden-and-direct-feeding-mechanism

Positioning methods

Now there are two main methods of the extruder positioning: positioning in the orthogonal coordinates and the method used in delta printers.  The orthogonal coordinates implies 3D models building with the help of three axes: X (responsible for the object length), Y (responsible for the width), and Z (responsible for the height). The video demonstrates a Wanhao Duplicator i3. This construction has gained its popularity thanks to the optimal design of the RepRap Mendel, Prusa Mendel printers and Prusa I3, its later modification.

Materials for a FDM printer

ABS plastic is the first most frequent type due to its low price. A suitable printing temperature depends on the polymer viscosity and is generally in the range of 210-240 °C. The thermoplastic shrinkage is 0.4-2.5%, due to which the edges of the product may spontaneously come off from the table resulting in cracking of the product. ABS is soluble in acetone, is easily glued, treated and painted. It is recommended for closed 3D printers.

PLA (polylactide) is one of the most versatile plastics for 3D-printing made from corn. It has low shrinkage of 0.2-0.5% and excellent interlayer adhesion. The printing temperature is 175-210 ° C. It is soluble in dichloroethane and dichloromethane. It is harder to process than ABS because of its relatively high hardness. It has a very low softening point (about 60 ° C) and may eventually decompose by the environmental effect. It’s a bit more expensive than ABS.

Nylon (polyamide) has good strength characteristics, high durability, good resistant strain, excellent interlayer adhesion. The finished products are able to stand the temperatures from -60 ° C to + 120 ° C. Nylon requires a heated table for effective printing, as its degree of shrinkage  is  1.2-2%. The printing temperature depends on the polyamide type and may range from 225 to 265 ° C. Better to use it in closed 3D printers.

FLEX  is a classical flexible material. It is very sensitive to the surface. Delamination is extremely low due to the high flexibility of the material. It has good interlayer adhesion. It is highly hygroscopic and must be kept in closed packages with hydrogel. The printing temperature is 220-240 ° C.

HIPS is high-impact polystyrene with high impact resistance and plasticity. Unlike ABS, HIPS is soluble in limonene (organic acid). This makes it possible to combine ABS and HIPS, using polystyrene as the material for support.  It can be removed after printing by simply dipping the product in limonene; no need to resort to mechanical cleaning. The printing temperature is 230-240 ° C ; the shrinkage is 0.8%.

PVA is one more support material. PVA is soluble in water, which makes it completely unsuitable for building long-life products, but it can be used as a support material for printing models of complex geometric shapes. The recommended extrusion temperature is 160-175 ° C. As a water-soluble material it is hygroscopic (readily absorbs moisture), which should be considered when storing.

Slicers

Before you print any model on a 3D-printer it is necessary to convert the format of a polygonal model (.stl) into the program for the printer to print layer-upon-layer. FDM printers use most commonly G-code, the programming language used by CNC machines (a 3D-printer is just one of them). The software to perform this conversion is called Slicer; it is often built into the 3D model visualizer. It allows seeing before printing how the model is placed on the table, allows building supports and selecting print settings: layer, speed, filling, air cooling, and others.

1. Kisslicer

It exists in two versions – paid and free. It’s a well thought out support generation. Unfortunately, it is not compatible with every 3D printer.

kisslicer

2. Slic3r

A handy tool that is suitable for almost all printers and is clear to beginners in 3D-printing. It is free, and is being constantly improved.

slic3r

3. Makerbot desktop

This is a free 3D printing solution for managing and sharing your 3D prints from the well-known manufacturer of Makerbot printers. It contains Skeinforge and Slic3r slicers, providing some choice for 3D-printing. A user-friendly interface, with direct access from the program to the online library of Thingiverse models. Its settings are not very  flexible, because it was originally designed for its own printers.

makerbot-desktop

4. Repiter-Host

Repetier-Host has a large number of settings and comes with a variety of Prusa. You can use the Repetier-Server software for remote printer management. It provides a layered preview.

repiter-host

5. Cura

This is perhaps the most widely used slicer. Developed by the specialists of Ultimaker, it is free and is compatible with a large number of printers, including reprap ones. The supports generation is very original, but effective. It has a layered preview, automatic calculation of material consumption, model weight, printing time.

cura

Written by George I Fomitchev, Founder and CEO of Endurance

Bank Card That Changes Numbers Every Hour

Bank cards are gatekeepers to our funds offering access to ATM’s and online shopping. They are targeted of fraudsters who steals or copy the card details to spend your cash. Someday stealing your card details may be pointless, because every hour it could be regenerated. Bank cards are going to be more intelligent by switching the 3-digit Card Security Code (CSC) to a new one in every hour.

1-motion-code-img

Usually the CSC is printed code on the back of a card and you have to enter it during online checkout to help confirm the card is valid. It is easy for a fraudster to steal this number with those on the front of the card. French digital security company Oberthur Technologies came up with a solution called MotionCode, that replaces the permanent CSC with a tiny display, which shows a new 3 digit code every hour.

A card using MotionCode looks and acts the same as the typical cards, they just have a display on the back. The battery lasts beyond the expiry date of the card. To see card in action, watch video below.

Source: Oberthur