Thursday, May 10, 2018

Secrets of Existence



Question 1 : What is dark matter?

All the ordinary matter we can find accounts for only about 4 percent of the universe. We know this by calculating how much mass would be needed to hold galaxies together and cause them to move about the way they do when they gather in large clusters. Another way to weigh the unseen matter is to look at how gravity bends the light from distant objects. Every measure tells astronomers that most of the universe is invisible. 

It's tempting to say that the universe must be full of dark clouds of dust or dead stars and be done with it, but there are persuasive arguments that this is not the case. First, although there are ways to spot even the darkest forms of matter, almost every attempt to find missing clouds and stars has failed. Second, and more convincing, cosmologists can make very precise calculations of the nuclear reactions that occurred right after the Big Bang and compare the expected results with the actual composition of the universe. Those calculations show that the total amount of ordinary matter, composed of familiar protons and neutrons, is much less than the total mass of the universe. Whatever the rest is, it isn't like the stuff of which we're made. 

The quest to find the missing universe is one of the key efforts that has brought cosmologists and particle physicists together. The leading dark-matter candidates are neutrinos or two other kinds of particles: neutralinos and axions, predicted by some physics theories but never detected. All three of these particles are thought to be electrically neutral, thus unable to absorb or reflect light, yet stable enough to have survived from the earliest moments after the Big Bang. 


Question 2 : What is dark energy?

Two recent discoveries from cosmology prove that ordinary matter and dark matter are still not enough to explain the structure of the universe. There's a third component out there, and it's not matter but some form of dark energy.

The first line of evidence for this mystery component comes from measurements of the geometry of the universe. Einstein theorized that all matter alters the shape of space and time around it. Therefore, the overall shape of the universe is governed by the total mass and energy within it. Recent studies of radiation left over from the Big Bang show that the universe has the simplest shape—it's flat. That, in turn, reveals the total mass density of the universe. But after adding up all the potential sources of dark matter and ordinary matter, astronomers still come up two-thirds short. 

The second line of evidence suggests that the mystery component must be energy. Observations of distant supernovas show that the rate of expansion of the universe isn't slowing as scientists had once assumed; in fact, the pace of the expansion is increasing. This cosmic acceleration is difficult to explain unless a pervasive repulsive force constantly pushes outward on the fabric of space and time. 

Why dark energy produces a repulsive force field is a bit complicated. Quantum theory says virtual particles can pop into existence for the briefest of moments before returning to nothingness. That means the vacuum of space is not a true void. Rather, space is filled with low-grade energy created when virtual particles and their antimatter partners momentarily pop into and out of existence, leaving behind a very small field called vacuum energy. 

That energy should produce a kind of negative pressure, or repulsion, thereby explaining why the universe's expansion is accelerating. Consider a simple analogy: If you pull back on a sealed plunger in an empty, airtight vessel, you'll create a near vacuum. At first, the plunger will offer little resistance, but the farther you pull, the greater the vacuum and the more the plunger will pull back against you. Although vacuum energy in outer space was pumped into it by the weird rules of quantum mechanics, not by someone pulling on a plunger, this example illustrates how repulsion can be created by a negative pressure. 


Question 3 : How were the heavy elements from iron to uranium made?

Both dark matter and possibly dark energy originate from the earliest days of the universe, when light elements such as helium and lithium arose. Heavier elements formed later inside stars, where nuclear reactions jammed protons and neutrons together to make new atomic nuclei. For instance, four hydrogen nuclei (one proton each) fuse through a series of reactions into a helium nucleus (two protons and two neutrons). That's what happens in our sun, and it produces the energy that warms Earth. 

But when fusion creates elements that are heavier than iron, it requires an excess of neutrons. Therefore, astronomers assume that heavier atoms are minted in supernova explosions, where there is a ready supply of neutrons, although the specifics of how this happens are unknown. More recently, some scientists have speculated that at least some of the heaviest elements, such as gold and lead, are formed in even more powerful blasts that occur when two neutron stars—tiny, burned-out stellar corpses—collide and collapse into a black hole.


Question 4 : Do neutrinos have mass?

Nuclear reactions such as those that create heavy elements also create vast numbers of ghostly subatomic bits known as neutrinos. These belong to a group of particles called leptons, such as the familiar electron and the muon and tau particles. Because neutrinos barely interact with ordinary matter, they can allow a direct look into the heart of a star. This works only if we are able to capture and study them, something physicists are just now learning to do. 

Not long ago, physicists thought neutrinos were massless, but recent advances indicate that these particles may have a small mass. Any such evidence would also help validate theories that seek to find a common description of three of the four natural forces—electromagnetism, strong force, and weak force. Even a tiny bit of heft would add up because a staggering number of neutrinos are left over from the Big Bang. 


Question 5 : Where do ultrahigh-energy particles come from?

The most energetic particles that strike us from space, which include neutrinos as well as gamma-ray photons and various other bits of subatomic shrapnel, are called cosmic rays. They bombard Earth all the time; a few are zipping through you as you read this article. Cosmic rays are sometimes so energetic, they must be born in cosmic accelerators fueled by cataclysms of staggering proportions. Scientists suspect some sources: the Big Bang itself, shock waves from supernovas collapsing into black holes, and matter accelerated as it is sucked into massive black holes at the centers of galaxies. Knowing where these particles originate and how they attain such colossal energies will help us understand how these violent objects operate.


Question 6 : Is a new theory of light and matter needed to explain what happens at very high energies and temperatures?
All of that violence cited in question 5 leaves a visible trail of radiation, especially in the form of gamma rays—the extremely energetic cousins of ordinary light. Astronomers have known for three decades that brilliant flashes of these rays, called gamma-ray bursts, arrive daily from random directions in the sky. Recently astronomers have pinned down the location of the bursts and tentatively identified them as massive supernova explosions and neutron stars colliding both with themselves and black holes. But even now nobody knows much about what goes on when so much energy is flying around. Matter grows so hot that it interacts with radiation in unfamiliar ways, and photons of radiation can crash into each other and create new matter. The distinction between matter and energy grows blurry. Throw in the added factor of magnetism, and physicists can make only rough guesses about what happens in these hellish settings. Perhaps current theories simply aren't adequate to explain them.


Question 7 : Are there new states of matter at ultrahigh temperatures and densities?

Under extreme energetic conditions, matter undergoes a series of transitions, and atoms break down into their smallest constituent parts. Those parts are elementary particles called quarks and leptons, which as far as we know cannot be subdivided into smaller parts. Quarks are extremely sociable and are never observed in nature alone. Rather, they combine with other quarks to form protons and neutrons (three quarks per proton) that further combine with leptons (such as electrons) to form whole atoms. The hydrogen atom, for example, is made up of an electron orbiting a single proton. Atoms, in turn, bind to other atoms to form molecules, such as H2O. As temperatures increase, molecules transform from a solid such as ice, to a liquid such as water, to a gas such as steam. 

That's all predictable, known science, but at temperatures and densities billions of times greater than those on Earth, it's possible that the elementary parts of atoms may come completely unglued from one another, forming a plasma of quarks and the energy that binds quarks together. Physicists are trying to create this state of matter, a quark-gluon plasma, at a particle collider on Long Island. At still higher temperatures and pressures, far beyond those scientists can create in a laboratory, the plasma may transmute into a new form of matter or energy. Such phase transitions may reveal new forces of nature. 

These new forces would be added to the three forces that are already known to regulate the behavior of quarks. The so-called strong force is the primary agent that binds these particles together. The second atomic force, called the weak force, can transform one type of quark into another (there are six different "flavors" of quark—up, down, charm, strange, top, and bottom). The final atomic force, electromagnetism, binds electrically charged particles such as protons and electrons together. As its name implies, the strong force is by far the most muscular of the three, more than 100 times as powerful as electromagnetism and 10,000 times stronger than the weak force. Particle physicists suspect the three forces are different manifestations of a single energy field in much the same way that electricity and magnetism are different facets of an electromagnetic field. In fact, physicists have already shown the underlying unity between electromagnetism and the weak force. 

Some unified field theories suggest that in the ultrahot primordial universe just after the Big Bang, the strong, weak, electromagnetic, and other forces were one, then unraveled as the cosmos expanded and cooled. The possibility that a unification of forces occurred in the newborn universe is a prime reason particle physicists are taking such a keen interest in astronomy and why astronomers are turning to particle physics for clues about how these forces may have played a role in the birth of the universe. For unification of forces to occur, there must be a new class of supermassive particles called gauge bosons. If they exist, they will allow quarks to change into other particles, causing the protons that lie at the heart of every atom to decay. And if physicists prove protons can decay, the finding will verify the existence of new forces. 

That raises the next question.


Question 8 : Are protons unstable?
In case you're worried that the protons you're made of will disintegrate, transforming you into a puddle of elementary particles and free energy, don't sweat it. Various observations and experiments show that protons must be stable for at least a billion trillion trillion years. However, many physicists believe that if the three atomic forces are really just different manifestations of a single unified field, the alchemical, supermassive bosons described above will materialize out of quarks every now and then, causing quarks, and the protons they compose, to degenerate. 

At first glance, you'd be forgiven for thinking these physicists had experienced some sort of mental decay on the grounds that tiny quarks are unlikely to give birth to behemoth bosons weighing more than 10,000,000,000,000,000 times themselves. But there's something called the Heisenberg uncertainty principle, which states that you can never know both the momentum and the position of a particle at the same time, and it indirectly allows for such an outrageous proposition. Therefore, it's possible for a massive boson to pop out of a quark making up a proton for a very short time and cause that proton to decay. 


Question 9 : What is gravity?

Next there's the matter of gravity, the odd force out when it comes to small particles and the energy that holds them together. When Einstein improved on Newton's theory, he extended the concept of gravity by taking into account both extremely large gravitational fields and objects moving at velocities close to the speed of light. These extensions lead to the famous concepts of relativity and space-time. But Einstein's theories do not pay any attention to quantum mechanics, the realm of the extremely small, because gravitational forces are negligible at small scales, and discrete packets of gravity, unlike discrete packets of energy that hold atoms together, have never been experimentally observed. 

Nonetheless, there are extreme conditions in nature in which gravity is compelled to get up close and personal with the small stuff. For example, near the heart of a black hole, where huge amounts of matter are squeezed into quantum spaces, gravitational forces become very powerful at tiny distances. The same must have been true in the dense primordial universe around the time of the Big Bang. 

Physicist Stephen Hawking identified a specific problem about black holes that requires a bridging of quantum mechanics and gravity before we can have a unified theory of anything. According to Hawking, the assertion that nothing, even light, can escape from a black hole is not strictly true. Weak thermal energy does radiate from around black holes. Hawking theorized that this energy is born when particle-antiparticle pairs materialize from the vacuum in the vicinity of a black hole. Before the matter-antimatter particles can recombine and annihilate each other, one that may be slightly closer to the black hole will be sucked in, while the other that is slightly farther away escapes as heat. This release does not connect in any obvious way to the states of matter and energy that were earlier sucked into that black hole and therefore violates a law of quantum physics stipulating that all events must be traceable to previous events. New theories may be needed to explain this problem. 


Question 10 : Are there additional dimensions?

Wondering about the real nature of gravity leads eventually to wondering whether there are more than the four dimensions we can easily observe. To get to that place, we might first wonder if nature is, in fact, schizophrenic: Should we accept that there are two kinds of forces that operate over two different scales—gravity for big scales like galaxies, the other three forces for the tiny world of atoms? Poppycock, say unified theory proponents—there must be a way to connect the three atomic-scale forces with gravity. Maybe, but it won't be easy. In the first place, gravity is odd. Einstein's general theory of relativity says gravity isn't so much a force as it is an inherent property of space and time. Accordingly, Earth orbits the sun not because it is attracted by gravity but because it has been caught in a big dimple in space-time caused by the sun and spins around inside this dimple like a fast-moving marble caught in a large bowl. Second, gravity, as far as we have been able to detect, is a continuous phenomenon, whereas all the other forces of nature come in discrete packets.

All this leads us to the string theorists and their explanation for gravity, which includes other dimensions. The original string-theory model of the universe combines gravity with the other three forces in a complex 11-dimensional world. In that world—our world—seven of the dimensions are wrapped up on themselves in unimaginably small regions that escape our notice. One way to get your mind around these extra dimensions is to visualize a single strand of a spiderweb. To the naked eye, the filament appears to be one dimensional, but at high magnification it resolves into an object with considerable width, breadth, and depth. String theorists argue that we can't see extra dimensions because we lack instruments powerful enough to resolve them. 

We may never see these extra dimensions directly, but we may be able to detect evidence of their existence with the instruments of astronomers and particle physicists. 


Question 11 : How did the universe begin?

If all four forces of nature are really a single force that takes on different complexions at temperatures below several million degrees, then the unimaginably hot and dense universe that existed at the Big Bang must have been a place where distinctions between gravity, strong force, particles, and antiparticles had no meaning. Einstein's theories of matter and space-time, which depend upon more familiar benchmarks, cannot explain what caused the hot primordial pinpoint of the universe to inflate into the universe we see today. We don't even know why the universe is full of matter. According to current physics ideas, energy in the early universe should have produced an equal mix of matter and antimatter, which would later annihilate each other. Some mysterious and very helpful mechanism tipped the scales in favor of matter, leaving enough to produce galaxies full of stars.

Fortunately, the primordial universe left behind a few clues. One is the cosmic microwave background radiation, the afterglow of the Big Bang. For several decades now, that weak radiation measured the same wherever astronomers looked at the edges of the universe. Astronomers believed such uniformity meant that the Big Bang commenced with an inflation of space-time that unfolded faster than the speed of light. 

More recent careful observation, however, shows that the cosmic background radiation is not perfectly uniform. There are minuscule variations from one small patch of space to another that are randomly distributed. Could random quantum fluctuations in the density of the early universe have left this fingerprint? Very possibly, says Michael Turner, chairman of the astrophysics department at the University of Chicago and chairman of the committee that came up with these 11 questions. Turner and many other cosmologists now believe the lumps of the universe—vast stretches of void punctuated by galaxies and galactic clusters—are probably vastly magnified versions of quantum fluctuations of the original, subatomic-size universe. 

And that is just the sort of marriage of the infinite and the infinitesimal that has particle physicists cozying up to astronomers these days, and why all 11 of these mysteries might soon be explained by one idea. 



Real Question : How Did We Get Here?


Astronomers cannot see all the way back in time to the origin of the universe, but by drawing on lots of clues and theory, they can imagine how everything began. 

Their model starts with the entire universe as a very hot dot, much smaller than the diameter of an atom. The dot began to expand faster than the speed of light, an expansion called the Big Bang. Cosmologists are still arguing about the exact mechanism that may have set this event in motion. From there on out, however, they are in remarkable agreement about what happened. As the baby universe expanded, it cooled the various forms of matter and antimatter it contained, such as quarks and leptons, along with their antimatter twins, antiquarks and antileptons. These particles promptly smashed into and annihilated one another, leaving behind a small residue of matter and a lot of energy. The universe continued to cool down until the few quarks that survived could latch together into protons and neutrons, which in turn formed the nuclei of hydrogen, helium, deuterium, and lithium. For 300,000 years, this soup stayed too hot for electrons to bind to the nuclei and form complete atoms. But once temperatures dropped enough, the same hydrogen, helium, deuterium, and lithium atoms that are around today formed, ready to start a long journey into becoming dust, planets, stars, galaxies, and lawyers. 

Gravity—the weakest of the forces but the only one that acts cumulatively across long distances—gradually took control, gathering gas and dust into massive globs that collapsed in on themselves until fusion reactions were ignited and the first stars were born. At much larger scales, gravity pulled together huge regions of denser-than-average gas. These evolved into clusters of galaxies, each one brimming with billions of stars. 

Over the eons fusion reactions inside stars transformed hydrogen and helium into other atomic nuclei, including carbon, the basis for all life on Earth. 

The most massive stars sometimes exploded in energetic supernovas that produced even heavier elements, up to and including iron. Where the heaviest elements, such as uranium and lead, came from still remains something of a mystery. 



Wednesday, May 9, 2018

WebApp RESTful API

I have created an authorization server and resource server both in a single API. There is an endpoint that you can call in order to retrieve the resources for the demonstration purposes.
This is written using node.js. In order to run this on your computer you have to have node.js installed on your computer.

app.js

As you can see oauth grant type I have given is client_credentials. This has to be mentioned in the request body when you try to get the access token from authorization server.
Also this app tuns on port 4000. You can give any port number here.
There are two endpoints I have created in this. One to get the access token which is "/oauth/token" and the other one is to get resources which is "/profile".
As resources I have hard coded one value which is name ("Waas") and this comes as a JSON object.

model.js


Here I have created a sample user. (username = admin, password = admin) and all the functions that handle requests from client are written in this file.

Run the app.js file.


To make all get and post requests to the resource server we use RESTclient Mozilla Firefox Add on. You can use other similar products such as Postman for this.

First of all We have to make a POST request to get the access token from the authorization server.
For that we have to send the authorization key in the header.

Authorization : Bearer XXXXXXXXXXXXXXX
And also we have to mention the content type in the header.

I ll demonstrate with RestClient on Mozilla Firefox with creating all the requests manually and of course how to retrieve resources.


Then we have to mention these 3 parameters in the body.
username=test
password=test
grant_type=client_credentials

The URL should be the endpoint that gives us the access token.

http://localhost:4000/oauth/token 


When we send this we get the response which has access token in it. This access token also have an expiration time.

Then we have to make a GET request to retrieve the resources we need.



Now our URL is different because we have to call a different endpoint to get these resources which is "http://localhost:4000/profile".
We do not have to mention anything in the body.
In the request header we should send the access token we got in the previous step.

Authization: Bearer XXXXXXXXXXXXXXX

Make sure that the access token is not expired. Otherwise you will get an error message saying that it has expired.

When you sent this request you get a response that contains the resources we specified in the code.

Find the Source code from here.

Double Submit Cookies

Cross-site Request Forgery protection in web applications via Double Submit Cookies Patterns.


In the previous blog post I have described about Synchronize Token Pattern Approach which can be applied as a prevention method of Cross Site Request Forgery(CSRF). In this blog post I will share some knowledge on another CSRF prevention technique which is Double Submit Cookie Pattern approach.


According to Wikipedia Double Submit Cookie is defined as sending a random number value in both a cookie and as a request parameter, with the server verifying that the cookie value and request value match. 

Sample Demonstration

As  similar as the previous  blog post i just created a simple login form by hard coding the user credentials.


Upon login, I generated a session identifier and set as a cookie in the browser.At the same time generate the CSRF token for the session and set a cookie in the browser.

After a successful login it will redirect you to another page which consists a form to be filled.

When the form is submitted to the action the CSRF token cookie will be submitted and also in the form body the CSRF token value will be submitted.

In the web page that accepts the form submission (the URL of the action), obtain the CSRF token received in the cookie and also in the message body.Compare the two values received and if they match, show success message. If not show error message.


You can find the source code from here.

Synchronise Tokens

Cross Site Request Forgery.

According to Wikipedia, "Cross Site Request forgery" known as a one-click attack or session riding and abbreviated as CSRF or XSRF ,is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts".
XSS is a vulnerability that exploits a user's trust he has on his website/server.CSRF exploits the server's trust it has on the user.
CSRF vulnerability makes use of the fact that the website doesn't verify whether the request is coming from a legitimate user or not.Rather , it just checks if the request is coming from browser of an authorized user.

Requirements for a CSRF attack to work .

1. The victm must be authenticated to the server.
2. Attacker has to send a crafted link to the victim.This link is crafted in such a way that it sends a request to the target website.
3.Victim must click/execute the malformed link from his browser,which is already having a session.It sends a request on the victim's behalf and executes a specific task from the current session.

Preventing CSRF vulnerabilities

1. Synchronize Token Patterns approach.
2. Double submit cookies approach.

Synchronize Token Patterns approach will be discussed in this blog post.Double submit cookies approach will be discussed in a future blog post.
  • Any state changing operation requires a secure random token (e.g., CSRF token) to prevent CSRF attacks.
  • CSRF Token value should be
    • Unique per user session.
    •  A random value
    • Generated by a cryptographically secure random number generator.(MD5,sha1)
  • The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET
  • The server should  reject the requested action if the CSRF token fails validation.
I have implemented a small example to demonstrate the Synchronize Token Patterns approach.

I used a hard coded user credentials for the  demonstration purpose.
Upon login, I generated a session identifier and set as a cookie in the browser.
At the same time the CSRF token will be generated and it will save in the server side.
In the website, I have implemented an endpoint that accepts HTTP POST requests and respond with the CSRF token.The endpoint receives the session cookie and

based on the session identifier, return the CSRF token value.
I have Implemented a web page that has a HTML form. The method should be POST and action should be another URL in the website.

When this page loads,  an Ajax call will be executed via a javascript, which invokes the endpoint for obtaining the CSRF token created for the session.

I have added a hidden field in the web page that has the value of the received CSRF token.
Once the HTML form is submitted to the action, in the server side,extract the

received CSRF token value and check if it is the correct token issued for the particular session.obtain the session cookie and get the corresponding CSRF token for the session and compare that with the received token value. If the received CSRF token is valid, show success message. If not show error message.
You can find the Source code from here.

Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to &qu...