Facebook Begins Rollout of Data Use Checkup to Facebook Platform Developers

In an effort to further protect user privacy, and given past failures in this area, Facebook has recently simplified the company’s platform terms and developer policies in hopes that this will improve adherence to guidelines. To support these goals Facebook has announced the rollout of Data Use Checkup, an annual process for developers that validates data usage.

This new process, which is supported by a self-service tool, was first announced in April of 2020 and will require developers to use check each application they manage for adherence to company standards. Developers will have 60 days to comply with this standard before losing access to APIs.

The rollout of this program will be gradual and developers will begin to be notified over the next several months. The announcement of the rollout notes that developers will be notified “via a developer alert, an email to the registered contact, and in your Task List within the App Dashboard.” To simplify the process for developers that manage multiple apps, Facebook is allowing batch processing via an interface that facilitates this action, although developers will still be required to check each apps permissions.

Developers can check the App Dashboard to verify if they are able to enroll in the program at this time. 

Go to Source
Author: <a href="">KevinSundstrom</a>


Discovery of life in solid rock deep beneath sea may inspire new search for life on Mars

Newly discovered single-celled creatures living deep beneath the seafloor have given researchers clues about how they might find life on Mars. These bacteria were discovered living in tiny cracks inside volcanic rocks after researchers persisted over a decade of trial and error to find a new way to examine the rocks.

Researchers estimate that the rock cracks are home to a community of bacteria as dense as that of the human gut, about 10 billion bacterial cells per cubic centimeter (0.06 cubic inch). In contrast, the average density of bacteria living in mud sediment on the seafloor is estimated to be 100 cells per cubic centimeter.

“I am now almost over-expecting that I can find life on Mars. If not, it must be that life relies on some other process that Mars does not have, like plate tectonics,” said Associate Professor Yohey Suzuki from the University of Tokyo, referring to the movement of land masses around Earth most notable for causing earthquakes. Suzuki is first author of the research paper announcing the discovery, published in Communications Biology.

Magic of clay minerals

“I thought it was a dream, seeing such rich microbial life in rocks,” said Suzuki, recalling the first time he saw bacteria inside the undersea rock samples.

Undersea volcanoes spew out lava at approximately 1,200 degrees Celsius (2,200 degrees Fahrenheit), which eventually cracks as it cools down and becomes rock. The cracks are narrow, often less than 1 millimeter (0.04 inch) across. Over millions of years, those cracks fill up with clay minerals, the same clay used to make pottery. Somehow, bacteria find their way into those cracks and multiply.

“These cracks are a very friendly place for life. Clay minerals are like a magic material on Earth; if you can find clay minerals, you can almost always find microbes living in them,” explained Suzuki.

The microbes identified in the cracks are aerobic bacteria, meaning they use a process similar to how human cells make energy, relying on oxygen and organic nutrients.

“Honestly, it was a very unexpected discovery. I was very lucky, because I almost gave up,” said Suzuki.

Cruise for deep ocean samples

Suzuki and his colleagues discovered the bacteria in rock samples that he helped collect in late 2010 during the Integrated Ocean Drilling Program (IODP). IODP Expedition 329 took a team of researchers from the tropical island of Tahiti in the middle of the Pacific Ocean to Auckland, New Zealand. The research ship anchored above three locations along the route across the South Pacific Gyre and used a metal tube 5.7 kilometers long to reach the ocean floor. Then, a drill cut down 125 meters below the seafloor and pulled out core samples, each about 6.2 centimeters across. The first 75 meters beneath the seafloor were mud sediment and then researchers collected another 40 meters of solid rock.

Depending on the location, the rock samples were estimated to be 13.5 million, 33.5 million and 104 million years old. The collection sites were not near any hydrothermal vents or sub-seafloor water channels, so researchers are confident the bacteria arrived in the cracks independently rather than being forced in by a current. The rock core samples were also sterilized to prevent surface contamination using an artificial seawater wash and a quick burn, a process Suzuki compares to making aburi (flame-seared) sushi.

At that time, the standard way to find bacteria in rock samples was to chip away the outer layer of the rock, then grind the center of the rock into a powder and count cells out of that crushed rock.

“I was making loud noises with my hammer and chisel, breaking open rocks while everyone else was working quietly with their mud,” he recalled.

How to slice a rock

Over the years, continuing to hope that bacteria might be present but unable to find any, Suzuki decided he needed a new way to look specifically at the cracks running through the rocks. He found inspiration in the way pathologists prepare ultrathin slices of body tissue samples to diagnose disease. Suzuki decided to coat the rocks in a special epoxy to support their natural shape so that they wouldn’t crumble when he sliced off thin layers.

These thin sheets of solid rock were then washed with dye that stains DNA and placed under a microscope.

The bacteria appeared as glowing green spheres tightly packed into tunnels that glow orange, surrounded by black rock. That orange glow comes from clay mineral deposits, the “magic material” giving bacteria an attractive place to live.

Whole genome DNA analysis identified the different species of bacteria that lived in the cracks. Samples from different locations had similar, but not identical, species of bacteria. Rocks at different locations are different ages, which may affect what minerals have had time to accumulate and therefore what bacteria are most common in the cracks.

Suzuki and his colleagues speculate that the clay mineral-filled cracks concentrate the nutrients that the bacteria use as fuel. This might explain why the density of bacteria in the rock cracks is eight orders of magnitude greater than the density of bacteria living freely in mud sediment where seawater dilutes the nutrients.

From the ocean floor to Mars

The clay minerals filling cracks in deep ocean rocks are likely similar to the minerals that may be in rocks now on the surface of Mars.

“Minerals are like a fingerprint for what conditions were present when the clay formed. Neutral to slightly alkaline levels, low temperature, moderate salinity, iron-rich environment, basalt rock — all of these conditions are shared between the deep ocean and the surface of Mars,” said Suzuki.

Suzuki’s research team is beginning a collaboration with NASA’s Johnson Space Center to design a plan to examine rocks collected from the Martian surface by rovers. Ideas include keeping the samples locked in a titanium tube and using a CT (computed tomography) scanner, a type of 3D X-ray, to look for life inside clay mineral-filled cracks.

“This discovery of life where no one expected it in solid rock below the seafloor may be changing the game for the search for life in space,” said Suzuki.

Go to Source


Scientists seize rare chance to watch faraway star system evolve

A young planet located 150 light-years away has given UNSW Sydney astrophysicists a rare chance to study a planetary system in the making.

The findings, recently published in The Astronomical Journal, suggest that the planet DS Tuc Ab — which orbits a star in a binary system — formed without being heavily impacted by the gravitational pull of the second star.

“We expected the pull from the second star to tilt the rotating disk of gas and dust that once surrounded the main star — a process that would skew the orbit of the planet,” says Dr Benjamin Montet, Scientia Fellow at UNSW Sydney and lead author of the study.

“Surprisingly, we found no evidence the planet’s orbit was impacted. We also found the planet formed through relatively calm processes — which means it could be possible for Earth-like planets to survive in binary systems like this.”

Dr Montet worked with an international team of researchers at the Magellan Telescopes located at Las Campanas Observatory in Chile. They used the Planet Finder Spectrograph to measure the Rossiter-McLaughlin effect, which is the relative angle between the orbit of the planet and the spin of its star.

They discovered the planet DS Tuc Ab orbits its star in a relatively flat plane, at approximately 12 degrees incline from the star’s rotational axis. This low incline — called obliquity — suggests that the pull from the companion star did not significantly tilt the orbit of the protoplanetary disk where DS Tuc Ab formed.

While planets in the solar system all have a low obliquity, it’s unusual for planets like DS Tuc Ab.

“Most similar planets orbit their star at random angles, sometimes reaching up to 90 degrees above the axis of their star,” Dr Montet says.

“The DS Tuc system is the first piece of evidence that higher orbital angles don’t get defined early on in a star’s life — they are an effect that happens only later on.”

At 40 million years old, the gas giant DS Tuc Ab is considered a ‘pre-teen’ in planetary years. There are fewer than ten planets we know about that are this young.

Its age is a unique chance for astrophysicists to study a system in development before external influences interfere.

“To find out how long planetary systems last, we need systems that are too young to go through dynamical interactions, but old enough to have formed planets. The DS Tuc system is exactly in that niche,” Dr Montet says.

DS Tuc Ab: a ‘Hot Neptune’

The planet DS Tuc Ab is a Neptune-sized gas planet that orbits its star closely and quickly — one lap around its star takes only 8.1 days. These types of planets are known as ‘Hot Neptunes’ for their fast speeds and proximity to their stars.

Hot Neptunes are unlike anything we have in the solar system.

Even the smallest and closest planet to our Sun, Mercury, takes almost 100 days to complete its orbit. Our closest gas planet, Jupiter, takes over 4300 days.

Giant gas planets are unlikely to develop close to their stars. The current understanding is that they form further away and, over time, a force causes them to move closer to their stars.

Scientists want to know what that force is.

“There are two main theories about how Hot Neptunes came to be so close to their stars,” says Dr Montet.

“One theory is that an external force — potentially a multi-body nearby collision — ‘kicks’ them closer in, where they wobble and eventually settle on a new orbit.

“Another theory is that smooth processes within the planetary disk create a force that gradually pulls the planet closer to the star.”

Testing the obliquity can help scientists uncover which force was at play. Planets with low obliquities are understood to be formed by smooth disk processes, while more dramatic processes will lead to random or high obliquities.

However, astrophysicists have recently been intrigued by the suggestion that wide binary stars can tilt the orbit of young planets around their stars — while this process would be smooth, it would result in planets with high orbital inclinations.

“If true, this would upend our theory of planet formation!” says Dr Montet.

While that theory was not supported by the low obliquity of DS Tuc Ab, scientists are looking to the skies for more young binary systems to test.

The next generation of planetary systems

When it comes to learning from star systems, many of the systems we can observe today provide an inaccurate history of the system’s past.

“Present-day systems are not pure laboratories,” says Dr Montet.

“Over billions of years, planet-planet and planet-star interactions can scatter, torque, migrate, and disturb orbits, making what we see today very different to how they initially formed.”

Planets take between 10 and 100 million years to form, but most of the planets visible from Earth are much older. The DS Tuc system is 45 million years old — only 1% the age of the Sun.

“DS Tuc Ab is at an interesting age,” says Dr Montet. “The protoplanetary disk has dissipated, and we can see the planet, but it’s still too young for the orbit of other distant stars to manipulate its path.

“It gives us the chance to understand planet formation dynamics in a way that a five billion-year-old star doesn’t.”

DS Tuc A is the youngest star for which the spin-orbit alignment has ever been measured.

Searching the skies

DS Tuc Ab is only visible from the Southern Hemisphere. It was discovered last year through NASA’s Transiting Exoplanet Survey Satellite (TESS) mission — an all-sky surveying mission that aims to discover thousands of exoplanets near bright stars.

Montet worked closely with researchers at Harvard and Carnegie universities, who also measured DS Tuc Ab’s obliquity but used the Doppler tomography method.

“The first exoplanet searches were done in facilities in the Northern Hemisphere, and so they missed a lot of the planets far south,” says Dr Montet.

“NASA’s TESS mission is changing that. It’s finding all these planets around stars that previously hadn’t been searched.”

Dr Montet and his team are leading an effort to find and characterise more planets around young stars. They hope to study how stellar activity, such as stellar flares and starspots, could affect planet detection and habitability.

“Finding young planets is challenging. We really need to understand the behaviour of the parent star to be able to find the shallow signals of these planets which can be overwhelmed by starspots and flares,” says Adina Feinstein, a National Science Foundation Graduate Research Fellow at the University of Chicago and co-author of the study.

“There’s no reason why Earth-like planets couldn’t form and survive in Hot Neptune systems like this one,” Dr Montet says.

“We just have to go out and find them.”

Go to Source


Synthesizing a superatom: Opening doors to their use as substitutes for elemental atoms

Superatom is a name given to a cluster of atoms that seem to exhibit properties similar to elemental atoms. Scientists have shown particular interest in superatomic structures, since they can be linked with atoms to produce molecules, and potentially be used to substitute certain elements in many applications.

But for superatoms to be effectively utilized, they must be specially tailored to resemble the characteristics of the corresponding elements. This transformation depends on the specific combination of electrons used. For example, when an aluminum atom with 3 valence electrons (outer shell electrons that can contribute to the formation of chemical bonds) is added to the superatom of aluminium-13, the properties change to those of a superatom of aluminium-14. Due to this modifiability of superatoms, investigating them and understanding them further is important. But previous research has been mainly theoretical, and largely focused on single clusters. Research has also not been able to synthesize superatomic clusters with sufficient volume and stability for practical application.

In a recent study, scientists from Tokyo Tech and ERATO Japan Science and Technology, led by Dr Tetsuya Kambe and Prof Kimihisa Yamamoto, fabricated clusters of the element gallium (Ga) in solution to demonstrate the effects of changing the number of atoms in a cluster on the properties of the cluster. The team synthesized Ga clusters of 3, 12, 13 and other numbers of atoms using a specialized superatom synthesizer. To characterize and analyze the structural differences among the synthesized clusters, transmission electron microscopic images were captured and calculations were performed using computation tools.

The mass spectrometry revealed that the 13- and 3-atom clusters had superatomic periodicity. The 13-atom cluster differed from the other clusters structurally and electrochemically. But the 3-atom cluster with hydrogen (Ga3H2) was reduced to Ga3H2- and was not detected, suggesting a low stability of this cluster when synthesized in the solution medium.

The ability to alter the clusters reinforces the concept that structural change can be induced in superatoms. Describing the implications of their findings, the scientists explain: “These series of results demonstrate that it is possible to change the valence electrons in superatomic clusters in solution by controlling the number of constituent atoms. This in turn enables the designing and preparation of superatoms.”

This study paves the way for future research to investigate the use of superatoms as substitutes for elements. As Dr Kambe, Prof Yamamoto and team reiterate, “the superatom reveals an attractive strategy for creating new building blocks through the use of cluster structures.”

Story Source:

Materials provided by Tokyo Institute of Technology. Note: Content may be edited for style and length.

Go to Source

IEEE Spectrum

New Nonvolatile Memories Shrink Circuits That Search Fast

The kind of memory most people are familiar with returns data when given an address for that data. Content addressable memory (CAM) does the reverse: When given a set of data, it returns the address—typically in a single clock cycle—of where to find it. That ability, so useful in network routers and other systems that require a lot of lookups, is now getting a chance in new kinds of data-intensive tasks such as pattern matching and accelerating neural networks, as well as for doing logic operations in the memory itself.


What is an API and Why does the API Contract Matter So Much?

As a part of ProgrammableWeb’s ongoing series of on-demand re-broadcasts of presentations that are given at the monthly Washington, DC-Area API meetup (anyone can attend), this article offers a recording and full transcript of the APIs 101 presentation that I gave on Dec 5, 2019. It’s the first of a long-running series of 101 classes that I’ll be giving at the meetup. In the presentation, I discuss how the API contract essentially decouples the API consumer from the API provider and the sort of flexibility that comes with that decoupling.

The DC-Area API Meetup almost always takes place on the first Tuesday of every month. The attendees consist of API enthusiasts and practitioners from all around the federal government as well as businesses and organizations that are local to the DC Metro area. There is no charge to attend and attendees get free pizza and beer, compliments of the sponsors. The meetup is always looking for great speakers and sustaining sponsors. If you’re interested in either opportunity, please contact David Berlind at [email protected]. If you’re interested in attending, just visit the the meetup page and RSVP one of the upcoming meetups. It’s that simple. 

Here’s the video of my presentation:

What is an API and Why does the API Contract Matter So Much?

Editor’s Note: This and other original video content (interviews, demos, etc.) from ProgrammableWeb can also be found on ProgrammableWeb’s YouTube Channel.

Transcript: What is an API and Why does the API Contract Matter So Much?

Announcer: Brought to you by MuleSoft. Visit to find out how MuleSoft’s API-led approach to connecting apps, data and the Internet of Things can revolutionize your businesses.

David Berlind: David Berlind, editor in chief of here with a special edition of the Developer’s Rock podcast. Now every month in Washington DC, there is a special meetup that takes place on the first Tuesday of the month. It is the DC Area API meetup. And this is where many of the technologists from across the federal government get together to talk about what works and what doesn’t work in the way of providing APIs from government agencies, not only for internal consumption by developers but for external consumption as well. Now, if you’re interested in attending that meetup, I suggest you go to and search for it by searching DC API User Group, and if you go to that webpage, you’ll find not only the upcoming meetup, and who will be speaking at it, but you may even find a schedule and other users who are attending the meetup. If you want to find out more about the meetup, you can go there. You can also go to the meetups Twitter feed at @dc_api_meetup as the Twitter handle. So, I hope to see you there at the meetup.

Meanwhile, what we decided to do is we’re going to record all of the different presentations and publish them not only to ProgrammableWeb but also to ProgrammableWeb’s YouTube channel at These presentations will not only include what the speaker is saying, but you’ll be able to see their slides as well. And if you go to the version that’s on, we’ll include a full transcript of everything the presenter said. I encourage you to check those out. So, for now, I’m going to let you go and watch this next presentation that was filmed at the DC API user group meetup. Thanks very much, and I’ll see you soon.

David: So, as Gray said, one of the things that we’ve got going on here is we’re going is I’m going to be delivering an ongoing series of talks, which is more like a kind of a college course on APIs. I think 101 maybe is—probably a bit of a misnomer—because it does cover some fairly interesting nuances of API’s. But the way this will go is I’m going to give a talk here. And I have the whole series planned out and most of the content developed. But, I’m only going to give a part of it here, and then I’ll give the continuation of it, and the ongoing continuation of it at each of the subsequent meetups. So, you’re seeing the first part, and then in January you’ll see what comes next, and so on and so forth.

These talks, since I know some of you, you’re experienced practitioners with API, so some of this is obviously going to be very rudimentary for you. But, I think to Gray’s point, one of the challenges that anybody has in an organization, even if you really know your API stuff, is explaining it to the other people in the organization so they understand it. And, over the last nearly decade of working in the area of APIs, one of the things I’ve come to learn working with different organizations is that it doesn’t really do the organization a whole lot of good if it’s the IT department or somebody in the IT function driving the API strategy. The other side of the organization, the business people, really need to understand what the power of APIs are and how they can be so transformative to a company to make a company into more of a platform if you want to call it that. And, so maybe while some of this will be review or rudimentary for you, it may spark some ideas on how to talk about APIs with other people so they begin to understand the benefits in terms that they understand.

So, what I’m going to go through across this entire series will be “What exactly is an API?”, ” How do they work?”, “What are the key benefits of web API architecture?” By the way, this is all tweetable. You can tweet all this stuff and tell your friends [that] this is a good place to come. If you don’t know about APIs, you don’t have to be an expert in them. Great place to come to learn about them. “What are the different styles of APIs and when to use them?” This is something that is near and dear to my heart because I’m the editor in chief of ProgrammableWeb, which a lot of people come to. They know it as the “Journal of the API Economy”, but we also run the world’s largest independent directory of public APIs. And part of the way we categorize them is based on their styles, and there are different styles of APIs.

That’s should be “Why are the APIs the engines for digital transformation of organizations and business reinvention?” This is where you get into that area of why is it really relevant for business people to understand how APIs can benefit the business and change the business. Because every business needs to go through these changes if they want to stay competitive in the new world. “What are the different business models?” And, actually, I can’t even answer this question right now because we’re in the process of finishing this report. But, the definitive reference for the business models for APIs is a presentation that was given the founder of ProgrammableWeb, a gentleman by the name of John Musser. And the title of the presentation, you can look it up, you can Google it, it’s “20 API Business Models in 20 Minutes“. And people look at that as the sort of gold standard reference of how to understand the different business models. Well, it turns out that it was published back in 2013. So, a lot of time has passed, especially in internet years, and things have changed. And so, we’re actually putting out a whole new comprehensive guide to all the different business models, and what makes them different from one another.

“How and why you should be productizing APIs?”, and “What are the different API security concerns, and how to address them?” And, “What is API first design, and why is it important?”This is what I’ve gotten on the list so far, but it’s going to expand. Because as we go on, people are going to have questions and say, “Hey, you gave a presentation on X,” and so I will add it to the curriculum.

So first, I just want to talk about, this is one, Gartner actually adopted this phraseology from my presentation, which is that if you think of the cloud that’s in between the smartphone, and what is our icon for the server here, right, in that role, all of us are used to using these, right? You all have one of these. And this has a user interface on it, and it’s intended for a human, right? So you all know how to use it, you know how to tap it, you know how to scroll it, you know how to operate the applications that are in here. And it’s rather intuitive, or in some cases not, but you get to figure it out. And that is a user interface. It’s designed for human consumption. And, in that role when you’re actually using your smartphone, it is communicating at some point with some other server that’s across the internet on the other side of the cloud. So, the only difference between what you’re doing with your smartphone and what an API is, and by the way they’re API is involved when you do those things, is that the machine is also a user. But, the user interface that it needs to talk to the server on the other side just has to be designed for a machine to consume it instead of a human to consume it.

And so, what I always like to say is well look, these are both users. They’re just different types of users. One is a human user, the other one is a machine user. And an API is really just the user interface that’s designed so that machines can consume it. And this allows two machines to really talk to each other, or two pieces of software to talk to each other. A lot of times you hear other people describe it that way. It allows two pieces or more of software to talk to each other. So, there’s something called a contract that’s involved in this conversation that takes place between two machines or two pieces of software.

But, first I want to talk about some basic terminology that I think will be useful to you. We have this world in the API economy that consists of consumers and providers. And some people get consumers confused with, oh, consumer, like, consumer in the retail world, the consumer. No, that’s not the case. In a software application, like the ones that you use in your smartphone, when they’re talking to another piece of software, and they’re going through an API, that is the consumer. So the actual application that is talking to another machine is the consumer of the API. And the machine that’s providing that API is the provider.

The company or the entity that runs that machine on the other side that is providing that API that the consumer is talking to is often referred to as the API provider. And so, these consumer, provider, also sometimes you think of the consumer as the “developing consumer.” You can think of developers who build applications and use the APIs as the initial consumer of the API because they’re writing or coding the application that consumes the API. So developing consumer, consumer, provider, API provider. These are important terms that we try to stay consistent with when we’re talking about APIs.

Now, a real basic part of this, and some of you are very familiar with this of course, is that oftentimes an application outsources some function to an API. And we often call that “calling” the API. It’s like picking up the phone and making a phone call. Only this time the software is calling the API, and the API is going to respond with whatever it’s designed to respond with. If you’re calling the Google Maps API, it responds with an actual map that gets painted on your screen. So if you’ve used to using Uber or Lyft, you see the maps getting presented right in the application. They’re calling the API of some mapping API provider. You might be calling API for something like a patient record. I think we had somebody here is with Medicare and Medicaid, so you know all about that kind of stuff, right? Like I said, a pin on a map that that functionality sort of provided by Google Maps. Or maybe, a financial transaction, a banking transaction of some sort. There are a lot of different API providers that offer API based financial transactions. PayPal, for example, does that, Dwolla does that. Stripe does that. A lot of banks do that.

And, to make this work, there’s this “contract” that exists between the API consumer and the API provider. And just like a legal contract, there’s a mutual understanding between the consumer and the provider for this to work. The provider is on the hook to make sure that they live up to the contract and do exactly what they say the contract says they should do. And there is some burden on the developer to do the same thing, to make sure that they call the API correctly. And all of those things are baked into what we sometimes call a “technical contract.” This is one of the more confusing areas when you’re explaining it to maybe a business person, but this contract turns out to be one of the most important features of an API in terms of the benefits it has to offer to organizations. So it’s like a legal contract, it represents an understanding by all parties involved. And it also represents some agreed-upon standards that the two sides, the consumer and the provider, are going to use.

And this includes even de jure standards like official standards that are out there. So for example, the standard for XML is a worldwide standard, that’s well understood by everybody. And your API, the consumer and the provider of the API, when they’re agreeing to a technical contract, are also agreeing, hey, the data that we share back and forth between each other is going to be transferred in the XML format, which is a standard.

So I have some analogies to help you understand the contract and help you explain it to other people. We have a plugin the wall here. We have the construction guy, the LEGO construction guy, and then my favorite of all is the intermodal shipping container. So, here’s an example contract. And one of the key things about this contract is what we call this idea of “decoupling.” So the consumer is fully decoupled, this is an important concept, decoupled from the provider. And the electrical socket, each of these analogies kind of gets that point across, and the electrical socket’s really good example of that. Now the electrical socket has a very specific contract in it, right? There is a very, very important arrangement of the different holes that are in the socket. You have a sort of an elongated hole which is often referred to as the “neutral.” You have the shorter one which is sometimes called the “hot”, and then you have that little semi-ovular one which is the “ground.” And when something plugs into it and fits into that socket, and you know everybody has seen a plug that only can fit in one way, they know they’re going to get 120 volts of alternating current. They’ll get somewhere between 15, 20 amps through a socket like this, or up to that. It’ll be, like I said, alternating current. And here’s a little bit of the data on the socket configuration. And if you tore the wire apart that you’re plugging in, you very often find these colors in that wire because they’re part of an agreed-upon standard of what color wires you use for this.

And so is a really good example. If you think about things that you plug into an electrical socket, let’s take a hairdryer, for example, that hairdryer is designed to know that when it plugs into the socket, it’s going to get all of this. It doesn’t care how that is delivered to the socket on the other side by the provider. It could be wind, it could be solar, it could be nuclear, doesn’t matter. As long as the hairdryer gets 120 volts through a socket rated for 15 to 20 amps and alternating current, the hairdryer is happy, so this makes it possible for the designer of the hairdryer to design just that specification, and not worry about how that’s going to get to the socket. And this is that issue of decoupling. The hairdryer is completely decoupled from the utility that provides the electricity. It doesn’t know or care how the utility delivers this contract to the wall socket. And by the way, the utility doesn’t really care about the hairdryer. They’re fully decoupled from each other. They’re fully insulated from one another. Right?

So let’s take another example here, which is LEGO, which is probably the most common used analogy for APIs because APIs turned out to be like building blocks. And, as it turns out, there’s a very strict technical contract when it comes to LEGO in terms of the size of the nubs on the little blocks. And this kind of shows you a little bit about what that specification’s about, but that’s a contract. And anybody who has worked with LEGO before knows that if you buy one of the fake LEGO makers, and you try to snap it on, it doesn’t quite fit so perfectly as a real LEGO block will fit. Right? And that’s because they don’t quite have the contract down. And it’s probably because there’s some intellectual property thing that prevents them from copying the contract. But, point being, is that there’s a contract there. And you have essentially a provider of a nub and a consumer of the nub in a way that sort of decouples and separates the concerns of the two blocks from one another. All they care about is that the provider and the consumer conform to the contract.

Now if you have kids, like I do, I have four kids, this is the new thing. Oh, not really new anymore. But when you go, at Christmas time, you go to the store and you want to buy a gift, and you see this on the shelf. And you realize that LEGO has kind of gotten away from this idea of a contract. Because one of the big advantages of decoupling is, like I said, you don’t really care. Everything kind of works together no matter what. And suddenly, you get something like this, and there’s a part like that that comes with it. And you’re like, Jesus, you know what? This thing only works on that airplane. It’s totally coupled to this design. And you can’t really use this anywhere else. The contract is actually in the nubs there. But, good luck making this really work with your other LEGO pieces. So in some way, it’s still decoupled because the nubs are conforming to the contract, but it’s not in the true spirit of what LEGO once was a long time ago. It only really fits on that airplane. Now maybe some creative kids will come up with some other way to make this really fit into something else. And that’s because the contract is still somewhat showing up there in the nubs.

Let’s talk about intermodal modal shipping containers. I never knew this, and then I suddenly stumbled across, I said, wow, that’s a perfect analogy for… and it’s an amazing analogy for APIs, and an amazing bit of history. So this guy, Malcolm McLean, he’s considered the father of modern-day shipping logistics. And, if you know something about how shipping used to work before they had shipping containers, this is the way it worked. The truck showed up at the docks, and there were a bunch of bunch of longshoremen on the docks, and they literally hand loaded the merchandise off the truck into some kind of box that was on the boat, and then the boat went wherever it went. And the exact same process worked in reverse on the other side. Terribly inefficient, and human-oriented process. Can you imagine people dropping stuff, breaking stuff, this would never work in today when we’re shipping electronics and cars, and things like that all over the world?

So, Malcolm McLean came up with this better idea. He said, “what if we make it so that, let’s say you’re a manufacturer of goods, you load a container with some stuff. And then we bring that whole container to the ship. And by the way, it gets there on the back of a tractor-trailer truck, which goes to a train station, and puts it on a rail car, and the rail car brings it to the docks. And then it goes on to the boat. It lifted by a crane onto the boat. And there’s no handling of the merchandise by longshoremen. It’s just a container.” So, the container leaves the manufacturer, eventually finds its way in a boat, and the boat goes to where it’s going. And the container is taken off the boat and sent to its final destination. And then it’s up to whoever is at that destination to unload the container. So now the burden of loading and unloading is really the very beginning and end of the process.

Well, to make this possible, they had to come up with this thing called the twist lock, right? And the twist lock is this device, this casting that is on all four corners of the container. And it allows the containers to be locked to one another, but it also allows the containers to be locked down to the tractor-trailer trucks, and to the rail car, and then the ship itself, and then to each other. Right?

Here you really have another contract in place. This is a standard, a worldwide global standard, where you have the provider of the contract and the provider of the interface and the consumer. The provider is the container. You could look at it either way, but I think the consumer is the truck because it’s taking the container and moving it around. So next time you’re on the highway and you see one of these trucks drive around, you see one of those containers that says Maersk on it or something like that, now you’re looking at it completely differently. You’re going to be looking for the twist lock, right? Because you’re going to think, wait a minute, that thing right there, that’s an example of an API because there’s a very strict contract that everybody is sticking to in order to make this work.

And, quite frankly, the container, just like with the hairdryer, it doesn’t care what it’s being connected to. It doesn’t care. It’s decoupled. It’s essentially decoupled. It could be the tractor-trailer, it could be another container, it could be a rail car, or it could be the ship itself. And so here’s an example. Here’s the contract of the twist lock. I don’t have to go into the details. I’m not going to test you on this.

And then, the question from me to you is, what are some of the other examples of this? Because in the world around you, we are literally surrounded by examples of these standards that end up decoupling the provider from the consumer. Does anybody have any ideas?

Audience Member: Currency.

David: How so?

Audience Member: I give a bartender five bucks, he gives me a beer.

David: And, that’s a contract. That’s actually, there’s a sort of a legally binding contract right there, right? Okay.

Audience Member: I give him seven bucks, he gives me one.

David: That’s right.

Audience Member: I can go on and on.

David: I think we’re going to go through the whole world of spirits and liquor before we get… yeah, okay. Any others? Come on.

Audience Member 2: Most networks. So you could say road network. It’s an abstraction that allows all kinds of various things from small contact scooters to huge ATV vehicles. It doesn’t care. But it follows strict standards that subsequently are then followed by manufacturers.

David: The width of the lanes, for example, right?

Audience Member 3: Width of the lanes, traffic goes on one side one way,…

David: When I’ve given this presentation before, people have brought up the wheel and tire. The tire’s mounted to the wheel, but there’s a contract that lives between the two of them. In a way that you could get tires from any number of manufacturers and put it on a wheel, right, on the same wheel.

Audience Member 4: Railroads.

David: Railroads.

Audience Member 5: Railroad tracks.

David: Right, and there’s all kinds of legendary folklore about how we ended up with that. Right? You always see that somewhere. You come across the internet every two years, it makes the rounds, goes viral, how did we end up with the width of the tracks. I forget how that story goes, but if you pay close enough attention, it’ll come your way eventually.

Audience Member 6: It’s been debunked, though.

David:: Huh?

Audience Member 6: It’s been debunked.

David: Oh, okay. You can’t believe everything. It’s all fake news. There you go.

Audience Member 7: Too soon, right?

David: That’s right. So point being, this decoupled nature creates all kinds of great opportunities that lead to digital transformation and reinvention of a business. And we’ll get to those in the future versions of this course. One thing I want to leave you with though is that APIs are not new. APIs have been around for decades actually. They just have been coming in many different styles and forms.

But just to give you an example of… I looked at the name of this meetup. I was like, wait a minute, what’s the name of the meetup? And it’s the DC Web API Meetup, right? And that’s what it says on And I thought that’s really interesting that the word web’s in there. It’s actually not the DC API Meetup, it’s DC Web API Meetup. And there was something that happened, this is important in the arc of API history, where the web got involved, which introduced even better decoupling, and it was essential to how we got to where we are today. And I want to talk a little bit about that.

Now again, APIs have been around for decades, but for the lion’s share of that time, they were predominantly what we call RPC APIs. And RPC stands for remote procedure call. Again, we have two machines here. They’re talking over the internet, or over a network in many cases, not even the internet. An RPC is in the middle. And essentially, what would happen there is one machine had to know specifically what procedure on the other machine to call. And maybe the name of that procedure was “retrieved customer info.”

Now, this RPC kind of architecture has happened in a number of different ways over the many years that we have APIs in existence. But essentially that is very tight coupling. The consumer has to know something incredibly specific about the provider and the code that is written on the consumer is very tied to the procedures that live on the provider side. And it was the web API that changed everything. And so let me show you how that is.

Today, when we hear about web APIs, the communication that’s taking place between the provider and the consumer is over the protocol of the worldwide web, which is HTTP and you see that in your web browser, HTTP something, something, something. Well, that stands for hypertext transfer protocol. That is interchangeable with the term the web. The two things mean exactly the same thing. There’s an official protocol there. But, what was special about that protocol is that the protocol has built into it its own set of commands. So that instead of retrieving a customer, having to know the name of the procedure that’s on the other side, all you have to know are the list of commands that are a part of the web’s protocol.

So in this case, instead of saying retrieve customer info, you might just issue a command that says get. Get is one of the verbs, they call them verbs, of the HTTP protocol. Now if the consumer issues a get request to the provider, it’s up to the provider to figure out what to do with it.

But, this completely decouples the consumer from having to know the specifics, the names of the procedures on the provider side. And this was something very special about the web that changed the world of APIs in a big way. This really kind of was what broke things open when it came to putting things like Google Maps as an API based service on the web. Okay? And Google Maps is essentially the second API that we made a record of. Or no, the first API we made a record of in the ProgrammableWeb database. The second one was Flickr, which was acquired by Yahoo. Right?

But, both of them worked across the web, and both of them used the web’s protocol to issue these commands. And as soon as developers saw that, the flood gates broke open. That was really easy for them to understand. It made life a whole lot easier for them to actually start working with APIs because there’s only a handful of these verbs. There’s get, put, patch, et cetera. Right? And you can look that up. If RPC APIs that came before were sort of decoupling things, this was really decoupling things.

And so, this is a little bit of a hint of where that leads us for the next presentation. But, imagine if you will, that you have all different kinds of consumers. On the top here you have machines, you have web browsers, you have iPhones and Android phones, you have notebook computers all talking over the internet to a variety of things, servers or providers on the back end. Technologies that provide the API on the back end. It could be .NET, could be Linux, could be something, an IBM mainframe. The contract is that agreement.

And I’ll leave you with one thing, and we’ll talk about it more next time, is just imagine, let’s say, you have an IBM mainframe that costs millions of dollars to run and maintain and to license the software for it from IBM. And what have you could just replace it with a Linux server in Amazon’s cloud? Well, the contract is what allows you to do that. It’s just a substitution that you would make and say, okay, instead of providing that electricity to the plugin your wall with coal, we’re going to provide it with solar. Something that’s way more cost-efficient, way more friendly to the earth, and so on.

Well, this gives organizations the power to make those substitutions. Maybe that IBM mainframe is overkill, and is not worth it anymore. And maybe you could provide that same contract to the consumers with something that’s far more cost-efficient like a Linux server running in the Amazon cloud. That is real power. That could transform a company, that can transform the bottom line in ways that are incredibly significant to the company and make it more profitable, give it more control over its future, and make it more competitive in the marketplace that it’s working in, because now it has more capital to work with instead of the capital that it’s just wasting on a big mainframe. Not that mainframes are a big waste of money. But again, the contract is what makes this possible. Because the back end and the front end are completely decoupled from one another.

In a future version of the presentation, we’ll talk a little bit about more about what it means to move from an IBM mainframe to a Linux server. That’s a conversation that we call “legacy modernization.” So thank you, and I will continue this the next time.

Go to Source
Author: <a href="">david_berlind</a>


From the DC-Area API Meetup: Government Security Architect Attempts to Learn About API Security

As a part of ProgrammableWeb’s ongoing series of on-demand re-broadcasts of presentations that were given at the monthly Washington, DC-Area API meetup (anyone can attend), this article offers a recording and full transcript of the Oct 1, 2019 discussion given by Epigen Senior Information Security Architect Trevor Bryant regarding his attempt to bone-up on API security. Although he is a security architect that works on federal government systems, his area of expertise did not include API security. But with the increasing emphasis on exposing government agency datasets through APIs, it was only a matter of time before he would have to add API security to his domain expertise. Sadly however, as you will see, there was no single go-to source for Bryant to educate himself. The information is out there. It’s just scattered in a way that sent Bryant searching for various needles in various hastacks.

The DC-Area API Meetup almost always takes place on the first Tuesday of every month. The attendees consist of API enthusiasts and practitioners from all around the federal government as well as businesses and organizations that are local to the DC Metro area. There is no charge to attend and attendees get free pizza and beer, compliments of the sponsors. The meetup is always looking for great speakers and sustaining sponsors. If you’re interested in either opportunity, please contact David Berlind at [email protected]. If you’re interested in attending, just visit the the meetup page and RSVP one of the upcoming meetups. It’s that simple. 

Here’s the video of Bryant’s presentation:

Developers Rock Podcast (special edition): Government Security Architect Attempts to Learn About API Security

Editor’s Note: This and other original video content (interviews, demos, etc.) from ProgrammableWeb can also be found on ProgrammableWeb’s YouTube Channel.

Full Transcript of: Government Security Architect Attempts to Learn About API Security

The following transcript is from Trevor Bryant’s presentation, transcribed as best as possible from the video above. As with many transcriptions of this nature, some sentences may run on, or may appear fractured. Our goal is for the transcript to be as true to the presentation as possible.

Trevor Bryant: So my name is Trevor Bryant. I am a security-minded dev ops nerd. So yeah, I’ve been doing, I like to fall more in the information security rather than cybersecurity. I’m not too into the offensive or defensive operations. It’s more things like FedRAMP, meeting regulatory compliance.

The number one rule of FISMA is actually cost-effective security, so we have to design, build, and implement information systems in the government that also meet a cost-effective security objective. And I mentioned FedRAMP again, but it’s really interesting going through FedRAMP, rather than a traditional assessment and authorization process, which is part of the risk management framework underneath FISMA.

You trade administrative overhead from, rather than having something on-prem to [being] in somebody else’s data center, which is pretty interesting and significantly more expensive. Turns out, you might get a budget for $300,000 to migrate your application from on-prem to something that’s FedRAMP cloud service provider.

And then, you find out your three PIO is $300,000, so that’s got to go back next year and ask for more money and then work on your project plan to eventually get to the cloud in five years in the government. I think Gray is probably one of the few [people] that knows the struggle of that.

Gray: That’s why I drink.

Trevor: Actually, it’s true. I’ve known him for several years and pretty much all we do is drink. So the night of NIST part, it turns out if you spend an entire weekend reading about FIPS, encryption and then you go back to Ron Ross’s team and you email them that you found a lot of contradictions and you’re not really sure what you’re supposed to follow, they’ll just respond back like, “We hate it when you do this, but stick with the latest round of guidance.”

And in this case, it was like, so when am I supposed to have FIPS enabled? You’re saying that we’re supposed to have the data encrypted in transport and that’s sufficient enough. But then over here, in all of these STIGs you’re saying that we have to do everything in the operating system and the operating system has to inherit it. And they’re like, “Dammit Trevor.”

So I’ve always been an auditor and an analyst and an engineer. Now I’m finally an architect. Evidently, when you get that rise to the title, you get more interesting conversations and I’ve been getting a lot more into technical policy. There’s things like the DCOI, the Data Center Optimization Initiative. Cloud Smart just came out, which is going back to more of the cybersecurity focus and then also the workforce provided in that with the government.

This past weekend we actually had the, was it called the President’s Cup Cybersecurity Challenge Competition or something like that. They basically took a generic capture the flag sort of challenge, where we’re all hacking into a system, finding vulnerabilities, exploiting things, finding strings or credentials and then eventually working our way to a defined string, which is like flag and then in curly brackets is like some bleep speak and then you go and enter that into a jeopardy style board and then you get points.

So the President actually came out with one last, came up with the executive order last year and then we finally got to play it this weekend and it was a lot of fun and also pretty interesting. I’m also an instructor at DC Tool and that’s the open organization of lock pickers. We have a meetup tomorrow, 6:30 at The Board Room, which is just a right up the street. We’ll teach you ethical lock sport.

We’ll teach you the first two rules and all the laws, depending on what state you’re in. We’re in DC, so we’re okay. You don’t have to prove that you’re not a criminal if you have a lock pick set on you and just have a couple of drinks and pick some locks, just meet people, just pop locks.

I’m also a conference organizer and volunteer, so if you have been to the DevOps DC meetup, I’m one of the organizers for there or the DevOps Days Conference, at least for the DC chapter. I’m also involved in a lot of the BSides organizations, which is literally like a flip of the deck.

If you don’t want to make it to DevCon or you can’t get into a talk or you want to speak in these conferences, have like thousands of people submitting, but only 12 can speak. There’s the BSides, which are seemingly, there’s over 260 now in just about every major city. So no matter where you go, BSides Augusta, is about to come up and they’re just really fun conferences in general.

And there’s my website. So Gray asked me to come in, talk about API and I was like, oh, I’m a security person. I’ll come and talk about API security. And this entire weekend, I spent just nothing but Googling and learning about API security. And this is what I realized, I know about myself is, as a security architect, I know so little about APIs.

I mean, nobody watches Game of Thrones? No. Dumbledore dies. So I always start off with a Google image search like, oh I like that prettiness. I’m going to go find a website or some YouTube video that just appeals aesthetically and I’m going to start there and go read and I’m going to go search my favorite government website because being a nerd in the government, I like to stick with those government definitions.

And so I went to NIST and this is what I found. Awesome. Right? Yeah. WAT, so that was just fumbling around for five minutes and I’m doing a lot of this. Does it work? Yes. Trying to find around an API security checklist because my ultimate goal here is, can I find government standards that are used by the government on APIs? And,if I can find standards, then maybe I can find a security checklist and instead I find this GitHub repository that does, it has a long list of just checks and balances to go through like maybe, you should use Oauth or something else. Don’t let data go in plain text, don’t have the thing, actually I have a really good slide for that. I’ll get back to that. Input and processing have just high-level stuff here.

And I’m just like JWT, what is that? So then I had to go learn about that. And then I go to OWASP, everybody’s actually, so they just had APPSEC 2019 in Amsterdam and I think they had APPSEC here in DC some months ago or maybe last month. But they have, so they come out every year with the top 10 OWASP security recommendations, which could be similar to the CIS top 10 or 20 recommendations for security as well.

But what I notice a lot here is that they’re things I already know, which is APIs expose a lot of data. And this made me realize or made me remember that one of my favorite websites here to practice how bad I am at penetration testing, has a little challenge to get into it, right? You have to generate your own invite code and by doing, I’ll look at the source code and then I see something particularly interesting, which is the make invite code and then execute the make invite code.

And then we get a base 64 encoded string, which I load up in CyberChef and decode and it has further instructions. And then I make a post and it comes back with more base 64 encoded string and there’s my invite code. It’s like, okay, maybe I do know a little bit more about API security than I thought, which is actually just how to abuse it.

But how do I actually protect it? Where do I go and find recommendations or guidelines of how to protect this? So I go back to OWASP and I find this cheat sheet series that they have this entire project for. And I think this is relatively new because I didn’t find this about six, seven months ago when I first started this effort.

And they have so many things listed that made me realize like, I won’t know or how to become an expert about this overnight. I was really hoping for an easy button. Sometimes you can go to any of these NIST special publications and just control+F to victory. Be able to just take out all of the statements and throw them up on a slide and be like, this is what I know.

So breaking it back down to the top 10, then I realize, here’s something I can actually work with. This is more of the language I speak, security misfit configurations. I know that Verizon puts out a breach and breach report every year and 99% of all breaches are due to a misconfiguration.

It’s like, okay, well the Capital One thing came out a few months ago and that made me realize two things, which is nobody still truly understands how the cloud works and if a web application firewall is redirecting commands to an API gateway and it’s accepting just about any command, then maybe we want some input validation in there.

I’ve been having a lot of conversations actually about the Capital One thing because people are coming and asking me like, isn’t AWS supposed to be secure? And I’m like yes AWS is secure for AWS, not what’s above AWS. That’s what you’re supposed to secure. So I continue searching NIST and what I find for APIs is security strategies for microservices. Like, okay, we’re doing a lot more research on Kubernetes. We’re looking at how to implement these things in the government. If you’re familiar with OpenShift, OpenShift has Kubernetes inside of it, but with a FIPs certified cipher, so you can actually use it in the government.

And a lot of those are just things talking to other things. But what I see a lot here in this publication is microservices. And so this entire thing is focused on microservices and isn’t really teaching me so much about an API or where to find standards on an API or where to find how to secure an API.

So I go to the TTS chat that Gray invited me to forever ago and so I just ask a generic question and I get a lot of responses back. And so somebody pointed me to the cheat sheet series by OWASP and then there was a lot of internal back and forth. By the way, this is public, so this is why I took screenshots.

And so the summary of my journey here, like 30 hours this weekend is what I spent on this probably, is that OWASP has an API security check project and they also have their cheat sheet series project, which is extensive and so I’m going to be spending a lot more time there. You see it now?

Yeah. But also if you know Gray, evidently Gray might be publishing an entire federal standard on how to use APIs in the government, maybe. Maybe, it’s somewhere in here. Yeah.

Gray: This is an outstanding way to pressure me to follow up on a commitment if you ever want to.

Trevor: This was-

Gray: Get me to write it down somewhere and then later that day, in a presentation, post a screenshot about it.

Trevor: Yeah. So he told me anywhere between eight to 12 minutes. So that’s what I built my presentation for. But the whole theme of this was, as a security person who’s supposed to know this, where the hell do I go to learn about this? There has to be somewhere better than, just ask Gray.

Gray: Yeah.

Trevor: I mean you can only buy him so many beers, right?

Gray: Not true.

Trevor: So if you’d like to drop some knowledge on me after you realize this is one of those presentations where the speaker made it for the speaker and not for the audience. So where would I go out and find how to learn more about APIs? I’ve exhausted the resources that I know of. I always start with the government. There’s this man right here, that everybody’s pointing to, or if you just have any general questions for me. I can tell you a lot about lock picking or I can tell you a lot about FedRAMP or FISMA or traditional assessment and authorizations process, which is called the ATO process now. But when it comes to APIs, my response is still, ask Gray.

Go to Source
Author: <a href="">david_berlind</a>


How an Alternative Data API Can Be Used To Improve Predictive Analysis

As a part of our ongoing series of on-demand re-broadcasts of presentations that were given at the Washington, DC-Area API meetup, this article offers a recording and full transcript of the discussion given by Accrue Ltd. founder and CEO Benoît Brookens who is based in Hong Kong. Originally, Brookens was a securities trader who started to wonder whether seemingly unrelated events could be correlated to the change in stock market prices. He then began to plug the details of those events into a calendar in a way that he could look at the sudden rise of a stock and correlate that rise to the other events that happened on the same day (or the days just preceding).

The result of that exploration is his company Accrue and the API it offers to anyone wanting to do the same types of correlations; for example investors or analysts. Here’s the video of his talk and the full transcript.  

Developers Rock: Government Security Architect Attempts to Learn About API Security

Editor’s Note: This and other original video content (interviews, demos, etc.) from ProgrammableWeb can also be found on ProgrammableWeb’s YouTube Channel.

Full Transcript of: How Alternative Data Can Be Used To Improve Predictive Analysis

The following transcript is from Benoît Brooken III’s presentation, transcribed as best as possible from the video above. As with many transcriptions of this nature, some sentences may run on, or may appear fractured. Our goal is for the transcript to be as true to the presentation as possible.

Benoît Brooken III: Just a little quick intro. My name is Benoît Brookens. I’m the founder of a big analytics company based mostly in Hong Kong. I’m here visiting, I’m a Washingtonian natively.

We are essentially an alternative data company. Alternative data is essentially this intersection of liberal arts and technology, like Steve Jobs talked about. It’s basically the acceptance that every industry could benefit from some other contexts that their industry might not be currently appreciating. For instance, it’s like a farmer using social media data to understand the impact of avocado prices, or looking at shipping information in order to anticipate demand or supplies of competing products in the market from a foreign place. I know that’s a little high level, but in a nutshell, we’re providing event-based intelligence for decision makers to make better decisions.

In 2017, we were selected as the most promising FinTech company in the world by the London Stock Exchange and the UK government. Here’s us opening the UK Stock Exchange and I’m in the middle.

Anyway, the focus of this topic is demonstrating one use case that we focus [on in] what we’re building. I’m not going to spoil it by telling you actually what we’re building yet, but financial investors have a problem because they are now inundated by alternative events that previously never drove impacts to the level that they do now. For example, a Trump tweet is sending markets up and down, disrupting Boeing, disrupting all types of things, trade war developments happening. As they happen, they force people to put on many different new hats to assess what the impact is on their businesses, and maybe potentially their investments.

In this case, talking about APIs, I’m looking at the financial market as a simple time series dataset. It’s something measured over time, like end of day sales, innovate prices of any variety of volumes. Essentially one use case is basically in Hong Kong. Last September I encountered my very first typhoon. It was a typhoon 10, in fact. This is a category five, like the one that had recently devastated The Bahamas. Buildings are swaying three feet back and forth, and I was in a panic wondering, “what should I do? Should I have hopped on a flight and gone to Thailand or somewhere where it was calmer and nicer in order to spend my day?” But I hung back. It was my first typhoon, and I rushed to the grocery store like everyone else. Rushing to the grocery store, the grocery store shelves were empty. I thought that was interesting because it happens every time.

What I did was sit at home and, having technology like the way I have, I was wondering how I can turn the observations that I was making into some insight that might or might not be reflected as a hypothesis in the financial markets? Essentially what we did, is I back tested it. I took every single typhoon 8, or more, over the past five years and I started correlating it to particular stocks. I was looking for good risk adjusted returns, meaning that these stocks typically exhibited good risk reward ratios in the financial markets.

What I uncovered was two big brands. One was a non-alcoholic beverage company and two was a brewery company. These are the second biggest in their class, meaning this is the second biggest, non-alcoholic beverage brand. They sell juice, tea, water, coffee, et cetera, and this is the second biggest beer company in China. I’m in Hong Kong by the way, so 100% of the time over the past five years, these two stocks are reacting. I found that really interesting.

This is not investment advice, I’m not telling you to go buy any stocks. This is not an investment show, but essentially what I started doing in my thinking process was that I was for the first time taking something called unstructured data. Unstructured data is growing at about 12.8 terabytes every minute and these things are coming out of a variety of things, from cameras to sensors to government websites, and they’re all actually not in a condition or format to do any type of analysis. Meaning, if you wanted to understand the impact of… Say you own a sandwich shop and you also have a gelato in the back, and you want to know if you sell more sandwiches or gelatos on a rainy day.

How many businesses could actually do that? Not many. In fact there are POS’s that have the data for their sales, but there’s no API that they can plug into and say, “Hey, it’s a rainy day in D.C., what should I do? Should I go make more sandwiches or should I just keep the gelato cold?”

We are building one of the first APIs in the world that is commercially available for the private sector to begin to do these things far more casually. This is unstructured data, it’s growing at a rapid pace. What we’re doing essentially is turning the world into many different types of calendars. These are religious calendars, blockchain industry calendars, seasonal calendars, sports calendars, weather calendars, natural disasters, political products, et cetera. At product calendar, would be like an iPhone release. At a corporate calendar level. It would be a CEO speech, WWDC conference, et cetera.

You can analyze the impact of this on other things that you might take for granted. It’s not just about Apple stock, it can be about transportation, it can be about a smart city demanding, “how much of a traffic jam do we actually have?” If you want to see the model, that concept, before you got to a quantitative metric, you have to start with something, start with an event, start with something that you can test, a hypothesis. We’re building a way for someone to take that unstructured data, turn it into something simple that’s never been innovated on, which is a calendar. We all have a calendar on our phone. It’s pretty much the most neglected app in our phones. It’s not really innovative over the past iPhone one. It’s schedules, meetings, et cetera, but it’s very, very powerful.

We are taking this attributed chronology, meaning when we structure the data from the internet, say religious calendars, we tell you where it comes from. We got it from this website or we got it from this place, or we got this article from this governmental source. We’re basically classifying this as a knowledge graph. You can say this is an iPhone product release. We can use a graph database to link that to its competitors. iPhone is a product line competitor of the Galaxy, and that’s how it’s related to Samsung. This iPhone is also a handheld device, so it’s related to other handheld devices, but it’s mobile, so it’s these kinds of things. We’re classifying all of these objects and events and activities into a variety of different things.

Blockchain is not a buzzword here. We are using primarily immutable databases. An immutable database is simply a mechanism for recording something as a version of itself over time. We don’t delete anything actually, we don’t delete any data. When you have different types of editing that happens at Wikipedia, things change and you might have a deletion, you don’t want to start from deletionism. If there’s an update of an economic record, we will say “revised” rather than “deleted” and “replaced.”

Anyway, we are building an integrated global calendar in simple sense of sports, industry, beliefs, economics, weather, and there are hundreds of thousands of calendars that we build.

To give you an example of why this is important, again, these are all financial examples, not an investment advice, we were looking at Apple stock. Say you wanted to go back to 2010. 2010? What was going on at 2010? Cities don’t have memories and neither do markets nor people really that good anymore. You want to highlight this little area. What was going on in the spike? You can’t go to Google and say what was going on here. You really can’t, you can’t just type that. There’s no database search for that, there’s no research engine. People pay a lot of money to find that out.

We built the database, I was pointing time. You could go 8/31 through 9/8. What was taking place between those ranges? You can see the Samsung Epic 4g, which might’ve been an epic failure because Epic doesn’t exist. Then you had iOS 4.1 announced on 9/1 and you had iOS released on 9/8. These two things were really interesting. Funny enough, there was a really interesting correlation between iOS announcements and moon phases during Steve Jobs’ lifetime, that many people did not actually extract. But we were able to find the serendipity of fact that uncovered a really interesting correlation that might go beyond spiriocity into something really interesting.

Again, we’re building this as an API. This doesn’t have to be stock data, this could be virtually anything. You have a sushi shop and there was a sushi expo in town, and maybe your sushi sales go down. It can be anything really.

Keep going further, we compete with some existing players like Kensho, Bloomberg, Thomson Reuters, the financial sector. We cover others, but what makes us special is that you can bring your own data. We’re not locking you into financial data sets or telling you that you can’t add in Willy Wonka chocolate factory’s event or things that are taking place in your small town. This is a very open-ended API database to allow people to do that base intelligence. I don’t want to bore you with this, but this is just a sample of a dashboard. To do this would require sourcing, structuring, cleaning, executing, all this information, but a decision maker can come here and kind of get these insights. This is just one example of what we’ve done with this. It’s a what-you-see-is-what-you-get, an if-then drag and drop algorithm builder.

If there was a tropical cyclone above 8 or more, this actually references an API dataset, that historical dataset. You could say buy 100 shares of the market. This could be used in someone’s home, or it can be used in a rather large variety of places, if there’s a weather event, if it’s above 70 degrees, turn on the air conditioners in the home. We’re experimenting with different ways to play with this type of information, being API first. We’re having a really creative exercise and open to feedback and ideas as to how people will think about this.

This is just another financial use case. This product was available, not available now, where you kind of took it and put it back on our shelves and allows someone to casually do data sampling. If I were to look at this type of logic between these periods of time, what could I infer? What historical data will be presented? You could run thousands of these algorithms at the same time, technically. Again, we’re taking this idea of a calendar and we’re taking it to automation, taking it to big data analytics. We’re not focusing on just black box AI or anything. It’s really about transparent explainability of things that I believe, things that I see, things that I feel, and being curious about them and thinking if they have any value.

I can go to a real demo. We don’t really focus on government, but we do from the perspective of focusing on smart cities. We have a pure smart city focus, cities that want to basically uncover how does traffic, how does weather, how is it impacting in their city and how are events that they may be aware or not aware of impacted us. Part of my team, I have a background as a trader. Some of our team comes from names like SAP, et cetera, et cetera. I’ll give you a demo, quickly, of how it works. Any questions so far?

Speaker 2: Would you show us the API?

Benoît: Huh?

Speaker 2: Would you show us the API?

Benoît: Yeah, I can show you he API. Let’s see. Let’s see. How do I do it? I hope I’m not talking too fast. I’ll show you the gooey version of API. I wish I could see this. Can I slide this?

Essentially, you have a calendar here. Again, this is just a sample. This is just a small data sample, but I’ll scroll to the bottom to keep it simple. You have variety of things taking place. On what day was that? On the 29th of September, it was kind of scrolling through and you can see things like the Russian Grand Prix, the Berlin Marathon, a variety of things. Let’s just click on the Berlin marathon. Under Berlin Marathon, you can basically see that it one of one listed here. That was scraped. Let’s see if I can find something with a lot more history.

This is a demo, I didn’t test these examples before I made them. This is the FIA Formula Grand 3 (End). Oh wow, only one of those two, that’s how funny. I’ll go back in time and find something interesting. I’ll go back to October 31st, 2017. I’m scrolling really quickly, but you have variety of types of activities happening. You have unemployment rate being reported in Japan, it’s Halloween, obviously. These are candlestick patterns and SCC filings and we clustered them together. For this example, you get a quarterly profit increase of this particular stock ticker, you had things like a crypto products were releasing certain versions, you had a car ramming accident in New York city, unfortunately. Let’s see, it keep strolling… Astrological events for max.

I’ll show you what you can do with this and how you could use the API. Let me find one good one, for instance. Let’s just say the SEMA show, it’s an auto show based in Las Vegas and it runs every couple of years. This is just three examples, you can see that this was scraped from a and so what you can do in this, this is user API, you can add in, essentially, a date.

Manually, if you’re doing your own research, you want to add in earnings releases a calendar, et cetera. I can put it in today’s date. I can just do test and then I can source, I’m just going to do This is not signing into the blockchain in this example, but what you’re doing is you use API to store simply a time series data set of date time. You’re able to see it in full chronology. This is all the start days of the auto show. Let’s run this and we can use the API to ask a question to it. I’m going to put in SEMA auto show and I’m going to look at Ford Motors, trading in New York, but they also trade in London, et cetera, but we’re going to use it here. We’re not going to be too fancy, and we’re just going to do an analytic, where we’re doing an analytic, basically purchasing at the closing price on the first date of the event and we’re going to sell it at the closing price following the event.

What we’re doing is we’re exploring this data exhaustively, although there’s only three examples of this. You can basically see that we’ve turned this into plain text. This is a five day trade for the auto show, considering the last occurrences and latest being in 2018, entering zero days before the event. This pattern has an average gain loss, et cetera. What it’s doing is allowing you to explore your hypothesis about how some event may or may not correlate based on historical activities.

You can see 2017 it dropped, 2018 it rallied, and you can see what happens in between. Starting one day, going into the future, we currently have the setting on five days, but I can use a slider to explore that. If it’s 30 days, here’s how it works. One example is you can search, so the database is pretty cool.

I’ll show you one thing that people take for granted. One other tool we built, it’s called the Almanac. It basically is a screener, so you can essentially search all the different types of events from Saudi oil discoveries to Kentucky Derby, et cetera, and you can do a massive scan using our API. Let’s look up July 4th and let’s just purchase at the closing price of the first day following July 4th, and we’re going to hold for arbitrarily two days just to give an example of the API. Again, this can be any time series data set in a business, and we’re just simply going to run that across all U.S. Stocks, so S&P 100, this is my last example, no Hong Kong, no Crypto, no Forex.

What you can do in one second is basically take any real world concept and event and you can basically screen across all of the markets in seconds and get a result of all the securities or variables in your business, or factors or employees, or whatever these time series might be. You get sort by tops and tails, you can see Walmart, it’s in there for July 4th, you can see Nike is in there for July 4th, and you can explore these patterns.

Anyway, the idea is that you can turn a calendar into an API you can finally use. We’re presenting this as a concept for other types of businesses that might be relevant to government for market surveillance or for other types of reasons. Come and talk to me if you have any questions or ideas. Thank you.

Go to Source
Author: <a href="">david_berlind</a>


Not so fast: Some batteries can be pushed too far

Intentional defects in batteries have given Rice University scientists a window into the hazards of pushing lithium-ion cells too far.

New simulations by Rice materials scientist Ming Tang and graduate student Kaiqi Yang, detailed in the Journal of Materials Chemistry A, shows too much stress in widely used lithium iron phosphate cathodes can open cracks and quickly degrade batteries.

The work extends recent Rice research that demonstrated how putting defects in particles that make up the cathode could improve battery performance by up to two orders of magnitude by helping lithium move more efficiently.

But the lab’s subsequent modeling study revealed a caveat. Under the pressure of rapid charging and discharging, defect-laden cathodes risk fracture.

“The conventional picture is that lithium moves uniformly into the cathode, with a lithium-rich region that expands smoothly into the cathode’s center,” said Tang, an assistant professor of materials science and nanoengineering at Rice’s Brown School of Engineering.

But X-ray images taken at another lab showed something else. “They saw a fingerlike boundary between the lithium-rich and lithium-poor regions, almost like when you inject water into oil,” he said. “Our question was, what causes this?”

The root of the problem appears to be that stress destabilizes the initially flat boundary and causes it to become wavy, Tang said. The change in the boundary shape further increases the stress level and triggers crack formation. The study by Tang’s group shows that such instability can be increased by a common type of defect in battery compounds called antisites, where iron atoms occupy spots in the crystal where lithium atoms should be.

“Antisites can be a good thing, as we showed in the last paper, because they accelerate the lithium intercalation kinetics,” Tang said, “But here we show a countereffect: Too many antisites in the particles encourage the moving interface to become unstable and therefore generate more stress.”

Tang believes there’s a sweet spot for the number of antisites in a cathode: enough to enhance performance but too few to promote instability. “You want to have a suitable level of defects, and it will require some trial and error to figure out how to reach the right amount through annealing the particles,” he said. “We think our new predictions might be useful to experimentalists.”

Story Source:

Materials provided by Rice University. Original written by Mike Williams. Note: Content may be edited for style and length.

Go to Source


Put Your Azure Sphere on the Map! (Lightning Guide)

We’ve given out thousands of Azure Sphere dev kits, a collaboration between Microsoft and Avnet to provide a secure platform for IoT.

Now, get yours to ping the server for 15 days, and you can win exciting prizes! (We’ll announce these soon, but you can get a head start!)

1. First, get your Azure Sphere set up and connected:
2. Then, set up the registration app and simply click a button to ping the server every day! This video shows a lightning overview of this process. Download the PDF guide and registration application here:

More about the Azure Sphere starter kit: