More Evidence for General Relativity

May 11, 2011

In April 2004, NASA launched a science satellite called Gravity Probe B; it contained an experiment to test two predictions of Einstein’s theory of General Relativity.   The theory predicts that a massive object, such as the Earth, warps the four-dimensional space-time around it; this is sometimes referred to as the geodetic effect.  A common analogy is placing a bowling ball on a trampoline or water bed — the mass of the ball causes the surface to be distorted.   A second prediction is the rotation of an object, such as the Earth, will cause the space-time fabric around it to be “dragged” along with the rotation, an effect called frame dragging.  An analogy here might be to put a rotating ball into a viscous liquid; the rotation of the ball will cause the liquid to swirl in the same direction.   (Though these analogies can be helpful, it is important not to stretch them too far.  In the real case, we are talking about the effect of a three-dimensional object on four-dimensional space-time.)

The probe contained four high-precision gyroscopes, quartz spheres coated with a film of niobium [Nb, atomic number 41]. The spinning spheres were cooled with liquid helium to keep them at a temperature of 2.3 K (about -455.5 F), at which temperature niobium becomes a superconductor.  A telescope system kept the satellite oriented toward a guide star, and the instrumentation measured tiny deviations in the gyroscopes’ axes of rotation.   (The mission site has a page explaining the technology in more detail.)   Data was collected for about twelve months, and then analyzed; unfortunately, the data was much noisier than had been anticipated.

However, an article on the “Wired Science” blog at Wired reports that the analysis of the data has finally been completed.  The results, which will be published in the journal Physical Review Letters,  provide confirmation of the theoretical predictions, despite the tiny size of the measured effect.

The pointer shifted by just 6,000 milliarcseconds — the width of a human hair as seen from 10 miles away — over the course of a year, Everitt said. Despite the difficulty in detecting such a small tilt, the physicists were able to confirm the geodetic effect to an accuracy of 0.28 percent, and frame-dragging to within 20 percent.

The mission site’s status page has much more detailed and complete results, and promises to have a copy [PDF] of the final paper soon.

Other experiments have also confirmed these effects, in some cases more precisely.  As always in science, though, more confirmatory evidence, especially when obtained by a different technique, bolsters our confidence in the theory we’ve built.

Update Thursday, 26 May, 23:10 EDT

The abstract and a free download of the preliminary paper are now available at the site.

Facebook Legacy Access Leak

May 11, 2011

In a diary post, the folks at the SANS Internet Storm Center have given us all a “heads up” on a potential Facebook security issue.  If you use Facebook, you are probably familiar with the applications that are available on the platform.   When you start to use an application, You go through a permission dialog which asks you to allow the application access to various capabilities of your Facebook account.  For example, the application may be granted permission to access your profile data, make posts to your Wall, or to access your friends’ data (subject to their permission settings).   When the permission is given, the application is given an access token; this is like an extra key that works in place of your user ID and password.  There is a problem, discovered by the security firm Symantec, with how this mechanism historically worked; their (fairly technical) write-up is here.

These tokens are long strings of alphanumeric gibberish, and would be effectively impossible to guess; also, by default, they have a fairly short “shelf life”, but it is possible for an application to request an “offline” token that persists until you change your Facebook password.   The problem exists with an older authentication mechanism for Facebook apps; it has been superseded by a more secure scheme, but (at least until now) the older method has still been supported, and is used by an estimated 100,000+ applications.   The effect of the flaw is that the access token can accidentally be sent to the server hosting the application, typically not a Facebook server.  That server can then “leak” the token to other machines that may be involved, such as advertising servers, thereby giving those third parties access to your Facebook account.  I’m not aware of any evidence that this has been done maliciously, but unfortunately it is very easy for someone to do accidentally, owing to carelessness.

Facebook, to its credit, has developed a plan to address this issue (detailed in a very technical post on its Developers’ Blog), which will require all applications to migrate to the new, more secure access method in stages, to be completed by October 1 of this year.  Of course doing it more quickly would be better still, but given the number of applications involved, might not be realistic.

For individual users, there is a simple method to clean up any previously-granted access tokens that may be susceptible to exploitation: change your password.  Also, at least until the application updates are complete, be careful of what access you give to applications.

%d bloggers like this: