An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."

Slate reports that even old movies are enough to trigger a pretty strong knee jerk: Team America, World Police, selected as a tongue-in-cheek replacement by Dallas's Alamo Drafthouse Theater for the Sony-yanked The Interview after that film drew too much heat following the recent Sony hack, has also been pulled. The theater's tweet, as reprinted by Slate: "due to circumstances beyond our control,” their Dec. 27 Team America screening has also been canceled." If only I had a copy, I'd like to host a viewing party here in Austin for The Interview, which I want to see now more than ever. (And it would be a fitting venue.)

itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.

Trailrunner7 writes with this news from ThreatPost: Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started with a spear phishing campaign that targeted ICANN staffers and the email credentials of several staff members were compromised. The attackers then were able to gain access to the Centralized Zone Data System, the system that allows people to manage zone files. The zone files contain quite bit of valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers. ICANN officials said they are notifying any users whose zone data might have been compromised." (Here's ICANN's public note on the compromise.)

theodp writes "Investors have poured over $2 billion into businesses built on Hadoop," writes the WSJ's Elizabeth Dwoskin, "including Hortonworks Inc., which went public last week, its rivals Cloudera Inc. and MapR Technologies, and a growing list of tiny startups. Yet companies that have tried to use Hadoop have met with frustration." Dwoskin adds that Hadoop vendors are responding with improvements and additions, but for now, "It can take a lot of work to combine data stored in legacy repositories with the data that's stored in Hadoop. And while Hadoop can be much faster than traditional databases for some purposes, it often isn't fast enough to respond to queries immediately or to work on incoming information in real time. Satisfying requirements for data security and governance also poses a challenge."

HughPickens.com writes: Peter Baker reports at the NYT that in a deal negotiated during 18 months of secret talks hosted largely by Canada and encouraged by Pope Francis, the United States will restore full diplomatic relations with Cuba and open an embassy in Havana for the first time in more than a half-century. In addition, the United States will ease restrictions on remittances, travel and banking relations, and Cuba will release 53 Cuban prisoners identified as political prisoners by the United States government. Although the decades-old American embargo on Cuba will remain in place for now, the administration signaled that it would welcome a move by Congress to ease or lift it should lawmakers choose to. "We cannot keep doing the same thing and expect a different result. It does not serve America's interests, or the Cuban people, to try to push Cuba toward collapse. We know from hard-learned experience that it is better to encourage and support reform than to impose policies that will render a country a failed state," said the White House in a written statement. "The United States is taking historic steps to chart a new course in our relations with Cuba and to further engage and empower the Cuban people."

FarnsworthG writes: A multi-billion-dollar Army project will soon be able to track nearly everything within 340 miles when an 80-yard-long blimp is hoisted into the air over Maryland. Way to be subtle, guys. From the article: "Technically considered aerostats, since they are tethered to mooring stations, these lighter-than-air vehicles will hover at a height of 10,000 feet just off Interstate 95, about 45 miles northeast of Washington, D.C., and about 20 miles from Baltimore. That means they can watch what’s happening from North Carolina to Boston, or an area the size of Texas."

An anonymous reader writes: The BBC reports on the construction of Prelude, a new ship that will be the world's longest vessel. It is 488 meters long and 74 meters wide, built with 260,000 tons of steel and displacing five times as much water as an aircraft carrier. Its purpose is to carry an entire natural gas processing plant as it sits over a series of wells 100 miles off the coast of Australia. Until now, it hasn't been practical to move gas that comes out of the wells with ships. The gas occupies too much volume, so it is generally piped to a facility on shore where it is processed and then shipped off to energy-hungry markets. But the Prelude can purify and chill the gas, turning it into a liquid and reducing its volume by a factor of 600. It will offload this liquid to smaller (but still enormous) carrier ships for transport.

schwit1 sends this report from The Verge: Most anti-piracy tools take one of two paths: they either target the server that's sharing the files (pulling videos off YouTube or taking down sites like The Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that's currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place? To do that, the MPAA's lawyers would target the Domain Name System that directs traffic across the internet.

The tactic was first proposed as part of the Stop Online Piracy Act (SOPA) in 2011, but three years after the law failed in Congress, the MPAA has been looking for legal justification for the practice in existing law and working with ISPs like Comcast to examine how a system might work technically. If a takedown notice could blacklist a site from every available DNS provider, the URL would be effectively erased from the internet. No one's ever tried to issue a takedown notice like that, but this latest memo suggests the MPAA is looking into it as a potentially powerful new tool in the fight against piracy.

An anonymous reader writes: IEEE Spectrum reports on a study out of NASA exploring the idea that manned missions to Venus are possible if astronauts deploy and live in airships once they arrive. Since the atmospheric pressure at the surface is 92 times that of Earth, and the surface temperate is over 450 degrees C, the probes we've sent to Venus haven't lasted long. The Venera 8 probe sent back data for only 50 minutes after landing. Soviet missions in 1985 were able to get much more data — 46 hours worth — by suspending their probes from balloons. The new study refines that concept: "At 50 kilometers above its surface, Venus offers one atmosphere of pressure and only slightly lower gravity than Earth. Mars, in comparison, has a "sea level" atmospheric pressure of less than a hundredth of Earth's, and gravity just over a third Earth normal. The temperature at 50 km on Venus is around 75 C, which is a mere 17 degrees hotter than the highest temperature recorded on Earth.

The defining feature of these missions is the vehicle that will be doing the atmospheric exploring: a helium-filled, solar-powered airship. The robotic version would be 31 meters long (about half the size of the Goodyear blimp), while the crewed version would be nearly 130 meters long, or twice the size of a Boeing 747. The top of the airship would be covered with more than 1,000 square meters of solar panels, with a gondola slung underneath for instruments and, in the crewed version, a small habitat and the ascent vehicle that the astronauts would use to return to Venus's orbit, and home."

theodp writes: "CS Principles," explains the intro to a Microsoft Research talk on a new Computer Science Toolkit and Gaming Course, "is a new AP course being piloted across the country and by making it more accessible to students we can help increase diversity in computing." Towards this end, Microsoft has developed "a middle school computing toolkit, and a high school CS Principles & Games course." These two projects were "developed specifically for girls," explains Microsoft, and are part of the corporation's Big Dream Movement for girls, which is partnering with the UN, White House, NSF, EU Commission, and others. One of Microsoft's particular goals is to "reach every individual girl in her house." According to a document on its website, Microsoft Research's other plans for Bridging the Gender Gap in computing include a partnership with the University of Wisconsin "to create a girls-only computer science Massive Open Online Course (MOOC)."

TaleSlinger sends word of a newly-discovered "mathematical relationship — between material thickness, temperature, and electrical resistance — that appears to hold in all superconductors." The work (abstract), led by Yachin Irvy, comes out of MIT's Research Laboratory of Electronics. Researchers found that a particular superconductor (niobium nitride) didn't fit earlier models estimating the temperature at which it changes from normal conductivity to superconductivity. So the researchers conducted a series of experiments in which they held constant either thickness or “sheet resistance,” the material’s resistance per unit area, while varying the other parameter; they then measured the ensuing changes in critical temperature. A clear pattern emerged: Thickness times critical temperature equaled a constant — call it A — divided by sheet resistance raised to a particular power — call it B. ... The other niobium nitride papers Ivry consulted bore out his predictions, so he began to expand to other superconductors. Each new material he investigated required him to adjust the formula’s constants — A and B. But the general form of the equation held across results reported for roughly three dozen different superconductors.