Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Critical Git Security Vulnerability Announced 68

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."
Censorship

"Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too 185

Posted by timothy
from the meet-your-new-program-director dept.
Slate reports that even old movies are enough to trigger a pretty strong knee jerk: Team America, World Police, selected as a tongue-in-cheek replacement by Dallas's Alamo Drafthouse Theater for the Sony-yanked The Interview after that film drew too much heat following the recent Sony hack, has also been pulled. The theater's tweet, as reprinted by Slate: "due to circumstances beyond our control,” their Dec. 27 Team America screening has also been canceled." If only I had a copy, I'd like to host a viewing party here in Austin for The Interview, which I want to see now more than ever. (And it would be a fitting venue.)
Security

Grinch Vulnerability Could Put a Hole In Your Linux Stocking 82

Posted by timothy
from the pretty-generic-description-there dept.
itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.
Security

Hackers Compromise ICANN, Access Zone File Data System 99

Posted by timothy
from the that-should-be-a-boss-level dept.
Trailrunner7 writes with this news from ThreatPost: Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started with a spear phishing campaign that targeted ICANN staffers and the email credentials of several staff members were compromised. The attackers then were able to gain access to the Centralized Zone Data System, the system that allows people to manage zone files. The zone files contain quite bit of valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers. ICANN officials said they are notifying any users whose zone data might have been compromised." (Here's ICANN's public note on the compromise.)

+ - NASA Provides Details of Unique Method for 3d Printing on Other Planets->

Submitted by ErnieKey
ErnieKey (3766427) writes "A major application of 3d printing that could revolutionize space travel, is that of ultimately using 3d printers to create structures on non-terrestrial bodies like the moon, other planets, and even asteroids. Researchers from NASA's Kennedy Space Center have been working to develop solutions to materials issues, and recently presented initial findings on the potential for using in-situ materials like basalt for 3D printing. Their innovative method is based on only using in-situ supplies, and not materials that need to be brought into space."
Link to Original Source

+ - Book Review: Build your own website

Submitted by MassDosage
MassDosage (1967508) writes "At the the risk of exposing my age I remember building my first website using a rudimentary Unix text editor (Joe) and carefully handcrafting the Hypertext Markup Language (HTML) while directly logged on to the web server it was being served from. Back then Cascading Style Sheets (CSS) weren’t even a glint in the eyes of their creators. A lot has changed and there’s now a world of fancy WYSIWYG web page editors to choose from as well as Content Management Systems that allow you to create websites without looking at the underlying code at all. While this is all very useful and allows less technical people to create websites I still feel that having at least some knowledge of how everything works under the hood is empowering — especially in situations where you want to go beyond the limits placed on you by a certain tool. This is where Build your own website (A comic guide to HTML, CSS and Wordpress) comes into the picture. Its aim is to enable people new to web development to learn the subject by teaching the fundamentals of HTML and CSS first and only then describing how to use a Content Management System (CMS) — in this case Wordpress. While Wordpress might not be everyone’s kettle of fish it’s a good choice as an example of a modern CMS that is easily accessible and very popular. The concepts presented are simple enough that it should be easy enough for a reader to apply them to a different CMS should they want to.

To be clear, this book is intended for people who have little to no experience building websites and it is appropriately written in a non-formal, fun and non-threatening manner. Each chapter has the same format where a topic is initially covered at a high level in the form of a cartoon that is really easy to grasp. This is then followed by a more in-depth repetition of the same content using more “traditional” text and diagrams. Most chapters then end with a summary of the key points which can be used as a simple reference. This layout means that if you’re a quick learner or are familiar with some of the concepts you can just read the comic section and then try implementing the material covered on your own. On the other hand if you want more information and depth you can read the text that follows.The material is presented in such a way that it should be easy for the reader to “learn by doing” as they copy or modify what the main character in the cartoon does (in this case building a website for her photography portfolio). All that’s needed to get started is a browser, a text editor and some knowledge of how to organise files on a file system. This coverage of raw HTML and CSS may sound off-putting to non-technical people but it’s presented in such a simple manner that pretty much anyone should be able to follow along. The benefit of this “back to the basics” approach is that one is not limited to using only a certain piece of software and instead the fundamentals can be applied to other tools later.

The book provides a good introduction to HTML and describes some useful tags that can be used to start creating a simple website. CSS are explained in a similar manner and the reader is shown how they can be used to easily change the look of a website. These two technologies are the bedrock on top of which pretty much all web development rests and thus understanding them is a prerequisite for anyone wanting to create their own websites. The book also does a good job of showing how a content management system like Wordpress builds on top of these foundations and how you can still get to the underlying HTML and CSS should you want to (as well as why this might be useful if you want to modify something that Wordpress does or doesn’t do). On the Wordpress front the basics are covered — from creating pages and page hierarchies to how these can be categorised and grouped. Unfortunately when going into more detail on this topic things lose a bit of coherence. Wordpress is obviously a big beast which has entire books devoted to it and cramming in a summary of it means having to leave out a lot. It seems as if the author might have had to trim these sections down and this has resulted in the text feeling a bit rushed and confusing which is in contrast with the rest of the book where the topics are covered in a slower and more detailed manner. Any book that describes using a piece of software like Wordpress to the level of explaining how to point and click one’s way through certain step risks becoming outdated as the software changes in future. For the most part this shouldn’t be too much of an issue as Wordpress isn’t covered in too much detail but it does mean that this book probably won’t be a reference you still use in five year’s time.

On the whole Build your own website succeeds in its goal of presenting a gentle learning curve and guiding people through what is needed to create a website from scratch. It is just technical enough that readers should be able to understand the fundamentals of what they are doing while being non-intimidating and introducing concepts at a relaxed and fun pace via the comic format. By the end of this book readers should have a solid grasp of the basics of website creation and be able to set up a simple site themselves, either by coding this up in HTML and CSS directly or by using Wordpress. For anything more advanced one would need to move on to other books or self-teaching but this book is a great starting point if you’re new to the subject.

Full disclosure: I was given a copy of this book free of charge by the publisher for review purposes. They placed no restrictions on what I could say and left me to be as critical as I wanted so the above review is my own honest opinion."
Cloud

The Joys and Hype of Hadoop 55

Posted by samzenpus
from the ups-and-downs dept.
theodp writes "Investors have poured over $2 billion into businesses built on Hadoop," writes the WSJ's Elizabeth Dwoskin, "including Hortonworks Inc., which went public last week, its rivals Cloudera Inc. and MapR Technologies, and a growing list of tiny startups. Yet companies that have tried to use Hadoop have met with frustration." Dwoskin adds that Hadoop vendors are responding with improvements and additions, but for now, "It can take a lot of work to combine data stored in legacy repositories with the data that's stored in Hadoop. And while Hadoop can be much faster than traditional databases for some purposes, it often isn't fast enough to respond to queries immediately or to work on incoming information in real time. Satisfying requirements for data security and governance also poses a challenge."
News

In Breakthrough, US and Cuba To Resume Diplomatic Relations 406

Posted by Soulskill
from the pretending-we-like-each-other dept.
HughPickens.com writes: Peter Baker reports at the NYT that in a deal negotiated during 18 months of secret talks hosted largely by Canada and encouraged by Pope Francis, the United States will restore full diplomatic relations with Cuba and open an embassy in Havana for the first time in more than a half-century. In addition, the United States will ease restrictions on remittances, travel and banking relations, and Cuba will release 53 Cuban prisoners identified as political prisoners by the United States government. Although the decades-old American embargo on Cuba will remain in place for now, the administration signaled that it would welcome a move by Congress to ease or lift it should lawmakers choose to. "We cannot keep doing the same thing and expect a different result. It does not serve America's interests, or the Cuban people, to try to push Cuba toward collapse. We know from hard-learned experience that it is better to encourage and support reform than to impose policies that will render a country a failed state," said the White House in a written statement. "The United States is taking historic steps to chart a new course in our relations with Cuba and to further engage and empower the Cuban people."
The Military

Army To Launch Spy Blimp Over Maryland 174

Posted by Soulskill
from the i-can-see-my-house-from-here dept.
FarnsworthG writes: A multi-billion-dollar Army project will soon be able to track nearly everything within 340 miles when an 80-yard-long blimp is hoisted into the air over Maryland. Way to be subtle, guys. From the article: "Technically considered aerostats, since they are tethered to mooring stations, these lighter-than-air vehicles will hover at a height of 10,000 feet just off Interstate 95, about 45 miles northeast of Washington, D.C., and about 20 miles from Baltimore. That means they can watch what’s happening from North Carolina to Boston, or an area the size of Texas."
Australia

New Cargo Ship Is 488 Meters Long 113

Posted by Soulskill
from the go-big-or-go-home dept.
An anonymous reader writes: The BBC reports on the construction of Prelude, a new ship that will be the world's longest vessel. It is 488 meters long and 74 meters wide, built with 260,000 tons of steel and displacing five times as much water as an aircraft carrier. Its purpose is to carry an entire natural gas processing plant as it sits over a series of wells 100 miles off the coast of Australia. Until now, it hasn't been practical to move gas that comes out of the wells with ships. The gas occupies too much volume, so it is generally piped to a facility on shore where it is processed and then shipped off to energy-hungry markets. But the Prelude can purify and chill the gas, turning it into a liquid and reducing its volume by a factor of 600. It will offload this liquid to smaller (but still enormous) carrier ships for transport.

+ - New Cargo Ship Is 488 Meters Long->

Submitted by Anonymous Coward
An anonymous reader writes "The BBC reports on the construction of Prelude, a new cargo ship that will be the world's longest vessel. It is 488 meters long and 74 meters wide, built with 260,000 tons of steel and displacing five times as much water as an aircraft carrier. Its purpose is to carry an entire natural gas processing plant as it sits over a series of wells 100 miles off the coast of Australia. Until now, it hasn't been practical to move gas that comes out of the wells with ships. The gas occupies too much volume, so it is generally piped to a facility on shore where it is processed and then shipped off to energy-hungry markets. But the Prelude can purify and chill the gas, turning it into a liquid and reducing its volume by a factor of 600. It will offload this liquid to smaller (but still enormous) carrier ships for transport."
Link to Original Source
Piracy

Sony Leaks Reveal Hollywood Is Trying To Break DNS 370

Posted by Soulskill
from the scorched-net-policy dept.
schwit1 sends this report from The Verge: Most anti-piracy tools take one of two paths: they either target the server that's sharing the files (pulling videos off YouTube or taking down sites like The Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that's currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place? To do that, the MPAA's lawyers would target the Domain Name System that directs traffic across the internet.

The tactic was first proposed as part of the Stop Online Piracy Act (SOPA) in 2011, but three years after the law failed in Congress, the MPAA has been looking for legal justification for the practice in existing law and working with ISPs like Comcast to examine how a system might work technically. If a takedown notice could blacklist a site from every available DNS provider, the URL would be effectively erased from the internet. No one's ever tried to issue a takedown notice like that, but this latest memo suggests the MPAA is looking into it as a potentially powerful new tool in the fight against piracy.
Space

NASA Study Proposes Airships, Cloud Cities For Venus Exploration 195

Posted by Soulskill
from the billy-dee-williams-volunteers-to-lead dept.
An anonymous reader writes: IEEE Spectrum reports on a study out of NASA exploring the idea that manned missions to Venus are possible if astronauts deploy and live in airships once they arrive. Since the atmospheric pressure at the surface is 92 times that of Earth, and the surface temperate is over 450 degrees C, the probes we've sent to Venus haven't lasted long. The Venera 8 probe sent back data for only 50 minutes after landing. Soviet missions in 1985 were able to get much more data — 46 hours worth — by suspending their probes from balloons. The new study refines that concept: "At 50 kilometers above its surface, Venus offers one atmosphere of pressure and only slightly lower gravity than Earth. Mars, in comparison, has a "sea level" atmospheric pressure of less than a hundredth of Earth's, and gravity just over a third Earth normal. The temperature at 50 km on Venus is around 75 C, which is a mere 17 degrees hotter than the highest temperature recorded on Earth.

The defining feature of these missions is the vehicle that will be doing the atmospheric exploring: a helium-filled, solar-powered airship. The robotic version would be 31 meters long (about half the size of the Goodyear blimp), while the crewed version would be nearly 130 meters long, or twice the size of a Boeing 747. The top of the airship would be covered with more than 1,000 square meters of solar panels, with a gondola slung underneath for instruments and, in the crewed version, a small habitat and the ascent vehicle that the astronauts would use to return to Venus's orbit, and home."

+ - NASA Study Proposes Airships, Cloud Cities for Venus Exploration - IEEE Spectrum->

Submitted by Anonymous Coward
An anonymous reader writes "IEEE Spectrum reports on a study out of NASA exploring the idea that manned missions to Venus are possible if astronauts deploy and live in airships once they arrive. Since the atmospheric pressure at the surface is 92 times that of Earth, and the surface temperate is over 450 degrees C, the probes we've sent to Venus haven't lasted long. The Venera 8 probe send back data for only 50 minutes after landing. Soviet missions in 1985 were able to get 46 hours of data by suspending their probes from balloons. The new study refines that concept: At 50 kilometers above its surface, Venus offers one atmosphere of pressure and only slightly lower gravity than Earth. Mars, in comparison, has a “sea level” atmospheric pressure of less than a hundredth of Earth’s, and gravity just over a third Earth normal. The temperature at 50 km on Venus is around 75 C, which is a mere 17 degrees hotter than the highest temperature recorded on Earth.

The defining feature of these missions is the vehicle that will be doing the atmospheric exploring: a helium-filled, solar-powered airship. The robotic version would be 31 meters long (about half the size of the Goodyear blimp), while the crewed version would be nearly 130 meters long, or twice the size of a Boeing 747. The top of the airship would be covered with more than 1,000 square meters of solar panels, with a gondola slung underneath for instruments and, in the crewed version, a small habitat and the ascent vehicle that the astronauts would use to return to Venus’s orbit, and home.""

Link to Original Source
Programming

New AP Course, "Computer Science Principles," Aims To Make CS More Accessible 205

Posted by Soulskill
from the broadening-the-base dept.
theodp writes: "CS Principles," explains the intro to a Microsoft Research talk on a new Computer Science Toolkit and Gaming Course, "is a new AP course being piloted across the country and by making it more accessible to students we can help increase diversity in computing." Towards this end, Microsoft has developed "a middle school computing toolkit, and a high school CS Principles & Games course." These two projects were "developed specifically for girls," explains Microsoft, and are part of the corporation's Big Dream Movement for girls, which is partnering with the UN, White House, NSF, EU Commission, and others. One of Microsoft's particular goals is to "reach every individual girl in her house." According to a document on its website, Microsoft Research's other plans for Bridging the Gender Gap in computing include a partnership with the University of Wisconsin "to create a girls-only computer science Massive Open Online Course (MOOC)."

Economists state their GNP growth projections to the nearest tenth of a percentage point to prove they have a sense of humor. -- Edgar R. Fiedler

Working...