Bash 4 Compatibility
Your article on the new Bash version 4.0 (August 2009, pg. 62) refers to the topic of compatibility right at the start, pointing to eight changes introduced for the sake of POSIX compatibility. Chet Ramey also seems to have been referring to this in your interview, when he said that the new version was as downwardly compatible as possible, but version 3.2's behavior was just incorrect in some places.
In version 4.0 of the shell, the $@ and $* parameter lists are fairly inconsistent "semi-variables" (bash -uc 'echo $@' "$@:unbound variable"; but: @=1 @=1: command not found), although this is not mentioned in the COMPAT file.
These changes mark a departure of the new shell from the POSIX standard, which clearly states: "If there are no positional parameters, the expansion of '@' shall generate zero fields [...]."
Bash 4 simply treats $@ and $* as "undefined" if no parameters have been passed in. This problem primarily occurs when the nounset option (-u) is used to protect against the use of undefined variables and thus make scripts more secure and robust. In this light, the problem might only affect a couple of programmers, as most people still unfortunately work without nounset. (-u is not even mentioned in the Bash manpage.) However, it is quite conceivable that this new behavior could cause other problems that are still waiting to be discovered.
In my opinion, these changes are a careless step backwards and do not indicate the kind of diligence in release management you would expect from a critical package like Bash. This is the reason why I declared the changes to be a grave bug on the following Debian bug report site: http://bugs.debian.org/519165
Martin F Krafft
Bernard Bablok, the author of the Bash 4 article, writes:
I am not familiar with the particular issue described in this letter, but I will assume that Martin Krafft is right. Even so, I cannot share his assessment of Bash 4 as a "careless step backwards." In a complex program such as Bash, it can happen that a compatibility issue or an unwanted problem creeps in. There are bug lists and mailing lists in order to clarify or change such things.
Thanks for your letter. We'll hope the bug report you filed with Debian will draw some attention to this issue.
ECIS and EC
Contrary to an article in your magazine (see "Microsoft's Anticompetitive Behavior" July 2009, pg. 10), ECIS is not part of the European Commission.
They are a lobby group.
Could you please print a correction and amend the online version?
Jonathan Todd European Commission Spokesman on Competition
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.