Bash 4 Compatibility
Your article on the new Bash version 4.0 (August 2009, pg. 62) refers to the topic of compatibility right at the start, pointing to eight changes introduced for the sake of POSIX compatibility. Chet Ramey also seems to have been referring to this in your interview, when he said that the new version was as downwardly compatible as possible, but version 3.2's behavior was just incorrect in some places.
In version 4.0 of the shell, the $@ and $* parameter lists are fairly inconsistent "semi-variables" (bash -uc 'echo $@' "$@:unbound variable"; but: @=1 @=1: command not found), although this is not mentioned in the COMPAT file.
These changes mark a departure of the new shell from the POSIX standard, which clearly states: "If there are no positional parameters, the expansion of '@' shall generate zero fields [...]."
Bash 4 simply treats $@ and $* as "undefined" if no parameters have been passed in. This problem primarily occurs when the nounset option (-u) is used to protect against the use of undefined variables and thus make scripts more secure and robust. In this light, the problem might only affect a couple of programmers, as most people still unfortunately work without nounset. (-u is not even mentioned in the Bash manpage.) However, it is quite conceivable that this new behavior could cause other problems that are still waiting to be discovered.
In my opinion, these changes are a careless step backwards and do not indicate the kind of diligence in release management you would expect from a critical package like Bash. This is the reason why I declared the changes to be a grave bug on the following Debian bug report site: http://bugs.debian.org/519165
Martin F Krafft
Bernard Bablok, the author of the Bash 4 article, writes:
I am not familiar with the particular issue described in this letter, but I will assume that Martin Krafft is right. Even so, I cannot share his assessment of Bash 4 as a "careless step backwards." In a complex program such as Bash, it can happen that a compatibility issue or an unwanted problem creeps in. There are bug lists and mailing lists in order to clarify or change such things.
Thanks for your letter. We'll hope the bug report you filed with Debian will draw some attention to this issue.
ECIS and EC
Contrary to an article in your magazine (see "Microsoft's Anticompetitive Behavior" July 2009, pg. 10), ECIS is not part of the European Commission.
They are a lobby group.
Could you please print a correction and amend the online version?
Jonathan Todd European Commission Spokesman on Competition
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm