Bash 4 Compatibility
Your article on the new Bash version 4.0 (August 2009, pg. 62) refers to the topic of compatibility right at the start, pointing to eight changes introduced for the sake of POSIX compatibility. Chet Ramey also seems to have been referring to this in your interview, when he said that the new version was as downwardly compatible as possible, but version 3.2's behavior was just incorrect in some places.
In version 4.0 of the shell, the $@ and $* parameter lists are fairly inconsistent "semi-variables" (bash -uc 'echo $@' "$@:unbound variable"; but: @=1 @=1: command not found), although this is not mentioned in the COMPAT file.
These changes mark a departure of the new shell from the POSIX standard, which clearly states: "If there are no positional parameters, the expansion of '@' shall generate zero fields [...]."
Bash 4 simply treats $@ and $* as "undefined" if no parameters have been passed in. This problem primarily occurs when the nounset option (-u) is used to protect against the use of undefined variables and thus make scripts more secure and robust. In this light, the problem might only affect a couple of programmers, as most people still unfortunately work without nounset. (-u is not even mentioned in the Bash manpage.) However, it is quite conceivable that this new behavior could cause other problems that are still waiting to be discovered.
In my opinion, these changes are a careless step backwards and do not indicate the kind of diligence in release management you would expect from a critical package like Bash. This is the reason why I declared the changes to be a grave bug on the following Debian bug report site: http://bugs.debian.org/519165
Martin F Krafft
Bernard Bablok, the author of the Bash 4 article, writes:
I am not familiar with the particular issue described in this letter, but I will assume that Martin Krafft is right. Even so, I cannot share his assessment of Bash 4 as a "careless step backwards." In a complex program such as Bash, it can happen that a compatibility issue or an unwanted problem creeps in. There are bug lists and mailing lists in order to clarify or change such things.
Thanks for your letter. We'll hope the bug report you filed with Debian will draw some attention to this issue.
ECIS and EC
Contrary to an article in your magazine (see "Microsoft's Anticompetitive Behavior" July 2009, pg. 10), ECIS is not part of the European Commission.
They are a lobby group.
Could you please print a correction and amend the online version?
Jonathan Todd European Commission Spokesman on Competition
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.