Shellshock does a good job of illustrating a fundamental security flaw in
bash but also in Redhat. Redhat, Fedora and CentOS are the most at risk
OSs because Redhat decided to make bash the default shell. This was a
deeply flawed system design decision driven by NIH (not invented here
syndrome). The problem is that bash was written and is maintained by
Redhat. As a result scripts that should have been written in the Bourne
shell are instead using bash. Even scripts that use Bourne (/bin/sh) are
executing bash on Redhat systems as sh is symlinked from bash. This is
not the case on Debian-based Linux (Ubuntu et al) as they don't symlink
bash to sh or specify bash as the default shell script interpreter.
Neither is it the case on the BSDs which don't even ship with bash.

So why then is bash an inappropriate choice for shell scripting? Bash is
designed to be an interactive shell. As a result it a much larger
program and has a correspondingly larger codebase than Bourne, most of
which is dedicated to auto-completion and other interactive features.
All else being equal (and it is in this case) more code correlates with
less security. Bash is also not POSIX-compliant. As a result it is not
cross-platform compatible nor are its features or design subject to
substantial design review. This and other reasons (like security) are
why all Unix and Linux distributions other than Redhat specify POSIX
Bourne as the default shell scripting language.

Redhat aside many third party shell scripts are written in bash that use
no bash features i.e., they would run with little or no modifications
under sh. So why are these scripts written in bash? The primarily
reasons are A) script authors don't understand or value cross-platform
compatibility and B) don't know the differences between bash and sh
(commonly due to familiarity with bash as an interactive shell). A third
but equally important factor is the lack of formal Linux or Unix
training.

Just as shell scripts should not be written in csh (or tcsh) they should
also not use bash (or ksh). Shell script authors should A) keep it
simple, B) be aware of cross-platform differences, C) value
POSIX-compliance and D) value security. With these best practices bugs
like shellshock won't have such an impact.

Given Google's collusion with AT&T on wireless network neutrality you have to wonder whether AT$T influenced this decision as well.

If only... More often bug reports are removed for lack of a "more detailed explanation" or lack of a patch.

Horrible backwards compatibility is Linux' Achilles heel and the reason it has utterly failed to displace MS and Apple on the desktop.

A) support Trinity.

B) fork Trinity if it goes the way of KDE4

C) KIS (keep it simple (and cross-platform compatible))

D) hire the right people (i.e., open at least one freaking office in SV/SF)

E) it's all about management

Management has to be well connected to end-users and end-user sysadmins. Management has to know how to review code (diffs) and do good QA (used to be Canonical's leg up on RH). This isn't rocket science. It isn't pur s/w development or pure sysadmin either. It is, findamentally, an issue of experience and good management. To be sure Canonical is the best placed company to be _the_ Linux desktop but they have not, of late, demonstrated a good understanding of how to get from here to there.

KDE4 and Gnome3 have set the Linux desktop back nearly a decade. All of our plans to convert desktops from Windows have been put on hold, indefinitely.

Question is why. Why have these two key window managers not only gotten worse but become worse than any window manager since CDE?

Part of it has t be a lack of design guidelines. It also has to be due to a lack of leadership, designed by committee, lord of the flies and all that. But that can't be all there is. I know this isn't all because a friend of mine is one of the contributors and I know he works for Microsoft on the side. Open source desktops won't be viable, if you ask me, until they've solved these 3 fundamental issues.

Evaluation metrics, yea, that's the ticket. The reason Google sucks of late is partly because spam filtering is difficult but in this case it is especially difficult as they actually profit off of much of what we see as search spam. That is to say that our metrics (results) are different from theirs (profit and results). Of course they'll tell you that Adwords customers are shown no preference in search listing, but what else are they going to say...

This is no different than what happened at DEC's Alta Vista, whose search results used to be better than Google's are now. That was before the bean counters^H^H^H^H stock holders made a stink about the lack of "value appreciation". Sucks to have owners whose short term interests conflict with your (long term) business model.

Sorry but we do know. Whether the equipment you cited supports IPv6, well or otherwise, is irrelevant because 99.999% of the Internet is inaccessible to IPv6 nodes without NAT64 and NAT46.

Anybody who has tried to use IPv6 knows this. IPv6 will never reach more than 0.01% of the Internet without NAT64 and NAT46 and probably NAT66 as well.

Everyone knows NAT works because everyone uses NAT, most of us aren't even aware of it. The only people who have a problem with NAT are ILECs like ATT, aggregators like Google, and wirters of trojans, viruses, spambots and other P2P malware. These groups know that access to us and our data would be much easier with NAT out of the way, and they think IPv6 is a way to make this happen. Claims that NAT is harmful only exist because the ATTs and Googles of the world have a lot of money to spend on astroturf.

Is this a rhetorical question or what? Considering that no equipment currently on the market does IPv4 to IPv6 NAT any IPv6 device would only be able to contact at best 0.001% of the Internet. Give me a break is right, just not a broken Internet. IPv6 is still a long way from being usable.

Not just Paypal but Wells Fargo as well. When I heard about Paypal and Amazon I went to the wikileaks website to make a donation. Not only was my charge denied but they put a hold on my card! Talk about harassment. It's bad enough when your own government breaks the law, worse when vendors decide to run a protection racket when they disagree with a customer's purchases/donations.

It's true you can't "think" yourself out of stress but you can meditate on your stress, its effect on your body and your thinking, and come to terms with it in that way. Meditation does not involve thinking i.e., internal dialog, but it does involve taking the time to sit quietly for a half hour or more and just focusing on what exactly the"stress" is. That's the only way to achieve real understanding of it, to come to terms with it, to live with it, and to mitigate its negative effects. It's the same for other types of pain.

If, like most people, you deal with stress by trying not to think about it, by staying busy, by drinking, taking drugs, watching TV, even by exercising (alone) you'll still suffer from it.

If you want to see what meditation is about download a few lectures from audiodharma (to your smartphone or PC) and listen to them while commuting or before bed.

Meditation techniques are even taught in hospitals in the US thanks to unequivocal research showing its beneficial effects. See also books/audiobooks by Jack Kornfield, Lama Surya Das, the Dalai Lama, or Alan Watts among many.