Bash
Latest
Microsoft will offer 3 flavors of Linux in the Windows Store
Microsoft made headlines at last year's Build developer conference when it announced that it would build support for the Bash shell and Ubuntu Linux binaries directly into Windows 10. Doing so enables devs to run command-line tools while building apps as well as allows power users to run limited instances of Linux directly on top of Windows without installing a virtual machine. Today, at this year's conference, the company one-upped itself and announced that it's expanding Linux support to include OpenSUSE and Fedora distributions.
Man erases thousands of websites with a bad command (update: it's a joke)
As one business owner showed, things can go spectacularly wrong when you don't backup properly. User "bleemboy," who runs a site-hosting business with 1,535 customers (!), wrote to a server forum saying he was using a bash script command to erase some specific files. The command he used, "rm -rf" is infamous in Linux circles for causing disasters, thanks to the "f" part that forces it to proceed without warnings. Normally, his script only deletes specific files, but something went wrong and "all servers got deleted and the offsite backups too," since they were mounted to the same machine.
Watch Microsoft's opening-day Build keynote in just 10 minutes
If you didn't happen to be sitting near a computer during the opening ceremonies for Microsoft's Build developer conference yesterday, never fear: We've condensed the two-hour, opening-day keynote into a roughly 10-minute video. Included in our highlight reel are CEO Satya Nadella's opening remarks; the Windows 10 "Anniversary Update"; news on universal apps; a demo of new Windows inking features; Microsoft's surprise Linus news; a peek at HoloLens's packaging; and, most importantly, a glimpse at Microsoft's incoming army of chatbots. If you've got just 10 minutes, we'll give you all the meat, minus the fluff.
Linux command-line tools are coming to Windows 10
Now here's something you likely didn't expect at Microsoft's Build developer conference: A staple feature of Linux (and Unix) is coming to Windows 10. The company is integrating the Bash command-line shell and support for Ubuntu Linux binaries into Windows 10's Anniversary Update. This is, of course, big news for developers who want to use command-line tools while creating apps, but it's also important for power users who'd otherwise be tempted to install either third-party tools (like Cygwin) or a virtual machine.
Attackers hit Yahoo using the Shellshock bug, but your data is safe
Looks like it didn't take long for the Shellshock security flaw to claim its first major victim. Yahoo has confirmed to both Future South Technologies and SecurityWeek that hackers used the command line exploit to breach at least two of its servers. Future South's Jonathan Hall found that the Romania-based intruders were using Shellshock to slowly hijack servers (including those of other companies) and build up an "arsenal" for hitting increasingly valuable targets, particularly Yahoo Games.
Apple releases OS X bash Update 1.0
If you've been worried about the recent discovery of a security flaw called Shellshock in the bash UNIX shell, you can rest easier. Apple released OS X bash Update 1.0 to fix the issue, which made it possible for a remote attacker to execute arbitrary shell commands. According to the release notes for the update, "an issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement." The update incorporated a suggested change that resets the parser state, and also added a new namespace for exported functions. Versions of the patch are not only available for OS X Mavericks (see link in first paragraph), but also for OS X Lion, OS X Mountain Lion, and OS X Lion Server. TUAW also posted instructions on patching OS X for the bash/Shellshock vulnerability last week.
Apple updates OS X to protect 'advanced UNIX users' from Shellshock
Although OS X is among the systems listed as vulnerable to the recently-uncovered Shellshock / Bash security flaw (still not sure what that is? Let us explain.), Apple has said it isn't a problem for most users. For those potentially vulnerable due to enabling certain UNIX services, 9to5Mac reveals the company has just pushed patches for the Mavericks, Lion and Mountain Lion versions of its desktop operating system. You can download the updates from Apple's website now, and it should be available via software update soon. [Image credit: Robert Graham, Twitter]
The Shellshock command security flaw isn't really fixed yet
Don't get too comfy just because companies are rolling out patches for the Shellshock security bug -- as it turns out, even updated websites and devices remain at risk. Developers are reporting that they can still run any code they like (and thus hijack systems) through the bash command shell simply by using instructions that aren't covered by existing safeguards. You can use a common variable like "cat" (concatenate) to bypass the defenses, for instance. The only surefire fix may be a fundamental change to how the shell handles variables, which could break legions of apps and services. You still don't have much reason to worry about your home Mac or Linux PC, but it's now considerably less likely that the sites and connected gadgets you use will will be truly immune to Shellshock-based attacks. [Image credit: Robert Graham, Twitter]
New Oculus Rift, the Blackberry Passport and other stories you might've missed
It's the weekend, ya'll. So while you sit back and relax, check out our news highlights from the last seven days -- we took the new Oculus Rift for a spin, went hands-on with the Blackberry Passport, made an Ello account, and more. Oh, and be sure to subscribe to our Flipboard magazine!
Engadget Daily: Internet security flaws, iOS 8 fixes and more!
The past 24 hours have been quite a ride, eh? We've seen just how easy it can be to pilfer goods from an Apple store, discovered that there's yet another internet security flaw and Cupertino has a fix for the latest version of iOS' problems. However, there are even more stories than that! For those, check out the gallery below.
What is the Shellshock Bash bug and why does it matter?
By now you may have heard about a new bug found in the Bash shell. And unless you're a programmer or security expert, you're probably wondering if you should really worry. The short answer is: Don't panic, but you should definitely learn more about it, because you may be in contact with vulnerable devices. This bug, baptized "Shellshock" by Security Researchers, affects the Unix command shell "Bash," which happens to be one of the most common applications in those systems. That includes any machine running Mac OS X or Linux. The "shell" or "command prompt" is a piece of software that allows a computer to interact with the outside (you) by interpreting text. This vulnerability affects the shell known as Bash (Bourne Again SHell), which is installed not only on computers, but also on many devices (smart locks, cameras, storage and multimedia appliances, etc.) that use a subset of Linux.
'Bash' command flaw leaves Linux, OS X and more open to attack
Apparently, the internet has more deep-seated security bugs to worry about than Heartbleed. Researchers have discovered a longstanding flaw in a common Unix command shell (bash) for Linux and Macs that lets attackers run any code they want as soon as the shell starts running. They can effectively get control of any networked device that runs bash, even if there are limits on the commands remote users can try. That's a big problem when a large chunk of the internet relies on the shell for everyday tasks -- many web servers will call on it when they're running scripts, for example.
How to spring clean "Open With" duplicates
If you use your Mac for any period of time, you will find the need to open a document with a different program other than the one set as default. The "Open With" menu appears in the Finder whenever you right-click or control-click on the icon of a document. The "Open With" command is designed to give you a list of alternative choices to handle the file that you've selected, but after long-term use you will find this list can get a little bit messy. Duplicate entries in your "Open With" menu can be easily cleaned via a simple terminal command. We initially covered this command in a 2009 post about rebuilding your launch services, but this post is updated with video and a few new methods that'll work in OS X Mountain Lion. In the video below, I will demonstrate the basic terminal command. I will also show you how to create a bash script to make it easier to repeat this cleaning whenever needed, as well as create an Alfred workflow to do the same (requires the Alfred powerpack.) Below you'll find the commands used in the video. If you are creating the .bash_profile alias method, remember you will have to quit and relaunch terminal for this to work. Fix Duplicate "Open With" Terminal: alias fixow='/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -r -domain local -domain user;killall Finder;echo "Open With has been rebuilt, Finder will relaunch"' Fix Duplicate "Open With" via Bash alias: alias fixow='/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -r -domain local -domain user;killall Finder;echo "Open With has been rebuilt, Finder will relaunch"' If you are a little shy of monkeying around in terminal and bash, you can use utilities such as Onyx or Cocktail to get the job done.
Creature Feature: The Tiny Twister, ruiner of the bench
Not all wild battle pets spawn by the same rules. Finding the pet you want may be more involved than making a cursory flyover of a zone while watching your minimap. Some wild pets only spawn during certain weather conditions. Some wild pets share spawns with full-fledged mobs. Today's pet, the Tiny Twister, is the latter sort ... maybe. The Tiny Twister is an Elemental-type pet that can be found in the Arathi Highlands. The curious thing about this pet is that players aren't completely sure how its spawn works. There are three different common beliefs about its spawning: It shares its spawn with the Thundering Exiles in the area, so you must kill them for a chance at a Tiny Twister spawn It shares its spawn with any other type of wild pet in the area, so you must eliminate those for a chance at a Tiny Twister spawn Only X number of Tiny Twisters can spawn in a given length of time, so all you can do is wait There is more evidence for that second option than any other, but without the ability to see the coding behind its spawns, we can't be too sure in any direction. In any case, killing the Thundering Exiles and eliminating other wild pets in the area would be a good way to pass the time while waiting for a Tiny Twister to spawn, so it doesn't matter which theory is correct, in any case. Engaging in all of the above applies in one way or another. All of that being said, if you rush out to Arathi Highlands immediately after a server reset, you'll find the place absolutely littered with these little guys and will have no problem catching one whatsoever.
Behind the Mask: Heroes vs. heroes
Although I've referenced it a little bit here and there, I've directly avoided talking about PvP in Champions Online. It's a controversial topic -- probably moreso in CO than in most other MMOs. In Champions, there is a massive difference between a hero who is focused on PvP and one who is not. Characters who are well-optimized PvE machines tend to perform acceptably (especially in certain types of PvP). However, if a hero isn't as optimized, he or she tends to get steamrolled by the flavors of the month. Because most CO players are more casual players (in the sense that they don't plan builds and tend to pick powers that are "fun" or "cool"), they often get quite upset when they are defeated by an optimized PvP build. Most players I know tend to assume that the FoTM builds are unbeatable and that the only way to beat them is to join them. Experienced PvPers know that this just isn't the case. It is true that an optimized PvP build is a necessity, but the actual optimization can take on many forms. There are dozens of effective "win buttons" in Champions' PvP out of a couple hundred powers. Out of dozens of possible kill methods, picking one and supplementing it with logical choices and personal flavor is a snap.
Snow Leopard Fixes: Terminal shell workaround
Ever since I installed Snow Leopard, I've been dealing with a particularly annoying bug. Terminal keeps forgetting my shell preferences. I generally prefer to use tcsh rather than bash. This is mostly because I'm a technological dinosaur. I also have a lot invested into my ancient and extensive .cshrc that has taken years to grow and develop. Normally, I set the default shell inside the Terminal app preferences. But there's a problem. Snow Leopard keeps losing my preferences for reasons I do not begin to understand. With this Snow Leopard bug, I had to find another approach for choosing my shell. Terminal preferences were no longer going to work for me. There are actually two very good ways to handle this problem. First, there's chsh, as pointed out by Richard Buckle and Brian "Shmit" this morning. A command line utility, chsh edits the OS X user database, allowing you to change a user's default shell. chsh is built into OS X, and you can pull up a man page to read details about its use. Supply the shell you want to use, authenticate, and you're set. There is, however, an easier solution. It's System Preferences. As Bill Bumgarner and Jordan Breeding reminded me today, you can access advanced user settings by right-clicking (or Ctrl-clicking) a user name in the Accounts settings; then choose Advanced Options. (Please note that you must first unlock the settings before this trick becomes available.) When selected, an Advanced Options screen appears. You can set the new login shell in this screen. A simple pop-up list offers easy access to all installed shells. Select the one you want to use and, once selected, click OK to dismiss the screen and return to the Accounts settings pane. This solution works a lot better than the bash .profile approach I had been using for a few weeks. Running tcsh through the .profile initialization file had caused an extra layer of interaction each time I wanted to close a terminal window. The application warned me that I was about to kill a running process (i.e. my tcsh subprocess). Changing my default shell meant I could create and close windows on demand without that extra dialog, a welcome respite. In conclusion, while I'm not sure why Terminal keeps losing its preferences, I'm pleased that I at least learned a way to bypass the shell issue. Hopefully, Apple will get this bug fixed soon.
Tuesday's in-game fixes
We love in-game fixes, right? Blizzard blue poster Bornakk has announced a couple new in-game fixes. The updates are as follows:First, the nerf to the Paladin's Vindication talent that set the Pally community on fire yesterday is now live. The nerf removed stamina and intellect from the 20% reduction that Vindication gave. All other primary statistics are still affected by Vindication.Secondly, Maim, Bash, and Hammer of Justice will no longer cause a player's spell to be interrupted when they're immune to stun. They will still interrupt the NPC's spells however.There have been a handful of other hot fixes that we've covered the past few days, and those are recapped after the break.
Warrior changes in patch 3.0.3
With 3.0.3 going to the live servers today, we have a nice batch of Warrior changes to look at. First and foremost on everyone's mind are the changes to Titan's Grip.Prior to patch 3.0.3 Titan's Grip had a 15% miss penalty. That penalty has been reduced to an astounding 5%. What does this mean? It means that you're pretty much going to hit 10% more then what you used to when you have Titan's Grip talented.10% more means 10% more crits and 10% more yellow damage. Of course, these numbers end up being a bit different in practice than in theory crafting (and some will even correctly say that 10% more chances for damage is an oversimplification - and they would be right, and that's another article), but they're still a good base to look at when talking theoretically about the class.The simple jist of it is Titan's Grip just became a whole lot sexier.Continue reading on after the break for more changes to the Warrior class in 3.0.3.
Shifting Perspectives: PvP as a moving target
Every week, John Patricelli of Big Bear Butt presents a well-researched, educational, and entertaining look at the state of the Druid class in WoW today. This week we said, "Screw that," and got someone off the street. Veronica: Look at you, all helpful.Logan: Your peskiness being unleashed on Connor brings me joy. Annoy, tiny blonde one! Annoy like the wind!-- Veronica Mars, "An Echolls Family Christmas" With apologies to Diane Ruggiero, the writer of the episode quoted above, but I find Logan's snarky comment (did he even have another kind?) to be a perfect, albeit general, means of describing successful Druid PvP.Let us be frank; I am not, nor am ever likely to be, a hardcore PvPer, and to a great extent this post is directed mostly at people like myself. If you're one of those Druids carrying a 2K+ rating in full Vengeful, then I invite (nay, implore) you to leave comments and corrections based on your own experience, but the article's mostly for regular folks like me, who may not even particularly like PvP but recognize that it is desirable or perhaps necessary, given our ingame goals. As such, most of this applies to battlegrounds, and on a later date we're going to get into arena. Today, we are simply going to talk about how to avoid letting your PvP experience turn you into a miserably unhappy player who would rather undergo an appendectomy via Roto-Rooter than set foot in another EOTS.
WoW Bash collects chat screenshots from MMOs
Many of you might be familiar with bash.org-- it's a legendary collection of quotes from IRC. Their top 100 page is a must-read if you've never done it before, but be careful, as extreme laughing will ensue.And now, reader Furism sends us a note that he's started WoW Bash, a version of bash.org that collects quotes from MMO games, including many quotes from World of Warcraft. The site just started, so unlike bash, there's not tons of great quotes to read through (many of them are not very funny), but there are a few gems to be found, most of them on the top 100 page (which only has about 40 on at the moment). This one made me laugh. But the genius of bash is that it collects quotes from all over the IRC world, and so by bringing this page to you, dear readers, hopefully WoW Bash will gain some exposure and get some really good quotes on there.And even if it takes a while, it's an excellent idea, and a great way to show off the hilarity (or usually stupidity) appearing in chat channels all over Azeroth and all the other online worlds. If you've got a screenshot of a funny quote, get it up there.
