Skip to content

The Isoblog. Posts

Bash 4.4 Bug: Tab completion can execute commands

Jens Heyens and Ben Stock of the Uni Saarland have found a code execution bug (PDF) in Bash 4.4 and higher.

$ touch ’”‘ touch HereBeDragons ‘’
$ rm \”\‘touch\ HereBeDragons\‘ ^C
$ ls -lt
insgesamt 0
−rw−r−−r−− 1 heyens heyens 0 17. Jan 16:03 HereBeDragons
−rw−r−−r−− 1 heyens heyens 0 17. Jan 16:03 ’” ‘ touch HereBeDragons ‘ ’

The bug has been introduced in commit 74b8cbb41398b4453d8ba04d0cdd1b25f9dcb9e3 on the devel branch of bash and made into 4.4-stable. It is present since May 2015.

Leave a Comment

Building Europeans: The Free Interrail Ticket

Free Interrail

What is the Idea of a European Union in the life of young Europeans growing up? How can the EU make European Union a tangible experience?

The answer to that, according to Vincent Herr and Martin Speer, is as simple as it is awesome – every young European Citizen shall, on their 18th birthday, receive a free InterRail ticket. The ticket would allow unlimited rail travel in and between the 30 participating countries for a month, allowing young Europeans to experience their country hands-on.

But nothing in Europe is ever simple:

Leave a Comment

Berlin Judge asks: Is the German Ancillary Copyright even legal?

Germany has Ancillary Copyright (“Leistungsschutzrecht“), but it does not work. Currently the organisation trying to cash in on it, VG Media, is suing Google, and the case is being heard at the Landgericht Berlin.

Die Zeit reports that Judge Peter Scholz is asking if the German Ancillary Copyright is formally invalid, because by construction it might have been that the Euorpean Union would have had to be formally notified before it became law.

Leave a Comment

NYT Podcast: The Daily

The Daily, a podcast by the NYT
Tumblr of the day is a pretty good podcast: The Daily by the NYT is commute length and gives a good and unexcited overview about what happened in the US while you slept.

The Podcast is available from the NYT website, or via the usual subscription mechanism provided by your podcast app (I am using Pocket Casts)

Leave a Comment

Battery Fire smokes out a Parking Structure in Hannover

An electric bike, of all things, in a shop for e-Bikes in the basement level of a parking structure in Hannover caught fire. The fire was extremely smoky, and completely engulfed the parking structure. It had to be evacuated.

The bike shop was completely destroyed, the parking structure has been desmoked and is cleared for use again.

Apparently a battery exploded, and hot smelter created fire in multiple locations in the shop, which then propagated before it could be extinguished. The fire department was on place with more than 70 people and 30 engines, took over an hour to bring the fire under control.

(Article in german, impressive photo)

Leave a Comment

Scaleway adds Servers for Intensive Workloads

This blog is hosted at Scaleway

Scaleway lets me know that they added new server types for large workloads.

The the sizes are ten and twelve core machines with 60/120 GB memory respectively and large SSD. Bandwidth is a Gigabit/s and is unmetered. Additional storage volumes can be attached.

So if you are asking where to put your really large MySQL, now you know.

1 Comment

FOSDEM: Graphite @ Scale at

Validimir Smirnov gave his talk Graphite @ Scale at FOSDEM.

The slides (PDF) are available for download, and the talk can be downloaded (webm) as well.

Booking stores about 130 TB of data in Graphite, using 32 frontend and 200 SSD storage servers to collect 2.5M unique metric per second,  worth 11 Gbps of traffic in the graphite backend.

This is achieves mostly be replacing all parts of Graphite with API-compatible rewrites in Go and C, all of which are open source.

Leave a Comment