All Hands to the Sieve
If you want to be thoroughly depressed by the CS “state of the art”, apart from running/crashing Windows, you should check out Peter Neumann's RISKS reports and the regular lists of “vulnerabilities” issued by the SANS Institute. No OS, kernel, compiler, library, parser or command seems immune, however “mature”. Mon dieu, we are not just talking kilobillion (who knows?) spreadsheet flaws or megabillion lost spacecraft (good for some), but pandemic, apodictic, uncaught exceptions based, in spite of endless warnings, on the syntactic quirks of C arrays.
A recent FLASH alert from SANS reveals the dangers lurking in the bowels of MS Access, Word 2000 and Internet Explorer 5.00+. SANS is offering a prize for “quick” fixes, but these bugs are eminently “proprietary”. Microsoft, let's face it, has more than their unfair share of expert programmers schooled in the latest software engineering agendas. Indeed, Microsoft Press offers many bibles on how to develop provably “robust” applications. Yet, in spite of linguistic and developmental tools aimed at detecting the “obvious” errors (memory leaks and array overflows), this fine group of MS programmers lets slip the dogs of...er...dogs.
The epistemological, unanswerable challenge, of course, is to first define “bug” and then, “bug-free”. Even Stephen Hawking's “Brief...” open-ended, temporal historiography may not allow us to test every path through all the if-then-elses of our sweetly crafted code. And what does it mean to “match” a specification expressed, ultimately, in “natural” language? (As Hawking's cosmos time-reverses to the Big Crunch, will we see our GOTOs mapped as COMEFROMs?)
The success of the open-source approach depends on the critical exposure of the code to many unbiased programmers motivated only by the true target, whereas an in-house “slave”, with share options at stake, may be loath to rock the boat.
In spite of which, recent SUID security flaws in the Linux kernel indicate (more depressions) that simple code slips can escape multiple perusal. On the bright side, we have (i) prompt, open acknowledegment and fixes; (ii) no end of scapegoats (boucs emissaries)—hands up, whosoever was guilty from the 144,000 remnant. Peter Salus will record your confession/contribution.
Due soon from Prentice-Hall, Bob Toxen's Real World Linux Security (see Note 1).
Moving to another aspect of widespread open computing, GIMPS is the Great Internet Mersenne Prime Search (see Note 2). Over 8,000 individual users are engaged in finding ever-larger primes. Way back, Euclid proved that there's no end in sight, for if P is the largest prime, then either P!+1 is a bigger bugger or it must have a prime factor larger than P. QED! (Where P! means factorial P, not to be confused with the second “!” which expresses amazement and relief!)
They say if you don't see the beauty of this proof (suitably refined), you'll never be a mathematician.
And, a sure test of your sensayuma goes thus: the Sieve of Eratosthenes (another dead Greek) offers a slowish algorithm for listing each prime in ascending sequence. My own Kelly's Sieve lists both composites and primes with a single for loop.
The point is whether there are primes between P and P!+1—and in June 1999, Nayan Hajratwala of the GIMPS team hit a new (temp) world record with:
2^6,972,593 - 1
I'll spare you the seven miles of digits and commas needed to printf() this number.
Next month: how to help find alien intelligence via the SETI collaborative program at http://www.setiathome.ssl.berkeley.edu/. [Join the Linux Journal group! —Ed.] Chances are that some little green mathematicians already know the next largest prime.
Stan Kelly-Bootle (firstname.lastname@example.org) has been computing on and off since his EDSAC I (Cambridge University, UK) days in the 1950s. He has commented on the unchanging DP scene in many columns (“More than the effin' Parthenon”—Meilir Page-Jones) and books, including The Computer Contradictionary (MIT Press) and UNIX Complete (Sybex). Stan writes monthly at http://www.sarcheck.com/ and http://www.unixreview.com/.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide