All Hands to the Sieve

A recent FLASH alert from SANS reveals the dangers lurking in the bowels of MS Access, Word 2000 and Internet Explorer 5.00+.

If you want to be thoroughly depressed by the CS “state of the art”, apart from running/crashing Windows, you should check out Peter Neumann's RISKS reports and the regular lists of “vulnerabilities” issued by the SANS Institute. No OS, kernel, compiler, library, parser or command seems immune, however “mature”. Mon dieu, we are not just talking kilobillion (who knows?) spreadsheet flaws or megabillion lost spacecraft (good for some), but pandemic, apodictic, uncaught exceptions based, in spite of endless warnings, on the syntactic quirks of C arrays.

A recent FLASH alert from SANS reveals the dangers lurking in the bowels of MS Access, Word 2000 and Internet Explorer 5.00+. SANS is offering a prize for “quick” fixes, but these bugs are eminently “proprietary”. Microsoft, let's face it, has more than their unfair share of expert programmers schooled in the latest software engineering agendas. Indeed, Microsoft Press offers many bibles on how to develop provably “robust” applications. Yet, in spite of linguistic and developmental tools aimed at detecting the “obvious” errors (memory leaks and array overflows), this fine group of MS programmers lets slip the dogs

The epistemological, unanswerable challenge, of course, is to first define “bug” and then, “bug-free”. Even Stephen Hawking's “Brief...” open-ended, temporal historiography may not allow us to test every path through all the if-then-elses of our sweetly crafted code. And what does it mean to “match” a specification expressed, ultimately, in “natural” language? (As Hawking's cosmos time-reverses to the Big Crunch, will we see our GOTOs mapped as COMEFROMs?)

The success of the open-source approach depends on the critical exposure of the code to many unbiased programmers motivated only by the true target, whereas an in-house “slave”, with share options at stake, may be loath to rock the boat.

In spite of which, recent SUID security flaws in the Linux kernel indicate (more depressions) that simple code slips can escape multiple perusal. On the bright side, we have (i) prompt, open acknowledegment and fixes; (ii) no end of scapegoats (boucs emissaries)—hands up, whosoever was guilty from the 144,000 remnant. Peter Salus will record your confession/contribution.

Due soon from Prentice-Hall, Bob Toxen's Real World Linux Security (see Note 1).


Moving to another aspect of widespread open computing, GIMPS is the Great Internet Mersenne Prime Search (see Note 2). Over 8,000 individual users are engaged in finding ever-larger primes. Way back, Euclid proved that there's no end in sight, for if P is the largest prime, then either P!+1 is a bigger bugger or it must have a prime factor larger than P. QED! (Where P! means factorial P, not to be confused with the second “!” which expresses amazement and relief!)

They say if you don't see the beauty of this proof (suitably refined), you'll never be a mathematician.

And, a sure test of your sensayuma goes thus: the Sieve of Eratosthenes (another dead Greek) offers a slowish algorithm for listing each prime in ascending sequence. My own Kelly's Sieve lists both composites and primes with a single for loop.

The point is whether there are primes between P and P!+1—and in June 1999, Nayan Hajratwala of the GIMPS team hit a new (temp) world record with:

2^6,972,593 - 1

I'll spare you the seven miles of digits and commas needed to printf() this number.

Next month: how to help find alien intelligence via the SETI collaborative program at [Join the Linux Journal group! —Ed.] Chances are that some little green mathematicians already know the next largest prime.


Stan Kelly-Bootle ( has been computing on and off since his EDSAC I (Cambridge University, UK) days in the 1950s. He has commented on the unchanging DP scene in many columns (“More than the effin' Parthenon”—Meilir Page-Jones) and books, including The Computer Contradictionary (MIT Press) and UNIX Complete (Sybex). Stan writes monthly at and


White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState