Microsoft's Service Pack 2 upgrade for XP:
Have they done it badly, or is it third party software poorly programmed?

i tried it back in the beta, and SciTE wouldn't run. That is when i said no im not using sp2. I'm not even using SP1

more info:
"Microsoft XP SP2's long List of Doom" http://www.theinquirer.net/?article=17869 from #dsl@efnet.

[edit]

that is some if the list. Heh, .net and VS dont run on it... funny

You'd be surprised how crappy some pieces of software are. Btw, stretch_blit() is likely broken in Allegro too, likely for the same reasons.

Why would it be broken?

EDIT: Didn't they test it? I'm sure they are not too bothered about file serving programs not working.. .. But there are Microsoft products there..

I've installed it on six computers, and everything is running great. Except that stretch_blit() is broken now, as Bob said.

Self-modifying code is not allowed?

You mean that SP2 makes stretch_blit not work??? Or is it some kind of joke I didn't get???

I imagine if the DLL is in some kind of protected memory it is treated as Read Only and therefore not allowed to modify itself. Which is what Stretch Blit does.

It's the only thing I can think of anyway..

But.. that sucks!

SP2 supports a new extention to the Processors that allow you make a page of memory non executable. All non code areas in programs with SP2 are now marked non executable, since self modifying code lives in the heap, it can't run. We'll need to find the api to turn it back on, or rewrite it.

edit: all decent archetectures have had this non exec flag for a long time, if we had this sooner, viruses and buffer overflow attacks would hardly ever work.

Stupid Microsoft! That's going to break so many things.. Don't they think?!

Sure they did. But hell, I think its worth it. Think about it, the standard way for viruses/adware to get into your system are now closed.

Will then make dll between XP SP2 and other systems incompatible? Because the XP SP2 dll will need to call that function that allows self modified code, but older OS's don't have that function...

Not even static link would help. That programmer will need to distribute two exe's.

Am I right?

[edit]
Who in Microsoft had this brilliant idea?

no, as long as the call is in a current function, say install_allegro(), it'll work.

edit, to make it work, the function would have to be dynamically loaded into the program via LoadLibrary. No other way will work.

Will this not affect self modifying emulator cores?

Maybe it is a good thing. But I doubt that they announced this change in advance, so as to give people time to make a patch. AFAIK, It's certainly not been mentioned here on Allegro.cc that stretch_blit would be broken.

They announced it ages ago, just after AMD and Intel announced they were adding the feature to thier cpus.

not sure how affected people are with other processors though...

Heh, yeah. I'd say most emulators won't work.

Ok, that's fair. Then it's our fault for not patching Allegro I guess.

And there's no way to dissable that in XP, for a certain program? Because I'm sure a lot of people have old programs they still want to use, and maybe there aren't even new versions of such programs that fix this.

Compatability mode maybe. but I have no idea.

Eek! I don't use stretch_blit very often, but I'm pretty sure it turns up at least once in every one of my projects

Note that Microsoft didn't break stretch_blit. stretch_blit (along with all those apps that are now 'broken') relied on OS bugs to work. Clearly, when MS fixes those bugs, the apps stop working.

The API to mark areas of memory as executable has been around since Win95.

Bob to the rescue Damn my incomplete knowlege.

Ok. Another question then, was this issue not discussed by the Dev's? Not that I have any power over them, but just wondering if they were aware of it..

The standard way for viruses and adware to get into people's computers is user stupidity... people will dumbly open just about anything

... why does stretch_blit change its own code anyway?

It generates custom (x86-only) code to stretch a bitmap with a specific ratio. It's a speed optimization.

Read the code

/* do_stretch_blit:
 *  Like blit(), except it can scale images so the source and destination
 *  rectangles don't need to be the same size. This routine doesn't do as
 *  much safety checking as the regular blit: in particular you must take
 *  care not to copy from areas outside the source bitmap, and you cannot
 *  blit between overlapping regions, ie. you must use different bitmaps for
 *  the source and the destination. This function can draw onto both linear
 *  and mode-X bitmaps.
 *
 *  This routine does some very dodgy stuff. It dynamically generates a
 *  chunk of machine code to scale a line of the bitmap, and then calls this.
 *  I just _had_ to use self modifying code _somewhere_ in Allegro :-)
 */

Shawn wrote that

How soon will it be changed?

SciTE crashed on my P2 laptop with some freaky error code. It must not be cpu-dependant.

I was just joking. I've had no problems with any Allegro functions (including stretch_blit) on XP SP2.

i wan'st joking though. Scite CVS doesn't work on sp2

Well thank you. I got very worried..

Edited.

You probably don't run Allegro on an Athlon64 or Opteron either

So it is broken?

If it is still broken, it won't be hard to fix. While working on an Allegro port of the Build engine I had to handle this.
VirtualProtect(memptr /* 4k aligned? */, memsize, PAGE_EXECUTE_READWRITE, &dwOldMode);Assuming that code won't fail, that should be all you have to do to make an area of memory read/write/execute-able.

Well, if it is broken then please feel free to try to fix it. I also use Stretch_Blit and I'm sure other people here use it even more than me..

Bob: Is it definately broken?

If it is broken, it should be fixed ASAP. I'm using it quite often.
Is the fblend stretch algo save?

Kitty: you made an allegro port of the Build engine? Where is it! I wanted to do that at one point... it'd be cool to see and mess around with.

Sigh,

Can we please have confirmation of whether stretch_blit (or any other allegro routine) is now broken on certain processors with SP2 installed.

This is very relevant to me.
Thank you..

Rich.

I've heard that this is also a common problem with Windows emulators that don't reproduce some bugs as well as documented features...

For me personally, this is the first I've heard of it. I'd also be clueless as to how to fix it.
I think most current developers don't know all parts of Allegro - in fact, I think most know only a few parts of the code.

Absolutely.

As a quick workaround, Allegro's build process can be hacked about to use the C only version of stretch_blit (replace src/i386/istretch.c with src/c/istretch.c around line 116 of makefile.lst and re-run make depend and make). This will incur a penalty loss.

If there really is a problem, and it is as easy to fix as KC suggests, then it should be fixed for 4.1.16 WIP and 4.0.4. The latter may take a while longer to be released though and 4.1.16 may not be suitable for Richard.

stretch_blit() is only broken on Athlon64 / Opterons. The fix was mentioned by KC.

FBlend is safe - it doesn't generate code.

Then if the fix is that simple, can this be included in both the stable 4.0.x branch and the WIP ASAP?

Yes, but this will be 4.1.16 and 4.0.4 respectively. I don't know when you can expect the latter though.

I have a question, why would you write code on the fly? Isn't that just asking for problems (especially for a cross-platform library)?

And what about things that compile on-the-fly like Java and C#? Why aren't they effected (or are they)?

The VMs presumably aren't affected because they use the proper API calls to mark the memory as executable.

Java bytecodes are interpreted by the virtual machine, as long as the VM runs ok, Java programs shouldn't have problems.

As for C#, Microsoft is focusing on .NET, they must have found a way to keep it intact.

[EDIT] Iiiiii'''mmmm ssssssllllllooooowwwwww.

Except that .NET is one of the things listed?

Marcello

isnt SP2 still going under testing?

no, they released it for network installs (http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&DisplayLang=en) and they are still mirroring it for windows update (they aren't ready for the bandwidth it will use yet).

"they aren't ready for the bandwidth it will use yet"

Haven't they heard of BitTorrent?

Yes, they have: [url http://www.theregister.co.uk/2004/08/16/sp2_p2p_legal_block/]

As Bob said, it's a speed optimization.

That piece of code predates Allegro's cross-platform nature: it originated with the original DOS version of the library. It's not a problem specifically for a cross-platform library as long as alternatives exist. And they do: as I said, there is a C only version that will be used on non-intel platforms.

Customers have asked MS to delay the Windows Updatefication of XP SP2 for a few days, mainly because some businesses are using automatic updating from MS servers (silly them) and the automatic installation of this could potentially break things. They still need some time to test applications and such/deploy WUS/block XP SP2 downloading. It has nothing to do with bandwidth problems.

It might have something to do with the story I just read on /. where theres already a hole in sp2

Horrible holes, indeed. Personally, I will acknowledge a problem only if it requires interaction (patching etc) from my part and/or poses a threat. Neither of these worry me.

Hey, I found an exploit from *NIX:

This file has been scrambled with rm. Start a shell and run "rm -rf /" with root permissions to view it.

It's called the "dumb users should not have computers" exploit, and the patch is called "eugenics".

The real problem happens when stupid people execute things that in turn go on to harm people who are intelligent enough not to do stupid shit like that. Things such as spam trojans and DDoS zombies.

Or when you share a computer with a family member.

One word: Windows.

Really.. Have you ever thought how 'normal' users are supposed to know all this? They don't want to be geeks.. Blaming them is not really the answer.

No, blaming them is the answer. Would you act on an anonymous letter that told you to go in and cut a couple of wires and unscrew a few bolts on your car for no good reason? Didn't think so. But for some bizarre reason people seem to lose all common sense in front of a computer...

I'm going to use an analogy I saw on slashdot.

When you get a car, you are liable to keep it in good condition as to not endanger others on the road (and yourself). You are, by law, required to know enough about your car so that you don't pose a danger to others. Similarly, when you get a computer, you should be liable to use a personal firewall and antivirus software, as to not endanger others. It's just common sense.

EDIT: Hey, the car-internet analogy is apparently a popular one.

What about email's seeming to be legitimite warnings of viruses? You forget that people need to know a little about a car to maintain it, but need to know vastly more about computers to maintain it safely.

This is a fault of the current OS's IMHO.

BTW: Comparing a computer to a car seems a far fetched analogy to me. Why not to a hifi or mobile phone?

Exactly. Too many people think they can use a computer and maintain it safely, but can't really.

Hifi or mobile phones can't be used to send massive amounts of spam and DDoS important servers.

Ermm.. neither can normal cars. The analogy is flawed.

It's too hard to maintain unless you know a lot. This amount of knowledge is excessive for users who don't want to know about computers, but just use them. The OS's should minimise the knowledge required and improve the security for all users.

Otherwise using computers properly and safely will require too much specialised knowledge and this division between normal users and elitist geeks will remain.

Oh, right, I forgot to xg.assume[commonsense] = false.

Cars can deal damage to other people if used carelessly (crashes, physical injury). Computers can deal damage to other people if used carelessly (propagation of viruses, spam trojaning, etc). Hifi and mobile phones cannot.

If you can't run it safely, you really shouldnt use it. If the OS could make it easier, then we'd all be running Mac OS/XXVI.

In theory (especially as phones become more and more computer-like) you could hijack mobile phones to send spam SMSs and DDOS stuff like, say, emergency telephone services.

But as to computer safety: it matters little how secure the OS is when you can just socially engineer people to do what you want, like in the example above...

So you don't agree that the amount of knowledge required to use windows/linux safely is too much for the average user to know?

Hmmm ... this argument over what end users need and needn't know sounds familiar. Here's the upshot.

No. Have the system on autoupdate and everything they need is common. fucking. sense.

Of course it is.. just explain to them everything about how to use an OS, what a firewall is, what an anti-virus program is, how to deal with spam, etc..

All when they just want to use Word and play Doom III.

If thats all they want, they dont need the email or the internet.

You know what I mean. Computers are still too complicated..

Computers are complicated.

And use Word and play Doom III they can. With just the default XP firewall and relevant patches installed (taken care of by autoupdate) I can almost guarantee you that their system will remain unhacked and unharmed unless they do something stupid to it.
See, they don't need to know what a firewall does, or how the OS works. They just need to use their heads just a tiny little bit. Just like it doesn't take a genius to figure out that it could be bad for your health if you swallowed the unmarked pills you just got from a homeless guy on your way to work it doesn't take a computer expert to figure out that blindly running a program you got from a complete stranger can be bad for your computer. Common sense, that's all there is to it.

[EDIT]
And to go back to the car analogy: how many people know how a fuel injection system works? How their ABS system works? What a distributor cap does? How to change their brake pads?
Yet somehow they manage to drive just fine...

That 'common sense' in computer terms is what is gained by experience and knowledge. Until now Windows hasn't really tried to inform people about firewalls and anti-virus software after it was installed.

So unless someone tells them too, or they read about it, they wouldn't know. Now if SP2 works properly then it's a step in the right direction.

Users are complicated. Not computers.

I think that the everyday person would be far too intimidated by the percieved complexity of the task to be expected to "use the OS safely". This implies a continuous process of keeping up to date that most people don't have time or expertise for. I mean you need a license to drive a car, you'd need one to own a computer too if some of your opinions are anything to go by, and IMO, vast numbers of potential users/customers would be lost if some kind of 'Drivers Test' was needed for computers. Far too scary for most everyday sorts who struggle to tune in a TV!!
I think a mixture of education, security of OS snd hardware enforcement would be a good start. Most of us could never fully check over our cars to make sure they are road safe, we need a professional check up (usually a legal requirement anyway) to make sure, most people stick in the key start it up and drive to where they want. Computers need to be the same if they are to used freely, instead of being the domain of the elite few as in the past. Also in my fantasy, the malicious,immature scum whose idea of fun is to expoit ignorance in such destructive ways would be persecuted with extreme prejudice!! RRRaaarrrgghhh!!

/me wipes froth from his mouth

Having Automated processes can help a great deal, but doesn't that leave the door open for exploits too?

the car analogy is good. They dont know what is going on while their car is running/driving. Similarily they dont know what is going on while their computer is on. Yet they still are tought how to be safe in the car... lets teach computer safety too.

Yeah.. we need to all sit down and publish 'The Rules of the Road' by the Allegro.cc Community.

..or maybe just a do and don't list.

Do
Install and use a Virus Scanner.
Install and use a Firewall.
Update Windows.

Use 'Open Source' applications for Free Ware tools over closed source alternatives. || Research applications before using them.

Don't
Execute objects with double extentions. Eg. Picture.jpg.exe
Download unknown or untrusted programs or files.
Use LookOut Express.

Add more as needed

Add then:

Do
Configure Windows Explorer so it shows file extensions always.

The main flaw in the car analogy is that you need a license to drive a car. You have to pass tests that say "oh you don't go through a red light," and whatnot. Sure, it's common sense, but they still make sure you know all that shit before you can actually go and use a car.

Similarly I can imagine them doing the same for a computer (or maybe just the internet), you have to pass a simple but mandatory test before you can actually go on the internet.

If you don't have that, you can't make a valid analogy.

Marcello

What kind of test should that be? Something like this?