Just: cvs update && make World && sudo make install
Patched, Fixed, Done.
If you RTFA, you'll even see that the very person to report that WINE was flawed the same as Windows submitted a patch to fix the problem along with his notice that it was broken.
THAT is how fast OSS is. The very vulnerability announcement says how to fix it.
Revision 1.12 / (download) - [select for diffs], Fri Jan 6 20:52:46 2006 UTC (111 minutes, 55 seconds ago) by julliard Branch: MAIN CVS Tags: HEAD Changes since 1.11: +7 -0 lines Diff to previous 1.11 (colored)
Marcus Meissner gdi: Filter GETSCALINGFACTOR and SETABORTDOC proc in metafile Escapes.
Which changed wine/dlls/gdi/metafile.c from:
case META_ESCAPE:
Escape(hdc, mr->rdParm[0], mr->rdParm[1], (LPCSTR)&mr->rdParm[2], NULL);
break;
To:
case META_ESCAPE:
switch (mr->rdParm[0]) {
case GETSCALINGFACTOR:/* get function... would just NULL dereference */
return FALSE;
case SETABORTPROC:
FIXME("Filtering Escape(SETABORTPROC), possible virus?\n");
return FALSE;
}
Escape(hdc, mr->rdParm[0], mr->rdParm[1], (LPCSTR)&mr->rdParm[2], NULL);
break;
Why not just auto-scramble the DLL code on the fly for every installation of the Windows OS?
Because adding NOOPs will not change the behavior of the functions. Especially case in point, it would not have blocked this security hole. Nor would it really block any security hole.
Exploits just attempt the exploitable behavior and if it works, then it works, if it doesn't then the exploit fails, but who cares? and it continues on.
The problem with buffer overflows is the regularized position and size of the STACK and FUNCTION HEADER, this has absolutely nothing to do with the code itself. One could easily design a random-like stack adjustment that would protect from buffer overflows while still having the code remain exactly the same on every computer.
I believe this proves the point that a turing-complete system can be built entirely from NAND.
Thanks.
Again... someone much smarter than me has now resolved and proved the "NAND is Turing-complete" or more accurately "With NAND alone, one can build a Turing-complete machine".
Read the first line, it is a fairly good explaination of turing complete. It is also entirely inconsistent with adding a proviso about anything including arithmetic.
Dude, this was the first thing that I opened up when you challenged me. No, there is not a completion of arithmetic required for Turing completeness, but it should be apparent that all arithmetic can be calculated by a Turing-complete machine.
I would dearly love to see some justification other than "Someone smarter than me once told me".
I don't have any justification other than this. He told me it were Turing complete, and I found that one could build the entirety of arithmetic based upon only NAND. At the time I was in my first years of CS, and didn't understand what Turing-complete meant. Obviously, when I was typing my original comment it occured to me that NAND alone had no flow control at all, and thus were not Turing complete, which is why I added the element saying within Arithmetic.
I'm not giving "I heard it from someone smarter than I" as a justification of my proof. I'm giving it as a reason for my misunderstanding.
You still have not however managed to address my statement that all modern OSes are functionally non-Turing-complete. You simply continue on your argument that I do not understand what I'm talking about, which is not the case. I do understand what I'm talking about, but at the same time I'm attempting to reconcile previously available information that I had trusted with information that now contradicts what I now know and understand.
Again, I'm not confused about what Turing completeness is, I was confused because someone smarter than I, who I trusted, had labeled "NAND" as Turing-complete to me.
Whatever it happens to be that you mean when you say "Nand is Turing complete" it makes no sense when you actually typed it.
I was told that NAND is Turing-complete by someone smarter than I. I realized that NAND itself has no program flow, thus it can't be turing complete all by itself.
"turing-complete (for arithmetic)." makes no sense at all. WTF?
This means that it satisfies everything you need for arithmetic. Using this, one can build any mathematical system out of NAND.
Someone failed CS 315.
Not all universities have the same CS classes. As such, I never took a CS 315 (my University never offered one) and in any case, I've never failed a CS course. I took one class that I got a D in, which I had to repeat simply for failure to do the homework. The next semester the class had programming assignments, and I aced the course.
You can have loops as long as they have constant maximum bounds.
TECHNICALLY, this applies to every computer ever built. But we're not getting that picky. We're assuming that there are no artificial bounds which when allowed to expand to infinity they would then allow for Turing completeness.
So, just by saying that you're writing a programming language where no individual loop will repeat more than 10 times does not make it Turing-incomplete. Because this artificial boundary could be raised to infinity, and the system would become Turing-complete.
So either you accept the fact that all modern OSes are written in Turing incomplete languages, or you accept that an artificial boundary cannot be established as the deciding factor of the Turing-incompleteness.
Well, it couldn't be able to construct the NAND of two elements, as NAND is turing-complete (for arithmetic).
After that you need control structures. If you were to not allow control structures, I think it would be very hard to make an OS. (Unless it's one of them "Hello World" OSes, that then crash and reboot.)
I'd say it's impossible to write an OS in a non-turing complete language.
You must be new here... The way Slashdot articles are posted, it could have been "will" when it was submitted, then turned to "did" in the meantime before it was posted.
Please contact me if you have seen this multi-language forum someplace.
Not with any automatic translation. Although, I frequented alt.lang.conlang a while back. Usually posts would be in English and an alternate language. Most often, posts were made in English+Esperanto, although the second choice alternated occationally between Esperanto and Interlingua.
I do recall distinctly that there was a chinese person who would enter his text three times, English+Esperanto+Chinese. I actually found it quite helpful since his Esperanto was much better than his English, and it was so much easier to understand him.
I was actually witness to a person getting run over in a pedestrian walk way.
This was near/on the New Mexico State University campus (University Blvd), and I was crossing the street illegally in the middle of the road. I heard the audible crosswalk signal (for the deaf) that indicated that the nearest crosswalk was allowing pedestrians to cross. This is a good cue to a jay-walker that traffic is likely not coming from that direction.
After a quick glance to ensure that no traffic was coming, I began crossing, and heard a "thump" noise. I figured someone had had a tire go flat, and looking over someone who had made a right-hand turn was pulling to the side of the road. Then I got to the center of the road, and I heard a wimpering. And I thought, "Oh shit".
Later a few other people got hit in pedestrian walk ways, and the University got on a big "jay-walking bad" rant (if you've been to College, you know how Unis can do this. They get some topic, and everyone jumps on the bandwagon, and argues for/against some stupid thing that happened months ago) And I could hardly understand how people getting hit in cross-walks related to jay-walking. I mean, if anything, it indicated that jay-walking was SAFER, because there were far fewer jay-walker strikes than cross-walk strikes.
Registering a copyright is easy. You print off 50 pages (the first 25 pages, then the last 25 pages) or the whole work if less than 50 pages, then you fill out this simple little form, you write a check for $30~$60 (forgot exact number, the LoC has this information though on hand with the copyright registration information).
You then take it down to your local post office and mail it off registered mail. After a while, you receive a notice of receipt, and this is the date that your copyright will be active from. Then you wait, eventually they send you back a nifty piece of paper that says you now own a registered copyright, it has a raised seal on it, and a photocopy of the identifying parts of the form you sent in.
BOOM! Registered Copyright. It was really easy when I did it, and now, I have a registered copyright for my contributions to PearPC.
I'm refering to the various fossilized remains that have been variously found in Africa, which show a line of possible descent, which developed in Africa.
Hm... that's quite interesting. It could definitely account for the issue that technology seemed to just spontaneously develop all around the world at almost the same time.
You'd think that, but apparently Russians and Germans (probably others as well), still managed to do exactly that. I've heard it myself, so I'm not making it up
Perhaps you're not hearing what you're expecting, and thus hearing them swapping them. This happens with Japanese with English-speaking listeners. The listeners usually hear "l" when they expect "r", and "r" when they expect "l", but in fact, the Japanese are saying neither. They're using the Japanese "r" for both. But since we're attempting to distinguish difference between phomenes to distinguish each of them, the English-speaking listener will usually hear both "l" and "r" as the other one.
Honestly, I've never heard a German use the/w/ sound at all.
Slashdot Mirror
The code is definitely not from Microsoft.
DEFINITELY not from Microsoft.
Just: cvs update && make World && sudo make install
Patched, Fixed, Done.
If you RTFA, you'll even see that the very person to report that WINE was flawed the same as Windows submitted a patch to fix the problem along with his notice that it was broken.
THAT is how fast OSS is. The very vulnerability announcement says how to fix it.
The WINE libraries don't even include an equivalent of the DLL that causes the problem for Microsoft.
http://cvs.winehq.org/cvsweb/wine/dlls/gdi/
WTF are you talking about?
Which changed wine/dlls/gdi/metafile.c from:To:This is first day response.
10:40 Outside, a guy talking into his phone: "Well Steve Jobs is a fucking Jedi Master of this shit compared to these other clowns."
Why not just auto-scramble the DLL code on the fly for every installation of the Windows OS?
Because adding NOOPs will not change the behavior of the functions. Especially case in point, it would not have blocked this security hole. Nor would it really block any security hole.
Exploits just attempt the exploitable behavior and if it works, then it works, if it doesn't then the exploit fails, but who cares? and it continues on.
The problem with buffer overflows is the regularized position and size of the STACK and FUNCTION HEADER, this has absolutely nothing to do with the code itself. One could easily design a random-like stack adjustment that would protect from buffer overflows while still having the code remain exactly the same on every computer.
I believe this proves the point that a turing-complete system can be built entirely from NAND.
Thanks.
Again... someone much smarter than me has now resolved and proved the "NAND is Turing-complete" or more accurately "With NAND alone, one can build a Turing-complete machine".
I am pretty sure those are for the blind.
God damn it... *smacks his forehead* why didn't I think of that?
Thanks, the stupid things we miss sometimes...
http://en.wikipedia.org/wiki/Turing_complete
Read the first line, it is a fairly good explaination of turing complete. It is also entirely inconsistent with adding a proviso about anything including arithmetic.
Dude, this was the first thing that I opened up when you challenged me. No, there is not a completion of arithmetic required for Turing completeness, but it should be apparent that all arithmetic can be calculated by a Turing-complete machine.
I would dearly love to see some justification other than "Someone smarter than me once told me".
I don't have any justification other than this. He told me it were Turing complete, and I found that one could build the entirety of arithmetic based upon only NAND. At the time I was in my first years of CS, and didn't understand what Turing-complete meant. Obviously, when I was typing my original comment it occured to me that NAND alone had no flow control at all, and thus were not Turing complete, which is why I added the element saying within Arithmetic.
I'm not giving "I heard it from someone smarter than I" as a justification of my proof. I'm giving it as a reason for my misunderstanding.
You still have not however managed to address my statement that all modern OSes are functionally non-Turing-complete. You simply continue on your argument that I do not understand what I'm talking about, which is not the case. I do understand what I'm talking about, but at the same time I'm attempting to reconcile previously available information that I had trusted with information that now contradicts what I now know and understand.
Again, I'm not confused about what Turing completeness is, I was confused because someone smarter than I, who I trusted, had labeled "NAND" as Turing-complete to me.
Whatever it happens to be that you mean when you say "Nand is Turing complete" it makes no sense when you actually typed it.
I was told that NAND is Turing-complete by someone smarter than I. I realized that NAND itself has no program flow, thus it can't be turing complete all by itself.
"turing-complete (for arithmetic)." makes no sense at all. WTF?
This means that it satisfies everything you need for arithmetic. Using this, one can build any mathematical system out of NAND.
Someone failed CS 315.
Not all universities have the same CS classes. As such, I never took a CS 315 (my University never offered one) and in any case, I've never failed a CS course. I took one class that I got a D in, which I had to repeat simply for failure to do the homework. The next semester the class had programming assignments, and I aced the course.
You can have loops as long as they have constant maximum bounds.
TECHNICALLY, this applies to every computer ever built. But we're not getting that picky. We're assuming that there are no artificial bounds which when allowed to expand to infinity they would then allow for Turing completeness.
So, just by saying that you're writing a programming language where no individual loop will repeat more than 10 times does not make it Turing-incomplete. Because this artificial boundary could be raised to infinity, and the system would become Turing-complete.
So either you accept the fact that all modern OSes are written in Turing incomplete languages, or you accept that an artificial boundary cannot be established as the deciding factor of the Turing-incompleteness.
Well, it couldn't be able to construct the NAND of two elements, as NAND is turing-complete (for arithmetic).
After that you need control structures. If you were to not allow control structures, I think it would be very hard to make an OS. (Unless it's one of them "Hello World" OSes, that then crash and reboot.)
I'd say it's impossible to write an OS in a non-turing complete language.
You just have to be l33t enough.
HAHAHA... yeah right...
You misspelt misspelt.
;)
;)
Damn, you jsut know being a prick never works, because someone out there somewhere can be a better prick back.
I dictate that I were speaking in Krach42 dialect, which allows for the spelling "misspellt", along with "definately".
You must be new here... The way Slashdot articles are posted, it could have been "will" when it was submitted, then turned to "did" in the meantime before it was posted.
d prob i c w dis sys: d msgs typd n2 yahoo msngr rnt typd n englihs, nyway. dey usu lok mch mre lk dis, an evn ppl av a hrd tym readn em.
You misspellt "neway"
Please contact me if you have seen this multi-language forum someplace.
Not with any automatic translation. Although, I frequented alt.lang.conlang a while back. Usually posts would be in English and an alternate language. Most often, posts were made in English+Esperanto, although the second choice alternated occationally between Esperanto and Interlingua.
I do recall distinctly that there was a chinese person who would enter his text three times, English+Esperanto+Chinese. I actually found it quite helpful since his Esperanto was much better than his English, and it was so much easier to understand him.
*ahem* Also Central Americans, and some North Americans.
My favorite machine translation fun was a response I got from some friends who had autotranslated a phrase to German for me. I get the email:
"Ich werde eine Kappe in deinem Esel kaputt machen."
I turned to them and asked what the hell: "I will break a hat in your donkey." meant.
They laughed, and said they had fed it "I will bust a cap in your ass."
I was actually witness to a person getting run over in a pedestrian walk way.
This was near/on the New Mexico State University campus (University Blvd), and I was crossing the street illegally in the middle of the road. I heard the audible crosswalk signal (for the deaf) that indicated that the nearest crosswalk was allowing pedestrians to cross. This is a good cue to a jay-walker that traffic is likely not coming from that direction.
After a quick glance to ensure that no traffic was coming, I began crossing, and heard a "thump" noise. I figured someone had had a tire go flat, and looking over someone who had made a right-hand turn was pulling to the side of the road. Then I got to the center of the road, and I heard a wimpering. And I thought, "Oh shit".
Later a few other people got hit in pedestrian walk ways, and the University got on a big "jay-walking bad" rant (if you've been to College, you know how Unis can do this. They get some topic, and everyone jumps on the bandwagon, and argues for/against some stupid thing that happened months ago) And I could hardly understand how people getting hit in cross-walks related to jay-walking. I mean, if anything, it indicated that jay-walking was SAFER, because there were far fewer jay-walker strikes than cross-walk strikes.
And lo God said: "Light light = new Light();" and lo there was light!
Not really because it is... it'd just be funny...
(please don't actually do so... then people won't see it)
Registering a copyright is easy. You print off 50 pages (the first 25 pages, then the last 25 pages) or the whole work if less than 50 pages, then you fill out this simple little form, you write a check for $30~$60 (forgot exact number, the LoC has this information though on hand with the copyright registration information).
You then take it down to your local post office and mail it off registered mail. After a while, you receive a notice of receipt, and this is the date that your copyright will be active from. Then you wait, eventually they send you back a nifty piece of paper that says you now own a registered copyright, it has a raised seal on it, and a photocopy of the identifying parts of the form you sent in.
BOOM! Registered Copyright. It was really easy when I did it, and now, I have a registered copyright for my contributions to PearPC.
Where are all the data?
I'm refering to the various fossilized remains that have been variously found in Africa, which show a line of possible descent, which developed in Africa.
Some people may not consider it "tons" but I do.
Hm... that's quite interesting. It could definitely account for the issue that technology seemed to just spontaneously develop all around the world at almost the same time.
Very intriging...
You'd think that, but apparently Russians and Germans (probably others as well), still managed to do exactly that. I've heard it myself, so I'm not making it up
/w/ phomene.
/w/ sound at all.
Germans don't have the
http://www.omniglot.com/writing/cyrillic.htm
Neither does Russian.
Perhaps you're not hearing what you're expecting, and thus hearing them swapping them. This happens with Japanese with English-speaking listeners. The listeners usually hear "l" when they expect "r", and "r" when they expect "l", but in fact, the Japanese are saying neither. They're using the Japanese "r" for both. But since we're attempting to distinguish difference between phomenes to distinguish each of them, the English-speaking listener will usually hear both "l" and "r" as the other one.
Honestly, I've never heard a German use the