Minetest logo

IRC log for #minetest-dev, 2015-03-09

| Channels | #minetest-dev index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
01:52 Zeno` joined #minetest-dev
02:16 Zeno` https://gist.github.com/Zeno-/1f17444cd99a0a769ee6
02:16 Zeno` ^^^ RE #2425
02:16 ShadowBot https://github.com/minetest/minetest/issues/2425 -- Minetest closes when double-clicking on the background of the main menu
02:17 est31 looks good
02:22 Zeno` will merge in 10
02:22 Zeno` two line change an PA has approved the idea (the code is two lines apart from the comment.. PR would be silly)
02:22 est31 why did the brace line change?
02:22 est31 dunno if you fixed or broke whitespace as it seems that you just copied that stuff from command line
02:23 Zeno` I removed a blank line
02:23 est31 and command line diff replaces tabs with spaces
02:23 Zeno` yeah I just copied from command line :)
02:25 Zeno` I'm not going apply the gist. I've already modified it in the .cpp file
02:25 Zeno` apply from the gist*
02:26 Zeno` I didn't disable it for Android as well because I suspect that /may/ be controversial and only one person has so far requested that
02:27 Zeno` for the non-Android builds there have probably been hundreds
02:27 est31 yes I agree for android it is a feature
02:27 est31 needed
02:27 est31 unfortunately
02:28 est31 because the back button doesn't work reliably
02:28 Zeno` correct
02:28 Zeno` but if the android controls are updated/corrected/modified it can probably be removed at some point in the future
02:28 Zeno` it's easy enough to do (obviously)
02:30 est31 Zeno`, do you know what nrzkt meant with inventory being slow? he sais he doesn't remember anymore, but perhaps you have made similar observations
02:30 Zeno` maybe the client/server inventory lag? no idea honestly
03:40 paramat2 joined #minetest-dev
03:40 paramat2 ooh i have yellow spot!
03:54 paramat2 minetest.generate_ores is acting over the mapchunk plus mapblock shell, therefore there is 4 to 8 times too much ore along the overlaps at mapchunk edges, i will try to fix by adding nmin, nmax parameters
03:55 Zeno` ladybugs sometimes have yellow spots
03:58 est31 you have too
04:00 paramat i'll do the same for generate_decorations too
04:03 paramat left #minetest-dev
04:40 Hunterz joined #minetest-dev
05:38 OldCoder joined #minetest-dev
06:35 Zeno` joined #minetest-dev
06:52 Hunterz joined #minetest-dev
07:48 gourytch joined #minetest-dev
07:54 srifqi joined #minetest-dev
08:06 leat joined #minetest-dev
08:17 est31 joined #minetest-dev
08:20 OldCoder joined #minetest-dev
08:56 kilbith joined #minetest-dev
09:06 prozacgod joined #minetest-dev
09:06 book` joined #minetest-dev
09:06 est31 joined #minetest-dev
09:21 FR^2 joined #minetest-dev
09:44 leat1 joined #minetest-dev
09:45 Dartmouth joined #minetest-dev
09:46 leat1 joined #minetest-dev
09:49 leat1 joined #minetest-dev
09:54 nrzkt joined #minetest-dev
10:08 ImQ009 joined #minetest-dev
10:14 selat joined #minetest-dev
10:35 SopaXorzTaker joined #minetest-dev
10:50 twoelk joined #minetest-dev
11:20 Calinou joined #minetest-dev
11:53 Zeno` joined #minetest-dev
12:16 Dartmouth joined #minetest-dev
12:40 est Zeno`, nrzkt other devs, I have this password manager:
12:40 est https://github.com/est31/minetest-pwm
12:41 est what about merging it into master?
12:41 est current features: you can edit a text file and set up the passwords manually, not entering any password automatically triggers the manager
12:42 est would that be ok for adding it?
12:43 est the files inside the mainmenu dir differ from master at perhaps 10 lines, not more
12:47 nrzkt hmmm... i don't know, i think having a cli can be useful
12:47 est cli?
12:48 nrzkt minetestctl changepassword nrz newpwd
12:48 nrzkt and this could use a socket to talk with minetest server and let it do it :)
12:49 est but until then a config file is enough?
12:50 nrzkt a config file for what ?
12:50 est for the passwords
12:50 est this is an example file https://gist.github.com/est31/6eae770cc8c9aaaabe07
12:51 nrzkt oh this is client side ?
12:51 est yes
12:51 srifqi joined #minetest-dev
12:53 nrzkt i think this was server side :)
13:09 est nrzkt, so what do you think
13:40 Ritchie joined #minetest-dev
13:41 nrzkt i don't agree with a password manager, but it's not because of the idea, but i disagree every password manager :). I only use keepass at work with a certificate and a strong password for my servers because i can't remember the hundreds of passwords :) (and keepass is on a dm-crypt disk with it's own password on a server too :p)
13:44 est no password manager leads to password reuse or weak passwords
13:45 est so you would agree with master password option?
13:51 nrzkt i think it's a good idea, it's used by mozilla and keepass. But i think this password must be used to encrypt your password file
14:43 kilbith joined #minetest-dev
14:43 MinetestForFun joined #minetest-dev
14:52 CraigyDavi joined #minetest-dev
15:37 SopaXorzTaker joined #minetest-dev
15:48 Warr1024 joined #minetest-dev
15:51 roniz joined #minetest-dev
15:52 SopaXorzTaker joined #minetest-dev
15:56 Dartmouth joined #minetest-dev
16:34 ImQ009 joined #minetest-dev
16:40 VanessaE est: I don't see where the password being stored is being hashed/encrypted first?
16:43 est ok, as it seems its not ready for the great public
16:43 est I guess you are right it should be encrypted
16:44 est I don't think that hashing passwords has a large benefit, but I gess at least some.
16:48 VanessaE it's easy enough to do I guess
16:48 VanessaE there are API functions to generate password hashes
16:48 VanessaE https://github.com/minetest/minetes​t/blob/master/doc/lua_api.txt#L1812
16:48 est meh not the api I can use
16:48 est mainmenu has extra api
16:48 VanessaE the question is whether you can pass the hash back to the engine.
16:49 est yup that will be needed to be done too
16:49 VanessaE you sure about that?
16:49 est abouzt what?
16:49 est extra api?
16:49 est I wrote two functions for that api
16:49 VanessaE about that specific function not being available in the menu context
16:49 est (very trivial ones though)
16:50 est oh
16:50 est even if, it isn't the way you should use it
16:51 est you should only use it with newly generated secure long random passwords
16:51 est and for those, there is no difference in security if you store the hashes or the passwords itself
16:52 est but should be documented probably
16:52 est and yes encrypting them should be done too.
16:52 est so master password
16:53 VanessaE well that's like saying there's no difference between /etc/shadow storing passwords in their hashed form versus plaintext... :P
16:53 nrzkt encrypt them. Hash them is useless if the minetest binary can read the password cleartext.
16:53 est thats something else
16:54 VanessaE when I say "hashed" in this context I do mean to imply "encrypted", though I'm aware minetest's hashing function is considered particularly weak
16:54 est passwords should be stored hashed *server side* not client side
16:54 VanessaE ShadowNinja has a proposal somewhere in the issues list to improve that
16:54 est yes
16:54 nrzkt it's not same.
16:54 est I commented already on it
16:55 est but its not the same as a password manager
16:55 VanessaE why not store the obfuscated version client-side?  you already have to send that version across the network in order to authenticate.
16:55 nrzkt and hash store client or server side is game. Because network protocol isn't encrypted MITM permit to get the password and copy the hashed version and send it to server via a special crafted client.
16:55 nrzkt storing clear text and hashed version doesn't change anything.
16:56 nrzkt we need an encrypted master password over it. Don't trust the client, and don't trust the protocol. The current protocol can be spoofed by a special crafted client and you can send hashed password directly if you want :)
16:56 est VanessaE, yes you can do that, in fact its just a random bunch of numbers, nobody would notice anything if you sent that instead of hashing it first
16:56 VanessaE the point of storing it hashed/encrypted versus clear is just to keep it from being leaked out in case of a hack.  game or not, treat all passwords as if they're important.
16:57 est client must be trusted
16:57 est at least by person connecting
16:57 est I agree you shouldnt trust it as server
16:58 est but probably you mean something else
16:58 nrzkt the only way to secure storage of the password is to use an encrypted form for your file with a password or a private key
16:59 nrzkt and store the private key on a secure device (like a card or an USB stick). Then encryption with master password seems more reasonable :)
16:59 est yes perhaps I will add that
16:59 est not the storing part
16:59 est but a master password
16:59 nrzkt i also think this password manager could be integrated into client
16:59 est with a gui?
16:59 nrzkt master password without encrypting the password file is useless.
16:59 est yes of course
17:00 nrzkt you can do like firefox
17:00 Calinou joined #minetest-dev
17:00 VanessaE having a master password is fine for geeks but I guaran-damn-tee you that average users will NOT want that.
17:00 nrzkt if you use a master password the password database become encrypted with master passwrd :)
17:00 est yes
17:00 VanessaE better to use a key pair or something else that the user does not ever have to touch
17:00 nrzkt users are free. if they doesn't tick the case in options they doesn't have the master password.
17:01 est VanessaE, just what I also think. public key authentication.
17:01 nrzkt key pair is stupid, because many windows users doesn't store their files securely, and it's a pain to use :)
17:01 Dartmouth_ joined #minetest-dev
17:01 VanessaE we don't cvare what windows users typically do with their files.
17:01 VanessaE care*
17:01 nrzkt public key auth = having the certificate on a separated device. Who will do that for a game, seriously ?
17:01 VanessaE we care about USABILITY of the game
17:01 nrzkt public key is less user friendly than master password.
17:01 VanessaE asking the user for a master password just to unlock their password manager is not gonna fly.
17:02 est and entering passwords on every login is just bad
17:02 nrzkt master password => autocompleting password when connecting to server.
17:02 VanessaE no.
17:02 est public key => nothing autocompleting at all needed, just works
17:02 nrzkt lol
17:02 VanessaE users will just use THAT password for *everything* then
17:02 est yes
17:02 VanessaE come on nrzkt, think like an average idiot user here
17:02 nrzkt most of MT users already do that in fact
17:02 est even I did that in past
17:02 VanessaE users are stupid
17:03 nrzkt and adding this feature is stupid then, because users will not use it :D
17:03 VanessaE no offense if any of them arte reading this log
17:03 VanessaE are*
17:03 Warr1024 pubkey isn't really worse than master password, if you just derive an ECDSA key from a password.
17:03 VanessaE but they just are not educated at all when it comes to password management, and even those of us who ARE educated get really fucking tired of entering passwords ALL.  THE.  TIME.
17:04 est thats why I wrote the password manager
17:04 nrzkt VanessaE you contradict yourself
17:04 Warr1024 one master password is better than a bunch of little passwords, at least...
17:04 VanessaE why?
17:04 nrzkt because you are saying users must use a public key authentication and you say users are stupid.
17:04 nrzkt password is known by every user. Public key not, and public key security not.
17:04 VanessaE nrzkt: yeah, and where did I say the user had to be AWARE of such auth being used at all?
17:05 nrzkt a public key without a password is... stupid.
17:05 VanessaE do you review every cert that comes between you and https: websites you visit?
17:05 nrzkt ...
17:05 VanessaE well, do you?
17:05 est ok, I propose compromise: public keys with optional additional master password to unlock the keys
17:05 VanessaE Warr1024: it is, but it's still a password.  don't ask the user to enter a password at all, otherwise the password manager totally loses its meaning.
17:05 nrzkt my browser maintener do it or me for my own websites which are not using a "public and secure god ca.crt"
17:06 VanessaE nrzkt: G*d damn it, answer the question YES OR NO.
17:06 nrzkt VanessaE, if i steal your private key i can destroy all your servers because you don't add a password on it ? Great :D
17:06 nrzkt VanessaE please be polite.
17:06 VanessaE I am trying to be polite but you're pissing me off by side-stepping my questions
17:06 est VanessaE, no master password has still advantage to only have to remember one password
17:06 nrzkt you are so agressive.
17:07 est but dont require people to set one
17:07 nrzkt then i must take my train, see you.
17:07 VanessaE nothing pisses me off more than people who won't give me a straight answer.
17:07 est I must go too bbyee
17:07 est (not because of VanessaE being a bit bad tempered)
17:07 est its 18:00 here
17:07 VanessaE *headdesk*
17:09 VanessaE I'll say it for the logs:  think of the G*d damned users, not the geeks.  Of course people like US will use a master password, but THE USERS DON'T WANT THAT.  Jesus fucking christ in a basket.
17:11 sfan5 are we treating a game like a banking applications that needs military-grade secured passwords again?
17:11 VanessaE apparently so.
17:13 * VanessaE calms down
17:16 ekem i dont mind entering passwordds
17:16 ekem the alternative is biometrics
17:16 ekem nothx
17:19 ElectronLibre joined #minetest-dev
17:19 VanessaE it would have been pretty simple to just base the private key on the user's hardware or something like some commercial apps do.  Offer to store a plaintext version somewhere accessible in case of changes that invalidate the key.
17:19 VanessaE (then it's up to the user to make sure "somewhere accessible" is somewhere secure like a thumb drive or a printout, or whatever works for them)
17:22 Krock joined #minetest-dev
17:42 kilbith joined #minetest-dev
17:42 PilzAdam joined #minetest-dev
17:43 est31 joined #minetest-dev
17:43 neoascetic joined #minetest-dev
17:48 Warr1024 VanessaE: probably the simplest thing to do is let the user choose if they want to have a master password or not, i.e. basically just allow it to be blank, I guess.
17:48 VanessaE right
17:49 VanessaE but offering to store the plaintext copy somewhere that the user can move to a safe place is also a good idea
17:49 neoascetic Hi. What RUN_IN_PLACE flag supposed to do? Am I right saying it supposed to tell compiler to create standalone bundle with all dependencies included in the bundle and all stuff (saves, worlds, etc) should lie in that bundle?
17:49 VanessaE I could, for example, copy said plaintext into my regular password file (which is also encrypted) as a backup.
17:50 Warr1024 Personally, I consider ~/.minetest/ to be a safe place to store my own server passwords.  If someone breaks in to that account, my minetest servers passwords will probably be the least of my concerns.
17:50 VanessaE neoascetic: not quite a standalone bundle - it means you can move the whole Minetest directory to pretty much wherever you want on the machine (including to a thumbdrive)
17:50 VanessaE but deps are not static
17:50 VanessaE worlds and mods and so forth are kept in there, though
17:52 Warr1024 Personally, I compile RUN_IN_PLACE=1, setup ~/.minetest/ with a bunch of symlinks for the non-code content, and store my worlds and bin/* in the there to keep my source tree clean.
17:52 neoascetic i. e. all paths are relative and not absolute?
17:52 Calinou RUN_IN_PLACE should be used to make portable builds
17:52 Calinou else, don't set it (defaults to 0 on GNU/Linux, 1 on Windows)
17:52 Warr1024 neoascetic: run_in_place means it uses relative paths like ../textures instead of /usr/share/whatever-is-appropri​ate-for-your-platform/textures.
17:52 neoascetic Is portable mean with all the dependencies included?
17:53 Calinou nope
17:53 VanessaE no, dependencies are not included.
17:53 Calinou it just means all paths are included in the game folder
17:53 neoascetic https://github.com/minetest/minetest​/blob/master/src/CMakeLists.txt#L707
17:53 Calinou Warr1024, you don't have to use “make install” to play a non-run-in-place build
17:54 neoascetic Warr1024 I guess relative path are always more flexible than static, why not use them always then?
17:54 Warr1024 neoascetic: I always do, myself, but for me it's just a matter of personal style.
17:55 Warr1024 of course, I never install the thing system-wide (I don't want to have to sudo to do that every time I build) but for some people, system-wide is preferrable.
17:55 Warr1024 also, package maintainers...
17:56 Warr1024 does anyone know how inventory images (esp. inventorycube images) are stretched when rendering formspec inventories?
17:56 neoascetic Ok, so RUN_IN_PLACE is always true for windows. Why this is so?
17:56 Warr1024 I see a draw2DImage call that seems to only specify a position, not a destination size, but the images are definitely stretched on my screen.
17:56 Warr1024 neoascetic: I don't think Windows has a consistent sense of /usr/local.  I guess you could try Program Files or ProgramData or whatever, but that might be more complex than devs are willing to mess with.
17:57 Warr1024 neoascetic: as I understand it, Windows is not a popular platform among devs, so it doesn't get a lot of detailed attention beyond keeping it building and running.
17:58 neoascetic I think running is enough, that's why RUN_IN_PLACE is always preffered
18:00 Warr1024 speaking of Windows, does anyone produce nightlies or something for it?
18:00 sfan5 yes
18:00 sfan5 there is a forum section for minetest builds
18:01 Krock Warr1024, don't worry. I blame the devs when there's a compiling error
18:01 Warr1024 ooh, thanks
18:01 Player_2 joined #minetest-dev
18:02 Warr1024 VanessaE: I managed to find the place in the formspec code where images are drawn and intercept it, so I might be able to get your formspec image interpolation stuff working.
18:03 Warr1024 VanessaE: unfortunately, the best way for me to test is the inventorycube images, which appear to use a different code place, and I haven't figured those out yet.
18:03 VanessaE oh good (first part)
18:04 Warr1024 I see where inventorycubes are rendered, and it seems they're always rendered to a raw source image at 20% of the screen size, from what I can tell.
18:04 Warr1024 but in the place where I think inventory grids are drawn (gui tables?) it doesn't look like any stretching is happening there, so I must have missed something...
18:10 compunerd joined #minetest-dev
18:20 Miner_48er joined #minetest-dev
18:26 nrzkt joined #minetest-dev
18:27 Warr1024 wait, looks like it's actually hard-coded to 64x64
18:28 nrzkt VanessaE, having an alternate solution for advised users is good, right. But don't forget we are a game, not a NSA server on which we must connect to spy hackers :D
18:39 ImQ009 joined #minetest-dev
18:43 roniz joined #minetest-dev
18:55 ElectronLibre joined #minetest-dev
19:05 Ritchie joined #minetest-dev
19:15 Ritchie joined #minetest-dev
19:22 Ritchie joined #minetest-dev
19:33 Hunterz joined #minetest-dev
19:39 roniz joined #minetest-dev
19:46 roniz_ joined #minetest-dev
20:10 roniz joined #minetest-dev
20:12 roniz_ joined #minetest-dev
20:16 roniz__ joined #minetest-dev
20:23 roniz_ joined #minetest-dev
20:31 proller joined #minetest-dev
20:41 Robert_Zenz joined #minetest-dev
20:50 proller joined #minetest-dev
21:26 ImQ009 joined #minetest-dev
21:26 ElectronLibre left #minetest-dev
21:36 neoascetic joined #minetest-dev
21:37 neoascetic hey! what do you think on idea of publishing result of travis build? to try them out without need to compile/etc?
21:49 Warr1024 joined #minetest-dev
22:13 cheapie joined #minetest-dev
22:32 cheapie joined #minetest-dev
22:35 Taoki joined #minetest-dev
22:40 MinetestForFun joined #minetest-dev
22:43 twoelk|2 joined #minetest-dev
22:46 cheapie Has there been any progress lately on that bug where players get randomly deleted if there are a lot of entities in the area?
22:46 cheapie VanessaE is still having problems with it on her creative server.
23:03 Warr1024 ah, it's building...
23:04 Warr1024 can't wait to start it up and see it crash...
23:05 Warr1024 wow, didn't crash.  Didn't look right, but didn't crash :-)
23:16 Miner_48er joined #minetest-dev
23:25 Wayward_One joined #minetest-dev
23:27 Warr1024 VanessaE: I'm making progress on #2419
23:27 ShadowBot https://github.com/minetest/minetest/issues/2419 -- Formspec images scale badly
23:30 VanessaE Warr1024: good deal
23:33 Warr1024 one of these days I need to figure out how to best setup incremental builds.
23:33 Warr1024 one little 1-char typo and I have to recompile everything
23:36 VanessaE cheapie: my creative server is being overrun with those ghost/fake entities, /clearobjects doesn't remove them, I have nothing left to try.   the map is almost a total loss at this point unless someone fixes this fucking bug.
23:39 VanessaE over 37'000 such errors today alone.
23:40 Warr1024 the good news is that the scaling filters look good.  The bad news is that I have yet to figure out caching correctly, and they seem to be inverted in some cases...
23:40 VanessaE usually on the same blocks, over and over - and the engine never actually deletes the entities it thinks it's finding - the counts stay the same or even rise over time, for a given block.
23:40 VanessaE Warr1024: interesting thing about the "invert" issue is that that's happened before for some people
23:40 VanessaE especially on Android
23:41 ShadowNinja Warr1024: Already done.  But if you modify a header file that a lot of things depend on they all have to be rebuilt.
23:42 Warr1024 ShadowNinja: yeah, I just have to setup MY build scripts that wrap MT's to do it.
23:42 Warr1024 I sync the repo into a sandbox so I can build without having to keep doing cleans and stuff
23:42 Warr1024 and it's more reliable starting from fully-clean each time
23:43 Warr1024 VanessaE: it seems to happen for me when the image is an odd number of pixels in size.
23:43 VanessaE Warr1024: ah.  well easy enough to detect I guess :)
23:43 Warr1024 VanessaE: but then again, I don't yet properly support mirror/flip mapping correctly in the filter I wrote.
23:44 ShadowNinja Warr1024: So, you want everything to be rebuilt without waiting for it to all rebuild?
23:44 ShadowNinja I don't see why you'd want that though, CMake werks well.
23:45 Warr1024 ShadowNinja: not exactly.  Normally, when I pull from upstream, I want fully clean builds.  When I'm just tweaking a file and retrying a build, then I want to do incrementals.
23:46 Warr1024 well, I setup an alternative wrapper that does a bit less wrapping, so I'll see how that goes...
23:46 ShadowNinja Warr1024: Then `make clean && make distclean`.  But why?
23:46 ShadowNinja CMake can handle the pull.
23:46 ShadowNinja Even if CMakeLists.txt is changed.
23:46 Warr1024 ShadowNinja: better to have never made dirty in the first place; sync src tree to a ramdrive, build it there, then sync back just the bins.

| Channels | #minetest-dev index | Today | | Google Search | Plaintext