Time Nick Message 02:16 Zeno` https://gist.github.com/Zeno-/1f17444cd99a0a769ee6 02:16 Zeno` ^^^ RE #2425 02:16 ShadowBot https://github.com/minetest/minetest/issues/2425 -- Minetest closes when double-clicking on the background of the main menu 02:17 est31 looks good 02:22 Zeno` will merge in 10 02:22 Zeno` two line change an PA has approved the idea (the code is two lines apart from the comment.. PR would be silly) 02:22 est31 why did the brace line change? 02:22 est31 dunno if you fixed or broke whitespace as it seems that you just copied that stuff from command line 02:23 Zeno` I removed a blank line 02:23 est31 and command line diff replaces tabs with spaces 02:23 Zeno` yeah I just copied from command line :) 02:25 Zeno` I'm not going apply the gist. I've already modified it in the .cpp file 02:25 Zeno` apply from the gist* 02:26 Zeno` I didn't disable it for Android as well because I suspect that /may/ be controversial and only one person has so far requested that 02:27 Zeno` for the non-Android builds there have probably been hundreds 02:27 est31 yes I agree for android it is a feature 02:27 est31 needed 02:27 est31 unfortunately 02:28 est31 because the back button doesn't work reliably 02:28 Zeno` correct 02:28 Zeno` but if the android controls are updated/corrected/modified it can probably be removed at some point in the future 02:28 Zeno` it's easy enough to do (obviously) 02:30 est31 Zeno`, do you know what nrzkt meant with inventory being slow? he sais he doesn't remember anymore, but perhaps you have made similar observations 02:30 Zeno` maybe the client/server inventory lag? no idea honestly 03:40 paramat2 ooh i have yellow spot! 03:54 paramat2 minetest.generate_ores is acting over the mapchunk plus mapblock shell, therefore there is 4 to 8 times too much ore along the overlaps at mapchunk edges, i will try to fix by adding nmin, nmax parameters 03:55 Zeno` ladybugs sometimes have yellow spots 03:58 est31 you have too 04:00 paramat i'll do the same for generate_decorations too 12:40 est Zeno`, nrzkt other devs, I have this password manager: 12:40 est https://github.com/est31/minetest-pwm 12:41 est what about merging it into master? 12:41 est current features: you can edit a text file and set up the passwords manually, not entering any password automatically triggers the manager 12:42 est would that be ok for adding it? 12:43 est the files inside the mainmenu dir differ from master at perhaps 10 lines, not more 12:47 nrzkt hmmm... i don't know, i think having a cli can be useful 12:47 est cli? 12:48 nrzkt minetestctl changepassword nrz newpwd 12:48 nrzkt and this could use a socket to talk with minetest server and let it do it :) 12:49 est but until then a config file is enough? 12:50 nrzkt a config file for what ? 12:50 est for the passwords 12:50 est this is an example file https://gist.github.com/est31/6eae770cc8c9aaaabe07 12:51 nrzkt oh this is client side ? 12:51 est yes 12:53 nrzkt i think this was server side :) 13:09 est nrzkt, so what do you think 13:41 nrzkt i don't agree with a password manager, but it's not because of the idea, but i disagree every password manager :). I only use keepass at work with a certificate and a strong password for my servers because i can't remember the hundreds of passwords :) (and keepass is on a dm-crypt disk with it's own password on a server too :p) 13:44 est no password manager leads to password reuse or weak passwords 13:45 est so you would agree with master password option? 13:51 nrzkt i think it's a good idea, it's used by mozilla and keepass. But i think this password must be used to encrypt your password file 16:40 VanessaE est: I don't see where the password being stored is being hashed/encrypted first? 16:43 est ok, as it seems its not ready for the great public 16:43 est I guess you are right it should be encrypted 16:44 est I don't think that hashing passwords has a large benefit, but I gess at least some. 16:48 VanessaE it's easy enough to do I guess 16:48 VanessaE there are API functions to generate password hashes 16:48 VanessaE https://github.com/minetest/minetest/blob/master/doc/lua_api.txt#L1812 16:48 est meh not the api I can use 16:48 est mainmenu has extra api 16:48 VanessaE the question is whether you can pass the hash back to the engine. 16:49 est yup that will be needed to be done too 16:49 VanessaE you sure about that? 16:49 est abouzt what? 16:49 est extra api? 16:49 est I wrote two functions for that api 16:49 VanessaE about that specific function not being available in the menu context 16:49 est (very trivial ones though) 16:50 est oh 16:50 est even if, it isn't the way you should use it 16:51 est you should only use it with newly generated secure long random passwords 16:51 est and for those, there is no difference in security if you store the hashes or the passwords itself 16:52 est but should be documented probably 16:52 est and yes encrypting them should be done too. 16:52 est so master password 16:53 VanessaE well that's like saying there's no difference between /etc/shadow storing passwords in their hashed form versus plaintext... :P 16:53 nrzkt encrypt them. Hash them is useless if the minetest binary can read the password cleartext. 16:53 est thats something else 16:54 VanessaE when I say "hashed" in this context I do mean to imply "encrypted", though I'm aware minetest's hashing function is considered particularly weak 16:54 est passwords should be stored hashed *server side* not client side 16:54 VanessaE ShadowNinja has a proposal somewhere in the issues list to improve that 16:54 est yes 16:54 nrzkt it's not same. 16:54 est I commented already on it 16:55 est but its not the same as a password manager 16:55 VanessaE why not store the obfuscated version client-side? you already have to send that version across the network in order to authenticate. 16:55 nrzkt and hash store client or server side is game. Because network protocol isn't encrypted MITM permit to get the password and copy the hashed version and send it to server via a special crafted client. 16:55 nrzkt storing clear text and hashed version doesn't change anything. 16:56 nrzkt we need an encrypted master password over it. Don't trust the client, and don't trust the protocol. The current protocol can be spoofed by a special crafted client and you can send hashed password directly if you want :) 16:56 est VanessaE, yes you can do that, in fact its just a random bunch of numbers, nobody would notice anything if you sent that instead of hashing it first 16:56 VanessaE the point of storing it hashed/encrypted versus clear is just to keep it from being leaked out in case of a hack. game or not, treat all passwords as if they're important. 16:57 est client must be trusted 16:57 est at least by person connecting 16:57 est I agree you shouldnt trust it as server 16:58 est but probably you mean something else 16:58 nrzkt the only way to secure storage of the password is to use an encrypted form for your file with a password or a private key 16:59 nrzkt and store the private key on a secure device (like a card or an USB stick). Then encryption with master password seems more reasonable :) 16:59 est yes perhaps I will add that 16:59 est not the storing part 16:59 est but a master password 16:59 nrzkt i also think this password manager could be integrated into client 16:59 est with a gui? 16:59 nrzkt master password without encrypting the password file is useless. 16:59 est yes of course 17:00 nrzkt you can do like firefox 17:00 VanessaE having a master password is fine for geeks but I guaran-damn-tee you that average users will NOT want that. 17:00 nrzkt if you use a master password the password database become encrypted with master passwrd :) 17:00 est yes 17:00 VanessaE better to use a key pair or something else that the user does not ever have to touch 17:00 nrzkt users are free. if they doesn't tick the case in options they doesn't have the master password. 17:01 est VanessaE, just what I also think. public key authentication. 17:01 nrzkt key pair is stupid, because many windows users doesn't store their files securely, and it's a pain to use :) 17:01 VanessaE we don't cvare what windows users typically do with their files. 17:01 VanessaE care* 17:01 nrzkt public key auth = having the certificate on a separated device. Who will do that for a game, seriously ? 17:01 VanessaE we care about USABILITY of the game 17:01 nrzkt public key is less user friendly than master password. 17:01 VanessaE asking the user for a master password just to unlock their password manager is not gonna fly. 17:02 est and entering passwords on every login is just bad 17:02 nrzkt master password => autocompleting password when connecting to server. 17:02 VanessaE no. 17:02 est public key => nothing autocompleting at all needed, just works 17:02 nrzkt lol 17:02 VanessaE users will just use THAT password for *everything* then 17:02 est yes 17:02 VanessaE come on nrzkt, think like an average idiot user here 17:02 nrzkt most of MT users already do that in fact 17:02 est even I did that in past 17:02 VanessaE users are stupid 17:03 nrzkt and adding this feature is stupid then, because users will not use it :D 17:03 VanessaE no offense if any of them arte reading this log 17:03 VanessaE are* 17:03 Warr1024 pubkey isn't really worse than master password, if you just derive an ECDSA key from a password. 17:03 VanessaE but they just are not educated at all when it comes to password management, and even those of us who ARE educated get really fucking tired of entering passwords ALL. THE. TIME. 17:04 est thats why I wrote the password manager 17:04 nrzkt VanessaE you contradict yourself 17:04 Warr1024 one master password is better than a bunch of little passwords, at least... 17:04 VanessaE why? 17:04 nrzkt because you are saying users must use a public key authentication and you say users are stupid. 17:04 nrzkt password is known by every user. Public key not, and public key security not. 17:04 VanessaE nrzkt: yeah, and where did I say the user had to be AWARE of such auth being used at all? 17:05 nrzkt a public key without a password is... stupid. 17:05 VanessaE do you review every cert that comes between you and https: websites you visit? 17:05 nrzkt ... 17:05 VanessaE well, do you? 17:05 est ok, I propose compromise: public keys with optional additional master password to unlock the keys 17:05 VanessaE Warr1024: it is, but it's still a password. don't ask the user to enter a password at all, otherwise the password manager totally loses its meaning. 17:05 nrzkt my browser maintener do it or me for my own websites which are not using a "public and secure god ca.crt" 17:06 VanessaE nrzkt: G*d damn it, answer the question YES OR NO. 17:06 nrzkt VanessaE, if i steal your private key i can destroy all your servers because you don't add a password on it ? Great :D 17:06 nrzkt VanessaE please be polite. 17:06 VanessaE I am trying to be polite but you're pissing me off by side-stepping my questions 17:06 est VanessaE, no master password has still advantage to only have to remember one password 17:06 nrzkt you are so agressive. 17:07 est but dont require people to set one 17:07 nrzkt then i must take my train, see you. 17:07 VanessaE nothing pisses me off more than people who won't give me a straight answer. 17:07 est I must go too bbyee 17:07 est (not because of VanessaE being a bit bad tempered) 17:07 est its 18:00 here 17:07 VanessaE *headdesk* 17:09 VanessaE I'll say it for the logs: think of the G*d damned users, not the geeks. Of course people like US will use a master password, but THE USERS DON'T WANT THAT. Jesus fucking christ in a basket. 17:11 sfan5 are we treating a game like a banking applications that needs military-grade secured passwords again? 17:11 VanessaE apparently so. 17:13 * VanessaE calms down 17:16 ekem i dont mind entering passwordds 17:16 ekem the alternative is biometrics 17:16 ekem nothx 17:19 VanessaE it would have been pretty simple to just base the private key on the user's hardware or something like some commercial apps do. Offer to store a plaintext version somewhere accessible in case of changes that invalidate the key. 17:19 VanessaE (then it's up to the user to make sure "somewhere accessible" is somewhere secure like a thumb drive or a printout, or whatever works for them) 17:48 Warr1024 VanessaE: probably the simplest thing to do is let the user choose if they want to have a master password or not, i.e. basically just allow it to be blank, I guess. 17:48 VanessaE right 17:49 VanessaE but offering to store the plaintext copy somewhere that the user can move to a safe place is also a good idea 17:49 neoascetic Hi. What RUN_IN_PLACE flag supposed to do? Am I right saying it supposed to tell compiler to create standalone bundle with all dependencies included in the bundle and all stuff (saves, worlds, etc) should lie in that bundle? 17:49 VanessaE I could, for example, copy said plaintext into my regular password file (which is also encrypted) as a backup. 17:50 Warr1024 Personally, I consider ~/.minetest/ to be a safe place to store my own server passwords. If someone breaks in to that account, my minetest servers passwords will probably be the least of my concerns. 17:50 VanessaE neoascetic: not quite a standalone bundle - it means you can move the whole Minetest directory to pretty much wherever you want on the machine (including to a thumbdrive) 17:50 VanessaE but deps are not static 17:50 VanessaE worlds and mods and so forth are kept in there, though 17:52 Warr1024 Personally, I compile RUN_IN_PLACE=1, setup ~/.minetest/ with a bunch of symlinks for the non-code content, and store my worlds and bin/* in the there to keep my source tree clean. 17:52 neoascetic i. e. all paths are relative and not absolute? 17:52 Calinou RUN_IN_PLACE should be used to make portable builds 17:52 Calinou else, don't set it (defaults to 0 on GNU/Linux, 1 on Windows) 17:52 Warr1024 neoascetic: run_in_place means it uses relative paths like ../textures instead of /usr/share/whatever-is-appropriate-for-your-platform/textures. 17:52 neoascetic Is portable mean with all the dependencies included? 17:53 Calinou nope 17:53 VanessaE no, dependencies are not included. 17:53 Calinou it just means all paths are included in the game folder 17:53 neoascetic https://github.com/minetest/minetest/blob/master/src/CMakeLists.txt#L707 17:53 Calinou Warr1024, you don't have to use “make install” to play a non-run-in-place build 17:54 neoascetic Warr1024 I guess relative path are always more flexible than static, why not use them always then? 17:54 Warr1024 neoascetic: I always do, myself, but for me it's just a matter of personal style. 17:55 Warr1024 of course, I never install the thing system-wide (I don't want to have to sudo to do that every time I build) but for some people, system-wide is preferrable. 17:55 Warr1024 also, package maintainers... 17:56 Warr1024 does anyone know how inventory images (esp. inventorycube images) are stretched when rendering formspec inventories? 17:56 neoascetic Ok, so RUN_IN_PLACE is always true for windows. Why this is so? 17:56 Warr1024 I see a draw2DImage call that seems to only specify a position, not a destination size, but the images are definitely stretched on my screen. 17:56 Warr1024 neoascetic: I don't think Windows has a consistent sense of /usr/local. I guess you could try Program Files or ProgramData or whatever, but that might be more complex than devs are willing to mess with. 17:57 Warr1024 neoascetic: as I understand it, Windows is not a popular platform among devs, so it doesn't get a lot of detailed attention beyond keeping it building and running. 17:58 neoascetic I think running is enough, that's why RUN_IN_PLACE is always preffered 18:00 Warr1024 speaking of Windows, does anyone produce nightlies or something for it? 18:00 sfan5 yes 18:00 sfan5 there is a forum section for minetest builds 18:01 Krock Warr1024, don't worry. I blame the devs when there's a compiling error 18:01 Warr1024 ooh, thanks 18:02 Warr1024 VanessaE: I managed to find the place in the formspec code where images are drawn and intercept it, so I might be able to get your formspec image interpolation stuff working. 18:03 Warr1024 VanessaE: unfortunately, the best way for me to test is the inventorycube images, which appear to use a different code place, and I haven't figured those out yet. 18:03 VanessaE oh good (first part) 18:04 Warr1024 I see where inventorycubes are rendered, and it seems they're always rendered to a raw source image at 20% of the screen size, from what I can tell. 18:04 Warr1024 but in the place where I think inventory grids are drawn (gui tables?) it doesn't look like any stretching is happening there, so I must have missed something... 18:27 Warr1024 wait, looks like it's actually hard-coded to 64x64 18:28 nrzkt VanessaE, having an alternate solution for advised users is good, right. But don't forget we are a game, not a NSA server on which we must connect to spy hackers :D 21:37 neoascetic hey! what do you think on idea of publishing result of travis build? to try them out without need to compile/etc? 22:46 cheapie Has there been any progress lately on that bug where players get randomly deleted if there are a lot of entities in the area? 22:46 cheapie VanessaE is still having problems with it on her creative server. 23:03 Warr1024 ah, it's building... 23:04 Warr1024 can't wait to start it up and see it crash... 23:05 Warr1024 wow, didn't crash. Didn't look right, but didn't crash :-) 23:27 Warr1024 VanessaE: I'm making progress on #2419 23:27 ShadowBot https://github.com/minetest/minetest/issues/2419 -- Formspec images scale badly 23:30 VanessaE Warr1024: good deal 23:33 Warr1024 one of these days I need to figure out how to best setup incremental builds. 23:33 Warr1024 one little 1-char typo and I have to recompile everything 23:36 VanessaE cheapie: my creative server is being overrun with those ghost/fake entities, /clearobjects doesn't remove them, I have nothing left to try. the map is almost a total loss at this point unless someone fixes this fucking bug. 23:39 VanessaE over 37'000 such errors today alone. 23:40 Warr1024 the good news is that the scaling filters look good. The bad news is that I have yet to figure out caching correctly, and they seem to be inverted in some cases... 23:40 VanessaE usually on the same blocks, over and over - and the engine never actually deletes the entities it thinks it's finding - the counts stay the same or even rise over time, for a given block. 23:40 VanessaE Warr1024: interesting thing about the "invert" issue is that that's happened before for some people 23:40 VanessaE especially on Android 23:41 ShadowNinja Warr1024: Already done. But if you modify a header file that a lot of things depend on they all have to be rebuilt. 23:42 Warr1024 ShadowNinja: yeah, I just have to setup MY build scripts that wrap MT's to do it. 23:42 Warr1024 I sync the repo into a sandbox so I can build without having to keep doing cleans and stuff 23:42 Warr1024 and it's more reliable starting from fully-clean each time 23:43 Warr1024 VanessaE: it seems to happen for me when the image is an odd number of pixels in size. 23:43 VanessaE Warr1024: ah. well easy enough to detect I guess :) 23:43 Warr1024 VanessaE: but then again, I don't yet properly support mirror/flip mapping correctly in the filter I wrote. 23:44 ShadowNinja Warr1024: So, you want everything to be rebuilt without waiting for it to all rebuild? 23:44 ShadowNinja I don't see why you'd want that though, CMake werks well. 23:45 Warr1024 ShadowNinja: not exactly. Normally, when I pull from upstream, I want fully clean builds. When I'm just tweaking a file and retrying a build, then I want to do incrementals. 23:46 Warr1024 well, I setup an alternative wrapper that does a bit less wrapping, so I'll see how that goes... 23:46 ShadowNinja Warr1024: Then `make clean && make distclean`. But why? 23:46 ShadowNinja CMake can handle the pull. 23:46 ShadowNinja Even if CMakeLists.txt is changed. 23:46 Warr1024 ShadowNinja: better to have never made dirty in the first place; sync src tree to a ramdrive, build it there, then sync back just the bins.