Time  Nick         Message
00:54 red-045      !title
00:54 MinetestBot  red-045: Incorporeal Visions Deluxe - è©© Desktop - YouTube
05:15 redblade7    hi
05:16 redblade7    i'm kinda confused about something
05:16 redblade7    it says here paramat runs multicraft? https://github.com/paramat/MultiCraft
05:17 redblade7    isn't that the google play adware version of minetest?
05:17 redblade7    it says paramat is an official developer
05:17 redblade7    on github
05:18 redblade7    or is the google play adware version run by someone else?
05:18 redblade7    https://play.google.com/store/apps/details?id=mobi.MultiCraft
05:20 redblade7    that links to another multicraft on github though: https://github.com/MultiCraftProject/MultiCraft
05:23 redblade7    This says Multicraft is fake: https://wiki.minetest.net/Overview_of_Minetest_forks
05:24 redblade7    As does this: https://forum.minetest.net/viewtopic.php?f=3&t=16707&hilit=multicraft#p242219
09:44 shivajiva    it's not unusual for devs to fork forks and see what they inflict on their users and our servers
09:49 shivajiva    paramat is a minetest developer and has nothing to do with multicraft afaik
10:01 redblade7    ok
10:01 redblade7    you just caught me before i was going to bed, goodnight
10:15 shivajiva    Gn o/
10:26 nerzhul      interesting, twitch uses IRC based system for its chat https://blog.twitch.tv/gos-march-to-low-latency-gc-a6fa96f06eb7
10:37 red-045      redblade7: paramat made a few pull requests to multicraft and you need to fork before doing that that's all
10:37 red-045      https://github.com/MultiCraftProject/MultiCraft/pulls?utf8=%E2%9C%93&q=+is%3Apr+author%3Aparamat+
10:38 red-045      MoNTE48 is the person that runs multicraft
11:07 paramat      redblade7 yes i did about 10 hours work for multicraft, but i've decided to not do that anymore because my heart is not in it (even though it's well paid work and i have no income) sfan has done some work for it too
11:10 paramat      it's one of the better behaved android forks but still a mess and has ads, future is uncertain too because it probably won't be updating to 0.5
11:11 paramat      so instead i work like crazy for MT while i desperately try to find money to live on =S
11:16 paramat      !tell Megaf calm down, your crash is your own fault, not Minetest's =) you're using a very recent MTG that is not in sync with the backport 0.4 engine. just ask and we'll help you out
11:16 MinetestBot  paramat: I'll pass that on when Megaf is around
17:55 IhrFussel    days left before the details of the exploit will be made public
17:56 IhrFussel    Oops something went wrong there
17:58 IhrFussel    Let's try this again -> Server owners: If you still use the older 3d_armor version on your server and have not updated to the bugfix version yet, you have exactly 10 days left before the details of the exploit will be made public
17:59 Mr_Pardison  and how do you know this?
17:59 IhrFussel    Cause the user who found the exploit says so
17:59 IhrFussel    I'm sharing word of mouth here cause of his newest post stating that many popular servers still use the vulnerable version
18:00 Mr_Pardison  ah.
18:00 Krock        IhrFussel, "reported in the forums" where?
18:00 IhrFussel    In the Servers section
18:00 Krock        nvm
18:01 Krock        yeah, just seen it too after browsing the two most recent pages on general discussion and bugs&problems
18:02 IhrFussel    Yeah well maybe not the best place to put it
18:07 Krock        well, great. now I have a testing mod but no 0.4.17 build :/
18:11 sofar        is "your friend" going to release the exploit?
18:12 sofar        or "details of the exploit" whatever that may mean
18:12 sfan5        sofar: the problem should be rather obvious when you look at the commit that fixes it
18:12 sofar        I saw that, of course
18:13 sofar        I'm just wondering about what will be released
18:13 sfan5        a CSM that makes this exploit easy to perform I'm guessing
18:15 red-001      its the known issue with inventory stuff getting sent to the server
18:16 red-001      #5989
18:16 ShadowBot    https://github.com/minetest/minetest/issues/5989 -- [CSM] Inventory changes are sent to server instead of being handled by a local callback.
18:17 sfan5        (?)
18:25 sofar        sfan5: oh, yeah, I think I see it now as well
18:26 sofar        I could probably make a CSM that could attempt to test if *any* inv is vulnerable in this way
18:26 sofar        having the exploit code would allow me to better test and detect other vulnerable mods
18:26 sofar        so, I'd definitely need to see it
18:28 benrob0329   I feel like we need creative ways of dealing with cheaters
18:29 benrob0329   Make the game no fun if you cheat, for example
18:37 celeron55    it already happens, just to the ones that don't cheat 8)
18:38 Krock        oh lol. first attempt and the duplication bug works
18:39 Krock        why is there even a detached inventory in use?!
18:40 Krock        duplicated information can get out of sync so easily
18:40 paramat      heh
18:41 sofar        Krock: that's why we might as well make a generic version so we can scan for other vulnerable mods
18:42 Krock        sofar, a generic version of what?
18:42 sofar        of course, it's easy enough to search for detached inventory using mods
18:42 Krock        using CSM only I don't know of any way to get a list of all available detached inventories
18:43 sofar        you'd have to have a server side mod communicate and send that list to the client
18:43 sofar        a little overengineered perhaps though
18:43 Krock        oh. using mod channels to unit-test the mods :D
18:44 sofar        essentially, yes
18:45 sfan5        Krock: because non-detached invs can't have callbacks
18:45 Krock        i.e. player inventories have no callbacks
18:46 Krock        yeah, I see
20:07 red-001      sofar, see the csm mod that was made for a similar exploit in chests?
20:07 red-001      might have been removed from the forum but I assume you can still see it since you are an admin
20:10 red-001      "csm_chest_inspector"
20:59 sofar        chest inspection is trivial, yes
21:30 red-001      not much difference between that and this
21:35 Fixer        ----, bad blocks on portable hdd .___.
23:37 rubenwardy   Mail from ######: Report: Blueteam Because they keep on killing me (no mods online)
23:37 * rubenwardy sighs
23:38 red-001      well it's CTF you are suppose to go get the flag, not kill people
23:39 xerox123     yeah!
23:39 red-001      PvP must just be on by accident
23:40 xerox123     you maybe accidently set enable_damage to true?
23:40 red-001      ^