Time  Nick           Message
04:11 luk3yx         Does anyone know the latest version of Ubuntu MT 0.3 will compile on?
04:29 * luk3yx       will try 14.04
12:58 ANAND          Hmm, I'm starting to want to implement SSCSM myself...
12:58 ANAND          I mean, how hard can it be?
12:59 rubenwardy     there won't be enough fingers on the hands of everyone in the world to count how many vulnerabilities would be introduced
13:00 ANAND          :)
13:00 T4im           finger overflow :o
13:02 ANAND          Is it possible to encode the mods so that the client can't modify the source?
13:02 rubenwardy     no
13:03 ANAND          What are the major vulnerabilities exactly?
13:03 T4im           remote code execution would probably the worst of it
13:03 T4im           be the*
13:03 rubenwardy     allowing malicious servers to install viruses on the player's computer
13:04 ANAND          Oho
13:04 rubenwardy     I mean, SSCSM is literally remote code execution
13:04 T4im           hehe, true
13:04 T4im           but it might not be limited to servers installing something in the end
13:05 ANAND          Are there any other FOSS projects that follow this approach?
13:05 T4im           executing on the client? a bunch, yea
13:06 ANAND          How do they do it?
13:06 BuckarooBanzai firefox for example :P
13:06 T4im           ^
13:06 T4im           lots of sandboxing
13:06 ANAND          Oh right, ofc... :)
13:06 T4im           but firefox of course has no reason to stop you from modifying what is executed
13:06 ANAND          True
13:07 T4im           best you can do anyway is try to notice the modification and stop running it
13:07 ANAND          checksums?
13:07 T4im           something like that, yea
13:07 T4im           not a silver bullet though
13:08 rubenwardy     server-side validation
13:08 T4im           you can raise the burden to only enable those with some c++ knowledge to be able to circumvent it
13:09 ANAND          But with proper sandboxing, unauthorized code won't be executed unless the server is malicious and the client is compromised. Right?
13:10 ANAND          I guess "proper sandboxing" is the real issue here, then.
13:11 calcul0n       "unless the server is malicious" is another one :)
13:12 ANAND          True
13:14 T4im           quake3 was an early game to allow client-game modifications in a c-dialect to be transmitted and executed on the client for modding purposes
13:14 rubenwardy     thank fuck this was commented out https://github.com/minetest/minetest/blob/master/src/util/srp.cpp#L64
13:14 T4im           lol
13:16 T4im           that kinda stuff should probaly be done via dynamic printf in gdb
13:16 rubenwardy     yeah
13:17 rubenwardy     do linters exist for security vulnerabilities?
13:17 T4im           sure
13:17 rubenwardy     finding printf(variable); isn't exactly hard
13:18 T4im           well if you want to find all of them, a git grep may do :p
13:18 rubenwardy     that's what I did
13:22 calcul0n       i never used it myself but this one looks pretty good : https://www.splint.org/
13:23 calcul0n       hmm, not sure it can handle c++ in fact
13:25 T4im           i think most are proprietary; clang comes with a few things, not that particular one as far as i see though; there are also a few freemium offers via github marketplace
13:25 T4im           security related linting that is
13:25 rubenwardy     we have clang something already
13:25 T4im           clang-tidy probably
13:26 T4im           it does have a few checks
13:32 T4im           building with addresssanitizer might help, too
17:58 Krock          no 10+1 to greet today.. again
18:03 rubenwardy     Krock's law: when you're prepared, tenplus1 isn't online. When you've let your guard down, he is
18:04 Krock          ^ this
18:04 Krock          please add to the terminology
18:04 Krock          IIRC Wuzzy also has another one of mine.. a quote which they wanted to use somewhen later
18:05 Krock          forgot to bookmark that one
18:06 Krock          rubenwardy: you're talking about 3D graphs, right?
18:07 rubenwardy     yes
18:07 rubenwardy     buying land: https://i.rubenwardy.com/5vDHw.png
18:07 Krock          sounds good but collapsing a network into 1D would be faster
18:07 Krock          > /lua land.guive_money("rubenwardy", 42349230492849)
18:08 rubenwardy     well, the positions of the graph only matter when you're going to and from the world
18:08 rubenwardy     when doing electronics, you'll just work on nodeIDs and the distances between them
18:08 rubenwardy     actually, for pipes this could be troublesome because it's useful to know about gravity
18:08 rubenwardy     also
18:08 rubenwardy     /banking give c:rubeninc 42349230492849
18:09 rubenwardy     why would give_money be in the land mod, jeez
18:09 rubenwardy     makes no sense whatsever
18:09 rubenwardy     :)
18:14 Krock          > expects Krock to know about the available mods
18:15 rubenwardy     \o/
18:47 IhrFussel      That is so annoying when you try to join a server that's full and it erases your password EACH time you go back...MT should remember it depending on the error message the client receives from the server (for example "too many users")
18:49 IhrFussel      I understand erasing it when the server shuts down/has an internal error/incorrect password...but in this situation it's pretty tedious
18:52 rubenwardy     it's done to avoid debug dumps containing passwords
19:54 benrob0329     o/
19:54 luk3yx         Hello.