Time Nick Message 00:18 rubenwardy UX designers who make CTRL+Y delete a line and CTRL+SHIFT+Y redo should be shot 00:18 rubenwardy *CTRL+SHIFT+Z 00:18 VanessaE heh 00:19 VanessaE draw-and-quarter the bastards. :P 00:27 Fixer use 20 mm AA guns on them 08:59 nerzhul sofar: i think it's more complciated than this, because a mod is not a single file :) 14:31 BuckarooBanzai nerzhul: you talked about docker images for minetest recently, did you document that anywhere? I'm doing a writeup of my server-setup with docker and monitoring setup: https://forum.minetest.net/viewtopic.php?p=338413#p338413 14:31 nerzhul see README.md 14:31 BuckarooBanzai :) ok 14:32 BuckarooBanzai i see: https://github.com/minetest/minetest#docker thx :P 14:32 nerzhul your grafana setup is quite nice, i though about a prometheus exported in engine itself but i don't checked the librairies we can use to do it natively 14:32 nerzhul i think it can be nice :) 14:34 BuckarooBanzai thought about it too and looked up some c-libraries for it but abandoned that due to lack of time :( 14:34 BuckarooBanzai the lua solution is not that bad for now.. 14:34 nerzhul i think we can do a nice thing with that but i prefer to wait for 5.0.0 to be released 14:34 nerzhul yes but it requires a nodejs shit :p 14:35 BuckarooBanzai i would not say shit but it needs some dependencies, yes :) 14:56 rubenwardy my grafana is currently broken 14:56 rubenwardy nerzhul: I'd like that 14:56 rubenwardy !mod [prometheus] 14:56 MinetestBot rubenwardy: Prometheus [prometheus] - Metric uploader by rubenwardy - https://forum.minetest.net/viewtopic.php?t=18767 14:56 rubenwardy is a hack 14:57 nerzhul yeah if another coredev support it we can try to implement a such thing in the next dev cycle (with SPCSM). I think 5.1.0 will be a technical release, and i think the dev cycle should not last more than 3 months 14:57 BuckarooBanzai i saw that before i made my prom/grafana setup but some metrics were missing in my opinion... 14:57 nerzhul but we need to trigger the end of this cycle before 14:58 nerzhul BuckarooBanzai: i think, we can discuss about this on the next dev cycle, i open an issue about it 14:58 BuckarooBanzai nerzhul: no pressure :) 14:58 rubenwardy BuckarooBanzai: it was a lightweight set 14:58 rubenwardy CTF adds more https://github.com/MT-CTF/capturetheflag/blob/master/mods/ctf_metrics/init.lua 14:58 rubenwardy but other metrics would be nice 15:01 nerzhul see #8004 15:01 ShadowBot https://github.com/minetest/minetest/issues/8004 -- Expose metrics for prometheus 15:01 nerzhul we can add custom backend if it's possible permitting mods to push metrics (if possible) 15:58 ircSparky so, a external program can read minetest output, is there any way for minetest to read an externals program's input? 15:58 ircSparky (in a csm) 15:59 rubenwardy no 15:59 rubenwardy this is due to security reasons 16:20 nerzhul irc no and this will be never implemented 16:20 nerzhul CSM must be more secure than SSM 17:04 sofar nerzhul: I don't see anything wrong with requiring spcsm's to be a single file (for now), and other local assets (textures etc) can just come through the media protocol too 17:04 nerzhul assets are not intended to be used by CSM currently except on HUD 17:05 sofar why that restriction? 17:07 sofar e.g. csm sounds/particles - you're saying they can't use server-sent assets? 18:26 Krock hi imaginary tenplus1 18:40 IhrFussel Some still compare "SSCM enable/disable flags" to Javascript ina browser which is totally NOT the same and I explained yesterday why it's not comparable 18:41 IhrFussel I mean per callback flags 18:41 IhrFussel Allow SSCM -> Yes / No is fine with me...THAT would actually be the same as Javascript in browsers 18:42 IhrFussel You don't get to choose which JS functions run or don't run in a browser 18:42 * Krock can confirm Minetest to be broken on Android 4.1 on a rooted phone with broken storage management and non-working camera.. not very reliable information 18:42 IhrFussel You can only turn it on or off and don't have different restriction levels 18:43 rubenwardy Krock: does stujones1's PR help? 18:43 rubenwardy IhrFussel: no script can disable from sources 18:43 Krock rubenwardy: tested that particular PR 18:43 rubenwardy I think that it is probably overengineering to allow any feature to be disabled client-side 18:43 Krock some other built-in apps also crash on startup due to the weird/broken storage management 18:44 IhrFussel rubenwardy, it might be able to disable from sources but not disable certain callbacks in the browser and allow others...I never hard of an extension that lets you run var.indexOf() for example but not Jquery AJAX 18:44 IhrFussel heard* 18:45 IhrFussel The client should display on connect WHICH SSCM mods exactly are required to play together with a "risk indicator" 18:46 IhrFussel That should be enough for the user to decide whether or not they want to play there 18:47 IhrFussel That "risk indicator" needs to parse through each and every function/callback to determine the risk level...should be doable 18:48 rubenwardy no 18:48 rubenwardy that's a terrible idea, especially as the aim of CSM is to not have any risky functions 18:49 IhrFussel Tell that nerzhul and others who seem to fear that their client might run bad SSCM depending on the functions/callbacks used 18:49 Shara A risk indicator would be bad 18:50 IhrFussel Then maybe a short description that explains what the SSCM will likely do (eg for what callback x is used) 18:50 Fixer IhrFussel: you can control JS with noscript on many levels 18:51 Fixer even on android, iirc 18:52 IhrFussel For example "This mod is able to share chat messages between server and client" "This mod will be able to modify your HUD" 18:52 Shara Anything that did aim at being malicious would just lie 18:52 Shara Much much bvetter to make sure what is available is as secure as possible 18:52 Shara better* 18:53 IhrFussel Fixer, you can switch between enabled/disabled for each JS function? I doubt that and even if so who would even attempt that? Maybe only IT pros 18:53 Shara Otherwise bad-mod says: "Hi, I am totally safe and harmless and just add pretty rainbows to the game!" 18:53 Fixer IhrFussel: per domain, or block each function in ublock 18:54 IhrFussel But the bare browsers only support JS on/off and that is what MT should also aim for as "bare" implementation without addons 18:56 IhrFussel Servers will notice that certain features are not available for the client (cause the user disabled them) and likely kick them ... not sure how many server owners would be happy when they hear that certain clients might just work differently and that they have to take that into account 18:59 IhrFussel Since the CM API (correct me if I'm wrong) has no file management implemented the risk of ACTUAL harm should be extremely low even if the sandbox has bugs ... without (free) file access how do you want to hijack/attack a client from the server side? 19:00 IhrFussel How many server owners are educated hackers? I think the security concerns are a bit overblown 19:02 IhrFussel Many server owners in the list don't even know how to mod MT 19:03 IhrFussel I'm talking about those servers that only install stock mods and never customize any part in them 19:04 Krock since when can I no longer block the waterfall using a torch? eww 19:15 Fixer p h y s i c s 19:20 nerzhul i nevered talked about risk indictateur 19:26 IhrFussel I said you fear risks with SSCM 19:48 * luk3yx thinks SSCMs should be heavily locked down and restricted, similar to LuaCs with access to some callbacks. 19:49 rubenwardy they are 19:50 IhrFussel If CSM doesn't really allow files (outside the mod folder?) or os.execute()/similar calls ... so how would a server owner even approach an attack? 19:52 rubenwardy using a zero day, predominantly 19:53 luk3yx SSCMs are... added? 19:55 rubenwardy CMs are 19:55 rubenwardy the CM api is heavily locked down 22:27 rubenwardy during deadline periods: tons of ideas for projects to do 22:27 rubenwardy during relaxed periods: heh, can't think of anything to do. Let's watch Travelers again 22:27 sfan5 write the ideas down, then never look at them again 22:28 rubenwardy I actually do that 22:28 rubenwardy they seem less appealing later, though 22:35 sofar ^^ 22:35 rubenwardy things I want to do currently: finish converting ContentDB to bootstrap, and move the hosting of it to aws 22:36 rubenwardy oh, and also play civ5 23:39 IhrFussel Hey I just thought about something... you require SSCMs to be known to the cdb? Which essentially means server owners cannot code their own "closed" source code 23:41 rubenwardy correct 23:41 rubenwardy to be allowed on repositories such as Debian, Minetest would need to allow the rejection of non-free code 23:41 IhrFussel It means server owners HAVE TO use stock mods for SSCM 23:41 rubenwardy actually, [citation needed] 23:42 IhrFussel And cannot modify them for their needs...that sounds terrible 23:43 rubenwardy my original idea was slightly more complex, but would allow server owners to distribute their own mods 23:44 rubenwardy but it's a good idea to have a record of CMs used on public servers 23:46 IhrFussel Only allowing stock mods for SSCM will heavily limit the possible usecases for servers ... I modify almost every mod I add to my server 23:47 rubenwardy there's no such thing as a stock mod 23:47 rubenwardy I can't be thinking about this right now, too much to do 23:48 IhrFussel Of course there are stock mods? I mean the original mod from cdb which does NOT suit every servers needs 23:48 IhrFussel So you modify them the way you want them as server owner 23:49 IhrFussel I completely changed Mobs Redo api.lua for example to add genders to animals, levels, exp, new follow behavior, partly new AI ... my api.lua is completely different from the stock api.lua 23:50 paramat ? why would a server-sent mod have to be in the cdb, and why does that make it unmodifiable? 23:50 IhrFussel paramat, he only wants to allow mods from the cdb as SSCM from what I heard 23:51 paramat oh hm. that seems silly 23:51 paramat no mod should be forced to be on cdb 23:51 IhrFussel I guess for security reasons...to make sure the code cannot contain anything malicious... but not every server owners wants to distribute their custom mod code to cdb in order to be able to use it 23:51 sofar hold on 23:51 sofar wait a second 23:52 paramat anyway, even if so, a server could create their own version and add it to the cdb 23:52 IhrFussel Wouldn't that bloat the cdb? 23:52 sofar the idea is that cdb is a 'trusted reviewer' that players can trust 23:52 sofar but everyone could choose to "trust" another 'reviewer' 23:52 sofar that reviewer could be a server owner, too 23:52 paramat any open source mod can be checked for malicious code 23:53 sofar the only thing is, cdb would be the default trusted reviewer 23:53 paramat yep 23:53 IhrFussel Imagine 20 servers modifying the same mod and adding it to the cdb...wow now you have 21 versions of the same mod with slightly different behavior 23:53 sofar but for instance, for testing purposes, you can, as a server owner, always 'trust' your own 'review' 23:53 sofar review takes time 23:54 sofar so if too many csm's are needing to reviewed, that will take longer 23:54 paramat well, i won't accept forcing sscsm mods to be on the cdb :) 23:54 sofar so it's not in the best interest of server owners to do that 23:54 IhrFussel I don't think he wants to let server owners decide which SSCM they execute/send ... he can correct me if he reads this later and thinks I'm wrong 23:54 sofar also my estimate is that server owners != sscsm writers 23:54 sofar there's some overlap, but it's not 1:1 23:55 sofar some cm writers are server owners 23:55 tumeninodes oh... so server owners make/tweak mods for their server, and don't share the code with the rest of the community? hmmm 23:56 sofar they would have to have their cm's reviewed by cdb, or players wouldn't by default be able to run those cms 23:56 sofar yes you can still sign your own cm's but not many players will ever run it 23:56 IhrFussel sofar, imagine this case: server owner loads "stock mod" x and changes its behavior a little to suit the server's gameplay more ... now the mod can't be send to the client anymore cause it has been modified unless that version with just a few SERVER-SPECIFIC tweaks gets distributed which makes zero sense 23:56 sofar no 23:56 sofar that's not how it will work 23:56 sofar if you modify a cm then it needs to be resigned 23:57 sofar if you sign it yourself, you need to provide your pubkey to clients yourself 23:57 sofar and clients need to manually import it 23:57 sofar you can still send the modified mods, at any time 23:58 IhrFussel I'm pretty sure rubenwardy has in mind that the cdb/devs need to be able to check that code before it can be send to clients... otherwise any server could just sign any potentially malicious code/mod 23:58 sofar no 23:59 sofar I'm fairly sure rubenwardy agrees with me that it must be possible for developers to sign their own code so they can test their own code 23:59 tumeninodes a malicious server owner... who ever heard of such a thing?? :P 23:59 sofar but like I said, no normal player will ever see that code run 23:59 sofar since they do not have the certificate for "developer signed" on their system