Minetest logo

IRC log for #minetest-dev, 2013-07-22

| Channels | #minetest-dev index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:14 aoper joined #minetest-dev
00:34 Weedy_lappy joined #minetest-dev
00:41 aoper I want to add a mouse sensitivity slider to the pause menu. Should I add a new button/menu or add it to the volume change and rename it to settings?
00:41 PilzAdam https://github.com/minetest/minetest/pull/546
00:46 aoper has that been abandoned?
00:46 PilzAdam dunno
01:16 Weedy joined #minetest-dev
01:28 Weedy_lappy joined #minetest-dev
02:37 Fury joined #minetest-dev
03:00 Mallot1 joined #minetest-dev
03:13 ffoxin joined #minetest-dev
03:28 salamanderrake joined #minetest-dev
04:08 darkrose_ joined #minetest-dev
04:11 around` joined #minetest-dev
04:32 Mallot1 joined #minetest-dev
04:38 nyuszika7h joined #minetest-dev
04:42 neko259 joined #minetest-dev
06:35 Taoki[laptop] joined #minetest-dev
06:51 Anchakor joined #minetest-dev
07:12 Anchakor_ joined #minetest-dev
07:16 Calinou joined #minetest-dev
07:19 jojoa1997 joined #minetest-dev
08:07 darkrose joined #minetest-dev
08:07 darkrose joined #minetest-dev
08:44 proller joined #minetest-dev
08:58 Calinou joined #minetest-dev
09:14 serengeor joined #minetest-dev
09:30 Zeg9 joined #minetest-dev
10:22 proller bots timeouts before  "joins game. List of players:"
10:22 proller and i cant see ips
10:23 proller need to show ip at "Moving c to static spawnpoint at (" or "ht times out. List of players:"
10:25 PilzAdam joined #minetest-dev
11:02 PilzAdam joined #minetest-dev
11:18 john_minetest joined #minetest-dev
11:19 nalkri joined #minetest-dev
11:24 smoke_fumus joined #minetest-dev
11:27 Calinou joined #minetest-dev
11:46 PilzAdam joined #minetest-dev
12:21 nalkri` joined #minetest-dev
12:21 Zeg9 joined #minetest-dev
12:25 Yepoleb joined #minetest-dev
12:27 Zeg9 joined #minetest-dev
12:47 john_minetest left #minetest-dev
13:25 Calinou joined #minetest-dev
13:25 rotor112 joined #minetest-dev
13:26 rotor112 left #minetest-dev
13:26 proller joined #minetest-dev
13:30 PilzAdam joined #minetest-dev
13:34 Taoki[mobile] joined #minetest-dev
13:51 BlockMen joined #minetest-dev
13:54 proller joined #minetest-dev
14:12 proller joined #minetest-dev
14:26 Fury joined #minetest-dev
14:29 BrandonReese joined #minetest-dev
14:58 Jordach joined #minetest-dev
15:01 salamanderrake joined #minetest-dev
15:04 Anchakor joined #minetest-dev
15:05 rubenwardy joined #minetest-dev
15:06 Calinou joined #minetest-dev
15:14 jojoa1997 joined #minetest-dev
15:15 Anchakor joined #minetest-dev
15:31 OWNSyouAll_DESKT joined #minetest-dev
15:55 BlockMen left #minetest-dev
16:06 sapier joined #minetest-dev
16:07 hmmmm joined #minetest-dev
16:08 sapier could someone plz merge https://github.com/minetest/minetest/pull/825 I'm asking this for how many days now? Yes I know I fixed bugs on this pull requests but those were minor ones.
16:09 Taoki[laptop] joined #minetest-dev
16:11 * proller +1
16:12 PilzAdam sapier, done
16:14 sapier thx
16:14 PilzAdam Ill disable the gamemanager, though
16:15 sapier you can do whatever you want ;-)
16:18 proller sapier, 8)
16:18 sapier what did I do wrong this time??
16:18 proller need to [ip]:port if non default port AND ip ipv6
16:19 sapier ipv6 is a new feature request ;-)
16:19 proller its woks, but bit wrong shown
16:19 proller look in server list
16:19 proller :1234 - port
16:20 proller but its too small bug
16:20 sapier does it work for ipv4?
16:20 celeron55_ >lua isn't designed to create a sandbox
16:20 proller for ipv4 ok
16:20 celeron55_ lua pretty much *is* designed to create a sandbox
16:20 proller a.b.c.d:port
16:20 celeron55_ you can just steal the original global environment from code and that's it
16:21 proller but not correct for ipv6 a:b:c:..:d:port -> [a:b:c:..:d]:port
16:21 celeron55_ and then know what you can expose to code and what not
16:21 sapier ok lets be more precise the way we use it for server lua api it's not fixable to be really safe
16:21 celeron55_ yes, that is a fact; the way it is used for server is not a sandbox
16:21 sapier at least as long as dropping compatibility isn't an option
16:22 sapier as security is really important for client side lua I don't want to rush this just to get solution as bad (considering security only) as server side
16:23 PilzAdam https://github.com/minetest/minetest/issues/814 updated
16:24 sapier PilAdam I guess it's time to create individual issues
16:25 PilzAdam the list is too long for that
16:26 sapier some of them are already fixed (as far as I know) others will remain unfixed almost forever
16:26 PilzAdam what is fixed?
16:27 sapier "Mods in the modlist should be sorted alphabetically" should be fixed did I miss something?
16:27 PilzAdam well, its not sorted for me
16:27 sapier wait ... worlds are sorted
16:28 celeron55_ >No mouswheel support in lists
16:28 celeron55_ isn't that a focus problem
16:29 sapier yes it is ... you can decide mouse wheel or escape key
16:29 celeron55_ lol
16:30 sapier once focus is reset to formspec menu I can catch the escape key ... but mouswheel doesn't work
16:30 sapier if I don't reset focus mousewheel works ... but I can't catch the escape key :-) ... at least I didn't find a way to do by now :-)
16:30 PilzAdam how did it work before Lua menu?
16:31 sapier different event mechanism
16:32 sapier if I remember correctly this was done by derived classes ... but my memorys may be false
16:32 sapier https://github.com/minetest/minetest/pull/640 what about this one it's sitting around for ages?
16:35 celeron55_ so does this mean localization was basically removed altogether from minetest?
16:35 sapier not exactly
16:35 PilzAdam only updatepo.sh doesnt work anymore
16:35 sapier localization has been moved to formspecs
16:36 sapier so now even formspec menus can be localized ... at cost of updatepo.sh script
16:37 celeron55_ but they aren't?
16:38 sapier atm old localizations match about 90% so most is
16:39 celeron55_ uuum
16:39 celeron55_ so how is the localization template expected to be updated now?
16:39 sapier two different aproaches have been discussed by now
16:40 jojoa1997 joined #minetest-dev
16:41 sapier 1) create a dummy .h file containing all texts (manually maintaining this one)
16:41 sapier 2) add support to formspec for writing localization templates at runtime
16:41 sapier 3) [NEW suggestion] add lua side i18n support e.g. by geti18n("sometest")
16:42 sapier none of the options is perfect
16:47 celeron55_ a workable solution could be to add a dummy function in lua to mark strings (geti18n("sometest") style) and implement a parser for those to be run in updatepo.sh
16:47 celeron55_ i wonder if there would be something that would work reasonably for server-side mods too
16:49 celeron55_ probably not anything easy
16:49 sapier I guess the dummy fct could work quite well
16:50 PilzAdam you dont really a need a dummy function for that, just -- gettext("Foo") would work with the current updatepo.sh if you point it to the builtin lua files
16:51 jin_xi joined #minetest-dev
16:52 celeron55_ guess so
16:53 celeron55_ but... you can't really feed full formspecs to gettext
16:54 celeron55_ so it can be used only when put precisely in certain fields in formspecs
16:54 celeron55_ hacky to say the least 8)
16:54 sapier as we need to add the gettext() around any text to be shown I'd suggest to do this within lua code ... we don't need to do it twice if there's use for that fct
16:55 celeron55_ umm... what does that mean?
16:55 sapier e.g. if serverbased i18n requires this fct to do something the dummy could just be implemented
16:56 sapier if we put everything to a separate file we additionally have to keep it in sync to lua texts
16:56 celeron55_ by the way, how'd it work if the gettext() function itself in lua was an actual API function, only in main menu code, that'd call gettext
16:57 celeron55_ on server it'd do something else
16:57 celeron55_ i think that would make things quite smooth
16:57 PilzAdam I like that idea
16:57 sapier I'm not sure what would happen but it's worth a try
16:58 sapier we'd still need a parser for lua files
16:58 celeron55_ no we don't, gettext should be able to do that
16:59 sapier1 joined #minetest-dev
16:59 sapier1 but how are the po files created?
16:59 celeron55_ at least PilzAdam guessed so
16:59 celeron55_ gettext scans C++ files and collects what strings are inside gettext() calls
16:59 celeron55_ the guess is that it will work reasonably well with lua files too
16:59 sapier1 yes but the strings aren't within c++ if we call gettext within lua
17:00 celeron55_ it's for the updatepo phase
17:00 celeron55_ all that i said recently
17:00 sapier1 ok just run updatepo on lua files?
17:00 celeron55_ yes 8)
17:00 celeron55_ let's hope it'll work
17:01 sapier1 I'll do some experiments
17:01 celeron55_ if it doesn't, then some kind of a custom parser is needed
17:01 sapier1 later now i have to do something else :-)
17:03 neko259 joined #minetest-dev
17:16 Mallot1 joined #minetest-dev
17:27 Calinou joined #minetest-dev
17:27 PilzAdam sapier1, I know what caused the modmanager error, the forum uses https now
17:28 PilzAdam but I get tons of 19:28:10: ERROR[main]: readModStoreModDetails: not a single version specified!
17:29 jojoa1997 joined #minetest-dev
18:10 proller sapier1, ! bug in public serverlist
18:10 proller it always show :port but nust show only if showing address and port != 3000
18:10 proller != 30000
18:11 proller and favorites too
18:14 nalkri` joined #minetest-dev
18:21 ffoxin joined #minetest-dev
19:01 proller joined #minetest-dev
19:05 jin_xi joined #minetest-dev
19:43 sapier1 Pilzadam if it uses https I guess fixing is as simple as changeing settings can you confirm this?
19:45 sapier1 "[main]: readModStoreModDetails: not a single version" is not a mainmenu error but a modlist issue ... it's absolutely useless to transfere data about mods without dowload link ...
20:14 PilzAdam sapier1, yes, changing settings works
20:14 sapier1 ok I already added a pull request
20:27 PilzAdam sapier1, you forgot to change minetest.conf.example too
20:27 sapier1 argh :-)
20:27 PilzAdam already pushed a proper commit
20:28 jojoa1997 joined #minetest-dev
20:28 PilzAdam ummm.. why does it show name:port in the favorite list? its not supposed to show the port if the IP is not shown
20:29 sapier1 no one told that to me
20:29 PilzAdam Im sure you could figure that out yourself
20:29 sapier1 proller requested port to be shown once it's different to default
20:30 PilzAdam "VanessaE's Server:30000" just looks silly
20:30 sapier1 have a look at my second pull request ;-)
20:31 proller sapier1, and only if address shown
20:31 sapier1 next time be more precise !
20:32 PilzAdam proller, why do you want that port 30000 is hidden?
20:32 PilzAdam that doesnt make sense to m e
20:33 proller why to show default port? its long and have no info
20:33 PilzAdam what does "default port" even mean?
20:34 proller <proller> it always show :port but must show only if showing address and port != 30000
20:34 proller default = 30000
20:34 proller look at http://servers.minetest.net/
20:34 PilzAdam ok, then lets say IP 85.157.45.234 is the "default IP" and lets hide it then
20:34 proller good without :30000 on evera address
20:35 proller PilzAdam, default ip is 127.0.0.1
20:35 sapier1 so no hiding of port 30000=
20:35 sapier1 ?
20:36 PilzAdam new users might be confused why some adresses have a port and others not
20:36 proller HIDE
20:36 proller sapier1, it was before your changes
20:36 PilzAdam there is nothing in the GUI that tells you "30000 is the default port"
20:36 proller PilzAdam, are you seriously?
20:36 PilzAdam yes
20:37 proller you always confusing when look at http://url without :80 ?
20:37 sapier1 ok atm it's 1:1 ... anyone interested in deciding?
20:37 PilzAdam its standard that port 80 is http
20:37 PilzAdam while its not standard that Minetest server run on 30000
20:37 proller 30000 is standard for minetest
20:37 PilzAdam ehm
20:37 proller look at your default conf
20:38 PilzAdam default != standard
20:38 proller == for this game
20:39 proller most of servers run at 30000 => its standatd
20:39 PilzAdam also the default port is "" (line 27 in defaultsettings.cpp)
20:40 proller look at code, 30000 is hardcoded default
20:40 PilzAdam if people are new and look at the list they expect IP:port, how would they know that 30000 is hidden?
20:41 PilzAdam you mean this code: https://github.com/minetest/minetest/blob/master/src/defaultsettings.cpp#L27 ?
20:41 proller people can click on list item and find port at port window
20:41 PilzAdam they cant click on the list in the web interface
20:41 sapier1 if there's no clear decision I'm gonna implement the version requireing less code ;-P
20:41 proller main.cpp 1048 <------>u16 port = 30000;
20:41 PilzAdam sapier1, that is always show the port
20:41 proller sapier1, hide when 30000
20:42 proller it was before, and you broke it ;)
20:42 sapier1 I didn't break anything I just added modstore ;-P
20:43 proller no, it was in c++ serverslist
20:43 PilzAdam hiding arbritrary port is nonsense, it just confuses "outsiders"
20:43 proller showing default port is stupid
20:43 PilzAdam and they will most likely not look at main.cpp:1048 to see whats the default port
20:43 sapier1 is really noone else here to decide?
20:44 proller list will be ugly with :30000 on every line
20:44 PilzAdam its correct
20:44 sapier1 I tend to support pilzadam ... ip's are always ugly
20:45 proller we have no space in list and want to show 6 no info symbols?
20:45 sapier1 it's shown on IP's only proller
20:45 PilzAdam if you have space problems then remove the ping, it has no use at all for the end-user, since its the ping between the serverslist server
20:45 proller sapier1, and you will always use :port in http after it
20:45 proller ?
20:45 sapier1 ip's have a maximum size of 15 hars
20:46 proller ipv6 have 39
20:46 proller or even 45
20:46 celeron55_ eh what
20:46 sapier1 ipv6 is not of my business that was added after mainmenu was built so it's up to the one who added it to find some reasonable good way to show it ;-)
20:47 sapier1 but I don't care celeron55 if do you want portnumbers in favorite list or not?
20:47 celeron55_ so is this thing you are talking about server addresses or server names?
20:47 proller :30000 portnumbers!
20:47 celeron55_ if it's addresses, then include port; if names, then no port
20:47 celeron55_ it's as simple as that
20:48 sapier1 ok so decision has been made
20:48 celeron55_ a server name can include the port if it's relevant
20:48 proller celeron55_, why to show :30000 default port?
20:48 Taoki[laptop] joined #minetest-dev
20:50 proller http://dev.minetest.net:80/ 8(
20:50 celeron55_ don't be silly
20:52 sapier1 proller if you want to be correct you have to write http://176.9.122.10:80
20:53 proller and with name too
20:53 celeron55_ there isn't much benefit in going either way, so the way which combines less conditionals and more clarity is better
20:53 PilzAdam sapier1, so, just do what celeron55_ said
20:54 sapier1 already done celeron was 2:1 ... more than enough in respect to recent poor participation
20:55 thexyz PilzAdam: what's the point for "outsider" to know the port server is running on?
20:56 celeron55_ what's the point for "outsider" to know the address the server is running on?
20:56 PilzAdam actually thats a good question :-)
20:56 thexyz celeron55_: to distinguish servers
20:57 celeron55_ but the original question was about name and port, not address and port
20:58 celeron55_ name and port doesn't make any sense
20:58 proller name and port - its bug, address and :30000 - its imperfection
20:58 thexyz oh
20:59 thexyz yes, lol
20:59 sapier1 I wonder why discussion always starts after I "fixed" it ... no matter how long I wait to fix it
21:00 thexyz showing names without addresses isn't a good idea either
21:01 PilzAdam thexyz, in the list in the client only the name is shown (due to limited space), but you can see the adress by clicking on it once
21:01 proller address shown in lower input
21:01 sapier1 you always will see  address and port below ... at least if you don't happen to run into doubleclick bug
21:02 thexyz I mean, it's insecure
21:02 thexyz I can fake a name and steal passwords
21:03 PilzAdam only the hashes
21:03 thexyz but I guess there's no much we can do about it
21:03 thexyz PilzAdam: well, yeah
21:03 sapier1 if you really want to be safe we'd need to implement certificate check for servers
21:03 PilzAdam then, after 30 days of bruteforcing you get the password from a random user to a Minetest server
21:03 PilzAdam thats totally worth it!
21:04 thexyz well yeah
21:04 thexyz or you can just use it to login to the server
21:04 thexyz and kill everybody
21:04 sapier1 considering most ppl dualuse passwords it might be usefull ... but I guess there are much more common attack vectors than minetest atm
21:04 thexyz true, that's another problem
21:05 sapier1 I think thexyz is right
21:05 sapier1 what about showing name entrys in different color?
21:05 PilzAdam can you use the same hash all the time?
21:06 thexyz PilzAdam: hm?
21:06 PilzAdam nvm
21:06 celeron55_ well hashing is currently just player name + password; it's very vulnerable to mimicking a server
21:06 sapier1 does someone want to add a simple challange response mechanism?
21:06 celeron55_ altough if you just run a good GPU password cracking software on the name+password pairs, you're going to find out practically all of them in no time anyway
21:07 Exio4 what shaXXX was used?
21:07 Exio4 256?
21:07 celeron55_ Exio4: doesn't matter
21:07 Exio4 yeah, i know
21:07 Exio4 i just wonder what one, but don't want to look at the code ;P
21:07 celeron55_ if there was a challenge+response thing, then at least the attacker would need to listen to the communication when it happens
21:07 celeron55_ on a server not his own
21:07 celeron55_ actually
21:08 celeron55_ wait, wha
21:08 thexyz why not salt everything?
21:08 celeron55_ a challenge+response doesn't actually do any good in this case
21:09 celeron55_ if somebody sets up a server that looks like something else and a user logs in there, the challenge can be just set up so that they have easy time breaking the hashes
21:09 PilzAdam we have to keep in mind that this is a game, not a browser or OS
21:09 sapier1 sure? e.g. server sends some random code to client
21:09 sapier1 client adds his pwd hash and hashes again
21:09 thexyz oh we can't salt it
21:09 celeron55_ sapier1: an attacking server?
21:09 sapier1 same thing is done on server
21:09 celeron55_ for sure 8D
21:09 thexyz how sad
21:09 celeron55_ sapier1: an attacking server will just send whatever it wants
21:09 sapier1 atacking server doesn't have the real password hash
21:10 celeron55_ as i said, cracking any hash that doesn't contain unknown random data is very easy
21:10 celeron55_ and the server must know all the random data in whatever the client sends to it
21:10 celeron55_ because otherwise it wouldn't make any sense
21:11 sapier1 yes but hash does contain random unknown data
21:11 sapier1 hash (challange + (user_pwd_hash)
21:11 celeron55_ ...
21:11 PilzAdam why doesnt the server send some random salt to the client at first connection, and both remember the salt for every following connection?
21:11 sapier1 yes it's still simple
21:11 celeron55_ sapier1: challenge is from server -> server knows it
21:11 celeron55_ server is the attacker
21:11 celeron55_ use your brain for a bit, please
21:11 sapier1 yes but server does only know a part ... true that'll make it more easy
21:12 celeron55_ it knows the part that you are adding to the current one
21:12 sapier1 and hash again after adding
21:13 celeron55_ PilzAdam: that would work in setting up trust between a server and an existing client, but setting up the storage for those is a bit of work
21:13 thexyz > you're going to find out practically all of them in no time anyway | i'm not sure if that's true
21:14 sapier1 and you can't login from another client ever
21:14 celeron55_ PilzAdam: also, how would it be handled if a same server loses the data, or the client loses the data?
21:14 PilzAdam celeron55_, the server could just store it in auth.txt, but the client would need an auth.txt with soemthing like "server:salt"
21:14 PilzAdam oh yea, it would require to use the same client to connect to a server
21:14 celeron55_ it'd need a dialog telling the user "this could be a spoofing attack" and users would get it often enough for them to always just click "continue anyway"
21:15 thexyz well have you decided what're we protecting from?
21:15 sapier1 I strongly suggest using certificates if we really want a strong authentification
21:15 celeron55_ thexyz: good question 8)
21:15 celeron55_ sapier1: certificates are useless
21:15 celeron55_ sapier1: what you mean is some kind of public key cryptography, probably
21:16 sapier1 that's why any good vpn uses it I know ;-) ... of course establishing trust first time is still an issue
21:16 celeron55_ but even doing it as securely as, say, SSH does, it still has the same problem as PilzAdam's suggestion
21:16 sapier1 of course combining it to e.g. ssl encryption will help even more
21:17 sapier1 yes problem is we'd need a pki ... we'd need it for modstore too
21:17 sapier1 so maybe this is at least a long term goal
21:17 celeron55_ i wouldn't want to set up any kind of "minetest certificate authority"
21:18 celeron55_ it's too central
21:18 sapier1 of course not a single one but maybe like browser add some sort of keyring
21:19 celeron55_ ........i seriously hope there would be some small and good cross-platform library for this
21:19 celeron55_ sadly there probably isn't
21:20 sapier1 the only trustworthy one I know is openssl .. but it's far from small
21:20 celeron55_ and far from convenient in a cross-platform situation
21:21 sapier1 yes windows isn't very well supported
21:22 thexyz we have keys for minetest forums
21:22 celeron55_ they're sitting on their high and large UNIX thrones thinking they're better than anything else
21:22 sapier1 imho only two solutions are usefull adding some randomness to password hash on login and live with it still beeing unsafe ... or add a full blown safe solution
21:23 thexyz alright, so what're we protecting from?
21:23 sapier1 userpassword
21:24 PilzAdam thexyz, our own paranoia ;-)
21:24 thexyz 1) evil server logins to trusted server using provided credentials or 2) trusted server knows user's password
21:24 celeron55_ thexyz: you pretty much binged up this whole discussion by noting that servers can't be trusted
21:24 sapier1 considering nsa behaviour none of us was paranoid enough ... not even myself
21:24 celeron55_ +r
21:24 thexyz I personally am fine with 2nd
21:25 thexyz but we can't do 1st without it
21:25 proller some users use 1 char passwords
21:25 celeron55_ i generally use very bad passwords in minetest because it's not worth it to use better ones
21:27 proller most of users too
21:27 sapier1 so maybe we don't have an issue at all?
21:28 proller its not paypal 8)
21:28 PilzAdam <PilzAdam> we have to keep in mind that this is a game, not a browser or OS
21:28 celeron55_ i think a better use of resources would be to make it possible for moderators to revert any damage done to players
21:29 sapier1 PilzAdam that's not an excuse but maybe if we'd added some note e.g. on download to warn users ... WE know passwords aren't safe but first time users may not
21:29 celeron55_ add a tooltip to the menu when typing password
21:30 sapier1 you're funny ;-)
21:30 sapier1 no tooltips in formspec atm ;-)
21:30 celeron55_ well just hardcode any password field to do that 8)
21:31 sapier1 I guess that's thexy's task he started the discussion :-)
21:31 celeron55_ i'm ok with that 8)
21:32 thexyz i just asked you to show server address
21:32 sapier1 what about my suggestion to at least use different colors for name and ip entrys?
21:32 thexyz s/show/make it show/
21:33 PilzAdam thexyz, the adress is already shown if you click on it once
21:33 thexyz uh
21:33 thexyz whatever
21:36 NakedFury joined #minetest-dev
21:48 kahrl wait, what was the challenge response discussion about
21:49 kahrl the server can dictate the challenge? well, that's easy to solve: let the client choose half of the challenge
21:49 nalkri Or send mutual challenges
21:49 kahrl nalkri: yeah, basically the same
21:50 nalkri Just thought I should say it for completeness :)
21:51 kahrl https://en.wikipedia.org/wiki/Challenge-response_authentication#Simple_Example_mutual_authentication_sequence
21:55 kahrl though, the problem with any (?) challenge response protocol is that it is incompatible to minetest's system of registering user+password on the first login to a server
22:11 sapier1 left #minetest-dev
22:22 jojoa1997 joined #minetest-dev
22:42 jojoa1997 joined #minetest-dev
22:51 nalkri` joined #minetest-dev
23:05 khonkhortisan_ joined #minetest-dev

| Channels | #minetest-dev index | Today | | Google Search | Plaintext