| Time |
Nick |
Message |
| 00:01 |
|
Icedream joined #minetest-dev |
| 00:20 |
|
AnotherBrick joined #minetest-dev |
| 00:59 |
|
turtleman_ joined #minetest-dev |
| 01:01 |
|
Soni joined #minetest-dev |
| 01:03 |
|
proller joined #minetest-dev |
| 01:11 |
|
misprint joined #minetest-dev |
| 02:25 |
|
Icedream joined #minetest-dev |
| 03:02 |
|
paramat joined #minetest-dev |
| 03:06 |
paramat |
hmmmm i made some progress in tracking down the bug in fractal mapgen, by using printfs, see conclusion at end of https://gist.github.com/paramat/1abc35738301624e97a9 |
| 03:22 |
|
zat joined #minetest-dev |
| 04:03 |
|
Ardonel joined #minetest-dev |
| 04:26 |
paramat |
#3236 back later |
| 04:26 |
ShadowBot |
https://github.com/minetest/minetest/issues/3236 -- Mapgen: Use mapgen-specific names for constants in headers by paramat |
| 04:26 |
|
paramat left #minetest-dev |
| 05:29 |
|
Miner_48er joined #minetest-dev |
| 05:42 |
|
paramat joined #minetest-dev |
| 05:54 |
|
Hunterz joined #minetest-dev |
| 06:06 |
|
nyje joined #minetest-dev |
| 06:16 |
|
Calinou joined #minetest-dev |
| 06:25 |
|
paramat left #minetest-dev |
| 06:37 |
|
Krock joined #minetest-dev |
| 07:32 |
|
jin_xi joined #minetest-dev |
| 08:05 |
|
nrzkt joined #minetest-dev |
| 09:09 |
|
julienrat joined #minetest-dev |
| 09:14 |
|
julienrat left #minetest-dev |
| 09:19 |
|
Megaf joined #minetest-dev |
| 11:40 |
|
est31 joined #minetest-dev |
| 12:03 |
|
TenPlus1 joined #minetest-dev |
| 12:03 |
TenPlus1 |
hi folks |
| 12:04 |
VanessaE |
hello |
| 12:04 |
TenPlus1 |
VanessaE, how do you handle minetest clones connecting to your servers ? |
| 12:05 |
VanessaE |
I just let them connect and play normally. |
| 12:05 |
VanessaE |
I got tired of trying to "shoo" them awayu |
| 12:05 |
VanessaE |
-u |
| 12:06 |
TenPlus1 |
the newer clones have cheats build-in that allow players to subvert owned doors/chests/protection |
| 12:06 |
VanessaE |
I wasn't aware of that. |
| 12:06 |
VanessaE |
well I have anti-cheat turned on in my servers |
| 12:06 |
VanessaE |
but that doesn't help much |
| 12:07 |
TenPlus1 |
just got a few emails from players warning me about it, some players going around emptying chests and getting into places they shouldnt |
| 12:07 |
VanessaE |
it should be impossible to empty out a locked, not-owned-by-you chest |
| 12:07 |
TenPlus1 |
was hoping for a global string that tells you that you are playing on "minetest" or "freeminer" or "whatever" so I can disconnect before they join |
| 12:07 |
VanessaE |
I'd think the server would stop that. |
| 12:07 |
sfan5 |
^ it would |
| 12:08 |
TenPlus1 |
sadly no, it's happened to Xanadu's maze doors and chests, all empty by a new player |
| 12:08 |
|
misprint joined #minetest-dev |
| 12:11 |
TenPlus1 |
Mine Clone II is one of the offending apps with built-in cheats |
| 12:14 |
|
Darcidride joined #minetest-dev |
| 12:15 |
TenPlus1 |
and just reported that Multicraft 2 has cheats built in also |
| 12:20 |
|
proller joined #minetest-dev |
| 12:30 |
|
proller joined #minetest-dev |
| 12:31 |
est31 |
TenPlus1, the chests cheat only works because you allow it |
| 12:31 |
est31 |
I warned you months ago about it |
| 12:31 |
est31 |
and there is no speedup |
| 12:31 |
est31 |
(no real one) |
| 12:31 |
|
proller joined #minetest-dev |
| 12:32 |
TenPlus1 |
est: I dont use those |
| 12:32 |
TenPlus1 |
since you told me about them |
| 12:33 |
TenPlus1 |
multicraft2 is allowing players to subvert server checking, owner privs and even protection privs |
| 12:33 |
est31 |
https://forum.minetest.net/viewtopic.php?p=184826#p184826 |
| 12:33 |
est31 |
Im talking about that |
| 12:33 |
TenPlus1 |
and apart from strict_protocol_version_checking limiting everyone not on server version, there's no way to check game actually running... |
| 12:34 |
TenPlus1 |
exactly est, since you posted I havent used it anymore |
| 12:34 |
est31 |
nice :) |
| 12:34 |
TenPlus1 |
but it's not just chests, they are getting passed doors too |
| 12:34 |
est31 |
yeah, that can't really be prevented right now. |
| 12:36 |
est31 |
(doors) |
| 12:36 |
TenPlus1 |
any way of making a global string on startup that checks game directory and lets us check against it |
| 12:36 |
est31 |
Chests should not be possible to be emptied, even with a cheating client |
| 12:37 |
TenPlus1 |
e.g. minetest runs so "minetest", freeminer runs so "freeminer"... this may help since they cant legally call game directory SAME name |
| 12:37 |
TenPlus1 |
well i dunno how but they did it here, also they have creative/give capabilities |
| 12:38 |
est31 |
do they? |
| 12:38 |
TenPlus1 |
yeah, have been giving stacks of items to othe rplayers including nyan rainbows... no way in hell they would even come close to finding a stack at all |
| 12:39 |
sfan5 |
<TenPlus1> e.g. minetest runs so "minetest", freeminer runs so "freeminer"... this may help since they cant legally call game directory SAME name |
| 12:39 |
est31 |
If we introduce such a "fork-identifier" for "multicraft", "minetest", "freeminer" etc, it wont be because of cheaters |
| 12:39 |
sfan5 |
there was a PR that made the client send its ident string in the connect packet |
| 12:39 |
est31 |
that wouldnt be legal |
| 12:39 |
sfan5 |
but it wasn't merged |
| 12:39 |
est31 |
legal use case i mean |
| 12:39 |
est31 |
bc clients can just fake it |
| 12:40 |
sfan5 |
you can however modify the server to force the client to fetch something from remote media and then capture the ident string sent as http user-agent |
| 12:40 |
TenPlus1 |
they could, yes... but running a game called "multicraft 2" and having a "minetest" identifier would be suspect on it's own |
| 12:40 |
sfan5 |
you can't sue them because they send the "wrong" bytes over the network |
| 12:41 |
TenPlus1 |
true... it's just sad that players can get onto a server and cause havoc with protection and ownership etc |
| 12:41 |
est31 |
first of all, I'd check that they don't have server privs or so |
| 12:41 |
est31 |
so that they really use a hacked client |
| 12:42 |
est31 |
then I would try to find out how they get things like these privs |
| 12:42 |
sfan5 |
^ |
| 12:42 |
est31 |
or capabilities, to give it a more neutral way |
| 12:42 |
VanessaE |
check for creative priv also. |
| 12:42 |
est31 |
and as a last step, prevent them :) |
| 12:42 |
VanessaE |
(if you use Unified Inventory) |
| 12:43 |
est31 |
s/way/term/ |
| 12:43 |
TenPlus1 |
they definitely used a hacked client, only 2 admin on server and that's myself and shinji, I checked their privs then quickly remvoked them for using hacked client |
| 12:43 |
TenPlus1 |
we use inventory++ (text edition) and zcg for recipe's... no creative enabled |
| 12:44 |
TenPlus1 |
not even for admin |
| 12:44 |
est31 |
TenPlus1, so you gave shinji admin privs, then removed them again? |
| 12:44 |
TenPlus1 |
no no, shinji is the owner of the server... |
| 12:44 |
TenPlus1 |
I'm the only admin |
| 12:44 |
est31 |
I see |
| 12:45 |
TenPlus1 |
the players who used hacked clients had their privs checked "interact shout money" then had them revoked |
| 12:47 |
est31 |
well, you can use some tricks in order to get nyan cats comparatively fast |
| 12:48 |
TenPlus1 |
really ? whole stacks ? |
| 12:48 |
est31 |
if you mine them for an hour, yes |
| 12:49 |
est31 |
that method really depends on how long they had access to the server with the hacked client |
| 12:49 |
TenPlus1 |
the client string sounds like a good idea though, I could check that on connect and kick anyone not using minetest |
| 12:50 |
est31 |
it wont keep cheaters out |
| 12:51 |
TenPlus1 |
not 100%, but it sure helps server owners check who's coming online |
| 12:52 |
est31 |
I'm generally for such a string identifier, but it won't help against cheaters |
| 12:53 |
est31 |
the only thing you can do with a hacked client is finding out what is inside locked chests. but you can't take out items |
| 12:54 |
TenPlus1 |
there's a mod in the forum that lets you edit the owner string , if that was somehow built into the new client/clone then it's possible |
| 12:54 |
est31 |
that mod needs server access |
| 12:55 |
TenPlus1 |
yes, the mod does, but the code could be changed and added so anyone can use it as a cheat |
| 12:55 |
est31 |
no |
| 12:55 |
est31 |
the protocol simply doesn't allow for it |
| 12:56 |
celeron55 |
the only way to disallow a modified client from avoiding the rules is to make the server check the rules |
| 12:56 |
est31 |
^ |
| 12:56 |
celeron55 |
there's no other way |
| 12:56 |
est31 |
full agree |
| 12:57 |
celeron55 |
the thing that sucks is that it's much easier to disable checks on the client than to add checks on the server |
| 12:59 |
est31 |
adding a proper "no noclip" prevention mechanism on the server is hard |
| 12:59 |
TenPlus1 |
nope, sorry, I disagree, I just ran a test server and changed the owner of a locked chest using a normal player with "interact shout" privs only |
| 12:59 |
TenPlus1 |
it was easy |
| 13:00 |
est31 |
TenPlus1, can you try to do it on my server? |
| 13:00 |
est31 |
connect to it, and change the owner |
| 13:00 |
est31 |
digitalaudioconcepts.com port 30020 |
| 13:00 |
TenPlus1 |
what I mean is, if the clone game uses the same mod code that allows to CHANGE owner status of a chest or door then it'll let you access almost anything |
| 13:01 |
TenPlus1 |
all you need is that 1 tool, if you had that mod installed then yes it would be easy... if I ran a minetest clone with that mod installed then YES it would be easy |
| 13:01 |
est31 |
well, in singleplayer |
| 13:01 |
* VanessaE |
tail -f's the log |
| 13:01 |
VanessaE |
I gotta see this. |
| 13:02 |
TenPlus1 |
no, I was running server... 2 users... 1 admin (who made and placed chest) and 1 normal user to managed to change owner string |
| 13:02 |
TenPlus1 |
look in forums for "ownerhack" mod |
| 13:02 |
est31 |
if you run a mod TenPlus1 that gives every player who joins server privs, then of course it is easy to steal from chests. |
| 13:02 |
est31 |
its not the engine's fault at this point |
| 13:02 |
TenPlus1 |
it didnt need server privs to work est31... |
| 13:03 |
est31 |
yeah, of course |
| 13:03 |
TenPlus1 |
I changed that part of the code so it only needed interact privs for the tool to work |
| 13:03 |
est31 |
but it is not our fault if you install a mod like that |
| 13:03 |
est31 |
on the server |
| 13:03 |
est31 |
the moment you install it, you basically enable everybody to do it |
| 13:04 |
VanessaE |
TenPlus1: please, do sign onto the server he pointed you to, and try it. |
| 13:04 |
TenPlus1 |
http://pastebin.com/sVZa5c5V |
| 13:04 |
TenPlus1 |
*sigh* est31, I do not have that mod on server |
| 13:04 |
TenPlus1 |
I'm giving you an example of how easy it could be to change the owner of a chest |
| 13:05 |
TenPlus1 |
by using a minetest clone RUNNING that mod |
| 13:05 |
est31 |
well it is totally easy, once you have that mod |
| 13:05 |
est31 |
but you need SERVER ACCESS |
| 13:05 |
TenPlus1 |
to install the mod, yes |
| 13:05 |
TenPlus1 |
but to use a clone with that mod included, no |
| 13:06 |
TenPlus1 |
I apologise if I'm not making myself clear. |
| 13:06 |
est31 |
they can install that mod on the client, its very well possible |
| 13:07 |
est31 |
but even if they do, it doesnt affect connections from the server. |
| 13:07 |
TenPlus1 |
- I could make a minetest clone called "noobcraft" and have that mod already included as a secret tool that players can craft to change any chest/door in any server they access |
| 13:07 |
est31 |
ermm no? |
| 13:08 |
est31 |
that tool would only be client side |
| 13:09 |
TenPlus1 |
then how do these clones allow access to chests/locked doors etc ? or to give ultimate stacks of items ? |
| 13:09 |
TenPlus1 |
if it's client side only |
| 13:09 |
est31 |
that's the big question |
| 13:10 |
TenPlus1 |
and this was my solution to a problem, nothing more |
| 13:11 |
TenPlus1 |
if the client-side minetest-clone can somehow run and use tools like this build into the client's game then all it needs is an area of map to be loaded to access information and possibly change it |
| 13:11 |
est31 |
it can access the information, but it can't change it |
| 13:12 |
TenPlus1 |
player inventory and health is server side ? |
| 13:12 |
est31 |
yes |
| 13:12 |
VanessaE |
as are chests. |
| 13:12 |
est31 |
yup |
| 13:12 |
TenPlus1 |
and yet he gave himself stacks of nyancat and rainbows and diamonds and crystal blocks |
| 13:13 |
TenPlus1 |
a noob of 2 days |
| 13:13 |
VanessaE |
now, while I think TenPlus1 is seriously overracting to some of this, in his defense, I HAVE heard of a client-side tool that'll let you somehow get stacks of stuff |
| 13:13 |
VanessaE |
overreacting* |
| 13:13 |
est31 |
TenPlus1, does it note in the log "invoked /give stackstring=nyan:rainbow"? |
| 13:14 |
TenPlus1 |
nope, nothing like that was ever logged |
| 13:14 |
TenPlus1 |
not for that player, and he certainly wasnt given it by myself |
| 13:15 |
est31 |
do you have the log where all player's dig events are recorded? |
| 13:15 |
est31 |
you know the server log |
| 13:15 |
TenPlus1 |
yes |
| 13:15 |
est31 |
for the last 2 days |
| 13:15 |
TenPlus1 |
everything is output to terminal |
| 13:15 |
est31 |
(the time that player was online) |
| 13:15 |
TenPlus1 |
dig/place/punch/attack etc |
| 13:15 |
est31 |
yup |
| 13:15 |
VanessaE |
TenPlus1: can't you get your hands on one of these clients and try it on est31's server? |
| 13:15 |
TenPlus1 |
I dont have an android phone to use it on |
| 13:16 |
TenPlus1 |
sorry |
| 13:16 |
VanessaE |
https://www.genymotion.com/ |
| 13:17 |
VanessaE |
(costs money though) |
| 13:17 |
VanessaE |
hm, free for NC use. |
| 13:20 |
TenPlus1 |
http://platinumcheats.com/multicraft-ii-hack-tool/ |
| 13:20 |
TenPlus1 |
that's the tool that the player was reported using on server |
| 13:21 |
VanessaE |
the textures look like minecraft... |
| 13:22 |
TenPlus1 |
http://appgamecheats.com/multicraft-ii-free-miner-cheats-tips-review/ look under heading "Multicraft II cheats & tips" |
| 13:22 |
TenPlus1 |
speed mining was seen also, |
| 13:22 |
TenPlus1 |
digging right through 4 locked doors at speed to glitch through |
| 13:23 |
TenPlus1 |
I don't wanna sound like a paranoid gaming nazi, but I do want to bring these points to the devs attention |
| 13:24 |
TenPlus1 |
players enjoy Minetest and make some amazing worlds on them, then having an idiot noob on a hacked client come along and take the fun out of things |
| 13:24 |
sfan5 |
VanessaE: the android sdk includes an android emulator |
| 13:24 |
VanessaE |
ohh |
| 13:39 |
|
eugd joined #minetest-dev |
| 13:42 |
TenPlus1 |
bye folks... |
| 13:54 |
|
Darcidride_ joined #minetest-dev |
| 14:14 |
|
Icedream joined #minetest-dev |
| 14:15 |
|
zat joined #minetest-dev |
| 14:18 |
|
zat joined #minetest-dev |
| 14:22 |
nrzkt |
est31: we could add a 1sec timer check to find if a player is inside a non possible non |
| 14:22 |
nrzkt |
it's simple to look at the current node where is the player and see if it's a solid node or node |
| 14:50 |
|
jin_xi joined #minetest-dev |
| 14:57 |
|
hmmmm joined #minetest-dev |
| 15:27 |
|
T4im joined #minetest-dev |
| 15:31 |
|
eugd joined #minetest-dev |
| 15:34 |
|
est31 joined #minetest-dev |
| 15:50 |
est31 |
ShadowNinja, there is lots of very trivial stuff like removig "stuff" from header comments in defaultsettings.cpp |
| 15:50 |
est31 |
that can be separated |
| 15:50 |
|
proller joined #minetest-dev |
| 15:50 |
est31 |
then you have the non trivial changes separate from those where its more than just comment adjustment, variable renaming or whitespace changes |
| 15:51 |
est31 |
eg you edit one file only because to rename a variable |
| 15:51 |
est31 |
that are things that can be made separate |
| 15:52 |
|
proller joined #minetest-dev |
| 15:53 |
T4im |
what tenplus described earlier.. perhaps session hijacking or spoofing? sending network packets as someone else (like an admin or perhaps as singleplayer)? |
| 16:00 |
|
rubenwardy joined #minetest-dev |
| 16:04 |
|
Hunterz joined #minetest-dev |
| 16:17 |
est31 |
that doesnt work |
| 16:17 |
est31 |
we check the identity |
| 16:17 |
est31 |
by ip |
| 16:27 |
est31 |
T4im, https://github.com/minetest/minetest/blob/master/src/network/connection.cpp#L2195 |
| 16:29 |
eugd |
#3199 should be good |
| 16:29 |
ShadowBot |
https://github.com/minetest/minetest/issues/3199 -- split map_generation_limit into x/y/z components by EUGD |
| 17:02 |
T4im |
ah, thanks est31 |
| 17:14 |
|
nrzkt joined #minetest-dev |
| 17:17 |
|
eugd left #minetest-dev |
| 17:19 |
|
julienrat joined #minetest-dev |
| 17:19 |
|
julienrat left #minetest-dev |
| 17:22 |
nrzkt |
Vanessae ? |
| 17:22 |
nrzkt |
VanessaE* ? |
| 17:34 |
|
Robert_Zenz joined #minetest-dev |
| 17:39 |
nrzkt |
VannessaE: #3238 should be interesting for you :). est31 can you review ? :) |
| 17:39 |
ShadowBot |
https://github.com/minetest/minetest/issues/3238 -- Fix players removed by object limit per node by nerzhul |
| 17:45 |
|
julienrat joined #minetest-dev |
| 17:55 |
est31 |
nrzkt, your code doesn't change behaviour: just look here: https://github.com/minetest/minetest/blob/8d03301138c0e82728d61b957ea47a5a4061633a/src/content_sao.cpp#L830-L833 |
| 17:55 |
est31 |
and here https://github.com/minetest/minetest/blob/fixplayersao_removal_mapnode_full/src/environment.cpp#L1501 |
| 17:56 |
est31 |
sorry here https://github.com/minetest/minetest/blob/fixplayersao_removal_mapnode_full/src/environment.cpp#L1830 |
| 17:56 |
est31 |
unfortunately it isnt that simple... |
| 17:56 |
est31 |
perhaps it is :) |
| 17:57 |
est31 |
but the fix is no fix |
| 18:00 |
nrzkt |
est31: i noticed my wife playerSAO object was deleted from world exactly by this message |
| 18:01 |
nrzkt |
but yes you are right static is not allowed |
| 18:01 |
nrzkt |
but the object was deleted there from meory :s |
| 18:01 |
nrzkt |
maybe be sure by adding the check could be good to prevent this |
| 18:01 |
nrzkt |
i will test it on my server because it happens 1 or twice a week to my wife |
| 18:02 |
est31 |
test it, best you put a log message there |
| 18:03 |
est31 |
e.g. if (block->m_static_objects.m_stored.size() >= g_settings->getU16("max_objects_per_block") && obj->getType() == ACTIVEOBJECT_TYPE_PLAYER ) "OH NO, reached unreachable code!!"; |
| 18:03 |
est31 |
note the == |
| 18:06 |
est31 |
but I dont think it should be added to minetest |
| 18:09 |
|
Darcidride joined #minetest-dev |
| 18:09 |
est31 |
nrzkt, how do you know it has deleted your wife? |
| 18:09 |
nrzkt |
it's simple |
| 18:10 |
nrzkt |
ingame my wife could not do anything, the server runs properly, player is connected but SAO didn't react |
| 18:10 |
nrzkt |
and disappears |
| 18:10 |
nrzkt |
if you set another player in the place where she is |
| 18:10 |
|
julienrat left #minetest-dev |
| 18:20 |
est31 |
no log message that confirmed that the SAO was your wife? |
| 18:20 |
est31 |
i mean the id |
| 18:21 |
est31 |
perhaps it would make sense to track the player's id |
| 18:21 |
est31 |
when they log in |
| 18:21 |
|
julienrat1 joined #minetest-dev |
| 18:37 |
nrzkt |
i see a id but don't resolve it |
| 19:16 |
|
rubenwardy joined #minetest-dev |
| 19:21 |
|
DFeniks joined #minetest-dev |
| 19:26 |
|
Player_2 joined #minetest-dev |
| 19:58 |
|
eugd joined #minetest-dev |
| 20:17 |
|
nanepiwo joined #minetest-dev |
| 20:31 |
|
AnotherBrick joined #minetest-dev |
| 20:32 |
|
Amaz joined #minetest-dev |
| 20:45 |
|
misprint joined #minetest-dev |
| 21:49 |
|
julienrat joined #minetest-dev |
| 21:58 |
|
eugd joined #minetest-dev |
| 22:40 |
|
proller joined #minetest-dev |
| 22:50 |
|
paramat joined #minetest-dev |
| 22:51 |
|
Icedream joined #minetest-dev |
| 22:52 |
paramat |
i made some progress chasing the fractal mapgen bug, here's the issue #3239 fixing this makes fractal mapgen usable |
| 22:52 |
ShadowBot |
https://github.com/minetest/minetest/issues/3239 -- Error when reading float mapgen parameters from map_meta.txt (fractal mapgen bug) |
| 22:52 |
paramat |
^ hmmmm |
| 23:00 |
|
Icedream joined #minetest-dev |
| 23:07 |
|
Icedream joined #minetest-dev |
| 23:29 |
|
paramat left #minetest-dev |
| 23:36 |
|
Icedream joined #minetest-dev |
| 23:59 |
|
eugd left #minetest-dev |
