Minetest logo

IRC log for #minetest-dev, 2015-10-08

| Channels | #minetest-dev index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:01 Icedream joined #minetest-dev
00:20 AnotherBrick joined #minetest-dev
00:59 turtleman_ joined #minetest-dev
01:01 Soni joined #minetest-dev
01:03 proller joined #minetest-dev
01:11 misprint joined #minetest-dev
02:25 Icedream joined #minetest-dev
03:02 paramat joined #minetest-dev
03:06 paramat hmmmm i made some progress in tracking down the bug in fractal mapgen, by using printfs, see conclusion at end of https://gist.github.com/paramat/1abc35738301624e97a9
03:22 zat joined #minetest-dev
04:03 Ardonel joined #minetest-dev
04:26 paramat #3236 back later
04:26 ShadowBot https://github.com/minetest/minetest/issues/3236 -- Mapgen: Use mapgen-specific names for constants in headers by paramat
04:26 paramat left #minetest-dev
05:29 Miner_48er joined #minetest-dev
05:42 paramat joined #minetest-dev
05:54 Hunterz joined #minetest-dev
06:06 nyje joined #minetest-dev
06:16 Calinou joined #minetest-dev
06:25 paramat left #minetest-dev
06:37 Krock joined #minetest-dev
07:32 jin_xi joined #minetest-dev
08:05 nrzkt joined #minetest-dev
09:09 julienrat joined #minetest-dev
09:14 julienrat left #minetest-dev
09:19 Megaf joined #minetest-dev
11:40 est31 joined #minetest-dev
12:03 TenPlus1 joined #minetest-dev
12:03 TenPlus1 hi folks
12:04 VanessaE hello
12:04 TenPlus1 VanessaE, how do you handle minetest clones connecting to your servers ?
12:05 VanessaE I just let them connect and play normally.
12:05 VanessaE I got tired of trying to "shoo" them awayu
12:05 VanessaE -u
12:06 TenPlus1 the newer clones have cheats build-in that allow players to subvert owned doors/chests/protection
12:06 VanessaE I wasn't aware of that.
12:06 VanessaE well I have anti-cheat turned on in my servers
12:06 VanessaE but that doesn't help much
12:07 TenPlus1 just got a few emails from players warning me about it, some players going around emptying chests and getting into places they shouldnt
12:07 VanessaE it should be impossible to empty out a locked, not-owned-by-you chest
12:07 TenPlus1 was hoping for a global string that tells you that you are playing on "minetest" or "freeminer" or "whatever" so I can disconnect before they join
12:07 VanessaE I'd think the server would stop that.
12:07 sfan5 ^ it would
12:08 TenPlus1 sadly no, it's happened to Xanadu's maze doors and chests, all empty by a new player
12:08 misprint joined #minetest-dev
12:11 TenPlus1 Mine Clone II is one of the offending apps with built-in cheats
12:14 Darcidride joined #minetest-dev
12:15 TenPlus1 and just reported that Multicraft 2 has cheats built in also
12:20 proller joined #minetest-dev
12:30 proller joined #minetest-dev
12:31 est31 TenPlus1, the chests cheat only works because you allow it
12:31 est31 I warned you months ago about it
12:31 est31 and there is no speedup
12:31 est31 (no real one)
12:31 proller joined #minetest-dev
12:32 TenPlus1 est: I dont use those
12:32 TenPlus1 since you told me about them
12:33 TenPlus1 multicraft2 is allowing players to subvert server checking, owner privs and even protection privs
12:33 est31 https://forum.minetest.net/viewtopic.php?p=184826#p184826
12:33 est31 Im talking about that
12:33 TenPlus1 and apart from strict_protocol_version_checking limiting everyone not on server version, there's no way to check game actually running...
12:34 TenPlus1 exactly est, since you posted I havent used it anymore
12:34 est31 nice :)
12:34 TenPlus1 but it's not just chests, they are getting passed doors too
12:34 est31 yeah, that can't really be prevented right now.
12:36 est31 (doors)
12:36 TenPlus1 any way of making a global string on startup that checks game directory and lets us check against it
12:36 est31 Chests should not be possible to be emptied, even with a cheating client
12:37 TenPlus1 e.g.  minetest runs so "minetest", freeminer runs so "freeminer"... this may help since they cant legally call game directory SAME name
12:37 TenPlus1 well i dunno how but they did it here, also they have creative/give capabilities
12:38 est31 do they?
12:38 TenPlus1 yeah, have been giving stacks of items to othe rplayers including nyan rainbows... no way in hell they would even come close to finding a stack at all
12:39 sfan5 <TenPlus1> e.g.  minetest runs so "minetest", freeminer runs so "freeminer"... this may help since they cant legally call game directory SAME name
12:39 est31 If we introduce such a "fork-identifier" for "multicraft", "minetest", "freeminer" etc, it wont be because of cheaters
12:39 sfan5 there was a PR that made the client send its ident string in the connect packet
12:39 est31 that wouldnt be legal
12:39 sfan5 but it wasn't merged
12:39 est31 legal use case i mean
12:39 est31 bc clients can just fake it
12:40 sfan5 you can however modify the server to force the client to fetch something from remote media and then capture the ident string sent as http user-agent
12:40 TenPlus1 they could, yes... but running a game called "multicraft 2" and having a "minetest" identifier would be suspect on it's own
12:40 sfan5 you can't sue them because they send the "wrong" bytes over the network
12:41 TenPlus1 true... it's just sad that players can get onto a server and cause havoc with protection and ownership etc
12:41 est31 first of all, I'd check that they don't have server privs or so
12:41 est31 so that they really use a hacked client
12:42 est31 then I would try to find out how they get things like these privs
12:42 sfan5 ^
12:42 est31 or capabilities, to give it a more neutral way
12:42 VanessaE check for creative priv also.
12:42 est31 and as a last step, prevent them :)
12:42 VanessaE (if you use Unified Inventory)
12:43 est31 s/way/term/
12:43 TenPlus1 they definitely used a hacked client, only 2 admin on server and that's myself and shinji, I checked their privs then quickly remvoked them for using hacked client
12:43 TenPlus1 we use inventory++ (text edition) and zcg for recipe's... no creative enabled
12:44 TenPlus1 not even for admin
12:44 est31 TenPlus1, so you gave shinji admin privs, then removed them again?
12:44 TenPlus1 no no, shinji is the owner of the server...
12:44 TenPlus1 I'm the only admin
12:44 est31 I see
12:45 TenPlus1 the players who used hacked clients had their privs checked "interact shout money" then had them revoked
12:47 est31 well, you can use some tricks in order to get nyan cats comparatively fast
12:48 TenPlus1 really ? whole stacks ?
12:48 est31 if you mine them for an hour, yes
12:49 est31 that method really depends on how long they had access to the server with the hacked client
12:49 TenPlus1 the client string sounds like a good idea though, I could check that on connect and kick anyone not using minetest
12:50 est31 it wont keep cheaters out
12:51 TenPlus1 not 100%, but it sure helps server owners check who's coming online
12:52 est31 I'm generally for such a string identifier, but it won't help against cheaters
12:53 est31 the only thing you can do with a hacked client is finding out what is inside locked chests. but you can't take out items
12:54 TenPlus1 there's a mod in the forum that lets you edit the owner string , if that was somehow built into the new client/clone then it's possible
12:54 est31 that mod needs server access
12:55 TenPlus1 yes, the mod does, but the code could be changed and added so anyone can use it as a cheat
12:55 est31 no
12:55 est31 the protocol simply doesn't allow for it
12:56 celeron55 the only way to disallow a modified client from avoiding the rules is to make the server check the rules
12:56 est31 ^
12:56 celeron55 there's no other way
12:56 est31 full agree
12:57 celeron55 the thing that sucks is that it's much easier to disable checks on the client than to add checks on the server
12:59 est31 adding a proper "no noclip" prevention mechanism on the server is hard
12:59 TenPlus1 nope, sorry, I disagree, I just ran a test server and changed the owner of a locked chest using a normal player with "interact shout" privs only
12:59 TenPlus1 it was easy
13:00 est31 TenPlus1, can you try to do it on my server?
13:00 est31 connect to it, and change the owner
13:00 est31 digitalaudioconcepts.com port 30020
13:00 TenPlus1 what I mean is, if the clone game uses the same mod code that allows to CHANGE owner status of a chest or door then it'll let you access almost anything
13:01 TenPlus1 all you need is that 1 tool, if you had that mod installed then yes it would be easy... if I ran a minetest clone with that mod installed then YES it would be easy
13:01 est31 well, in singleplayer
13:01 * VanessaE tail -f's the log
13:01 VanessaE I gotta see this.
13:02 TenPlus1 no, I was running server... 2 users... 1 admin (who made and placed chest) and 1 normal user to managed to change owner string
13:02 TenPlus1 look in forums for "ownerhack" mod
13:02 est31 if you run a mod TenPlus1 that gives every player who joins server privs, then of course it is easy to steal from chests.
13:02 est31 its not the engine's fault at this point
13:02 TenPlus1 it didnt need server privs to work est31...
13:03 est31 yeah, of course
13:03 TenPlus1 I changed that part of the code so it only needed interact privs for the tool to work
13:03 est31 but it is not our fault if you install a mod like that
13:03 est31 on the server
13:03 est31 the moment you install it, you basically enable everybody to do it
13:04 VanessaE TenPlus1: please, do sign onto the server he pointed you to, and try it.
13:04 TenPlus1 http://pastebin.com/sVZa5c5V
13:04 TenPlus1 *sigh* est31, I do not have that mod on server
13:04 TenPlus1 I'm giving you an example of how easy it could be to change the owner of a chest
13:05 TenPlus1 by using a minetest clone RUNNING that mod
13:05 est31 well it is totally easy, once you have that mod
13:05 est31 but you need SERVER ACCESS
13:05 TenPlus1 to install the mod, yes
13:05 TenPlus1 but to use a clone with that mod included, no
13:06 TenPlus1 I apologise if I'm not making myself clear.
13:06 est31 they can install that mod on the client, its very well possible
13:07 est31 but even if they do, it doesnt affect connections from the server.
13:07 TenPlus1 - I could make a minetest clone called "noobcraft" and have that mod already included as a secret tool that players can craft to change any chest/door in any server they access
13:07 est31 ermm no?
13:08 est31 that tool would only be client side
13:09 TenPlus1 then how do these clones allow access to chests/locked doors etc ? or to give ultimate stacks of items ?
13:09 TenPlus1 if it's client side only
13:09 est31 that's the big question
13:10 TenPlus1 and this was my solution to a problem, nothing more
13:11 TenPlus1 if the client-side minetest-clone can somehow run and use tools like this build into the client's game then all it needs is an area of map to be loaded to access information and possibly change it
13:11 est31 it can access the information, but it can't change it
13:12 TenPlus1 player inventory and health is server side ?
13:12 est31 yes
13:12 VanessaE as are chests.
13:12 est31 yup
13:12 TenPlus1 and yet he gave himself stacks of nyancat and rainbows and diamonds and crystal blocks
13:13 TenPlus1 a noob of 2 days
13:13 VanessaE now, while I think TenPlus1 is seriously overracting to some of this, in his defense, I HAVE heard of a client-side tool that'll let you somehow get stacks of stuff
13:13 VanessaE overreacting*
13:13 est31 TenPlus1, does it note in the log "invoked /give stackstring=nyan:rainbow"?
13:14 TenPlus1 nope, nothing like that was ever logged
13:14 TenPlus1 not for that player, and he certainly wasnt given it by myself
13:15 est31 do you have the log where all player's dig events are recorded?
13:15 est31 you know the server log
13:15 TenPlus1 yes
13:15 est31 for the last 2 days
13:15 TenPlus1 everything is output to terminal
13:15 est31 (the time that player was online)
13:15 TenPlus1 dig/place/punch/attack etc
13:15 est31 yup
13:15 VanessaE TenPlus1: can't you get your hands on one of these clients and try it on est31's server?
13:15 TenPlus1 I dont have an android phone to use it on
13:16 TenPlus1 sorry
13:16 VanessaE https://www.genymotion.com/
13:17 VanessaE (costs money though)
13:17 VanessaE hm, free for NC use.
13:20 TenPlus1 http://platinumcheats.com/multicraft-ii-hack-tool/
13:20 TenPlus1 that's the tool that the player was reported using on server
13:21 VanessaE the textures look like minecraft...
13:22 TenPlus1 http://appgamecheats.com/multicraft-ii-free-miner-cheats-tips-review/ look under heading "Multicraft II cheats & tips"
13:22 TenPlus1 speed mining was seen also,
13:22 TenPlus1 digging right through 4 locked doors at speed to glitch through
13:23 TenPlus1 I don't wanna sound like a paranoid gaming nazi, but I do want to bring these points to the devs attention
13:24 TenPlus1 players enjoy Minetest and make some amazing worlds on them, then having an idiot noob on a hacked client come along and take the fun out of things
13:24 sfan5 VanessaE: the android sdk includes an android emulator
13:24 VanessaE ohh
13:39 eugd joined #minetest-dev
13:42 TenPlus1 bye folks...
13:54 Darcidride_ joined #minetest-dev
14:14 Icedream joined #minetest-dev
14:15 zat joined #minetest-dev
14:18 zat joined #minetest-dev
14:22 nrzkt est31: we could add a 1sec timer check to find if a player is inside a non possible non
14:22 nrzkt it's simple to look at the current node where is the player and see if it's a solid node or node
14:50 jin_xi joined #minetest-dev
14:57 hmmmm joined #minetest-dev
15:27 T4im joined #minetest-dev
15:31 eugd joined #minetest-dev
15:34 est31 joined #minetest-dev
15:50 est31 ShadowNinja, there is lots of very trivial stuff like removig "stuff" from header comments in defaultsettings.cpp
15:50 est31 that can be separated
15:50 proller joined #minetest-dev
15:50 est31 then you have the non trivial changes separate from those where its more than just comment adjustment, variable renaming or whitespace changes
15:51 est31 eg you edit one file only because to rename a variable
15:51 est31 that are things that can be made separate
15:52 proller joined #minetest-dev
15:53 T4im what tenplus described earlier.. perhaps session hijacking or spoofing? sending network packets as someone else (like an admin or perhaps as singleplayer)?
16:00 rubenwardy joined #minetest-dev
16:04 Hunterz joined #minetest-dev
16:17 est31 that doesnt work
16:17 est31 we check the identity
16:17 est31 by ip
16:27 est31 T4im, https://github.com/minetest/minetest/blob/master/src/network/connection.cpp#L2195
16:29 eugd #3199 should be good
16:29 ShadowBot https://github.com/minetest/minetest/issues/3199 -- split map_generation_limit into x/y/z components by EUGD
17:02 T4im ah, thanks est31
17:14 nrzkt joined #minetest-dev
17:17 eugd left #minetest-dev
17:19 julienrat joined #minetest-dev
17:19 julienrat left #minetest-dev
17:22 nrzkt Vanessae ?
17:22 nrzkt VanessaE* ?
17:34 Robert_Zenz joined #minetest-dev
17:39 nrzkt VannessaE: #3238 should be interesting for you :). est31 can you review ? :)
17:39 ShadowBot https://github.com/minetest/minetest/issues/3238 -- Fix players removed by object limit per node by nerzhul
17:45 julienrat joined #minetest-dev
17:55 est31 nrzkt, your code doesn't change behaviour: just look here: https://github.com/minetest/minetest/blob/8d03301138c0e82728d61b957ea47a5a4061633a/src/content_sao.cpp#L830-L833
17:55 est31 and here https://github.com/minetest/minetest/blob/fixplayersao_removal_mapnode_full/src/environment.cpp#L1501
17:56 est31 sorry here https://github.com/minetest/minetest/blob/fixplayersao_removal_mapnode_full/src/environment.cpp#L1830
17:56 est31 unfortunately it isnt that simple...
17:56 est31 perhaps it is :)
17:57 est31 but the fix is no fix
18:00 nrzkt est31: i noticed my wife playerSAO object was deleted from world exactly by this message
18:01 nrzkt but yes you are right static is not allowed
18:01 nrzkt but the object was deleted there from meory :s
18:01 nrzkt maybe be sure by adding the check could be good to prevent this
18:01 nrzkt i will test it on my server because it happens 1 or twice a week to my wife
18:02 est31 test it, best you put a log message there
18:03 est31 e.g. if (block->m_static_objects.m_stored.size() >= g_settings->getU16("max_objects_per_block") && obj->getType() == ACTIVEOBJECT_TYPE_PLAYER ) "OH NO, reached unreachable code!!";
18:03 est31 note the ==
18:06 est31 but I dont think it should be added to minetest
18:09 Darcidride joined #minetest-dev
18:09 est31 nrzkt, how do you know it has deleted your wife?
18:09 nrzkt it's simple
18:10 nrzkt ingame my wife could not do anything, the server runs properly, player is connected but SAO didn't react
18:10 nrzkt and disappears
18:10 nrzkt if you set another player in the place where she is
18:10 julienrat left #minetest-dev
18:20 est31 no log message that confirmed that the SAO was your wife?
18:20 est31 i mean the id
18:21 est31 perhaps it would make sense to track the player's id
18:21 est31 when they log in
18:21 julienrat1 joined #minetest-dev
18:37 nrzkt i see a id but don't resolve it
19:16 rubenwardy joined #minetest-dev
19:21 DFeniks joined #minetest-dev
19:26 Player_2 joined #minetest-dev
19:58 eugd joined #minetest-dev
20:17 nanepiwo joined #minetest-dev
20:31 AnotherBrick joined #minetest-dev
20:32 Amaz joined #minetest-dev
20:45 misprint joined #minetest-dev
21:49 julienrat joined #minetest-dev
21:58 eugd joined #minetest-dev
22:40 proller joined #minetest-dev
22:50 paramat joined #minetest-dev
22:51 Icedream joined #minetest-dev
22:52 paramat i made some progress chasing the fractal mapgen bug, here's the issue #3239 fixing this makes fractal mapgen usable
22:52 ShadowBot https://github.com/minetest/minetest/issues/3239 -- Error when reading float mapgen parameters from map_meta.txt (fractal mapgen bug)
22:52 paramat ^ hmmmm
23:00 Icedream joined #minetest-dev
23:07 Icedream joined #minetest-dev
23:29 paramat left #minetest-dev
23:36 Icedream joined #minetest-dev
23:59 eugd left #minetest-dev

| Channels | #minetest-dev index | Today | | Google Search | Plaintext