Time  Nick      Message
00:01 hmmmm     paramat:  4174 looks good to me if you include a note that you don't create the heightmap in generateBaseTerrain anymore
00:09 paramat   ok thanks
00:23 hmmmm     liquids are typically floodable, right?
00:25 hmmmm     hmm nope, air is floodable, liquids are not floodable
00:25 paramat   correct, i hadn't considered that
00:27 paramat   not sure it's wise
00:28 paramat   floodable sortof means vacuum or gas
00:29 hmmmm     yeah I'm asking because I'm doing a review on that updateLiquids fix/optimization
00:29 hmmmm     https://github.com/minetest/minetest/pull/4065#discussion_r65467058
00:32 hmmmm     ahhh
00:32 hmmmm     very subtle
00:33 hmmmm     notice how the node being checked for floodable is the current node, not the node above the current node
00:33 hmmmm     i and j kinda look alike
00:33 hmmmm     okay, the logic for this function is much more logical now
00:56 paramat   looking at 4065 now and will look more after food
01:08 paramat   there is talk of adding an 'on flood' callback so that certain nodes can trigger an action when flooded (drop node, extinguish torch etc). someone suggested allowing water to flood lava to trigger a lavacooling action. so i guess a floodable liquid *could* happen
01:11 hmmmm     yeah
01:11 hmmmm     talking about floods
01:12 hmmmm     in minecraft there's a mechanism of liquid mechanics where if enough liquid nodes surround a floodable area, it'll rapidly fill up the gap
01:18 hmmmm     I think this is what I'm talking about:  https://youtu.be/bi80MBXIAu4?list=PLvh8CGg6LWwqcebmuPL36z7UFp_aRFHlH&t=971
01:20 VanessaE  aside from MC filling the water in faster, it looks more or less the same as MT.
05:56 paramat   please can anyone review #4163 ?
05:56 ShadowBot https://github.com/minetest/minetest/issues/4163 -- Sky: Darker, bluer sky and improved horizon haze at night by paramat
06:18 paramat   will merge #4174 once checks are done
06:18 ShadowBot https://github.com/minetest/minetest/issues/4174 -- Mgv7: Always carve river channels in mountain terrain by paramat
06:25 paramat   merging
06:38 paramat   done
06:48 paramat   hmmmm, some explanation from t4im was added to #3176
06:48 ShadowBot https://github.com/minetest/minetest/issues/3176 -- Don't have Schematic sources assign schematics to globals
07:05 hmmmm     I get what t4im means, it's just that i don't get what minetest needs to have in order to do that...
07:05 hmmmm     he wants a .lua source code file to effectively work like a schematic file
07:19 paramat   #1908 could perhaps be merged
07:19 ShadowBot https://github.com/minetest/minetest/issues/1908 -- Make maximal view bobbing speed faster by Calinou
07:36 hmmmm     where to start with that one...
07:37 hmmmm     first of all the PR title says "make maximal view bobbing speed faster" but that's not true
07:37 hmmmm     that makes the minimum view bobbing speed faster
07:38 paramat   hmmmm will your upcoming mapgen settings changes make #2561 non-applicable? (sorry for topic change)
07:38 ShadowBot https://github.com/minetest/minetest/issues/2561 -- Add mapgen settings to create world dialog by srifqi
07:38 hmmmm     rather, nevermind
07:39 hmmmm     i misunderstood
07:39 hmmmm     i'll approve of 1908
07:39 paramat   ok
07:39 hmmmm     but wait though
07:39 hmmmm     does the player's speed typically get above 40?
07:40 paramat   well i think it's requested for sprint mods or potions etc
07:40 hmmmm     i just want to check first
07:41 hmmmm     if this is going to affect normal gameplay, then it becomes a matter of preference
07:42 paramat   yes i'm unsure if it's just a rarely hit upper limit to stop too-fast motion during glitches
07:42 paramat   guess i shouldn't have +1
07:44 hmmmm     ahh okay
07:44 hmmmm     so i just tested it, and walking normally is 40
07:45 hmmmm     sprinting is 200
07:45 hmmmm     so, yes, it does make a very noticable change to the default gameplay
07:46 Calinou   paramat: the value might be too high
07:46 Calinou   60 should be plenty as max view bobbing speed
07:50 paramat   is it in nodes per second x 10?
07:51 hmmmm     i think so.
07:51 hmmmm     i'm retracting my +1...
07:53 Calinou   paramat: yes because it's in Irrlicht units
07:53 Calinou   hmmmm: yeah that PR can be closed, I can make a new one
07:53 hmmmm     why..?
07:53 hmmmm     do PRs get moldy?
07:53 paramat   a normal speed bob seems wrong if somehow travelling faster, i would tune it to a reasonable fastest bob
07:53 Calinou   I could redo the commit if I find how
07:54 paramat   PR doesn't need rebasing
07:54 Calinou   hmmmm: by the way, you said that Signed-off-by commits are forbidden in Minetest Git, but does that disallow all GPG-signed commits? I've tried signing a commit and it has no Signed-off-by line in commit message
07:54 hmmmm     wait, I didn't say that
07:54 hmmmm     I'm pretty sure est said that
07:54 Calinou   someone else did in Minetest
07:54 Calinou   maybe not sure
07:54 Calinou   maybe not you*
07:55 hmmmm     I don't know anything about those to be honest
07:55 paramat   oops it does need rebase
07:55 Calinou   GitHub offers fancy "Verified" badges for GPG-signed commits, so people are using these more now
07:55 Calinou   like https://github.com/godotengine/godot/commits/master
07:55 hmmmm     why would it matter for adjusting a number...
07:55 Calinou   it looks good :3
07:55 hmmmm     well i'd hold off and see what everybody else says
07:56 hmmmm     i don't get why you'd only want some commits to be verified and not all of them
08:03 Zeno`     est31 had a good reason for disallowing them, I just can't remember what it was atm :)
08:04 Zeno`     but at the time it was being discussed I do recall asking why they'd be a problem
08:18 paramat   any more disapprovals for #3898 ?
08:18 ShadowBot https://github.com/minetest/minetest/issues/3898 -- Make item groups support floating point values by ShadowNinja
12:22 est31     There are generally two reasons for disallowing signed git commits, the second one being a half-reason:
12:23 est31     1. what is inside contributing.mc
12:23 est31     md*
12:23 est31     https://github.com/minetest/minetest/blob/master/CONTRIBUTING.md
12:23 est31     and 2.
12:23 est31     It of course breaks with how we merge prs
12:23 est31     because right now we just take the patch file and am it
12:23 est31     and that destroys the signature anyway
12:24 est31     so even if we *allowed* signed commits, we would not get them anyway
12:24 est31     except for commits from core devs which get pushed directly
12:25 est31     so essentially its this bug report which is the cause for the strict ban: https://bugs.launchpad.net/bzr-git/+bug/1084403
12:51 est31     Calinou, see my answer above
12:51 est31     hmmm is right it was me who forbid it :)
12:52 Calinou   right, launchpad :p
12:53 est31     I have nothing against signed-off-by btw
12:53 est31     no problem with that, just it should be used consistently
13:36 est31     but generally Calinou in the future if that bug is resolved I might use signed commits myself
13:38 Zeno`     It's a bit redundant
13:38 Zeno`     I.e. if a dev commits something then... well, they "signed it off"
14:34 Calinou   Zeno`: it's easy to impersonate Git commits IIRC
14:34 Calinou   it's added security and verifiability, nice to have
14:40 est31     https://github.com/jayphelps/git-blame-someone-else
14:40 est31     https://github.com/jayphelps/git-blame-someone-else/commit/e5cfe4bb2190a2ae406d5f0b8f49c32ac0f01cd7
14:41 Zeno`     that's just amend author isn't it?
14:41 est31     yeah
14:42 Zeno`     so to actually push it'd still be me doing the pushing
14:42 est31     yeah
14:42 est31     well with this signed commit stuff github has added a feature where you can verify a change was really made by a certain person
14:45 GnomeKris I got over 25 emails last night for every little update to the github. lmao
14:45 Zeno`     I don't get it to be honest. To push to minetest master it uses RSA anyway
14:45 est31     well you have to log in to github in order to do it
14:45 Zeno`     If I decided to start amending authors I'm sure somebody would notice hehe
14:46 Zeno`     to push to minetest origin?
14:46 est31     yeah
14:46 Zeno`     How do you push without logging in?
14:46 est31     you can use github password based auth as well
14:46 est31     no ssh keys needed
14:46 Zeno`     well, that's the problem not git (surely)
14:47 Zeno`     I mean... how would anyone get my private key?
14:47 Zeno`     even if they had my github password
14:47 est31     shrug, if minetest wasn't a stupid game but idk a crypto library or something I would support a requirement to sign all commits
14:47 Zeno`     github should change that heh
14:48 est31     Zeno`, for example by opening a PR which contains malicious code and you download and compile it without looking at the changes
14:48 Zeno`     so you can push without RSA?
14:48 est31     and then it copies the ~/.ssh/ to some hacker owned place
14:48 est31     then they have your key
14:49 Zeno`     yeah ok
14:49 Zeno`     and how does signing get around that?
14:50 est31     not at all :)
14:50 Zeno`     haha :D
14:50 est31     you can of course get a hardware token that signs the commits
14:50 Zeno`     I dunno if we need hardware tokens heh
14:50 est31     yubikey I think
14:50 est31     the kernel requires this from its maintainers
14:51 Zeno`     If we did I'd lose mine within days... I lose everything
14:51 est31     you need a hw token to sign commits
14:51 est31     but we are a voxel game
14:52 est31     not security relevant software
14:53 Zeno`     I actaully don't have a ~/.ssh/ directory
14:53 Zeno`     mine is called ~/.secretstuffhere/
14:53 Zeno`     doh!
14:53 Zeno`     now I need to change :(
14:53 est31     lol
14:54 est31     well of course the ultimate virus hacker reads your /etc/sshd.conf and then determines the dir based on that
14:55 est31     maybe in the future with wayland and this xdg-app and snappy stuff we'll see more sandboxing
15:57 est31     OMG
15:57 est31     I shouldnt have looked into github notifications
16:05 sofar     haha, yeah
16:06 sofar     the other day mine was longer than a whole screen full
16:21 Zeno`     est31, how is writing to an out-of-bounds address going to get you the value that the address(es) contain(s)?
16:21 est31     idk
16:22 est31     but if that address contains the pointer to the next elem in a linked list
16:22 est31     and that address is currently 0, so it means the list is empty
16:22 est31     and now you write a new address into it
16:22 est31     to memory controlled by you
16:22 est31     and that linked list was the list of privs of a player
16:23 est31     or idk
16:23 est31     something else you can abuse to get shell access
16:23 nore      est31: well, it won't happen with the lua api, will it?
16:24 nore      I mean, even voxelmanips are not dangerous
16:24 nore      since they convert their data into a lua table
16:24 nore      and you can write anywhere you want in a lua table
16:26 Zeno`     correct
16:27 est31     well VoxelManips dont put their data into a table
16:27 est31     they offer normal index based access, no?
16:28 Zeno`     not that I know of but I'd have to check the code
16:28 est31     set_node_at
16:28 est31     http://rubenwardy.com/minetest_modding_book/lua_api.html#set_node_atposnode
16:30 est31     Hrmmm setNodeNoEmerge does do a check
16:31 Zeno`     MapNode readnode(lua_State *L, int index, INodeDefManager *ndef)
16:31 Zeno`     that's a copy
16:31 Zeno`     and yes
16:32 est31     readnode is not the issue here
16:32 est31     reading nodes is fine
16:32 est31     just writing them outside of the boundaries of the manip
16:37 est31     tbh I don't really know what is going wrong here.
16:37 Zeno`     well, walking through the code briefly I can't see a real issue but if someone wants to do an audit then *shrug* :)
16:38 est31     from what I see set_node_at does make a boundary check
16:38 Zeno`     yeah it checks m_area.contains(p)
16:38 Zeno`     (or i)
16:40 Zeno`     It can't hurt to check
16:41 Zeno`     I personally think the "issue" as reported doesn't really exist though heh
16:41 Zeno`     I'm happy to be proved wrong
16:43 est31     See my comment on #2685
16:43 ShadowBot https://github.com/minetest/minetest/issues/2685 -- Writing outside the VoxelManip boundaries modifies weird locations on the map.
16:43 est31     my check was not too thorough, so an additional pair of eyes could help
16:44 Zeno`     my check was not thorough either... if someone can provide a test case to demonstrate the "issue" that'd be better
16:45 est31     yeah
16:52 Zeno`     the is in bounds lua function could be added though
16:52 Zeno`     since the calculation of the index is meant to be opaque
16:52 Zeno`     at least then mods could check in a couple of ways
16:54 Zeno`     not entirely sure what it would achieve, but it's better than a big <= >= x, y, z conditional maybe
16:56 Zeno`     then again if I was writing a mod I'd just make sure that the code kept things within range
16:56 Zeno`     so *shrug* probably useless
17:23 hmmmm     phew you scared me into thinking VoxelManip was a sec vuln
17:26 sofar     someone write a minetest API fuzzer :D
17:27 hmmmm     don't mean to sound cocky, but i'm pretty confident that i wouldn't have created such an obvious bug like that
17:27 hmmmm     i'm not that careless
21:42 Fixer     https://github.com/minetest/minetest/pull/4170
23:46 Fixer     !tell paramat tried newest nether: https://i.imgur.com/g6xj0nN.png exit teleport was without one wall for some reason
23:46 ShadowBot Fixer: O.K.
23:48 Fixer     !tell paramat entry point teleport position: https://i.imgur.com/5PCOgMm.png
23:48 ShadowBot Fixer: O.K.
23:54 Fixer     https://i.imgur.com/GLQcc0l.png :/