| Time |
Nick |
Message |
| 00:07 |
|
v-rob joined #minetest-dev |
| 00:08 |
|
asdflkj_sh joined #minetest-dev |
| 00:15 |
|
Alias2 joined #minetest-dev |
| 00:25 |
|
Menchers_ joined #minetest-dev |
| 00:49 |
|
v-rob joined #minetest-dev |
| 01:02 |
|
Yad joined #minetest-dev |
| 02:05 |
|
olliy joined #minetest-dev |
| 02:48 |
|
Miner_48er joined #minetest-dev |
| 03:28 |
|
queria joined #minetest-dev |
| 03:33 |
|
queria joined #minetest-dev |
| 05:00 |
|
MTDiscord joined #minetest-dev |
| 05:13 |
|
Baytuch_2 joined #minetest-dev |
| 05:28 |
|
Yad_ joined #minetest-dev |
| 06:02 |
|
v-rob joined #minetest-dev |
| 06:22 |
erlehmann |
I don't think that should be in builtin or MTG too. arbitrary code execution is a big deal. |
| 06:40 |
|
calcul0n joined #minetest-dev |
| 07:02 |
erlehmann |
and if you put it in, i'll try to talk debian into removing it |
| 07:02 |
erlehmann |
(and every other distribution too) |
| 07:02 |
erlehmann |
unless it's properly secured |
| 07:53 |
|
appguru joined #minetest-dev |
| 08:07 |
|
olliy joined #minetest-dev |
| 08:07 |
MTDiscord |
<luatic> we need secured communication channels in Minetest |
| 08:08 |
MTDiscord |
<luatic> I understand that some commands have to be sent over UDP to be as fast as possible. Still, encryption isn't that resource-intensive. And even then, it could be implemented only for chat messages (which includes chat commands). |
| 08:10 |
|
appguru1 joined #minetest-dev |
| 08:12 |
luk3yx |
Agreed |
| 08:12 |
erlehmann |
i think everyone agrees here. |
| 08:12 |
erlehmann |
chat should not be snooped anyway |
| 08:14 |
erlehmann |
i think the problem is not that there are evil people whose evil plan is to read every chat message and exploit every device. the problem is that the people who have that as their goal think they are good people and it is their utopian vision to do that. |
| 08:15 |
erlehmann |
they must be resisted everywhere, even in games. |
| 08:23 |
erlehmann |
luk3yx luatic tangentially related, have you looked into the e2e chat CSMs? what do you think of them? waspsaliva has one. |
| 08:24 |
|
proller joined #minetest-dev |
| 08:24 |
luk3yx |
I haven't looked into existing ones |
| 08:24 |
erlehmann |
i think there should be one in builtin, so that server operators can not listen in to private conversations |
| 08:24 |
erlehmann |
or they can be leaked by accident |
| 08:24 |
luk3yx |
Sounds complicated |
| 08:24 |
erlehmann |
i have helped server operators debug things and accidentally gotten chatlogs before |
| 08:24 |
erlehmann |
it would be good to remove this entire class of bugs |
| 08:25 |
luk3yx |
And would also hamper moderation (I kind of feel bad for making this argument but this is a game server), more moderation tools would need to be added (such as blocking players and being able to verify that a bad player said a bad message) |
| 08:26 |
erlehmann |
oh no, we can't give encryption to the kids! they might insult each other in secret! |
| 08:26 |
erlehmann |
tbh i think all griefers and harassers i have met have done this in public chat |
| 08:28 |
erlehmann |
(i believe it is more fun for them to flaunt it) |
| 08:28 |
luk3yx |
I think it'd be easier to just use existing end-to-end encrypted chat platforms |
| 08:28 |
erlehmann |
regardless, this is a topic for an issue |
| 08:29 |
erlehmann |
(as chat can rehash the arguments endlessly) |
| 08:29 |
erlehmann |
luk3yx there is still the transition to that. i have made friends on servers and the server operators got at least one of our xmpp accounts ig. |
| 08:30 |
MTDiscord |
<luatic> Just encrypt all chat messages |
| 08:30 |
MTDiscord |
<luatic> Solely for traffic, the server still decrypts the message on it's end |
| 08:30 |
luk3yx |
What's stopping the server from MiTMing the end-to-end messages and giving both clients its own keys? |
| 08:30 |
MTDiscord |
<luatic> So on_chat_message etc. still work just fine (whereas hacks like waspsalivas e2e CSM presumably break theser) |
| 08:31 |
MTDiscord |
<luatic> luk3yx: I presume some other source of trusted authority is established beforehand, or a key exchange happens beforehand |
| 08:31 |
erlehmann |
i like how mumble does it: it automatically adds a pub/priv keypair to your account. if you add a friend, behind the scenes it adds that persons pubkey. so you have cross-server identification if you want to. |
| 08:31 |
MTDiscord |
<luatic> Going to open an issue now |
| 08:32 |
erlehmann |
it would be hard to get this into minetest, but it is a proven UX (many people do not even know that mumble does it) |
| 08:32 |
erlehmann |
and cross-server identification is a thing |
| 08:32 |
erlehmann |
i have seen people take nicknames on other servers to trick people into giving them things |
| 08:32 |
luk3yx |
Isn't there already an issue for encrypting network traffic |
| 08:33 |
luk3yx |
https://github.com/minetest/minetest/issues/10206 |
| 08:33 |
erlehmann |
“hey you know me from server so and so, can you give me some diamonds / tell me your base coordinates / come here” |
| 08:34 |
erlehmann |
emojigit does not understand SRP i guess |
| 08:34 |
erlehmann |
judging from the issue |
| 08:34 |
erlehmann |
or did not |
| 08:34 |
erlehmann |
(when opening it) |
| 08:39 |
erlehmann |
fur future readers: the TLS-equivalent for UDP connections is called DTLS |
| 08:39 |
erlehmann |
https://de.wikipedia.org/wiki/Datagram_Transport_Layer_Security |
| 08:40 |
erlehmann |
https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security |
| 08:41 |
erlehmann |
> The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. |
| 08:41 |
|
proller joined #minetest-dev |
| 08:53 |
|
v-rob joined #minetest-dev |
| 11:24 |
|
tekakutli joined #minetest-dev |
| 11:38 |
|
HuguesRoss joined #minetest-dev |
| 11:49 |
sfan5 |
@luatic regardless of securing it I don't think it should be in mtg or builtin |
| 13:12 |
|
proller joined #minetest-dev |
| 13:57 |
|
proller joined #minetest-dev |
| 15:25 |
|
Fixer joined #minetest-dev |
| 15:41 |
|
panwolfram joined #minetest-dev |
| 16:32 |
MTDiscord |
<luatic> fine, but please still secure chat to make mods that do implement this (such as WE) less exploitable |
| 16:51 |
|
appguru joined #minetest-dev |
| 17:02 |
proller |
https://github.com/minetest/minetest/pull/11843 https://github.com/minetest/minetest/pull/11910 |
| 17:08 |
|
behalebabo joined #minetest-dev |
| 17:16 |
|
v-rob joined #minetest-dev |
| 17:45 |
|
v-rob joined #minetest-dev |
| 17:58 |
MTDiscord |
<luatic> Is the second part ready for revie? |
| 17:58 |
MTDiscord |
<luatic> review* |
| 18:19 |
|
proller joined #minetest-dev |
| 19:05 |
|
proller joined #minetest-dev |
| 19:56 |
|
v-rob joined #minetest-dev |
| 20:17 |
|
Yad joined #minetest-dev |
| 20:42 |
|
v-rob joined #minetest-dev |
| 20:57 |
MTDiscord |
<MisterE> I really hope this gets done |
| 20:58 |
MTDiscord |
<MisterE> Thank you proller |
| 21:15 |
|
troller joined #minetest-dev |
| 21:48 |
|
v-rob joined #minetest-dev |
| 22:39 |
|
Sokomine joined #minetest-dev |
| 23:23 |
|
Alias2 joined #minetest-dev |
| 23:23 |
|
Calinou joined #minetest-dev |
| 23:23 |
|
dzho joined #minetest-dev |
| 23:59 |
|
jonadab joined #minetest-dev |
