| Time |
Nick |
Message |
| 00:00 |
erle |
i think if you need to set a position A LOT, then set_pos is not the thing you want |
| 00:00 |
erle |
you probably want some other API that does not exist, where you can animate entities or players along a path. correct? |
| 00:01 |
MTDiscord |
<FatalError> Jesus |
| 00:01 |
MTDiscord |
<FatalError> Would it fix the problem? Yes, would it fix a fuck ton of other problems? Also yws |
| 00:01 |
paradust |
this is a problem in all game engines. setting the position programmatically each frame breaks physics and collision detection |
| 00:02 |
paradust |
delay or not |
| 00:02 |
erle |
well, i am also in favor of path prediction hints |
| 00:02 |
MTDiscord |
<FatalError> ?♂️ |
| 00:02 |
erle |
what paradust says |
| 00:02 |
MTDiscord |
<FatalError> Its not collision |
| 00:02 |
MTDiscord |
<FatalError> If you want to restrict the players movement |
| 00:02 |
MTDiscord |
<FatalError> Or have them ride on a vehicle |
| 00:02 |
erle |
FatalError riding a vehicle is already possible using attachments though |
| 00:03 |
MTDiscord |
<FatalError> Not i said on |
| 00:03 |
MTDiscord |
<FatalError> As in free movement |
| 00:04 |
MTDiscord |
<Jonathon> paradust: if not sscsm (because of security reasons), what would you propose as an alternative for usecases such as better client side prediction, adding logic for making interactions less laggy |
| 00:05 |
erle |
Jonathon i suggest non-turing complete entity/player movement prediction hints similar to the SVG path syntax but in 3D, set by a mod, evaluated by the engine client-side. |
| 00:05 |
erle |
this would solve A LOT of problems with laggy movement IMO |
| 00:05 |
MTDiscord |
<Jonathon> wasnt asking you erle |
| 00:05 |
paradust |
Jonathon: wasm sandbox for lua/anything else is appealing to me, but I might be biased. Also could drop support for all platforms except web :> |
| 00:05 |
erle |
true |
| 00:06 |
erle |
paradust, how is WASM sandboxing supposed to be more secure than whatever sandbox some pwnie award winner broke out and won a price? |
| 00:06 |
MTDiscord |
<FatalError> Also, get_pos is innaccurste by a stupidly tiny amount, however- sscsm would fix this if you could set the player pos by that fraction, essentially fixing the server's inaccuracy by directly correcting the clients fractional overshoot/servers poor prediction. What about hud waypoints? Youd be able to display the exact location of something sttached to the player in real time, you could also set player look direction and angle in |
| 00:06 |
MTDiscord |
real time without moving breaking player's look by snapping it back. You also could display objects only visible to one player, look there's just dozens of use cases |
| 00:07 |
MTDiscord |
<FatalError> You could restrict your players movement box without jank/lag |
| 00:07 |
MTDiscord |
<Jonathon> paradust: im not the most wasm knowledgable, is wasm sandbox something thats builtin, or something the engine would have to brew itself (like a lua sandbox) |
| 00:07 |
MTDiscord |
<FatalError> You could also prevent glitching through protected blocks |
| 00:07 |
paradust |
erle: huh? Because we're relying on a sandbox developed by someone else and with a proven record, instead of rolling our own. |
| 00:07 |
MTDiscord |
<Jonathon> near as i understand it, wasm is more of a compile target for langauges? |
| 00:08 |
erle |
yeah i wonder what is going to be sandboxed against what else |
| 00:08 |
MTDiscord |
<FatalError> The use cases are literally infinite |
| 00:08 |
paradust |
unfortunately the most secure option would be lifting it out of chromium, which is probably not pallatable |
| 00:09 |
MTDiscord |
<FatalError> Or making the run enviorment empty before running, and only add functions that are verified safe? |
| 00:09 |
paradust |
there are standalone wasm implementations, but i'd have to look into them before i trust them |
| 00:09 |
erle |
the most secure option is to not use a turing-complete input language. no amount of testing or verification is going to get this right. |
| 00:09 |
MTDiscord |
<FatalError> I dint understand whats so hard |
| 00:10 |
paradust |
FatalError: look up row hammer, spectre. Anything that can read/write any memory can potentially corrupt it and get out of a sandbox. |
| 00:10 |
erle |
FatalError, the paper “Security Applications of Formal Language Theory” explains it in a more hardware-agnostic way http://langsec.org/papers/langsec-tr.pdf |
| 00:10 |
paradust |
Plus LuaJIT is likely to have some miscompile bugs, given how much it crashes on some platforms |
| 00:11 |
paradust |
Someone could find an invalid/bizarre sequence of Lua opcodes that causes LuaJIT to emit incorrect code that grants unrestricted access |
| 00:12 |
MTDiscord |
<Jonathon> paradust: iirc, the sscsm debate seems to favor puc lua for sscsm anywyas |
| 00:12 |
MTDiscord |
<Jonathon> *anyways |
| 00:12 |
fluxionary |
puc lua? |
| 00:13 |
MTDiscord |
<Jonathon> standard lua aka puc lua. its the college the spec is written at (i think) |
| 00:13 |
fluxionary |
got it |
| 00:14 |
MTDiscord |
<Jonathon> Pontifical Catholic University of Rio de Janeiro |
| 00:14 |
fluxionary |
vs. luajit |
| 00:14 |
MTDiscord |
<Jonathon> luajit is faster, and generally better, expect in instances like this |
| 00:14 |
MTDiscord |
<Jonathon> *except |
| 00:15 |
fluxionary |
i got in to the conversation late. why is it better for sscsm? |
| 00:15 |
fluxionary |
because it's less likely to have terrible exploitative bugs? |
| 00:15 |
MTDiscord |
<Jonathon> because its less exploitable, due to it not being a jit |
| 00:15 |
fluxionary |
i trust it as much or more than i trust the core minetest packet handling code |
| 00:16 |
MTDiscord |
<FatalError> Wait so is the difference between jit and puc runtime compilation and interpretation? |
| 00:16 |
fluxionary |
i'm sure a lot more eyes have looked @ the luajit code than the minetest code |
| 00:16 |
paradust |
LuaJIT security is actually a current concern for singleplayer mods at least. but those go through contentdb, which is more auditable (in theory?) than server-sent |
| 00:16 |
erle |
if you trust the packet handling code, i wonder if you have ever compiled minetest with sanitizers |
| 00:17 |
MTDiscord |
<FatalError> Dont we use regular lua and not JIT for mods? |
| 00:17 |
erle |
paradust yeah, about as secure as the chrome web store LOL |
| 00:17 |
MTDiscord |
<Jonathon> flux: you indirectly bring up another point, for sscsm your going to want some sort of network encryption, since you dont want mitm attacks |
| 00:17 |
erle |
i am joking, of course, cdb at least gets a human to look at the stuff |
| 00:17 |
fluxionary |
but minetest is fixed on lua 5.1. is *that* even developed anymore either? |
| 00:18 |
MTDiscord |
<Jonathon> luajit yes, puc lua, no |
| 00:18 |
MTDiscord |
<FatalError> Is there some way to look through code to find things that could cause vulnerabilities? |
| 00:18 |
erle |
Jonathon good point. i guess this nips it in the bud for now. |
| 00:18 |
MTDiscord |
<FatalError> I mean, tbh I dont understand the problem, minetest mods seem to be pretty secure |
| 00:18 |
MTDiscord |
<Jonathon> minetest is fixed on lua 5.1 because puc lua isnt backwards compatible, and luajit is breaking compat any time soon |
| 00:18 |
MTDiscord |
<Jonathon> *isnt |
| 00:19 |
fluxionary |
Jonathon: a reasonable point, but there's "political" questions about how to solve that (i.e. what sort of encryption tech) |
| 00:19 |
MTDiscord |
<Jonathon> minetest mods are not that secure, look no further than the server attacks a while back |
| 00:19 |
MTDiscord |
<FatalError> I didnt hear about this |
| 00:19 |
erle |
FatalError, not lua-related, but compile minetest with the compiler flags “-fsanitize=undefined” and “-fno-sanitize=vptr”, then play the game and watch the console |
| 00:19 |
MTDiscord |
<Jonathon> flux: sure, and do we roll our own, use a library, etc? cause the srp is all our own |
| 00:19 |
MTDiscord |
<Jonathon> srp aka auth |
| 00:19 |
MTDiscord |
<FatalError> They were from server mods? |
| 00:20 |
fluxionary |
Jonathon, yeah, i'm aware of that. i looked at that code at one point and didn't see anything that was a red flag to me |
| 00:20 |
erle |
you meant the server attacks using the player login flow crash or the one using the “teleport to wherever” crash or what? |
| 00:20 |
MTDiscord |
<Jonathon> also flux, the whole debate here is politics. its going to be that way till someone actually writes an implementation, and then it gets reviewed |
| 00:21 |
MTDiscord |
<Jonathon> thats the minetest way lol |
| 00:21 |
erle |
no, then it gets fixed |
| 00:21 |
erle |
remember when i asked how to change the main menu and then it turned out some settings enabled you to make mods that change the main menu |
| 00:22 |
erle |
i think if someone makes a CSM implementation, the first order of business is to fix it so it can't do interesting stuff |
| 00:22 |
erle |
because interesting is dangerous |
| 00:22 |
erle |
i mean a SSCSM implementation |
| 00:22 |
fluxionary |
Jonathon: fair. i don't think encryption should be an absolute requirement before implementing SSCSM. ultimately it should be a choice of the client whether to run such code, and perhaps should be disabled by default. |
| 00:23 |
erle |
btw, luk3yx made this https://git.minetest.land/luk3yx/sscsm |
| 00:23 |
MTDiscord |
<Jonathon> flux: id argue that it should be enabled by default, but disablable if people want, like js. |
| 00:23 |
MTDiscord |
<FatalError> Nobody is going to use it though is the problem |
| 00:23 |
MTDiscord |
<Jonathon> and greenxenith made one as well |
| 00:23 |
MTDiscord |
<Jonathon> LOL, muc uses that fatal |
| 00:23 |
erle |
fluxionary if it should be the choice of the client, then ”host CSMs on CDB and make the CSM experience nicer” could be a good start, no? |
| 00:23 |
fluxionary |
Jonathon: i think it should be enabled by default eventually, but probably not for a few years until we see problems that arise |
| 00:23 |
MTDiscord |
<FatalError> Not to mention the API for csm fucking sucks |
| 00:24 |
MTDiscord |
<Jonathon> flux: so like a shadows thing basically? i could agree to that |
| 00:24 |
fluxionary |
erle: are CSMs not allowed on CDB? i didn't know that |
| 00:24 |
MTDiscord |
<Jonathon> csms arent allowed on cdb because there erperimental |
| 00:24 |
fluxionary |
hm |
| 00:24 |
erle |
fluxionary you have to ask rubenwardy. i think i can make a package that sneakily contains a CSM, but i bet that's against the rules. |
| 00:25 |
erle |
(so i will not) |
| 00:25 |
fluxionary |
erle: it'd have to be installed in a different manner, if that code doesn't exist, it's probably not easy to sneak it in |
| 00:26 |
erle |
fluxionary i do not want to talk about it. i will not sneak anything in anywhere. |
| 00:26 |
erle |
but i am certainly aware that people could |
| 00:27 |
MTDiscord |
<Jonathon> you could make a mod that has a csm part to it, and add the additional installation effort or whatever the tag is called to it |
| 00:27 |
MTDiscord |
<Jonathon> *complex installation |
| 00:28 |
MTDiscord |
<Jonathon> course to date, i dont (citation needed) think anyone has done this, so when it comes up for review it would be a first policy decider |
| 00:28 |
MTDiscord |
<Jonathon> if you try to add a mod with a blank init.lua, and install this included csm, thats going to be rejected as you just trying to get around the rules |
| 00:28 |
erle |
wdym policy decider |
| 00:28 |
erle |
tbh i think CSMs should be activatable like texture packs |
| 00:30 |
erle |
now i wonder if i can draw the player location via CSM in HUD for xmaps hehe |
| 00:31 |
erle |
but tbh i'd rather have a way to tell the HUD that some coordinates are player_pos_x * a + b and player_pos_z * c + d |
| 00:31 |
erle |
and let the engine handle the rest |
| 00:31 |
MTDiscord |
<Jonathon> paradust: cycling back a bit, while in theory cdb could be more auditing of code for mods, the problem because that once approved, users can make whatever updates they want after that. |
| 00:32 |
MTDiscord |
<Jonathon> so you would have to make every update be reviewed, which would suck |
| 00:32 |
MTDiscord |
<Jonathon> also, this had led to license issues in the past from new content being added to a mod |
| 00:33 |
MTDiscord |
<Jonathon> not that im advocating this, but you could get a basic couple node mod approved into cdb, and then turn it into some sort of malware, etc |
| 00:33 |
erle |
Jonathon are you referring to the mcl textures? cora figured out that the newer releases of the texture pack that mcl mods use basically just copied textures from minecraft, so it's an upstream issue and *hopefully* will no longer happen. |
| 00:34 |
erle |
(i.e. the texture pack maintainer antagonized a bunch of devs that way) |
| 00:34 |
MTDiscord |
<Jonathon> im referring in general to a lot of issues. |
| 00:35 |
MTDiscord |
<Jonathon> stop trying to scope general statements that refer to a multitude of issues to a specific issue |
| 00:35 |
MTDiscord |
<Jonathon> erle ^ |
| 00:37 |
erle |
ok |
| 04:00 |
|
MTDiscord joined #minetest-dev |
| 05:41 |
|
calcul0n_ joined #minetest-dev |
| 07:04 |
|
olliy joined #minetest-dev |
| 09:44 |
|
HuguesRoss joined #minetest-dev |
| 09:57 |
|
appguru joined #minetest-dev |
| 11:59 |
|
jonadab joined #minetest-dev |
| 12:47 |
|
proller joined #minetest-dev |
| 12:55 |
|
erle joined #minetest-dev |
| 13:01 |
kilbith |
https://www.youtube.com/watch?v=jrxcztUFLjc |
| 13:28 |
kilbith |
I'll change it to `player:set_active(cam1)` instead of `cam1:set_active` |
| 13:33 |
|
Fixer joined #minetest-dev |
| 15:38 |
|
appguru joined #minetest-dev |
| 16:31 |
MTDiscord |
<MisterE> Really nice. Get it merged. |
| 16:52 |
kilbith |
still a long way |
| 18:18 |
|
CowboyLv joined #minetest-dev |
| 18:24 |
CowboyLv |
I am devekoping a biome mod as a learning exescise, have been quietly for a few months. |
| 18:24 |
CowboyLv |
This mod is vanilla themed to the core |
| 18:24 |
CowboyLv |
everything is 16x16 |
| 18:25 |
CowboyLv |
And of course. A good chunk of my assets are remixed mtg assets |
| 18:26 |
CowboyLv |
Can I have my remixes of these assets licenced under Creative commons 4 equivalent of the mtg asset license |
| 18:26 |
CowboyLv |
or I am obligated to have htese derivatives stuck at CC3 |
| 18:28 |
CowboyLv |
note the "equivalent" part in my question |
| 18:46 |
rubenwardy |
This channel is for core development, mod questions should be in #minetest |
| 18:47 |
rubenwardy |
(I know you already posted there, just saying this is the wrong place) |
| 18:47 |
CowboyLv |
It's fine :) Best server btw |
| 20:55 |
|
proller joined #minetest-dev |
| 22:35 |
|
panwolfram joined #minetest-dev |
| 23:24 |
|
erle joined #minetest-dev |
