Time Nick Message 00:00 erle i think if you need to set a position A LOT, then set_pos is not the thing you want 00:00 erle you probably want some other API that does not exist, where you can animate entities or players along a path. correct? 00:01 MTDiscord Jesus 00:01 MTDiscord Would it fix the problem? Yes, would it fix a fuck ton of other problems? Also yws 00:01 paradust this is a problem in all game engines. setting the position programmatically each frame breaks physics and collision detection 00:02 paradust delay or not 00:02 erle well, i am also in favor of path prediction hints 00:02 MTDiscord ?‍♂️ 00:02 erle what paradust says 00:02 MTDiscord Its not collision 00:02 MTDiscord If you want to restrict the players movement 00:02 MTDiscord Or have them ride on a vehicle 00:02 erle FatalError riding a vehicle is already possible using attachments though 00:03 MTDiscord Not i said on 00:03 MTDiscord As in free movement 00:04 MTDiscord paradust: if not sscsm (because of security reasons), what would you propose as an alternative for usecases such as better client side prediction, adding logic for making interactions less laggy 00:05 erle Jonathon i suggest non-turing complete entity/player movement prediction hints similar to the SVG path syntax but in 3D, set by a mod, evaluated by the engine client-side. 00:05 erle this would solve A LOT of problems with laggy movement IMO 00:05 MTDiscord wasnt asking you erle 00:05 paradust Jonathon: wasm sandbox for lua/anything else is appealing to me, but I might be biased. Also could drop support for all platforms except web :> 00:05 erle true 00:06 erle paradust, how is WASM sandboxing supposed to be more secure than whatever sandbox some pwnie award winner broke out and won a price? 00:06 MTDiscord Also, get_pos is innaccurste by a stupidly tiny amount, however- sscsm would fix this if you could set the player pos by that fraction, essentially fixing the server's inaccuracy by directly correcting the clients fractional overshoot/servers poor prediction. What about hud waypoints? Youd be able to display the exact location of something sttached to the player in real time, you could also set player look direction and angle in 00:06 MTDiscord real time without moving breaking player's look by snapping it back. You also could display objects only visible to one player, look there's just dozens of use cases 00:07 MTDiscord You could restrict your players movement box without jank/lag 00:07 MTDiscord paradust: im not the most wasm knowledgable, is wasm sandbox something thats builtin, or something the engine would have to brew itself (like a lua sandbox) 00:07 MTDiscord You could also prevent glitching through protected blocks 00:07 paradust erle: huh? Because we're relying on a sandbox developed by someone else and with a proven record, instead of rolling our own. 00:07 MTDiscord near as i understand it, wasm is more of a compile target for langauges? 00:08 erle yeah i wonder what is going to be sandboxed against what else 00:08 MTDiscord The use cases are literally infinite 00:08 paradust unfortunately the most secure option would be lifting it out of chromium, which is probably not pallatable 00:09 MTDiscord Or making the run enviorment empty before running, and only add functions that are verified safe? 00:09 paradust there are standalone wasm implementations, but i'd have to look into them before i trust them 00:09 erle the most secure option is to not use a turing-complete input language. no amount of testing or verification is going to get this right. 00:09 MTDiscord I dint understand whats so hard 00:10 paradust FatalError: look up row hammer, spectre. Anything that can read/write any memory can potentially corrupt it and get out of a sandbox. 00:10 erle FatalError, the paper “Security Applications of Formal Language Theory” explains it in a more hardware-agnostic way http://langsec.org/papers/langsec-tr.pdf 00:10 paradust Plus LuaJIT is likely to have some miscompile bugs, given how much it crashes on some platforms 00:11 paradust Someone could find an invalid/bizarre sequence of Lua opcodes that causes LuaJIT to emit incorrect code that grants unrestricted access 00:12 MTDiscord paradust: iirc, the sscsm debate seems to favor puc lua for sscsm anywyas 00:12 MTDiscord *anyways 00:12 fluxionary puc lua? 00:13 MTDiscord standard lua aka puc lua. its the college the spec is written at (i think) 00:13 fluxionary got it 00:14 MTDiscord Pontifical Catholic University of Rio de Janeiro 00:14 fluxionary vs. luajit 00:14 MTDiscord luajit is faster, and generally better, expect in instances like this 00:14 MTDiscord *except 00:15 fluxionary i got in to the conversation late. why is it better for sscsm? 00:15 fluxionary because it's less likely to have terrible exploitative bugs? 00:15 MTDiscord because its less exploitable, due to it not being a jit 00:15 fluxionary i trust it as much or more than i trust the core minetest packet handling code 00:16 MTDiscord Wait so is the difference between jit and puc runtime compilation and interpretation? 00:16 fluxionary i'm sure a lot more eyes have looked @ the luajit code than the minetest code 00:16 paradust LuaJIT security is actually a current concern for singleplayer mods at least. but those go through contentdb, which is more auditable (in theory?) than server-sent 00:16 erle if you trust the packet handling code, i wonder if you have ever compiled minetest with sanitizers 00:17 MTDiscord Dont we use regular lua and not JIT for mods? 00:17 erle paradust yeah, about as secure as the chrome web store LOL 00:17 MTDiscord flux: you indirectly bring up another point, for sscsm your going to want some sort of network encryption, since you dont want mitm attacks 00:17 erle i am joking, of course, cdb at least gets a human to look at the stuff 00:17 fluxionary but minetest is fixed on lua 5.1. is *that* even developed anymore either? 00:18 MTDiscord luajit yes, puc lua, no 00:18 MTDiscord Is there some way to look through code to find things that could cause vulnerabilities? 00:18 erle Jonathon good point. i guess this nips it in the bud for now. 00:18 MTDiscord I mean, tbh I dont understand the problem, minetest mods seem to be pretty secure 00:18 MTDiscord minetest is fixed on lua 5.1 because puc lua isnt backwards compatible, and luajit is breaking compat any time soon 00:18 MTDiscord *isnt 00:19 fluxionary Jonathon: a reasonable point, but there's "political" questions about how to solve that (i.e. what sort of encryption tech) 00:19 MTDiscord minetest mods are not that secure, look no further than the server attacks a while back 00:19 MTDiscord I didnt hear about this 00:19 erle FatalError, not lua-related, but compile minetest with the compiler flags “-fsanitize=undefined” and “-fno-sanitize=vptr”, then play the game and watch the console 00:19 MTDiscord flux: sure, and do we roll our own, use a library, etc? cause the srp is all our own 00:19 MTDiscord srp aka auth 00:19 MTDiscord They were from server mods? 00:20 fluxionary Jonathon, yeah, i'm aware of that. i looked at that code at one point and didn't see anything that was a red flag to me 00:20 erle you meant the server attacks using the player login flow crash or the one using the “teleport to wherever” crash or what? 00:20 MTDiscord also flux, the whole debate here is politics. its going to be that way till someone actually writes an implementation, and then it gets reviewed 00:21 MTDiscord thats the minetest way lol 00:21 erle no, then it gets fixed 00:21 erle remember when i asked how to change the main menu and then it turned out some settings enabled you to make mods that change the main menu 00:22 erle i think if someone makes a CSM implementation, the first order of business is to fix it so it can't do interesting stuff 00:22 erle because interesting is dangerous 00:22 erle i mean a SSCSM implementation 00:22 fluxionary Jonathon: fair. i don't think encryption should be an absolute requirement before implementing SSCSM. ultimately it should be a choice of the client whether to run such code, and perhaps should be disabled by default. 00:23 erle btw, luk3yx made this https://git.minetest.land/luk3yx/sscsm 00:23 MTDiscord flux: id argue that it should be enabled by default, but disablable if people want, like js. 00:23 MTDiscord Nobody is going to use it though is the problem 00:23 MTDiscord and greenxenith made one as well 00:23 MTDiscord LOL, muc uses that fatal 00:23 erle fluxionary if it should be the choice of the client, then ”host CSMs on CDB and make the CSM experience nicer” could be a good start, no? 00:23 fluxionary Jonathon: i think it should be enabled by default eventually, but probably not for a few years until we see problems that arise 00:23 MTDiscord Not to mention the API for csm fucking sucks 00:24 MTDiscord flux: so like a shadows thing basically? i could agree to that 00:24 fluxionary erle: are CSMs not allowed on CDB? i didn't know that 00:24 MTDiscord csms arent allowed on cdb because there erperimental 00:24 fluxionary hm 00:24 erle fluxionary you have to ask rubenwardy. i think i can make a package that sneakily contains a CSM, but i bet that's against the rules. 00:25 erle (so i will not) 00:25 fluxionary erle: it'd have to be installed in a different manner, if that code doesn't exist, it's probably not easy to sneak it in 00:26 erle fluxionary i do not want to talk about it. i will not sneak anything in anywhere. 00:26 erle but i am certainly aware that people could 00:27 MTDiscord you could make a mod that has a csm part to it, and add the additional installation effort or whatever the tag is called to it 00:27 MTDiscord *complex installation 00:28 MTDiscord course to date, i dont (citation needed) think anyone has done this, so when it comes up for review it would be a first policy decider 00:28 MTDiscord if you try to add a mod with a blank init.lua, and install this included csm, thats going to be rejected as you just trying to get around the rules 00:28 erle wdym policy decider 00:28 erle tbh i think CSMs should be activatable like texture packs 00:30 erle now i wonder if i can draw the player location via CSM in HUD for xmaps hehe 00:31 erle but tbh i'd rather have a way to tell the HUD that some coordinates are player_pos_x * a + b and player_pos_z * c + d 00:31 erle and let the engine handle the rest 00:31 MTDiscord paradust: cycling back a bit, while in theory cdb could be more auditing of code for mods, the problem because that once approved, users can make whatever updates they want after that. 00:32 MTDiscord so you would have to make every update be reviewed, which would suck 00:32 MTDiscord also, this had led to license issues in the past from new content being added to a mod 00:33 MTDiscord not that im advocating this, but you could get a basic couple node mod approved into cdb, and then turn it into some sort of malware, etc 00:33 erle Jonathon are you referring to the mcl textures? cora figured out that the newer releases of the texture pack that mcl mods use basically just copied textures from minecraft, so it's an upstream issue and *hopefully* will no longer happen. 00:34 erle (i.e. the texture pack maintainer antagonized a bunch of devs that way) 00:34 MTDiscord im referring in general to a lot of issues. 00:35 MTDiscord stop trying to scope general statements that refer to a multitude of issues to a specific issue 00:35 MTDiscord erle ^ 00:37 erle ok 13:01 kilbith https://www.youtube.com/watch?v=jrxcztUFLjc 13:28 kilbith I'll change it to `player:set_active(cam1)` instead of `cam1:set_active` 16:31 MTDiscord Really nice. Get it merged. 16:52 kilbith still a long way 18:24 CowboyLv I am devekoping a biome mod as a learning exescise, have been quietly for a few months. 18:24 CowboyLv This mod is vanilla themed to the core 18:24 CowboyLv everything is 16x16 18:25 CowboyLv And of course. A good chunk of my assets are remixed mtg assets 18:26 CowboyLv Can I have my remixes of these assets licenced under Creative commons 4 equivalent of the mtg asset license 18:26 CowboyLv or I am obligated to have htese derivatives stuck at CC3 18:28 CowboyLv note the "equivalent" part in my question 18:46 rubenwardy This channel is for core development, mod questions should be in #minetest 18:47 rubenwardy (I know you already posted there, just saying this is the wrong place) 18:47 CowboyLv It's fine :) Best server btw