| Time |
Nick |
Message |
| 00:58 |
|
vampi__ joined #minetest-dev |
| 01:20 |
|
cranezhou joined #minetest-dev |
| 01:43 |
|
Warr1024 joined #minetest-dev |
| 03:13 |
|
kilbith joined #minetest-dev |
| 04:15 |
|
YuGiOhJCJ joined #minetest-dev |
| 05:00 |
|
MTDiscord joined #minetest-dev |
| 05:26 |
|
fluxionary_ joined #minetest-dev |
| 05:55 |
|
calcul0n_ joined #minetest-dev |
| 06:44 |
|
diceLibrarian joined #minetest-dev |
| 07:03 |
|
appguru joined #minetest-dev |
| 08:00 |
|
dzho_ joined #minetest-dev |
| 08:00 |
|
freelikegnu joined #minetest-dev |
| 08:53 |
|
MTDiscord joined #minetest-dev |
| 11:22 |
|
cranezhou joined #minetest-dev |
| 12:12 |
|
appguru joined #minetest-dev |
| 13:39 |
|
proller joined #minetest-dev |
| 13:51 |
|
YuGiOhJCJ joined #minetest-dev |
| 14:09 |
|
YuGiOhJCJ joined #minetest-dev |
| 14:15 |
|
appguru joined #minetest-dev |
| 14:41 |
|
Fixer joined #minetest-dev |
| 14:45 |
kilbith |
man I'm fucking sick of this hecks' irrlicht stripping commit |
| 14:45 |
kilbith |
it's not because something is used now that it won't be in the future |
| 14:46 |
kilbith |
and it doesn't hurt at all to have these extra features we don't immediately need, it's a fucking a rendering engine |
| 14:46 |
kilbith |
-a |
| 14:47 |
kilbith |
so right now I'm forced to track down what was removed and add them back one by one |
| 14:52 |
kilbith |
so please do stop removing features that we *might* potentially use in the future; if you do a lot of irrrlicht stuff, you'd fucking understand |
| 15:09 |
|
Taoki joined #minetest-dev |
| 15:38 |
|
Guest74 joined #minetest-dev |
| 15:38 |
Guest74 |
I'm taking with sfan5 at the moment about a double listing problem with the minetest server list |
| 15:39 |
Guest74 |
im suggesting we add an optional password field in minetest for the announce |
| 15:39 |
Guest74 |
if no password is supplied the serverlist uses the remote ip as it does now |
| 15:39 |
Guest74 |
if a password is supplied it only updates the record from announcements that supply that same password |
| 15:39 |
Guest74 |
and finally; the password can only be changed once the listing times out from the server list naturally |
| 15:40 |
Guest74 |
this would solve my particular issue where I am behind a GCNAT with a static ip assigned to inbound connections |
| 15:40 |
Guest74 |
in my case i have both an IPv6 and an IPv4 |
| 15:41 |
Guest74 |
my IPv4 is static and my IPv6 is subject to changing every few hours due to the GCNAT |
| 15:41 |
Guest74 |
the server list only logs my IPv6 |
| 15:42 |
Guest74 |
either the server list software needs to track both IPv6 and IPv4 per server record |
| 15:43 |
Guest74 |
so that it can detect requests from a static IPv4 but dynamic IPv6 |
| 15:43 |
Guest74 |
and vice-versa |
| 15:43 |
Guest74 |
or we need to add an optional "password" field to the announce system |
| 15:43 |
Guest74 |
any other thoughts on how this can be solved |
| 15:57 |
MTDiscord |
<Warr1024> "password" doesn't sound quite like the right thing for this, but maybe "server_uid" or something. |
| 15:58 |
MTDiscord |
<Warr1024> Should it be kept private? That's ... hard to say, actually ... isn't there actually already a vulnerability that somebody could send competing announces to the list to muddy up the listing for a server? |
| 16:05 |
Guest74 |
yes it will double list server at the moment |
| 16:07 |
MTDiscord |
<paradust> hm, can that be used to steal username/passwords ? |
| 16:08 |
Guest74 |
also there is a very dedicated and well known group of "griefers" known across many server by many names but are all the same person and his friends most commonly identified by their use of "( ͡° ͜ʖ ͡°)" in the chat that would absolutely exploit this if they knew about it |
| 16:09 |
Guest74 |
they abuse servers daily until the servers fix the problem or shutdown |
| 16:10 |
Guest74 |
its only a matter of time before they realize that they can abuse the server list to also grief those servers they target |
| 16:10 |
Guest74 |
so this does need to be solved tbh because eventually someone will use it to grief popular servers |
| 16:15 |
Guest74 |
paradust: no |
| 16:15 |
|
vampi__ joined #minetest-dev |
| 16:15 |
MTDiscord |
<paradust> why couldn't it? can someone spoof an existing server? |
| 16:15 |
MTDiscord |
<paradust> or take advantage of a server that is down / fails to announce itself |
| 16:24 |
Guest74 |
sure if it goes down |
| 16:24 |
Guest74 |
that is a problem |
| 16:24 |
Guest74 |
someone could steal the slot with a new UID/Password |
| 16:24 |
Guest74 |
and bogart it |
| 16:24 |
Guest74 |
this is why I am asking here for help |
| 16:24 |
Guest74 |
this is not a simple problem to solve |
| 16:25 |
Guest74 |
how hard would it be for the server software to track both IPv4 and IPv6? |
| 16:25 |
sfan5 |
it doesn't know both your ipv4 and ipv6, only one, that is whichever you currently announce with |
| 16:25 |
Guest74 |
paradust: at the moment yes someone can spoof an existing server with a duplicate entry |
| 16:26 |
Guest74 |
okay so some how I would need to make the announce from a IPv4 TCP packet? |
| 16:26 |
MTDiscord |
<MNH48> > hm, can that be used to steal username/passwords ? |
| 16:26 |
MTDiscord |
<MNH48> if you mean the player, then not the actual password since Minetest uses SRP |
| 16:26 |
Guest74 |
which means the minetest client would need to be updated to specify if the packet is sent as IPv4 or IPv6? |
| 16:26 |
sfan5 |
I already proposed that to you in pm |
| 16:27 |
MTDiscord |
<paradust> server could pop up another dialog box and ask for password confirmation, yea? |
| 16:27 |
Guest74 |
I assume that IPv6 headers dont also contain an IPv4 address unless that IPv6 address is "the special one" that contains also the IPv4 inside it |
| 16:27 |
Guest74 |
ah sfan5 suggested `enable_ipv6 = false` |
| 16:28 |
Guest74 |
this sounds like the best solution |
| 16:29 |
sfan5 |
"server spoofing" is also not an issue, the Minetest client only considers servers the same when `address` and `port` are the same |
| 16:29 |
sfan5 |
so yes you can add duplicate entries, but only if the destination where clients connect is the same |
| 16:29 |
Guest74 |
`enable_ipv6 = false` - IPv6 client will still be able to connect right? |
| 16:29 |
sfan5 |
no |
| 16:29 |
Guest74 |
ok i cant do that |
| 16:29 |
Guest74 |
a lot of mobile devices are now only IPv6 |
| 16:29 |
Guest74 |
particularly from china |
| 16:30 |
sfan5 |
ipv6 client connections are not configured to work by default |
| 16:30 |
sfan5 |
so if you have not explicitly set it up you are not missing anything |
| 16:30 |
MTDiscord |
<Warr1024> IPv6 clients would be able to connect to an IPv4-only server if they have some kind of 6-to-4 bridge to go through setup on their end, wouldn't they? It seems like that would have to be kind of common, since there's still quite a lot of the open internet that's v6-challenged... |
| 16:31 |
MTDiscord |
<MNH48> > server could pop up another dialog box |
| 16:31 |
MTDiscord |
<MNH48> if server ask for password again after getting into the server then it's red flag |
| 16:31 |
Guest74 |
still would be better to have an option that forces announce as IPv4 or IPv6 |
| 16:31 |
Guest74 |
and not everything else |
| 16:32 |
Guest74 |
i might just wget my announce |
| 16:32 |
Guest74 |
as IPv4 or something |
| 16:32 |
Guest74 |
for now |
| 16:32 |
Guest74 |
anyone got an announce template to make my life easier? |
| 16:32 |
MTDiscord |
<paradust> sfan5: I'm thinking of the case where a user is looking for a server they have an existing account on, but ends up clicking on an impersonation |
| 16:33 |
sfan5 |
I don't think we can reasonably prevent that |
| 16:33 |
Guest74 |
also most clients save the host details in faves |
| 16:33 |
Guest74 |
i assume |
| 16:33 |
Guest74 |
so its a reduced risk vector |
| 16:33 |
Guest74 |
for regular players |
| 17:08 |
|
Guest74 joined #minetest-dev |
| 17:55 |
|
appguru joined #minetest-dev |
| 17:56 |
nrz |
merging #12879 |
| 17:56 |
ShadowBot |
https://github.com/minetest/minetest/issues/12879 -- [NO SQUASH] Mod storage PostgreSQL backend by TurkeyMcMac |
| 19:14 |
|
appguru joined #minetest-dev |
| 20:39 |
|
proller joined #minetest-dev |
| 20:58 |
|
proller joined #minetest-dev |
| 23:15 |
|
lhofhansl joined #minetest-dev |
| 23:16 |
lhofhansl |
Hi. Planning to merge #12925 some time today. |
| 23:16 |
ShadowBot |
https://github.com/minetest/minetest/issues/12925 -- Alternative I: Reduce active mgmt interval for a bit when a player joins by lhofhansl |
| 23:32 |
|
panwolfram joined #minetest-dev |
| 23:53 |
Zughy[m] |
thoughts on #12950? It seems pretty trivial but not a lawyer |
| 23:53 |
ShadowBot |
https://github.com/minetest/minetest/issues/12950 -- Added copy of LGPL-2.1 by StrajnarFilip |
