Time Nick Message 00:16 andreeeeew_its_m you certainly care about the reason for this ban to justify such an action, you listened to only one version of the story (the one given by the Minetest team) and this needs to be called out. Moreover, it is written nowhere in your policies that a channel's ban evasion is against your policies, otherwise lots of people could be k-lined on the sole 09:59 rubenwardy What's our compatibility policy on settings? Can formspec_default_by_color be removed? It's pretty pointless given that most formspecs in-game theme their backgrounds 10:00 Guest54 what's the advantage of removing it? simply less code or is there a security or performance issue? 10:01 rubenwardy less code and improved UX 10:01 rubenwardy alternatively, I can just hide it from the new settings menu 10:02 Guest54 you mean the advanced one? 10:03 rubenwardy https://github.com/minetest/minetest/pull/12480 10:06 Guest54 ah that one 14:41 Desour rubenwardy: I don't think we have a policy for removing existing settings. we don't try to keep backwards compat for them afaik, and some client visual settings (e.g. bumpmapping) have already been removed without replacement 14:42 Desour as for formspec_default_bg_color: I doubt many people use this. the only use-case I could think of is higher transparency to label[]s 14:42 Desour but I'd put the setting removal in a separate PR or commit 16:58 sfan5 imo we should also merge #12764 soon so it can be tested over the whole dev duration 16:58 ShadowBot https://github.com/minetest/minetest/issues/12764 -- Sound refactor and improvements by Desour 16:58 rubenwardy agreed 16:58 rubenwardy that's high on my list 16:59 Desour 👀 17:00 Desour you could merge #13415 first to make 12764 simpler 17:00 ShadowBot https://github.com/minetest/minetest/issues/13415 -- [NOSQUASH] Smart ptr stuff from sound refactor PR, and add make_irr by Desour 17:36 appguru Would anyone be opposed to me creating & maintaining a repo for semgrep rules (such as https://gist.github.com/appgurueu/21132254211f32fb210c429cf56c4b2b)? celeron55 17:36 rubenwardy does this need to be an official project? 17:37 appguru What would be the downsides to it being unofficial? 17:37 appguru official* 17:37 appguru Making it official would increase discoverability, at the risk of slightly cluttering the Minetest org 17:38 Guest54 i think semgrep rules for minetest should have the widest possible visiblity and endorsement. i already privately asked rubenwardy to add semgrep scanning to cdb since i found a lot of crashes with it a few days ago, but rubenwardy did not want more bloat. 17:38 appguru But I don't see why this shouldn't be centralized under the Minetest org 17:39 Guest54 the question is: is there any danger 17:39 Guest54 i mean, given the existing approach to code quality and understanding of boundaries and security issues differs extremely between contributors 17:40 Guest54 like would it lead to minetest as an org rejecting rules if coredevs believe it is “too far out” or so? 17:40 Guest54 or similarly, is there a danger of endorsing useless rules? 17:40 Guest54 appguru you can always start making it yourself and if it is any good donate it to the org 17:41 appguru we wouldn't want to many false positives and I already anticipate bikeshedding about rules, lol 17:41 appguru too many* 17:41 rubenwardy the risk is that it becomes our responsibility or another dead repo 17:41 appguru fair 17:41 Krock what's special about "irr_ptr", Desour ? 17:41 rubenwardy Irrlicht points use ->grab() and ->drop, irr_ptr does this automatically based on RAII 17:42 Krock shared_ptr would do that too 17:42 rubenwardy appguru: it's not a big deal though, I'd start it and then see how useful it could be 17:43 Krock ah I see. it's mainly for Irrlicht integration 17:43 Desour lua51 vs luajit compat isn't minetest-specific. it's also not complete (i.e. missing ULL number prefixes and similar). and I kinda doubt we want to maintain it 17:43 rubenwardy yeah, you can use a custom deleter/allocator iirc - but it's simpler to have a new irr_ptr type. Also, this already exists 17:43 rubenwardy irr_ptr already exists, this just adds a util for it 17:43 Guest54 Desour a rule does not need to be complete. it is supposed to find issues, not prove code correct. 17:44 Guest54 Desour semgrep rules work best for stuff where you have few false positives and next to no false negatives. 17:44 sfan5 it'd definitely be good to get the irr_ptr changes out of the PR 17:44 Desour Krock: shared_ptr allocates an (atomic) refcounter. IReferenceCounted classes have a (non-atomic) counter as member (via inheritance). irr_ptr counts this one 17:44 sfan5 because it'll be squashed 17:44 Guest54 for example, you can easily write a semgrep rule to find a double free in C. 17:44 appguru Desour: I don't think it's possible to write semgrep rules at a sub-token level 17:45 appguru But yes, Lua 5.1 vs LuaJIT compat isn't Minetest-specific 17:45 Krock at least for #13415 I don't see any issue with the changes, although the sound PR is still pretty large afterwards 17:45 ShadowBot https://github.com/minetest/minetest/issues/13415 -- [NOSQUASH] Smart ptr stuff from sound refactor PR, and add make_irr by Desour 17:45 appguru I believe that we'd get more rules for Minetest- than for Lua-specific things in the long run though 17:45 appguru E.g. each deprecation should have a semgrep rule added (if applicable) 17:47 Guest54 you could also add an autofix if you are enterprising 17:47 Guest54 i mean, if it is easy to fix 17:48 Guest54 appguru here, take this gem: but please credit me as the author if you commit it anywhere https://mister-muffin.de/p/dNmO.txt 17:49 Guest54 i found so many crashes using it 17:50 rubenwardy could try writing rules for https://rubenwardy.com/minetest_modding_book/en/quality/common_mistakes.html 17:50 Guest54 i mean, technically i stopped verifying the crashes after the first few, since it is clear what happens without the nil check 17:50 appguru hmm 17:51 appguru rubenwardy: missing word: "you should make [sure] you check it before use" 17:51 Guest54 rubenwardy oh no i think i may have done an itemstack doo doo in my “harvest and replace” mod 17:52 rubenwardy appguru: damn, common mistake :'( 17:52 appguru hah 17:52 Guest54 ok so since semgrep is the topic at hand: https://semgrep.dev/docs/writing-rules/overview/ https://semgrep.dev/docs/writing-rules/pattern-syntax/ 17:53 rubenwardy another one is when mods assume a puncher/placer/etc is a player 17:53 Guest54 also i suggest you all refrain from throwing all semgrep C/C++ rules at minetest engine, i already did that and it's too much fluff. better keep to domain-specific rules after you find a bug to fix that entire class of bugs. 17:53 rubenwardy anyway, I suggest making a repo, working on it until it's mvp, then maybe it can be transferred in 17:53 appguru Hmm. I think "Don’t Trust Formspec Submissions" can't really be implemented using semgrep. "Set ItemStacks After Changing Them" is probably possible. "Be Careful When Storing ObjectRefs" might also be possible, albeit limited. 17:53 appguru rubenwardy: sounds reasonable 17:54 Guest54 appguru you can have different confidence levels for results though 17:54 appguru yeah 17:55 rubenwardy there's also using chat_send_player in a chat command instead of return, and also assuming the player is online 17:55 Guest54 and i don't think it is unreasonable to check for stuff like minetest.set_player_privs() that it is inside a code block that checks for some privs if the privs are elevated 17:56 Guest54 rubenwardy there is so much comedy gold to be earned using a small investment of only a few semgrep rules 17:56 Guest54 imagine all the random crashes it might find 17:59 Guest54 rubenwardy so appguru claims to have had a DL script to download cdb and last time it killed the API. are you *sure* you want people to use the API instead of providing a tarball of all mods or so? 17:59 appguru (last time was 2021 tbf tho) 17:59 Guest54 yeah but was it a bug that got fixed 17:59 Desour merging #13415 in 5 17:59 ShadowBot https://github.com/minetest/minetest/issues/13415 -- [NOSQUASH] Smart ptr stuff from sound refactor PR, and add make_irr by Desour 18:01 rubenwardy that's because it went via the PYthon, I've fixed it so downloads are served directly by nginx 18:01 Guest54 well, then 18:01 rubenwardy I suggest only downloading the latest release for each mod 18:01 Guest54 appguru, release the kraken! 18:02 rubenwardy then you can tail /api/releases/ for new releases 18:02 Guest54 well, i am not interested in crashes in older releases anyway 18:02 Guest54 but it would be a good test case to figure out if the semgrep rules are any good 18:02 MTDiscord why are downloads served by contentdb? 18:02 Guest54 hysterical raisins 18:02 MTDiscord why doesn't it just store git links? 18:02 rubenwardy Fleckenstein: security, the client doesn't have git support and the download needs to be immutable 18:03 rubenwardy not all git hosts support direct download links 18:03 MTDiscord sha sums exist 18:03 rubenwardy if they did, you could use a checksum to pin the version 18:03 rubenwardy but they don't 18:03 rubenwardy also, you don't need to use git 18:03 rubenwardy and some packages have a build/compilation step meaning you can't use the raw git repo 18:04 MTDiscord contentdb supports that? 18:04 rubenwardy yes 18:04 rubenwardy https://content.minetest.net/help/api/ 18:04 MTDiscord ah so it's not like it offers cloud builds tho 18:05 Desour a cool thing one could do is preprocess / build your mod in some way and upload the build artifact to cdb. this could also be done by a CI runner 18:05 rubenwardy yeah. RPG16 and nodecore do that 18:05 rubenwardy also that fennel game 18:06 appguru hmm so I think I found my scripts 18:06 appguru one scans CDB for dependency cycles, one counts licenses and the third counts file extensions after unpacking to a ramdisk 18:06 appguru can't seem to find the one that did the downloading lol 18:07 Guest54 in before wget --mirror 18:07 Guest54 maybe one of the first steps would be to put the scripts in a git repo 18:08 appguru my filesystem is a mess 18:08 MTDiscord can recommend dust / ncdu 18:19 rubenwardy How do you build with SDL now? 18:20 rubenwardy I've tried editing the option in Irrlicht's cmake and doing cmake . -DUSE_SDL2=1, but I'm still getting _IRR_COMPILE_WITH_SDL_DEVICE_ undefined 18:20 rubenwardy building with irrlicht at libs/irrlichtmt 18:20 rubenwardy *lib 18:21 Desour iirc _IRR_COMPILE_WITH_SDL_DEVICE_ is no longer used 18:21 Desour are you sure you're using irrlichtmt master? 18:22 sfan5 cmake also outputs whether it's building with sdl2 or not 18:23 rubenwardy I'll delete caches etc 18:23 nrz if SDL2 is sufficient stable, do you think we can consider a full switch and drop legacy backend ? (i don't know if it works well on android) 18:23 rubenwardy that's our plan 18:23 nrz perfect 18:24 rubenwardy _IRR_COMPILE_WITH_SDL_DEVICE_ is from my patch in minetest/minetest that's checking whether SDL is enabled. I still see it used in lib/irrlichtmt though, in CIrrDeviceSDL.cpp for example 18:25 rubenwardy I'm on "Use a buffer for quads indices" 18:26 sfan5 it's still used but you can't check the flag from outside 18:45 rubenwardy merging #13419 in 9.345 ± 10 minutes 18:45 ShadowBot https://github.com/minetest/minetest/issues/13419 -- Remove formspec_default_bg_color/opacity settings by rubenwardy 18:50 Guest54 > In practice, most games do theme their GUIs. 18:50 Guest54 rubenwardy did you actually check that using semgrep or something? 18:50 Guest54 i mean, i don't think you'd pull that out of thin air, i just wonder if it is the same as earlier “this is not used” assertions, i.e. “this is not used in stuff i know” 18:57 rubenwardy well, most games are MTG soups and MTG has a custom background and bgcolor 18:58 Guest54 in this case, i both retract my statement about pulling factoids out of thin air and assert the opposite and ask how such a rule could look like? 18:58 Guest54 after all, it is a code smell now to have none of that 18:59 rubenwardy not sure if you misread, this removes a setting it doesn't remove the default background 18:59 Guest54 uh, i think it implies that not setting a background is a problem, am i misunderstanding it? 19:00 Guest54 (i probably am) 19:16 rubenwardy was #12780 forgotten about? 19:16 ShadowBot https://github.com/minetest/minetest/issues/12780 -- Put server sound handles into userdata by Desour 19:18 Desour no 19:18 Desour it's separate 19:18 rubenwardy looks like it has changes from the mega PR though 19:19 Desour it basically does the client and main menu sound handle stuff for server sound handles 19:19 Desour the code is similar 19:19 Desour but duplicated 20:44 boldcoder55[m] oopsie, k-line broken 20:45 boldcoder55[m] ping moonmoon 21:06 boldcoder55[m] moonmoon has turned to eclipse tonight? :( 21:09 boldcoder55[m] looking forward for the next k-line and how to get around it, I love challenges 21:25 MTDiscord don't you have better things to do 21:28 Guest54 ROllerozxa i honestly think that a specific breed of bullies does not have something better to do in their own mind. i know only very few people who regularly evade bans (and I wish i would not know them) and with all of them i got the feeling that getting the attention after evading a ban gives them a sense of pride and accomplishment.