| Time |
Nick |
Message |
| 00:32 |
|
MinetestSam joined #minetest-hub |
| 01:32 |
|
ANAND joined #minetest-hub |
| 02:18 |
|
redneonglow joined #minetest-hub |
| 02:41 |
|
GreenDimond joined #minetest-hub |
| 02:56 |
|
garywhite joined #minetest-hub |
| 04:11 |
luk3yx |
Does anyone know the latest version of Ubuntu MT 0.3 will compile on? |
| 04:29 |
* luk3yx |
will try 14.04 |
| 04:55 |
|
DI3HARD139 joined #minetest-hub |
| 06:50 |
|
Ruslan1 joined #minetest-hub |
| 06:52 |
|
atorian37 joined #minetest-hub |
| 07:07 |
|
GreenDimond joined #minetest-hub |
| 08:11 |
|
longerstaff13 joined #minetest-hub |
| 08:19 |
|
ANAND joined #minetest-hub |
| 09:04 |
|
atorian37 joined #minetest-hub |
| 09:10 |
|
ANAND joined #minetest-hub |
| 09:21 |
|
atorian37 joined #minetest-hub |
| 09:47 |
|
MinetestSam joined #minetest-hub |
| 10:01 |
|
MinetestSam joined #minetest-hub |
| 10:30 |
|
jluc joined #minetest-hub |
| 10:34 |
|
CWz joined #minetest-hub |
| 12:37 |
|
calcul0n joined #minetest-hub |
| 12:49 |
|
Fixer joined #minetest-hub |
| 12:55 |
|
Fixer_ joined #minetest-hub |
| 12:58 |
ANAND |
Hmm, I'm starting to want to implement SSCSM myself... |
| 12:58 |
ANAND |
I mean, how hard can it be? |
| 12:59 |
rubenwardy |
there won't be enough fingers on the hands of everyone in the world to count how many vulnerabilities would be introduced |
| 13:00 |
ANAND |
:) |
| 13:00 |
T4im |
finger overflow :o |
| 13:02 |
ANAND |
Is it possible to encode the mods so that the client can't modify the source? |
| 13:02 |
rubenwardy |
no |
| 13:03 |
ANAND |
What are the major vulnerabilities exactly? |
| 13:03 |
T4im |
remote code execution would probably the worst of it |
| 13:03 |
T4im |
be the* |
| 13:03 |
rubenwardy |
allowing malicious servers to install viruses on the player's computer |
| 13:04 |
ANAND |
Oho |
| 13:04 |
rubenwardy |
I mean, SSCSM is literally remote code execution |
| 13:04 |
T4im |
hehe, true |
| 13:04 |
T4im |
but it might not be limited to servers installing something in the end |
| 13:05 |
ANAND |
Are there any other FOSS projects that follow this approach? |
| 13:05 |
T4im |
executing on the client? a bunch, yea |
| 13:06 |
ANAND |
How do they do it? |
| 13:06 |
BuckarooBanzai |
firefox for example :P |
| 13:06 |
T4im |
^ |
| 13:06 |
T4im |
lots of sandboxing |
| 13:06 |
ANAND |
Oh right, ofc... :) |
| 13:06 |
T4im |
but firefox of course has no reason to stop you from modifying what is executed |
| 13:06 |
ANAND |
True |
| 13:07 |
T4im |
best you can do anyway is try to notice the modification and stop running it |
| 13:07 |
ANAND |
checksums? |
| 13:07 |
T4im |
something like that, yea |
| 13:07 |
T4im |
not a silver bullet though |
| 13:08 |
rubenwardy |
server-side validation |
| 13:08 |
T4im |
you can raise the burden to only enable those with some c++ knowledge to be able to circumvent it |
| 13:08 |
|
aerozoic joined #minetest-hub |
| 13:09 |
ANAND |
But with proper sandboxing, unauthorized code won't be executed unless the server is malicious and the client is compromised. Right? |
| 13:10 |
ANAND |
I guess "proper sandboxing" is the real issue here, then. |
| 13:11 |
calcul0n |
"unless the server is malicious" is another one :) |
| 13:12 |
ANAND |
True |
| 13:14 |
T4im |
quake3 was an early game to allow client-game modifications in a c-dialect to be transmitted and executed on the client for modding purposes |
| 13:14 |
rubenwardy |
thank fuck this was commented out https://github.com/minetest/minetest/blob/master/src/util/srp.cpp#L64 |
| 13:14 |
T4im |
lol |
| 13:16 |
T4im |
that kinda stuff should probaly be done via dynamic printf in gdb |
| 13:16 |
rubenwardy |
yeah |
| 13:17 |
rubenwardy |
do linters exist for security vulnerabilities? |
| 13:17 |
T4im |
sure |
| 13:17 |
rubenwardy |
finding printf(variable); isn't exactly hard |
| 13:18 |
T4im |
well if you want to find all of them, a git grep may do :p |
| 13:18 |
rubenwardy |
that's what I did |
| 13:22 |
calcul0n |
i never used it myself but this one looks pretty good : https://www.splint.org/ |
| 13:23 |
calcul0n |
hmm, not sure it can handle c++ in fact |
| 13:25 |
T4im |
i think most are proprietary; clang comes with a few things, not that particular one as far as i see though; there are also a few freemium offers via github marketplace |
| 13:25 |
T4im |
security related linting that is |
| 13:25 |
rubenwardy |
we have clang something already |
| 13:25 |
T4im |
clang-tidy probably |
| 13:26 |
T4im |
it does have a few checks |
| 13:27 |
|
ANAND joined #minetest-hub |
| 13:32 |
T4im |
building with addresssanitizer might help, too |
| 13:37 |
|
ANAND joined #minetest-hub |
| 13:53 |
|
_Xenon joined #minetest-hub |
| 15:02 |
|
MinetestSam joined #minetest-hub |
| 15:11 |
|
aerozoic_ joined #minetest-hub |
| 15:53 |
|
Jordach joined #minetest-hub |
| 15:59 |
|
ANAND joined #minetest-hub |
| 16:07 |
|
Jordach joined #minetest-hub |
| 16:15 |
|
Ruslan1 joined #minetest-hub |
| 16:18 |
|
Fixer joined #minetest-hub |
| 16:38 |
|
Ruslan1 joined #minetest-hub |
| 17:00 |
|
jluc joined #minetest-hub |
| 17:27 |
|
ANAND joined #minetest-hub |
| 17:37 |
|
Liu joined #minetest-hub |
| 17:46 |
|
Ruslan1 joined #minetest-hub |
| 17:57 |
|
Krock joined #minetest-hub |
| 17:58 |
Krock |
no 10+1 to greet today.. again |
| 18:03 |
rubenwardy |
Krock's law: when you're prepared, tenplus1 isn't online. When you've let your guard down, he is |
| 18:04 |
Krock |
^ this |
| 18:04 |
Krock |
please add to the terminology |
| 18:04 |
Krock |
IIRC Wuzzy also has another one of mine.. a quote which they wanted to use somewhen later |
| 18:05 |
Krock |
forgot to bookmark that one |
| 18:06 |
Krock |
rubenwardy: you're talking about 3D graphs, right? |
| 18:07 |
rubenwardy |
yes |
| 18:07 |
rubenwardy |
buying land: https://i.rubenwardy.com/5vDHw.png |
| 18:07 |
Krock |
sounds good but collapsing a network into 1D would be faster |
| 18:07 |
Krock |
> /lua land.guive_money("rubenwardy", 42349230492849) |
| 18:08 |
rubenwardy |
well, the positions of the graph only matter when you're going to and from the world |
| 18:08 |
rubenwardy |
when doing electronics, you'll just work on nodeIDs and the distances between them |
| 18:08 |
rubenwardy |
actually, for pipes this could be troublesome because it's useful to know about gravity |
| 18:08 |
rubenwardy |
also |
| 18:08 |
rubenwardy |
/banking give c:rubeninc 42349230492849 |
| 18:09 |
rubenwardy |
why would give_money be in the land mod, jeez |
| 18:09 |
rubenwardy |
makes no sense whatsever |
| 18:09 |
rubenwardy |
:) |
| 18:14 |
Krock |
> expects Krock to know about the available mods |
| 18:15 |
rubenwardy |
\o/ |
| 18:16 |
|
ANAND joined #minetest-hub |
| 18:26 |
|
MinetestSam joined #minetest-hub |
| 18:44 |
|
Fixer_ joined #minetest-hub |
| 18:46 |
|
IhrFussel joined #minetest-hub |
| 18:47 |
IhrFussel |
That is so annoying when you try to join a server that's full and it erases your password EACH time you go back...MT should remember it depending on the error message the client receives from the server (for example "too many users") |
| 18:49 |
IhrFussel |
I understand erasing it when the server shuts down/has an internal error/incorrect password...but in this situation it's pretty tedious |
| 18:52 |
rubenwardy |
it's done to avoid debug dumps containing passwords |
| 18:57 |
|
Gael-de-Sailly joined #minetest-hub |
| 19:13 |
|
Pirate_ joined #minetest-hub |
| 19:32 |
|
longerstaff13 joined #minetest-hub |
| 19:32 |
|
longerstaff13 joined #minetest-hub |
| 19:47 |
|
benrob0329 joined #minetest-hub |
| 19:48 |
|
garywhite joined #minetest-hub |
| 19:54 |
benrob0329 |
o/ |
| 19:54 |
luk3yx |
Hello. |
| 20:18 |
|
jas_ joined #minetest-hub |
| 20:58 |
|
Fixer joined #minetest-hub |
| 21:29 |
|
Ruslan1 joined #minetest-hub |
| 22:16 |
|
CWz_ joined #minetest-hub |
| 22:19 |
|
garywhite joined #minetest-hub |
| 22:27 |
|
FrostRanger joined #minetest-hub |
| 23:01 |
|
SaKeL joined #minetest-hub |
| 23:02 |
|
Fuchs_ joined #minetest-hub |
| 23:06 |
|
Fuchs joined #minetest-hub |
| 23:34 |
|
longerstaff13 joined #minetest-hub |
| 23:34 |
|
longerstaff13 joined #minetest-hub |
