Minetest logo

IRC log for #minetest-hub, 2018-11-22

| Channels | #minetest-hub index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:32 MinetestSam joined #minetest-hub
01:32 ANAND joined #minetest-hub
02:18 redneonglow joined #minetest-hub
02:41 GreenDimond joined #minetest-hub
02:56 garywhite joined #minetest-hub
04:11 luk3yx Does anyone know the latest version of Ubuntu MT 0.3 will compile on?
04:29 * luk3yx will try 14.04
04:55 DI3HARD139 joined #minetest-hub
06:50 Ruslan1 joined #minetest-hub
06:52 atorian37 joined #minetest-hub
07:07 GreenDimond joined #minetest-hub
08:11 longerstaff13 joined #minetest-hub
08:19 ANAND joined #minetest-hub
09:04 atorian37 joined #minetest-hub
09:10 ANAND joined #minetest-hub
09:21 atorian37 joined #minetest-hub
09:47 MinetestSam joined #minetest-hub
10:01 MinetestSam joined #minetest-hub
10:30 jluc joined #minetest-hub
10:34 CWz joined #minetest-hub
12:37 calcul0n joined #minetest-hub
12:49 Fixer joined #minetest-hub
12:55 Fixer_ joined #minetest-hub
12:58 ANAND Hmm, I'm starting to want to implement SSCSM myself...
12:58 ANAND I mean, how hard can it be?
12:59 rubenwardy there won't be enough fingers on the hands of everyone in the world to count how many vulnerabilities would be introduced
13:00 ANAND :)
13:00 T4im finger overflow :o
13:02 ANAND Is it possible to encode the mods so that the client can't modify the source?
13:02 rubenwardy no
13:03 ANAND What are the major vulnerabilities exactly?
13:03 T4im remote code execution would probably the worst of it
13:03 T4im be the*
13:03 rubenwardy allowing malicious servers to install viruses on the player's computer
13:04 ANAND Oho
13:04 rubenwardy I mean, SSCSM is literally remote code execution
13:04 T4im hehe, true
13:04 T4im but it might not be limited to servers installing something in the end
13:05 ANAND Are there any other FOSS projects that follow this approach?
13:05 T4im executing on the client? a bunch, yea
13:06 ANAND How do they do it?
13:06 BuckarooBanzai firefox for example :P
13:06 T4im ^
13:06 T4im lots of sandboxing
13:06 ANAND Oh right, ofc... :)
13:06 T4im but firefox of course has no reason to stop you from modifying what is executed
13:06 ANAND True
13:07 T4im best you can do anyway is try to notice the modification and stop running it
13:07 ANAND checksums?
13:07 T4im something like that, yea
13:07 T4im not a silver bullet though
13:08 rubenwardy server-side validation
13:08 T4im you can raise the burden to only enable those with some c++ knowledge to be able to circumvent it
13:08 aerozoic joined #minetest-hub
13:09 ANAND But with proper sandboxing, unauthorized code won't be executed unless the server is malicious and the client is compromised. Right?
13:10 ANAND I guess "proper sandboxing" is the real issue here, then.
13:11 calcul0n "unless the server is malicious" is another one :)
13:12 ANAND True
13:14 T4im quake3 was an early game to allow client-game modifications in a c-dialect to be transmitted and executed on the client for modding purposes
13:14 rubenwardy thank fuck this was commented out https://github.com/minetest/minetest/blob/master/src/util/srp.cpp#L64
13:14 T4im lol
13:16 T4im that kinda stuff should probaly be done via dynamic printf in gdb
13:16 rubenwardy yeah
13:17 rubenwardy do linters exist for security vulnerabilities?
13:17 T4im sure
13:17 rubenwardy finding printf(variable); isn't exactly hard
13:18 T4im well if you want to find all of them, a git grep may do :p
13:18 rubenwardy that's what I did
13:22 calcul0n i never used it myself but this one looks pretty good : https://www.splint.org/
13:23 calcul0n hmm, not sure it can handle c++ in fact
13:25 T4im i think most are proprietary; clang comes with a few things, not that particular one as far as i see though; there are also a few freemium offers via github marketplace
13:25 T4im security related linting that is
13:25 rubenwardy we have clang something already
13:25 T4im clang-tidy probably
13:26 T4im it does have a few checks
13:27 ANAND joined #minetest-hub
13:32 T4im building with addresssanitizer might help, too
13:37 ANAND joined #minetest-hub
13:53 _Xenon joined #minetest-hub
15:02 MinetestSam joined #minetest-hub
15:11 aerozoic_ joined #minetest-hub
15:53 Jordach joined #minetest-hub
15:59 ANAND joined #minetest-hub
16:07 Jordach joined #minetest-hub
16:15 Ruslan1 joined #minetest-hub
16:18 Fixer joined #minetest-hub
16:38 Ruslan1 joined #minetest-hub
17:00 jluc joined #minetest-hub
17:27 ANAND joined #minetest-hub
17:37 Liu joined #minetest-hub
17:46 Ruslan1 joined #minetest-hub
17:57 Krock joined #minetest-hub
17:58 Krock no 10+1 to greet today.. again
18:03 rubenwardy Krock's law: when you're prepared, tenplus1 isn't online. When you've let your guard down, he is
18:04 Krock ^ this
18:04 Krock please add to the terminology
18:04 Krock IIRC Wuzzy also has another one of mine.. a quote which they wanted to use somewhen later
18:05 Krock forgot to bookmark that one
18:06 Krock rubenwardy: you're talking about 3D graphs, right?
18:07 rubenwardy yes
18:07 rubenwardy buying land: https://i.rubenwardy.com/5vDHw.png
18:07 Krock sounds good but collapsing a network into 1D would be faster
18:07 Krock > /lua land.guive_money("rubenwardy", 42349230492849)
18:08 rubenwardy well, the positions of the graph only matter when you're going to and from the world
18:08 rubenwardy when doing electronics, you'll just work on nodeIDs and the distances between them
18:08 rubenwardy actually, for pipes this could be troublesome because it's useful to know about gravity
18:08 rubenwardy also
18:08 rubenwardy /banking give c:rubeninc 42349230492849
18:09 rubenwardy why would give_money be in the land mod, jeez
18:09 rubenwardy makes no sense whatsever
18:09 rubenwardy :)
18:14 Krock > expects Krock to know about the available mods
18:15 rubenwardy \o/
18:16 ANAND joined #minetest-hub
18:26 MinetestSam joined #minetest-hub
18:44 Fixer_ joined #minetest-hub
18:46 IhrFussel joined #minetest-hub
18:47 IhrFussel That is so annoying when you try to join a server that's full and it erases your password EACH time you go back...MT should remember it depending on the error message the client receives from the server (for example "too many users")
18:49 IhrFussel I understand erasing it when the server shuts down/has an internal error/incorrect password...but in this situation it's pretty tedious
18:52 rubenwardy it's done to avoid debug dumps containing passwords
18:57 Gael-de-Sailly joined #minetest-hub
19:13 Pirate_ joined #minetest-hub
19:32 longerstaff13 joined #minetest-hub
19:32 longerstaff13 joined #minetest-hub
19:47 benrob0329 joined #minetest-hub
19:48 garywhite joined #minetest-hub
19:54 benrob0329 o/
19:54 luk3yx Hello.
20:18 jas_ joined #minetest-hub
20:58 Fixer joined #minetest-hub
21:29 Ruslan1 joined #minetest-hub
22:16 CWz_ joined #minetest-hub
22:19 garywhite joined #minetest-hub
22:27 FrostRanger joined #minetest-hub
23:01 SaKeL joined #minetest-hub
23:02 Fuchs_ joined #minetest-hub
23:06 Fuchs joined #minetest-hub
23:34 longerstaff13 joined #minetest-hub
23:34 longerstaff13 joined #minetest-hub

| Channels | #minetest-hub index | Today | | Google Search | Plaintext