Time Nick Message 04:11 luk3yx Does anyone know the latest version of Ubuntu MT 0.3 will compile on? 04:29 * luk3yx will try 14.04 12:58 ANAND Hmm, I'm starting to want to implement SSCSM myself... 12:58 ANAND I mean, how hard can it be? 12:59 rubenwardy there won't be enough fingers on the hands of everyone in the world to count how many vulnerabilities would be introduced 13:00 ANAND :) 13:00 T4im finger overflow :o 13:02 ANAND Is it possible to encode the mods so that the client can't modify the source? 13:02 rubenwardy no 13:03 ANAND What are the major vulnerabilities exactly? 13:03 T4im remote code execution would probably the worst of it 13:03 T4im be the* 13:03 rubenwardy allowing malicious servers to install viruses on the player's computer 13:04 ANAND Oho 13:04 rubenwardy I mean, SSCSM is literally remote code execution 13:04 T4im hehe, true 13:04 T4im but it might not be limited to servers installing something in the end 13:05 ANAND Are there any other FOSS projects that follow this approach? 13:05 T4im executing on the client? a bunch, yea 13:06 ANAND How do they do it? 13:06 BuckarooBanzai firefox for example :P 13:06 T4im ^ 13:06 T4im lots of sandboxing 13:06 ANAND Oh right, ofc... :) 13:06 T4im but firefox of course has no reason to stop you from modifying what is executed 13:06 ANAND True 13:07 T4im best you can do anyway is try to notice the modification and stop running it 13:07 ANAND checksums? 13:07 T4im something like that, yea 13:07 T4im not a silver bullet though 13:08 rubenwardy server-side validation 13:08 T4im you can raise the burden to only enable those with some c++ knowledge to be able to circumvent it 13:09 ANAND But with proper sandboxing, unauthorized code won't be executed unless the server is malicious and the client is compromised. Right? 13:10 ANAND I guess "proper sandboxing" is the real issue here, then. 13:11 calcul0n "unless the server is malicious" is another one :) 13:12 ANAND True 13:14 T4im quake3 was an early game to allow client-game modifications in a c-dialect to be transmitted and executed on the client for modding purposes 13:14 rubenwardy thank fuck this was commented out https://github.com/minetest/minetest/blob/master/src/util/srp.cpp#L64 13:14 T4im lol 13:16 T4im that kinda stuff should probaly be done via dynamic printf in gdb 13:16 rubenwardy yeah 13:17 rubenwardy do linters exist for security vulnerabilities? 13:17 T4im sure 13:17 rubenwardy finding printf(variable); isn't exactly hard 13:18 T4im well if you want to find all of them, a git grep may do :p 13:18 rubenwardy that's what I did 13:22 calcul0n i never used it myself but this one looks pretty good : https://www.splint.org/ 13:23 calcul0n hmm, not sure it can handle c++ in fact 13:25 T4im i think most are proprietary; clang comes with a few things, not that particular one as far as i see though; there are also a few freemium offers via github marketplace 13:25 T4im security related linting that is 13:25 rubenwardy we have clang something already 13:25 T4im clang-tidy probably 13:26 T4im it does have a few checks 13:32 T4im building with addresssanitizer might help, too 17:58 Krock no 10+1 to greet today.. again 18:03 rubenwardy Krock's law: when you're prepared, tenplus1 isn't online. When you've let your guard down, he is 18:04 Krock ^ this 18:04 Krock please add to the terminology 18:04 Krock IIRC Wuzzy also has another one of mine.. a quote which they wanted to use somewhen later 18:05 Krock forgot to bookmark that one 18:06 Krock rubenwardy: you're talking about 3D graphs, right? 18:07 rubenwardy yes 18:07 rubenwardy buying land: https://i.rubenwardy.com/5vDHw.png 18:07 Krock sounds good but collapsing a network into 1D would be faster 18:07 Krock > /lua land.guive_money("rubenwardy", 42349230492849) 18:08 rubenwardy well, the positions of the graph only matter when you're going to and from the world 18:08 rubenwardy when doing electronics, you'll just work on nodeIDs and the distances between them 18:08 rubenwardy actually, for pipes this could be troublesome because it's useful to know about gravity 18:08 rubenwardy also 18:08 rubenwardy /banking give c:rubeninc 42349230492849 18:09 rubenwardy why would give_money be in the land mod, jeez 18:09 rubenwardy makes no sense whatsever 18:09 rubenwardy :) 18:14 Krock > expects Krock to know about the available mods 18:15 rubenwardy \o/ 18:47 IhrFussel That is so annoying when you try to join a server that's full and it erases your password EACH time you go back...MT should remember it depending on the error message the client receives from the server (for example "too many users") 18:49 IhrFussel I understand erasing it when the server shuts down/has an internal error/incorrect password...but in this situation it's pretty tedious 18:52 rubenwardy it's done to avoid debug dumps containing passwords 19:54 benrob0329 o/ 19:54 luk3yx Hello.