| Time |
Nick |
Message |
| 00:03 |
IhrFussel |
So... if init.lua uses 'dofile' is it GUARANTEED that the callback in the above file gets registered first? I think so |
| 00:04 |
IhrFussel |
Basically UI has 2 files with that callback... and since the profiler mentions a '[2]' I think it means the 2nd callback is meant so the bottom dofile |
| 00:08 |
IhrFussel |
Which would point me to this -> https://github.com/minetest-mods/unified_inventory/blob/master/register.lua#L564 |
| 00:08 |
IhrFussel |
But how can this code cause a lag of SIX or more seconds? |
| 00:16 |
IhrFussel |
btw am I dumb or does UI seriously use an EMPTY form name for its fields? That is rather weird |
| 01:25 |
|
paramat joined #minetest-hub |
| 01:42 |
|
FrostRanger joined #minetest-hub |
| 02:39 |
|
Emerald2 joined #minetest-hub |
| 02:48 |
|
Miner_48er joined #minetest-hub |
| 06:00 |
|
kaeza joined #minetest-hub |
| 06:03 |
|
Ruslan1 joined #minetest-hub |
| 07:16 |
|
GreenDimond joined #minetest-hub |
| 07:28 |
|
CWz joined #minetest-hub |
| 08:15 |
|
Gael-de-Sailly joined #minetest-hub |
| 08:48 |
|
Krock joined #minetest-hub |
| 09:39 |
|
aerozoic joined #minetest-hub |
| 10:08 |
|
kaeptmblaubaer joined #minetest-hub |
| 11:00 |
|
Fixer joined #minetest-hub |
| 11:48 |
|
kaeza joined #minetest-hub |
| 11:57 |
|
Krock joined #minetest-hub |
| 12:26 |
|
calcul0n joined #minetest-hub |
| 12:47 |
|
kaeza joined #minetest-hub |
| 12:58 |
|
IhrFussel joined #minetest-hub |
| 12:59 |
IhrFussel |
Can someone explain to me why UI needs to listen to ALL player receive field callbacks just to find out whether a field contains 'craftguide_craft' or 'craftguide_giveme' ? That seems extremely inefficient and MIGHT cause lags of several seconds on my server at times |
| 13:01 |
Krock |
how many thousands of callbacks did you register? |
| 13:01 |
IhrFussel |
This seems to be the problematic callback -> https://pastebin.com/NujDmAR4 |
| 13:02 |
Krock |
that can be guarded with a formname == "" check |
| 13:02 |
Krock |
since it's most likely happening in the player inventory |
| 13:03 |
IhrFussel |
So a simple 'if formname ~= "" then return end' ? |
| 13:03 |
Krock |
try it |
| 13:04 |
Krock |
chances for side-effects are low |
| 13:07 |
|
Megaf joined #minetest-hub |
| 13:08 |
IhrFussel |
Hi Megaf |
| 13:11 |
Megaf |
Hi Fussel |
| 13:11 |
Megaf |
Hi everyone |
| 13:14 |
IhrFussel |
I hope the lag is not caused by CSM somehow or bad mobile clients |
| 13:15 |
IhrFussel |
Must be some sort of mod that sends lots of fields at once when the lag happens I'm guessing...but even that is unlikely |
| 13:25 |
|
entuland joined #minetest-hub |
| 13:27 |
|
BillyS joined #minetest-hub |
| 13:31 |
|
BillyS joined #minetest-hub |
| 13:36 |
Sokomine |
looking for a texture again. the way the placed nodebox-drawn node looks is good enough (would need to be rotated for the tool version)...but...how do i get that texture? |
| 13:37 |
Sokomine |
need a wield image for the tool |
| 13:46 |
IhrFussel |
Krock, https://github.com/minetest-mods/unified_inventory/blob/master/register.lua#L406 << this function has no PRIV CHECK?! |
| 13:46 |
Krock |
REAL FREE ESTATE |
| 13:46 |
IhrFussel |
Doesn't that mean that...in theory... players can send custom fields??? |
| 13:46 |
Krock |
dude thank you so much |
| 13:47 |
Krock |
yes they can |
| 13:47 |
Krock |
testing rn |
| 13:47 |
sfan5 |
hahaha the classic just trusting user input |
| 13:52 |
IhrFussel |
Sorry I should've probably used [off] for that bug (in case it turns out to be exploitable) |
| 13:58 |
Krock |
my cheat client is bugged got to fix that first |
| 13:58 |
Krock |
but that can clearly be abused |
| 13:59 |
Krock |
> name = readParam<std::string>(L, 1); |
| 13:59 |
Krock |
> data = readParam<std::string>(L, 1); |
| 13:59 |
Krock |
guess why it does not work >.< |
| 13:59 |
IhrFussel |
Well on my server it's fixed now by adding 'if not minetest.get_player_privs(player_name).somepriv then return end' |
| 14:01 |
IhrFussel |
Krock, so it takes more than just CSM? Or did you just show an unrelated problem? |
| 14:02 |
Krock |
needs a client modification |
| 14:02 |
Krock |
plus CSM to have a handy GUI |
| 14:02 |
Krock |
testing the fix.. |
| 14:02 |
IhrFussel |
Well that makes it not that high of a priority I guess but should still get fixed |
| 14:03 |
|
calcul0n joined #minetest-hub |
| 14:04 |
IhrFussel |
Krock, can you explain why this cannot be exploited via CSM but other inventory formspecs can? |
| 14:04 |
Krock |
IhrFussel: CSM cannot send fields to the server yb default |
| 14:05 |
IhrFussel |
Oh so it always required a c++ modification? |
| 14:05 |
IhrFussel |
I guess it's an easy change though...maybe 1 or 2 lines ... kinda like disabling priv check for fly and fast |
| 14:12 |
IhrFussel |
I will also log attempts by players who try to request items without having the necessary privs... good way to find cheaters |
| 14:13 |
Krock |
pushing fix in 5' |
| 14:13 |
Krock |
IhrFussel: only for formspec fields. lists can be modified from everywhere |
| 14:14 |
IhrFussel |
Meaning what exactly? |
| 14:14 |
Krock |
that stacks can be moved from any formspec |
| 14:14 |
Krock |
it's sent to the server |
| 14:15 |
Krock |
but pressing CSM formspec buttons will not trigger any server action |
| 14:21 |
Krock |
pushing |
| 14:21 |
Krock |
https://github.com/minetest-mods/unified_inventory/commit/850ee9cbc |
| 14:22 |
Krock |
^ IhrFussel: Also added console logs in case somebody wants to abuse it |
| 14:25 |
IhrFussel |
Nice =) also isn't this kinda inconsistent? if (not output) or (output == "") then return end |
| 14:25 |
IhrFussel |
I mean the () |
| 14:26 |
IhrFussel |
AFAIK the () are not necessary in lua and they are missing pretty much everywhere else |
| 14:31 |
|
Megaf joined #minetest-hub |
| 14:32 |
IhrFussel |
Megaf, are you using unified_inventory? |
| 14:32 |
Megaf |
Yep |
| 14:32 |
Megaf |
why? |
| 14:32 |
IhrFussel |
Update it now |
| 14:32 |
Megaf |
My server hasnt been updated in a while tho |
| 14:33 |
IhrFussel |
I found an exploit... players can send custom fields to the mod and give themselves any item pretty much cause a priv check is missing ... it requires some c++ lines changes and a CSM (optional) |
| 14:34 |
IhrFussel |
And Krock just pushed a fix to the minetest-mods repo |
| 14:35 |
Megaf |
hum |
| 14:35 |
Megaf |
perhaps I should update the stuff |
| 14:35 |
Megaf |
!up mt.megaf.info 30003 |
| 14:35 |
MinetestBot |
mt.megaf.info:30003 is up (13ms) |
| 14:35 |
Megaf |
!server Megaf |
| 14:35 |
MinetestBot |
Megaf: Megaf Server v4 | mt.megaf.info:30003 | Clients: 0/20, 0/1 | Version: 0.4.17.1 / minetest | Ping: 16ms |
| 14:36 |
IhrFussel |
The buttons are not visible but the internal formspec fields listen to any player (before the fix) |
| 14:37 |
|
_Xenon joined #minetest-hub |
| 14:54 |
IhrFussel |
Krock, I hope there is no way to fake the player name when sending fields... but I'm guessing the worst case would be that the actual player who has the priv (if online) receives the item |
| 14:55 |
Krock |
no, the player name cannot be faked |
| 14:55 |
IhrFussel |
How does the server code make sure the player name is not faked? |
| 15:03 |
Krock |
how does the server code make sure there's a player who didn't login? |
| 15:04 |
Krock |
the player name is entirely server-sided; it's only sent once on login |
| 15:06 |
|
Guest21906 joined #minetest-hub |
| 15:21 |
IhrFussel |
But how does the server make sure that only client x is allowed to identify as player name/ID y? |
| 15:22 |
Krock |
they compare the password? |
| 15:23 |
IhrFussel |
I mean is there some kind of protected session between server and client that makes faking impossible? |
| 15:25 |
Krock |
well, you'd have to perform a MITM attack to steal somebody else's connection |
| 15:28 |
IhrFussel |
How does the client know something got sent to it and not someone else? I guess unique ID client and server agreed on |
| 15:30 |
rubenwardy |
if you know the IP and the sequence number, you could session hijack yes |
| 15:30 |
Krock |
IhrFussel: that's already very low-level and there's barely anything to do against it |
| 15:31 |
Krock |
there's always a way. question is how much time you've got to do it |
| 15:31 |
IhrFussel |
rubenwardy, sequence number is what? An ID? |
| 15:32 |
IhrFussel |
Cause there can be unlimited connections from the same IP I'm guessing there needs to be some kind of ID both server and client know |
| 15:33 |
sfan5 |
the peer id |
| 15:33 |
IhrFussel |
So client sends playername to server, server checks, if correct server inits all required player data and and stores/tells peer ID...right? |
| 16:50 |
|
Ruslan1 joined #minetest-hub |
| 17:56 |
|
tenplus1 joined #minetest-hub |
| 17:56 |
tenplus1 |
Hi folks |
| 17:56 |
tenplus1 |
hey Krock |
| 17:57 |
Krock |
hi tenplus1 |
| 17:57 |
tenplus1 |
what's new with you ? |
| 17:57 |
Krock |
hey ho I updated the ascii mapper |
| 17:57 |
tenplus1 |
ooh nice :) |
| 17:57 |
tenplus1 |
I just found out corals.mts isnt in 5.0dev |
| 17:58 |
Krock |
pushed a security commit to u_i and created a new PR with "stolen" code from somebody else |
| 17:58 |
tenplus1 |
naughty naughty |
| 17:58 |
Krock |
updated gist with sample image in L3: https://gist.github.com/SmallJoker/03c92442c4b81a6d2e7573c7950a10cc |
| 17:59 |
Krock |
much easier to read this way |
| 17:59 |
Krock |
sakura and glacier tend to be very large |
| 18:00 |
tenplus1 |
nice, this looks way better dude |
| 18:00 |
Krock |
^.^ |
| 18:00 |
tenplus1 |
I so gotta rework the biomes in Ethereal to spread out better |
| 18:02 |
tenplus1 |
this will defintely help :) thanks dude |
| 18:03 |
Krock |
well, existing worlds will break |
| 18:03 |
Krock |
each change is going to make it worse for newly generated areas |
| 18:03 |
tenplus1 |
depends if the original biome will blend into the newly changed one |
| 18:04 |
tenplus1 |
it only seems to break or have huge square gaps if the heightmap is different |
| 18:09 |
tenplus1 |
and from what i've seen of paramat's mapgen changes, biomes blend into one another now :) |
| 18:17 |
* CWz |
peeks in |
| 18:18 |
tenplus1 |
o/ CWz |
| 18:23 |
* tenplus1 |
wonders what else has been removed from 5.0 dev |
| 18:29 |
rdococ |
Hi |
| 18:29 |
tenplus1 |
hi rdococ |
| 18:30 |
rdococ |
I might try to add coroutines to luacontrollers again |
| 18:30 |
tenplus1 |
hows the mod shaping up ? |
| 18:36 |
tenplus1 |
btw, I like the idea of farming-mutation :) |
| 18:39 |
tenplus1 |
reminds me of a yogscast video where you breed 2 crops side by side to make a mutated crop beside it, to increase growing speed and crop harvest size |
| 18:40 |
kaeza |
Greetings. |
| 18:40 |
tenplus1 |
hi kaeza o/ |
| 18:41 |
kaeza |
Hi tenplus1. How's it going? |
| 18:41 |
Krock |
o/ kaeza |
| 18:41 |
tenplus1 |
good thx, just updated Ethereal NG (added sakura biome and coral fix) |
| 18:41 |
kaeza |
o/ Krock |
| 18:41 |
|
entuland joined #minetest-hub |
| 18:42 |
tenplus1 |
wb entuland |
| 18:44 |
entuland |
hello there, freaking connection as usual, tenplus1 |
| 18:45 |
tenplus1 |
o// |
| 18:47 |
tenplus1 |
entuland: have you tried other Os' to see if it helps the connection ? |
| 18:51 |
entuland |
oh no it wouldn't make any difference - I simply have a ISP that rents the line from the national company, and the national company crams multiple customers into the same channel or something like that |
| 18:51 |
entuland |
so the only option would be changing ISP |
| 18:51 |
tenplus1 |
damn, sorry to hear dude |
| 18:56 |
|
calcul0n joined #minetest-hub |
| 18:56 |
tenplus1 |
hi calcul0n |
| 18:57 |
calcul0n |
o/ |
| 18:57 |
tenplus1 |
:P |
| 19:09 |
rdococ |
TIC-80 is probably the longest time I've been interested in something completely new to me for a while |
| 19:10 |
tenplus1 |
that looks kinda cute :D |
| 19:11 |
Krock |
bye! |
| 19:11 |
tenplus1 |
o/ |
| 19:26 |
|
FrostRanger joined #minetest-hub |
| 19:32 |
tenplus1 |
you made any games in TIC-80 yet rdococ? |
| 19:37 |
rdococ |
not quite but I made a 3D demo |
| 19:37 |
tenplus1 |
:) kewl... I wonder how many tiny indie games were made on that |
| 19:41 |
rdococ |
https://i.imgur.com/stQHzvS.png |
| 19:42 |
tenplus1 |
reminds me of Klax somehow |
| 19:42 |
rdococ |
that's at 30 fps... I've seen someone else manage to get things running at 60 fps with a more detailed world but meh |
| 19:43 |
tenplus1 |
lol, tweaking becomes a new hobby to many :D |
| 19:44 |
rdococ |
I use quaternions |
| 19:44 |
tenplus1 |
no idea what that is :P lol |
| 19:45 |
rdococ |
hehe |
| 19:45 |
tenplus1 |
ahh, ddg said it's to do with math :Plol |
| 19:47 |
|
garywhite joined #minetest-hub |
| 19:47 |
tenplus1 |
hi gary :) |
| 19:48 |
garywhite |
hello ten |
| 19:48 |
tenplus1 |
o// |
| 19:52 |
|
TommyTreasure left #minetest-hub |
| 19:53 |
|
TommyTreasure joined #minetest-hub |
| 19:53 |
|
pauloue joined #minetest-hub |
| 19:56 |
tenplus1 |
wb tommy |
| 20:00 |
tenplus1 |
nite folks o/ |
| 20:00 |
|
tenplus1 left #minetest-hub |
| 20:25 |
|
Miner_48er joined #minetest-hub |
| 20:58 |
Fixer |
architecture of minecraft in 2009 looks like minetest in 2011 |
| 20:58 |
Fixer |
http://s10.directupload.net/images/user/090618/rzlbhcwy.jpg |
| 21:11 |
rdococ |
architecture of minecraft in 2019 with several mods installed relating to technology and energy installed and patched into the software looks like minetest in 2019 |
| 21:28 |
kaeza |
There wasn't glass back then I assume. |
| 21:34 |
rdococ |
Hmm, digilines with luacontrollers is effectively a dataflow programming language |
| 21:34 |
rdococ |
yes, I like spontaneously changing the topic of discussion for no reason |
| 21:39 |
Fixer |
damn, playing classicube right now |
| 21:40 |
Fixer |
feels good man |
| 21:48 |
Fixer |
eh, 4chan, 10 years ago |
| 21:50 |
|
pauloue left #minetest-hub |
| 23:09 |
rdococ |
the concept of 4chan seems cool but the community is hostile |
| 23:51 |
Fixer |
old minecraft maps from 2009-2010 had some 4chan references |
| 23:58 |
Fixer |
amazing how bad was video recording 10 years ago |
