Time  Nick             Message
14:15 IhrFussel        Okay this is just laughable now... it seems that there are seriously people who honestly believe that preventing someone from joining with a certain account and overtaking their current online session actually adds SECURITY to Minetest ... at least according to those downvotes https://github.com/minetest/minetest/pull/8547 ... As if that would help against account theft
14:16 IhrFussel        What are these people thinking? When someone got my password it's OVER already ... there is no need to try to mitigate any login attempts
14:17 IhrFussel        I thought LinuxDirk is the only silly guy who got that opinion
14:18 IhrFussel        Minetest is simply backwards in that regard... I don't have to wait in ANY other game or service until my last session timed out before I can rejoin
14:21 IhrFussel        There should be other methods to actually improve security of accounts ... like builtin login attempt limits
14:23 IhrFussel        And maybe log such an event when someone overtakes the session of another user so that server admins have a clue when it happened and by who (IP)
14:25 IhrFussel        I already implemented a 'anti hack protection' in my server code... it simply stores a timestamp in a table plus a counter and if (within 30 seconds) the same name tries to join 3 times and fails they are blocked from joining for 1 minute
14:30 IhrFussel        And I clearly see how it helps with security on my server... cause most people who try to get into another's account give up exactly after the 3 tries
14:31 IhrFussel        They don't want to wait for 1 minute staring at their screen
14:32 IhrFussel        The majority of players are young kids in MT and that is a fact ... young kids don't have a large attention span
14:33 IhrFussel        Additionally I let the online user know that someone tried to connect as them via PM
14:50 IhrFussel        btw since most mobile users use a third party app that likely implements the random generated name and password features, it is highly unlikely that someone guesses SUCH a password... I mean did you even take a look at one? They look like '5M!7?ctS'
14:51 IhrFussel        iOS users at least are forced to use such apps and they account for a large amount of total mobile users
14:53 IhrFussel        And soon the other Android clones will upgrade to 5.0.0 too... if the app devs need the money
15:20 BuckarooBanzai   IhrFussel: if you have additional security on your server, why not share your mod with the community... :)
15:20 * BuckarooBanzai hides
15:22 IhrFussel        I don't publish mods cause my coding skills are not the best and therefore the code quality is usually bad ... but as long as the code accomplishes my goals I'm fine ... when people ask me for certain things I like to help ... and I would even take some of my server code and share it with them
15:23 IhrFussel        I code my server mods not as standalone mods, so I can basically depend on many unrelated mods in each of them
15:28 IhrFussel        Also the mod I coded is only a hack... cause in 5.0.0 (which I don't use yet) there is a new callback that can improve it
15:31 IhrFussel        Here it is minetest.register_on_auth_fail(function(name, ip))
15:32 IhrFussel        Right now I can only use prejoin() callback and have to assume that even if the 3rd try has the right password it still triggers the block
15:46 Calinou          IhrFussel: in my experience, people don't care if your open source code looks ugly
16:58 Krock            o/