| Time |
Nick |
Message |
| 00:12 |
Sokomine |
ah, well, at least it loads now |
| 02:09 |
|
olliy joined #minetest-hub |
| 03:34 |
|
olliy joined #minetest-hub |
| 04:51 |
|
QwertyDragon_ joined #minetest-hub |
| 04:54 |
|
olliy joined #minetest-hub |
| 05:00 |
|
QwertyDragon joined #minetest-hub |
| 05:25 |
|
olliy_ joined #minetest-hub |
| 05:28 |
|
olliy joined #minetest-hub |
| 07:15 |
|
calcul0n joined #minetest-hub |
| 08:00 |
|
calcul0n joined #minetest-hub |
| 08:26 |
|
calcul0n_ joined #minetest-hub |
| 08:28 |
TommyTreasure |
after months of no activity here, i steal the spotlight yet again. |
| 08:28 |
TommyTreasure |
is the map on 5.2.1-dev compatible if i migrate to 5.2.0-stable? |
| 08:29 |
TommyTreasure |
players are complaing of client lag issues when connecting with 5.2.0 client |
| 08:32 |
sfan5 |
you mean 5.1.1, right? |
| 08:32 |
sfan5 |
but in any case the answer is yes |
| 08:32 |
TommyTreasure |
no, i meant the 5.2.1-dev. the one you recommended i try a few months ago |
| 08:33 |
TommyTreasure |
around xmas |
| 08:33 |
sfan5 |
hm |
| 08:33 |
TommyTreasure |
ok. map is fine with migration, and 5.2.0 should not experience client side lag |
| 08:34 |
sfan5 |
where would I download that "5.2.1-dev"? |
| 08:34 |
TommyTreasure |
you had it on a test git page for me to download |
| 08:34 |
TommyTreasure |
i forget the issue, but it had to do with server stall |
| 08:35 |
TommyTreasure |
i'm assuming that version was merged by january |
| 08:35 |
sfan5 |
probably this one https://github.com/minetest/minetest/pull/9114 |
| 08:36 |
sfan5 |
either way maps are compatible if you upgrade the server from 5.x to 5.2 (or whatever is latest) |
| 08:36 |
sfan5 |
downgrading from 5.2 to e.g. 5.1 could pose problems but currently even that works |
| 08:36 |
sfan5 |
and the client version can of course be any 5.0, 5.1, 5.2, ... |
| 08:37 |
TommyTreasure |
hang on a sec, my memory fails for the correct version of my game |
| 08:37 |
TommyTreasure |
i'm joining it now to verify |
| 08:37 |
TommyTreasure |
my bad, its 5.2.0-dev |
| 08:38 |
|
ShadowNinja joined #minetest-hub |
| 08:38 |
TommyTreasure |
compiled at the end of 2019 |
| 08:39 |
TommyTreasure |
yes, it wasn't my bug report, but that release fixed my issues |
| 08:40 |
|
hlqkj joined #minetest-hub |
| 08:41 |
TommyTreasure |
so i'll do a new compile, and go for it. thanks sfan5 |
| 08:46 |
|
tomraceror joined #minetest-hub |
| 10:48 |
|
olliy_ joined #minetest-hub |
| 10:57 |
|
DS-minetest joined #minetest-hub |
| 11:05 |
|
Fixer joined #minetest-hub |
| 11:20 |
|
olliy joined #minetest-hub |
| 11:34 |
|
calcul0n__ joined #minetest-hub |
| 11:46 |
|
olliy_ joined #minetest-hub |
| 12:00 |
|
DS-minetest joined #minetest-hub |
| 12:02 |
|
NathanS21 joined #minetest-hub |
| 12:16 |
|
hlqkj joined #minetest-hub |
| 13:10 |
|
olliy joined #minetest-hub |
| 13:22 |
|
olliy_ joined #minetest-hub |
| 13:24 |
|
kilbith joined #minetest-hub |
| 13:26 |
|
kilbith joined #minetest-hub |
| 13:32 |
|
olliy joined #minetest-hub |
| 15:35 |
|
calcul0n joined #minetest-hub |
| 15:47 |
|
DS-minetest joined #minetest-hub |
| 16:10 |
|
calcul0n_ joined #minetest-hub |
| 16:26 |
|
calcul0n joined #minetest-hub |
| 17:06 |
|
Fixer_ joined #minetest-hub |
| 17:22 |
rubenwardy |
!title https://forum.minetest.net/viewtopic.php?t=24528 |
| 17:22 |
MinetestBot |
rubenwardy: Quiz: Spot 3 security vulnerabilities in this mod - Minetest Forums |
| 17:27 |
Krock |
unbelieveable |
| 17:27 |
Krock |
the forum is up again |
| 17:27 |
rubenwardy |
for now |
| 17:28 |
Krock |
message = "\"; sudo rm -rf /*; echo \"hello world" |
| 17:29 |
rubenwardy |
nice, 1/3. Now say that "message" is checked to only contain [A-Za-z]+ |
| 17:29 |
Krock |
so it cannot be empty? |
| 17:30 |
rubenwardy |
does it matter? |
| 17:30 |
Krock |
not really, but if even, also restrict short messages (< 3 characters) |
| 17:31 |
* DS-minetest |
answered on forum with [spoiler] |
| 17:31 |
Krock |
not gonna F5 now |
| 17:31 |
Krock |
well, the other thing is that I could hook mymod.send_mail |
| 17:32 |
Krock |
where hook in lua is overwriting/extending it |
| 17:32 |
Krock |
that's point 2/3 |
| 17:33 |
rubenwardy |
DS-minetest: 2/3 correct. I'll give 2.5/3 maybe |
| 17:33 |
* DS-minetest |
thinks he got the 3rd point wrong, because it's too harmless |
| 17:33 |
DS-minetest |
mhm |
| 17:33 |
rubenwardy |
yeah, it's something to be aware of but not the vulnerability I was thinking of |
| 17:34 |
Krock |
but 3/3 is a bug: ie.execute won't work |
| 17:34 |
Krock |
i.e.os.execute will |
| 17:34 |
rubenwardy |
damn it |
| 17:34 |
rubenwardy |
top |
| 17:34 |
rubenwardy |
*typo |
| 17:34 |
Krock |
:P |
| 17:34 |
Krock |
test your code man |
| 17:34 |
DS-minetest |
yeah, test it on a server ;) |
| 17:34 |
Krock |
I'd also add a "shout" priv requirement, just for the case |
| 17:35 |
Krock |
or just kickban all spammers |
| 17:35 |
Krock |
okay, F5 showed me that DS-minetest found the same issues |
| 17:36 |
Krock |
rubenwardy: sneaky edit.. without leaving an edit notice |
| 17:36 |
rubenwardy |
lol |
| 17:37 |
Krock |
sorry for those who follow this channel, but these points were easy enough for everybody to figure out ;) |
| 17:37 |
DS-minetest |
is the third that emails are actually supposed to be private? |
| 17:38 |
Krock |
does "echo" even work in os.execute? |
| 17:38 |
rubenwardy |
those two are fairly easy if you know about shell injection, and the basics of insecure_env |
| 17:38 |
Krock |
nvm, it does. |
| 17:38 |
rubenwardy |
echo is an example shell command, you'd use something like send-mail in practice |
| 17:38 |
rubenwardy |
although, you wouldn't use os.execute in practice |
| 17:38 |
rubenwardy |
the last one is fairly obscure |
| 17:38 |
Krock |
3obscure5me |
| 17:39 |
Krock |
although according to numberZero it's probably still possible to get to the insecure env using metatables or so |
| 17:40 |
Krock |
at least that's what I remember from a 2 year old discussion |
| 17:41 |
Krock |
I'd also return a status and text in the chatcommand, to give the player a feedback. but that's probably not what you're up to |
| 17:45 |
rubenwardy |
I've added 2 tips and an answers to the post |
| 17:45 |
rubenwardy |
congrats, you're quicker than discord |
| 17:49 |
rubenwardy |
~book security |
| 17:49 |
rubenwardy |
!book security |
| 17:49 |
MinetestBot |
rubenwardy: Security - https://rubenwardy.com/minetest_modding_book//en/quality/security.html |
| 17:49 |
rubenwardy |
this is mentioned - nice to know no-one reads it :D |
| 17:52 |
Krock |
> From 5.0 onward, named formspecs will be blocked if they haven’t been shown yet. |
| 17:53 |
Krock |
From 5.0 onward, only the most recently sent formspec name will accept inputs |
| 17:53 |
Krock |
it's kinda a singleton |
| 18:01 |
|
aerozoic joined #minetest-hub |
| 18:27 |
|
calcul0n_ joined #minetest-hub |
| 19:18 |
|
hlqkj joined #minetest-hub |
| 19:48 |
rubenwardy |
when we seek help for graphics programming: https://rwdy.uk/PEXTp.png |
| 19:51 |
VanessaE |
rubenwardy: is that a good thing or a bad thing? :) |
| 19:52 |
* rubenwardy |
sweeps z-fighting, low view range, stutter, performance issues under the rug |
| 19:53 |
rubenwardy |
yup, totally a good thing |
| 19:59 |
VanessaE |
heh |
| 20:05 |
* Sokomine |
lifts the rug shortly and pushes some errors below it as well |
| 20:05 |
Sokomine |
now we need to motivate players to always stand on our rug and never to look below |
| 20:07 |
|
Fixer joined #minetest-hub |
| 20:30 |
|
kilbith joined #minetest-hub |
| 20:37 |
kilbith |
this forum is so fucking annoying |
| 20:37 |
kilbith |
jesus |
| 20:39 |
sfan5 |
should've switched to discord :^) |
| 21:06 |
Sokomine |
noo. discord is extremly annoying. irc is way better in all aspects |
| 21:08 |
Sokomine |
oh. i get occasional replies from the forum after long wait |
| 21:11 |
kilbith |
it seems the FOSS demographics is a nerdy class of resistant to change |
| 21:12 |
|
calcul0n joined #minetest-hub |
| 21:12 |
rubenwardy |
I use discord because it's where our users are |
| 21:12 |
kilbith |
discord fixes all the major flaws irc has, and make it better |
| 21:13 |
kilbith |
and I fucking don't care whether it's proprietary or not, it just fucking works |
| 21:13 |
rubenwardy |
and it's not true that IRC is way better. IRC is painful to connect to, all the clients suck in different ways, fragmentations, slow moving standard |
| 21:13 |
kilbith |
I don't ask my baker for his bread recipe |
| 21:13 |
kilbith |
I just don't care, it tastes good |
| 21:14 |
rubenwardy |
I mean, you'd be interested in the bread recipe if you had past experience of rocks and sand in bread |
| 21:14 |
kilbith |
lol |
| 21:14 |
rubenwardy |
luckily with regulation that doesn't happen |
| 21:14 |
rubenwardy |
plus the french do bread well \o/ |
| 21:14 |
sfan5 |
or maybe you're of those paranoid people who suspects rocks and sand in every bread they see |
| 21:14 |
rubenwardy |
that is also true |
| 21:15 |
rubenwardy |
I'm a free-software pragmatistic rather than extremistic. I prefer to use free software, but will use proprietary software where it is significantly easier to do so |
| 21:15 |
rubenwardy |
I use Discord and CLion |
| 21:15 |
rubenwardy |
and Steam |
| 21:16 |
DS-minetest |
I've already eaten bread made out of straw. (in mtg) |
| 21:16 |
kilbith |
free software is a programmer thing, not an user one |
| 21:17 |
rubenwardy |
there are user benefits in terms of privacy, and economic benefits by sharing code |
| 21:18 |
rubenwardy |
but yes, you are correct |
| 21:22 |
Sokomine |
kilbith: discord is a major pain. it tries to beep unallowed! there are unwanted graphics! it spams about things going on while not in that chat. it wasts a lot of valuable screen space for empty space or control elements. it is made for those that still communicate in pictures instead of written language |
| 21:23 |
rubenwardy |
unallowed -> not sure what that means |
| 21:23 |
rubenwardy |
2 -> those are bots, not part of discord by default |
| 21:23 |
rubenwardy |
3-> you can enable compact mode |
| 21:23 |
rubenwardy |
4 -> it's made for users |
| 21:24 |
kilbith |
try going into a popular IRC channel and we can talk about spam again |
| 21:24 |
sfan5 |
it is made for the particular target group that often players games on computers these days |
| 21:25 |
Sokomine |
we do have good bread in germany as well :-) |
| 21:26 |
Sokomine |
DS-minetest: use my cottages mod. comes with a nice treshing floor, handmill for turning seeds into flour...produces best bread eventually! (in a furnace in which you cooked lead before.....) |
| 21:27 |
kilbith |
we have used IRC at my company, but we eventually switched to discord shortly after because you cannot run a business on IRC |
| 21:28 |
kilbith |
and the BuildAWorld did exactly the same |
| 21:28 |
kilbith |
+team |
| 21:30 |
Fixer |
are there FOSS alternatives to discord? |
| 21:30 |
rubenwardy |
rocket chat, keybase, matrix |
| 21:35 |
Fixer |
OSS community clearly needs discord-like alternative, there is a big appeal of such platforms, fancy, easy image/file sharing, voicecalls etc, it just makes life easier, i just don't like discord's privacy policy and closed nature and SAAS nature |
| 21:36 |
kilbith |
the MT discord server has 200+ people there |
| 21:36 |
Fixer |
and it works from browser as well |
| 21:36 |
Fixer |
though it needs to be flexible ._. |
| 21:37 |
Fixer |
some people like no-registration, join now, lightweight, in browser on in client in language of your liking |
| 22:05 |
|
calcul0n_ joined #minetest-hub |
| 22:09 |
|
GreenXenith joined #minetest-hub |
| 22:37 |
|
kilbith_ joined #minetest-hub |
| 22:52 |
Sokomine |
which imagehoster did work again? i forgot which one worked (i don't allow js) |
| 22:58 |
Peppy |
Sokomine : did you try framapic.org ? |
| 22:58 |
Peppy |
it's Lutim based, should work without JS |
| 23:01 |
Sokomine |
hm. somehow quite slow for me right now. anyway..what you're now missing to see is a failed windmill. failed because...well...there grew a tree right in front of it, blocking any wind...(mg villages village) |
| 23:04 |
Peppy |
strange, I just had instant acces... |
| 23:06 |
Sokomine |
it hangs for me after clicking on "send files". the initial page loads fast |
| 23:10 |
Peppy |
I just tried again, no problem, localization bug ? (I use french interface) |
| 23:11 |
Peppy |
(looks like changing language does require JS, french display is default for me ) |
| 23:11 |
Sokomine |
strange |
| 23:12 |
|
kilbith_ joined #minetest-hub |
| 23:29 |
|
GreenXenith joined #minetest-hub |
| 23:34 |
Sokomine |
anyway...mg_villages ought to run with wuzzys version of realtest_mt5 now as well (apart from some remaining door problems) |
