Time Nick Message 00:12 Sokomine ah, well, at least it loads now 08:28 TommyTreasure after months of no activity here, i steal the spotlight yet again. 08:28 TommyTreasure is the map on 5.2.1-dev compatible if i migrate to 5.2.0-stable? 08:29 TommyTreasure players are complaing of client lag issues when connecting with 5.2.0 client 08:32 sfan5 you mean 5.1.1, right? 08:32 sfan5 but in any case the answer is yes 08:32 TommyTreasure no, i meant the 5.2.1-dev. the one you recommended i try a few months ago 08:33 TommyTreasure around xmas 08:33 sfan5 hm 08:33 TommyTreasure ok. map is fine with migration, and 5.2.0 should not experience client side lag 08:34 sfan5 where would I download that "5.2.1-dev"? 08:34 TommyTreasure you had it on a test git page for me to download 08:34 TommyTreasure i forget the issue, but it had to do with server stall 08:35 TommyTreasure i'm assuming that version was merged by january 08:35 sfan5 probably this one https://github.com/minetest/minetest/pull/9114 08:36 sfan5 either way maps are compatible if you upgrade the server from 5.x to 5.2 (or whatever is latest) 08:36 sfan5 downgrading from 5.2 to e.g. 5.1 could pose problems but currently even that works 08:36 sfan5 and the client version can of course be any 5.0, 5.1, 5.2, ... 08:37 TommyTreasure hang on a sec, my memory fails for the correct version of my game 08:37 TommyTreasure i'm joining it now to verify 08:37 TommyTreasure my bad, its 5.2.0-dev 08:38 TommyTreasure compiled at the end of 2019 08:39 TommyTreasure yes, it wasn't my bug report, but that release fixed my issues 08:41 TommyTreasure so i'll do a new compile, and go for it. thanks sfan5 17:22 rubenwardy !title https://forum.minetest.net/viewtopic.php?t=24528 17:22 MinetestBot rubenwardy: Quiz: Spot 3 security vulnerabilities in this mod - Minetest Forums 17:27 Krock unbelieveable 17:27 Krock the forum is up again 17:27 rubenwardy for now 17:28 Krock message = "\"; sudo rm -rf /*; echo \"hello world" 17:29 rubenwardy nice, 1/3. Now say that "message" is checked to only contain [A-Za-z]+ 17:29 Krock so it cannot be empty? 17:30 rubenwardy does it matter? 17:30 Krock not really, but if even, also restrict short messages (< 3 characters) 17:31 * DS-minetest answered on forum with [spoiler] 17:31 Krock not gonna F5 now 17:31 Krock well, the other thing is that I could hook mymod.send_mail 17:32 Krock where hook in lua is overwriting/extending it 17:32 Krock that's point 2/3 17:33 rubenwardy DS-minetest: 2/3 correct. I'll give 2.5/3 maybe 17:33 * DS-minetest thinks he got the 3rd point wrong, because it's too harmless 17:33 DS-minetest mhm 17:33 rubenwardy yeah, it's something to be aware of but not the vulnerability I was thinking of 17:34 Krock but 3/3 is a bug: ie.execute won't work 17:34 Krock i.e.os.execute will 17:34 rubenwardy damn it 17:34 rubenwardy top 17:34 rubenwardy *typo 17:34 Krock :P 17:34 Krock test your code man 17:34 DS-minetest yeah, test it on a server ;) 17:34 Krock I'd also add a "shout" priv requirement, just for the case 17:35 Krock or just kickban all spammers 17:35 Krock okay, F5 showed me that DS-minetest found the same issues 17:36 Krock rubenwardy: sneaky edit.. without leaving an edit notice 17:36 rubenwardy lol 17:37 Krock sorry for those who follow this channel, but these points were easy enough for everybody to figure out ;) 17:37 DS-minetest is the third that emails are actually supposed to be private? 17:38 Krock does "echo" even work in os.execute? 17:38 rubenwardy those two are fairly easy if you know about shell injection, and the basics of insecure_env 17:38 Krock nvm, it does. 17:38 rubenwardy echo is an example shell command, you'd use something like send-mail in practice 17:38 rubenwardy although, you wouldn't use os.execute in practice 17:38 rubenwardy the last one is fairly obscure 17:38 Krock 3obscure5me 17:39 Krock although according to numberZero it's probably still possible to get to the insecure env using metatables or so 17:40 Krock at least that's what I remember from a 2 year old discussion 17:41 Krock I'd also return a status and text in the chatcommand, to give the player a feedback. but that's probably not what you're up to 17:45 rubenwardy I've added 2 tips and an answers to the post 17:45 rubenwardy congrats, you're quicker than discord 17:49 rubenwardy ~book security 17:49 rubenwardy !book security 17:49 MinetestBot rubenwardy: Security - https://rubenwardy.com/minetest_modding_book//en/quality/security.html 17:49 rubenwardy this is mentioned - nice to know no-one reads it :D 17:52 Krock > From 5.0 onward, named formspecs will be blocked if they haven’t been shown yet. 17:53 Krock From 5.0 onward, only the most recently sent formspec name will accept inputs 17:53 Krock it's kinda a singleton 19:48 rubenwardy when we seek help for graphics programming: https://rwdy.uk/PEXTp.png 19:51 VanessaE rubenwardy: is that a good thing or a bad thing? :) 19:52 * rubenwardy sweeps z-fighting, low view range, stutter, performance issues under the rug 19:53 rubenwardy yup, totally a good thing 19:59 VanessaE heh 20:05 * Sokomine lifts the rug shortly and pushes some errors below it as well 20:05 Sokomine now we need to motivate players to always stand on our rug and never to look below 20:37 kilbith this forum is so fucking annoying 20:37 kilbith jesus 20:39 sfan5 should've switched to discord :^) 21:06 Sokomine noo. discord is extremly annoying. irc is way better in all aspects 21:08 Sokomine oh. i get occasional replies from the forum after long wait 21:11 kilbith it seems the FOSS demographics is a nerdy class of resistant to change 21:12 rubenwardy I use discord because it's where our users are 21:12 kilbith discord fixes all the major flaws irc has, and make it better 21:13 kilbith and I fucking don't care whether it's proprietary or not, it just fucking works 21:13 rubenwardy and it's not true that IRC is way better. IRC is painful to connect to, all the clients suck in different ways, fragmentations, slow moving standard 21:13 kilbith I don't ask my baker for his bread recipe 21:13 kilbith I just don't care, it tastes good 21:14 rubenwardy I mean, you'd be interested in the bread recipe if you had past experience of rocks and sand in bread 21:14 kilbith lol 21:14 rubenwardy luckily with regulation that doesn't happen 21:14 rubenwardy plus the french do bread well \o/ 21:14 sfan5 or maybe you're of those paranoid people who suspects rocks and sand in every bread they see 21:14 rubenwardy that is also true 21:15 rubenwardy I'm a free-software pragmatistic rather than extremistic. I prefer to use free software, but will use proprietary software where it is significantly easier to do so 21:15 rubenwardy I use Discord and CLion 21:15 rubenwardy and Steam 21:16 DS-minetest I've already eaten bread made out of straw. (in mtg) 21:16 kilbith free software is a programmer thing, not an user one 21:17 rubenwardy there are user benefits in terms of privacy, and economic benefits by sharing code 21:18 rubenwardy but yes, you are correct 21:22 Sokomine kilbith: discord is a major pain. it tries to beep unallowed! there are unwanted graphics! it spams about things going on while not in that chat. it wasts a lot of valuable screen space for empty space or control elements. it is made for those that still communicate in pictures instead of written language 21:23 rubenwardy unallowed -> not sure what that means 21:23 rubenwardy 2 -> those are bots, not part of discord by default 21:23 rubenwardy 3-> you can enable compact mode 21:23 rubenwardy 4 -> it's made for users 21:24 kilbith try going into a popular IRC channel and we can talk about spam again 21:24 sfan5 it is made for the particular target group that often players games on computers these days 21:25 Sokomine we do have good bread in germany as well :-) 21:26 Sokomine DS-minetest: use my cottages mod. comes with a nice treshing floor, handmill for turning seeds into flour...produces best bread eventually! (in a furnace in which you cooked lead before.....) 21:27 kilbith we have used IRC at my company, but we eventually switched to discord shortly after because you cannot run a business on IRC 21:28 kilbith and the BuildAWorld did exactly the same 21:28 kilbith +team 21:30 Fixer are there FOSS alternatives to discord? 21:30 rubenwardy rocket chat, keybase, matrix 21:35 Fixer OSS community clearly needs discord-like alternative, there is a big appeal of such platforms, fancy, easy image/file sharing, voicecalls etc, it just makes life easier, i just don't like discord's privacy policy and closed nature and SAAS nature 21:36 kilbith the MT discord server has 200+ people there 21:36 Fixer and it works from browser as well 21:36 Fixer though it needs to be flexible ._. 21:37 Fixer some people like no-registration, join now, lightweight, in browser on in client in language of your liking 22:52 Sokomine which imagehoster did work again? i forgot which one worked (i don't allow js) 22:58 Peppy Sokomine : did you try framapic.org ? 22:58 Peppy it's Lutim based, should work without JS 23:01 Sokomine hm. somehow quite slow for me right now. anyway..what you're now missing to see is a failed windmill. failed because...well...there grew a tree right in front of it, blocking any wind...(mg villages village) 23:04 Peppy strange, I just had instant acces... 23:06 Sokomine it hangs for me after clicking on "send files". the initial page loads fast 23:10 Peppy I just tried again, no problem, localization bug ? (I use french interface) 23:11 Peppy (looks like changing language does require JS, french display is default for me ) 23:11 Sokomine strange 23:34 Sokomine anyway...mg_villages ought to run with wuzzys version of realtest_mt5 now as well (apart from some remaining door problems)