| Time |
Nick |
Message |
| 00:01 |
|
Yst joined #minetest |
| 00:04 |
|
ThomasMonroe joined #minetest |
| 00:44 |
|
slemonide joined #minetest |
| 01:02 |
|
dabbill joined #minetest |
| 01:23 |
|
MarioBranco joined #minetest |
| 01:26 |
|
MarioBranco joined #minetest |
| 01:26 |
|
cornernote joined #minetest |
| 01:27 |
|
Tmanyo joined #minetest |
| 01:29 |
|
swift110 joined #minetest |
| 01:30 |
|
swift110_ joined #minetest |
| 01:33 |
|
MarioBranco joined #minetest |
| 01:36 |
|
MarioBranco joined #minetest |
| 01:44 |
|
ThomasMonroe joined #minetest |
| 02:35 |
|
swift110 joined #minetest |
| 02:49 |
|
wilkgr joined #minetest |
| 03:05 |
|
swift110 joined #minetest |
| 03:57 |
|
Lone_Wolf joined #minetest |
| 04:32 |
|
Markow joined #minetest |
| 04:39 |
|
cornernote_ joined #minetest |
| 04:40 |
cornernote_ |
Just did a google search for grandfather clock, forgot the L... Noooo! |
| 05:09 |
Brackston |
LOL So it came back with hits for Old roosters? |
| 05:21 |
|
YuGiOhJCJ joined #minetest |
| 05:29 |
|
LazyJ joined #minetest |
| 05:53 |
|
lumidify joined #minetest |
| 06:06 |
|
torgdor joined #minetest |
| 07:30 |
|
proller__ joined #minetest |
| 07:40 |
* wilkgr |
wonders whether to or not |
| 07:41 |
wilkgr |
Perhaps not |
| 07:45 |
|
xerox123_ joined #minetest |
| 07:50 |
|
fwhcat joined #minetest |
| 08:07 |
|
Tux[Qyou] joined #minetest |
| 08:12 |
|
Blaxono joined #minetest |
| 08:14 |
|
iZacZip joined #minetest |
| 08:23 |
|
iZacZip_m joined #minetest |
| 08:42 |
|
cx384 joined #minetest |
| 08:47 |
|
CWz joined #minetest |
| 09:00 |
|
xerox123_ joined #minetest |
| 09:05 |
|
geir1 joined #minetest |
| 09:13 |
|
lisac joined #minetest |
| 09:22 |
|
Telesight joined #minetest |
| 09:23 |
|
xerox123_ joined #minetest |
| 09:25 |
|
Yst joined #minetest |
| 09:35 |
|
Telesight joined #minetest |
| 09:55 |
|
ensonic joined #minetest |
| 10:13 |
|
Taose joined #minetest |
| 10:13 |
|
cx384 joined #minetest |
| 10:14 |
|
JDCodeIt joined #minetest |
| 10:15 |
|
Fixer joined #minetest |
| 10:15 |
JDCodeIt |
@Gundul - somebody mean attacked your Jungle server today |
| 10:16 |
|
Lunatrius` joined #minetest |
| 10:21 |
|
Fritigern joined #minetest |
| 10:23 |
JDCodeIt |
@Gundul - it seems a normal user was able to join and locate all the players and place ignited TNT at their position |
| 10:24 |
|
proller__ joined #minetest |
| 10:52 |
|
lumidify joined #minetest |
| 11:09 |
|
Krock joined #minetest |
| 11:10 |
|
Jordach joined #minetest |
| 11:13 |
JDCodeIt |
Gundul: While someong was blowingme up with TNT I did get kicked with a message about "There is a F****G bug in world edit - fix it" or something of that nature. Hope that helps you find the culprit |
| 11:16 |
wilkgr |
JDCodeIt, I'm pretty sure Gundul isn't online. :/ |
| 11:16 |
red-002 |
someone didn't patch |
| 11:16 |
JDCodeIt |
Yes, but he could read the log later I hope. Is this a known bug? |
| 11:17 |
wilkgr |
aye |
| 11:17 |
red-002 |
aye aye captin |
| 11:17 |
red-002 |
there is a fix for it already |
| 11:19 |
JDCodeIt |
red-002: is it in the server code or worldedit mod? |
| 11:20 |
red-002 |
mod |
| 11:20 |
red-002 |
plus looking at whats happening it looks like someone didn't enable mod security |
| 11:20 |
Calinou |
the MinetestForFun Skyblock server got cracked as well, someone reported an issue |
| 11:21 |
red-002 |
this might well be the worst security exploit in minetest history |
| 11:22 |
JDCodeIt |
Hospitals, trains, and Minetest all in the same 24 hours? |
| 11:23 |
|
The_Loko joined #minetest |
| 11:27 |
|
PjotrOrial joined #minetest |
| 11:27 |
|
PjotrOrial joined #minetest |
| 11:28 |
JDCodeIt |
red-002: Uberi on Github shows last update a day ago with "Remove useless privilege checks" - was this fix just in the last couple of days? |
| 11:28 |
Krock |
fixed in https://github.com/Uberi/Minetest-WorldEdit/commit/0ce45a5 |
| 11:32 |
JDCodeIt |
Krock: so arbitrary LUA could be run via the worldedit GUI? |
| 11:32 |
Krock |
here's LUA: https://github.com/mniip/LUA |
| 11:32 |
Krock |
no. but if you mean Lua, then yse. |
| 11:32 |
Krock |
since the keywords differ |
| 11:36 |
JDCodeIt |
Krock: Is anyone in the MT community trying to contact server owners? Seems this will be exploited further. |
| 11:37 |
|
lumidify joined #minetest |
| 11:40 |
sfan5 |
don't think anyone is attempting that right now |
| 11:40 |
Krock |
27% of the announced servers most likely have the security leak |
| 11:41 |
|
DS-minetest joined #minetest |
| 11:41 |
Krock |
meanwhile 51% have worldedit |
| 11:45 |
|
ThomasMonroe joined #minetest |
| 11:48 |
Out`Of`Control |
does it effect if WE GUI is off? |
| 11:49 |
Krock |
no |
| 11:51 |
Out`Of`Control |
good |
| 11:53 |
Out`Of`Control |
how many servers got hacked? |
| 11:53 |
Out`Of`Control |
beside 2 |
| 11:53 |
Fixer |
hmmmmm, so it is real |
| 11:54 |
Fixer |
i remember some said he had access to creative via worldedit gui or smth... this is real |
| 11:54 |
Out`Of`Control |
:O |
| 11:55 |
|
DuCake joined #minetest |
| 11:55 |
ThomasMonroe |
? how is that possible |
| 11:55 |
Fixer |
probably via "Run Lua" ? |
| 11:55 |
DS-minetest |
the only secure bug i know about worldedit gui is that the lua feature could be used without server |
| 11:56 |
DS-minetest |
but you would need we priv |
| 11:56 |
Out`Of`Control |
+name = "Run Lua", privs = minetest.chatcommands["/clearobjects"].privs, |
| 11:57 |
Out`Of`Control |
good i disable GUI part from day 1 |
| 11:58 |
Fixer |
someone should announce it on forum |
| 11:58 |
red-002 |
I wonder what other common mods have exploits |
| 11:58 |
red-002 |
I agree with Fixer |
| 11:58 |
Fixer |
to update worldedit immidiately |
| 11:59 |
Fixer |
but without giving details about how exploit works |
| 11:59 |
shivajiva |
^^ |
| 11:59 |
red-002 |
Responsible disclosure much? |
| 11:59 |
red-002 |
someone make a post on the news subforum |
| 12:01 |
JDCodeIt |
the dope had written lua to list all players then place lit TNT at their position. But I guess it could be worse. |
| 12:02 |
Fixer |
executed it via "run lua"? |
| 12:02 |
JDCodeIt |
don't know. I was the recipient of being blown up. |
| 12:03 |
red-002 |
I wonder what other mods have this exploit |
| 12:03 |
red-002 |
xban had it till the end of last year |
| 12:10 |
|
Wuzzy joined #minetest |
| 12:15 |
Krock |
List of mods used on servers: https://pastebin.com/raw/nkFXpin7 |
| 12:18 |
Fixer |
Krock: can you make a list of affected servers? need to check where i need to change my password |
| 12:19 |
|
QwertyDragon joined #minetest |
| 12:21 |
|
grumble joined #minetest |
| 12:21 |
|
Tuxedo[Qyou] joined #minetest |
| 12:23 |
Out`Of`Control |
worldedit_gui 26% (17) |
| 12:24 |
|
DuCake joined #minetest |
| 12:24 |
red-002 |
fun |
| 12:24 |
Krock |
Fixer, https://pastebin.com/raw/4NXGQ4Ej |
| 12:25 |
Krock |
where fresh started = uptime < 1 day |
| 12:25 |
Fixer |
reason? |
| 12:25 |
Krock |
but I can't say more precisely which servers can be affected |
| 12:26 |
Krock |
all that aren't marked as (fresh started) are definitely attackable |
| 12:26 |
davisonio |
mine was also affected - fixed now though and mod security enabled |
| 12:26 |
Fixer |
davisonio: craigs server? |
| 12:26 |
davisonio |
yes |
| 12:27 |
davisonio |
It's down at the mo though (back in a couple hours) |
| 12:29 |
DuCake |
I just was told my server was affected by a hack though I'm travelling so not much info.... all I can say is mod security was enabled at the time but was still affected.... deactivated WorldEdit, I'm hoping that would be sufficient to mitigate for now...? |
| 12:30 |
davisonio |
if it's the world edit_gui hack you're talking about yes It's sufficient |
| 12:30 |
davisonio |
get the latest version for the fix |
| 12:31 |
DuCake |
k cheers |
| 12:33 |
sfan5 |
mod security does not help here |
| 12:33 |
Krock |
sure it does. prevents from accessing system relevant data |
| 12:33 |
|
nowhere_man joined #minetest |
| 12:34 |
Krock |
unless the command does around that |
| 12:35 |
red-002 |
mod security stops someone from controlling your whole system when this sort of exploit happens |
| 12:37 |
red-002 |
I'm hearing reports of people wiping logs which I assume is a side effect of people not enabling mod security |
| 12:39 |
|
DS-minetest joined #minetest |
| 12:39 |
JDCodeIt |
destruction in progress at MM-Survival - tnt blasts can be heard. Admin is not available. |
| 12:40 |
Krock |
hmm.. how about //worldedit_gui_lua minetest.settings:set("secure.enable_security", "true") ? |
| 12:40 |
Krock |
s/true/false/ |
| 12:42 |
Krock |
nvm, blocked by engine |
| 12:42 |
red-002 |
JDCodeIt, this might sound a bit black hat |
| 12:42 |
red-002 |
but why not shutdown the server? |
| 12:43 |
Fixer |
what exactly fixed that exploit? |
| 12:43 |
Fixer |
"Do not allow any worldedit_gui commands without privs" this |
| 12:43 |
red-002 |
is it moral to disable a system to stop it from being abused? |
| 12:44 |
Krock |
Fixer, yes |
| 12:44 |
JDCodeIt |
not my servers... I just try to notify the admins where possible. |
| 12:44 |
Fixer |
Krock: when vulnerability was introduced? few days ago? |
| 12:45 |
Krock |
dec 2013 |
| 12:45 |
Out`Of`Control |
old bug |
| 12:45 |
Fixer |
kek |
| 12:45 |
Krock |
alost a few days ago |
| 12:45 |
Krock |
*almost |
| 12:45 |
JDCodeIt |
The "fix" was yesterday, but it must have been in there a long time - the fix was probably the alert that the hackers caught on to |
| 12:46 |
red-002 |
well the whole shuting down the server to stop it being expoited moral question is kinda pointless |
| 12:46 |
Fixer |
Krock: give me full list of servers with worldedit_gui (not just fresh guys), pm me, do not expose it |
| 12:46 |
red-002 |
the law is pretty clear about this |
| 12:46 |
Krock |
Fixer, these are all |
| 12:46 |
Fixer |
no way |
| 12:46 |
Fixer |
very few? |
| 12:46 |
Out`Of`Control |
17 |
| 12:47 |
Krock |
notice that not all are marked with (fresh started) |
| 12:47 |
Out`Of`Control |
1/3 |
| 12:47 |
Fixer |
how about shutdowning exposed servers now? |
| 12:47 |
Krock |
what if they have restart scripts? |
| 12:50 |
red-002 |
Krock, some of them will not |
| 12:54 |
red-002 |
JDCodeIt, any sign of the admin? |
| 12:55 |
|
rubenwardy joined #minetest |
| 12:55 |
fwhcat |
our server has been hacked the same way this night (Mynetest) and another french one too (Axinite) |
| 12:56 |
Fixer |
oh |
| 12:56 |
Fixer |
i was gonna join it to warn admins |
| 12:56 |
JDCodeIt |
fwhcat: was it a map destruction with tnt, or other type of takeover? |
| 12:57 |
red-002 |
JDCodeIt, does the adim check backups? |
| 12:57 |
red-002 |
if not then maybe the server should be shutdown |
| 12:58 |
red-002 |
is anyone with the privs to shutdown the server online? |
| 12:58 |
JDCodeIt |
red-002 - I don't know the admin personally. He mentioned that his map was 19 GB, so not sure how often that is backed up |
| 12:58 |
celeron55 |
i'm pretty sure there are non-secured settings that allow disabling a server |
| 12:58 |
Fixer |
is not you can shutdown via lua? |
| 12:58 |
|
Pie-jacker875 joined #minetest |
| 12:59 |
celeron55 |
like... setting an invalid bind_address |
| 12:59 |
red-002 |
or runing shutdown? |
| 13:00 |
celeron55 |
i mean, in case there's a restart script |
| 13:01 |
red-002 |
kick every one on join even |
| 13:02 |
Krock |
max_users = 0 |
| 13:02 |
red-002 |
^ |
| 13:02 |
Fixer |
and change MOTD |
| 13:02 |
red-002 |
well no |
| 13:02 |
red-002 |
people with server privs can bypass that krock |
| 13:02 |
Fixer |
to update your worldedit now |
| 13:02 |
red-002 |
which I assume the attackers have by now |
| 13:04 |
MinetestBot |
[git] sfan5 -> minetest/master-server: Re-add banlist features 705ea6e https://git.io/v976e (2017-05-14T13:03:05Z) |
| 13:06 |
red-002 |
neat |
| 13:06 |
Krock |
hmm.. "`inetest.chat_send_all("test")` or assert do not have any effect |
| 13:06 |
Krock |
*`minetest. |
| 13:06 |
red-002 |
?? |
| 13:07 |
red-002 |
oh you are working on exploiting the bug? |
| 13:07 |
red-002 |
I was starting to work on that |
| 13:07 |
Out`Of`Control |
you could run /clearobjectest would freez server for some hours |
| 13:07 |
CWz |
i wonder how many victims has this bug claim |
| 13:07 |
red-002 |
lol |
| 13:07 |
Out`Of`Control |
noone could join anymore |
| 13:07 |
Fixer |
i changed my passwords on some servers |
| 13:08 |
red-002 |
Krock, should I contuine to work on it or are you going to do it? |
| 13:08 |
Out`Of`Control |
Fixer: hacker can see password? |
| 13:08 |
red-002 |
they could get a hash of it |
| 13:08 |
Fixer |
Out`Of`Control: if security disabled, can read auth.txt i think |
| 13:08 |
|
rubywarden joined #minetest |
| 13:08 |
Out`Of`Control |
Fixer: uhm ok |
| 13:08 |
Krock |
red-002, I'm trying to exploit it on servers, yes. but so far no success |
| 13:08 |
red-002 |
safer to change it but it should be hard to crack that |
| 13:09 |
red-002 |
ok then I will try and work on it my self |
| 13:10 |
Krock |
Fixer, well.. local t = minetest.get_player_privs("you") t.server = true minetest.set_player_privs("you, t) |
| 13:12 |
* red-002 |
is working on this |
| 13:13 |
fwhcat |
JDCodeIt, sorry for being late, the hacker did change some scripts, as our server restarts automatically they were loaded, and people were kicked automatically when joined, our debug.txt has been deleted, we haven't found any map destruction for now. |
| 13:14 |
red-002 |
I assume you had mod security disabled? |
| 13:15 |
fwhcat |
I think it is not sure (let me check) |
| 13:15 |
fwhcat |
disabled |
| 13:15 |
Fixer |
kek |
| 13:16 |
red-002 |
^ |
| 13:16 |
red-002 |
I mean thats a horrible idea |
| 13:16 |
Fixer |
bad, he may changed some files |
| 13:16 |
Fixer |
please audit your minetest files, scripts and OS itself for changes |
| 13:16 |
fwhcat |
I told that already to the admin |
| 13:18 |
JDCodeIt |
if these people are that good, they might even use "touch" to cover the time the file was modified. You need to check it all or recover from backup. |
| 13:18 |
red-002 |
they could have gotten shell access or something nasty like that |
| 13:19 |
fwhcat |
well, no our server runs through a unprivileged user, but I asked him as well to check on binaries like openssh etc. (we never know...) |
| 13:29 |
JDCodeIt |
fwhcat: if you use ipban, and ipban.txt file was not deleted, you may be able to compare this to the last backup and see what new IP's came in today. |
| 13:31 |
MinetestBot |
[git] sfan5 -> minetest/master-server: Allow banning by server hostname 828a1fd https://git.io/v97i9 (2017-05-14T13:29:46Z) |
| 13:33 |
red-002 |
are there any other servers that are being exploited? |
| 13:36 |
celeron55 |
they could have already exploited every server and disabled the original exploit in all of them (and added their own) |
| 13:36 |
celeron55 |
in theory |
| 13:36 |
celeron55 |
i would guess they're not that good though |
| 13:37 |
Fixer |
MM-survival has some explosions |
| 13:39 |
red-002 |
alright I have recreated the exploit |
| 13:41 |
|
tm3 joined #minetest |
| 13:42 |
|
Gundul joined #minetest |
| 13:45 |
|
Pixalou joined #minetest |
| 13:46 |
Pixalou |
i |
| 13:46 |
Pixalou |
hi |
| 13:50 |
|
pozzoni joined #minetest |
| 13:54 |
|
rubenwardy joined #minetest |
| 14:18 |
JDCodeIt |
Pixalou and Gundul: did you read back through today's IRC log? |
| 14:20 |
|
Brackston joined #minetest |
| 14:20 |
Gundul |
no, not yet, Just logged in here a couple of minutes ago. |
| 14:23 |
Gundul |
no I did. thanks |
| 14:24 |
grey-001 |
Gundul, are you the admin of the server in question? |
| 14:25 |
|
rubenwardy joined #minetest |
| 14:27 |
Pixalou |
JDCodeIt : sorry i was afk. Not read irc log today. |
| 14:28 |
Gundul |
Yes I am running jungle server. Was me the first who was hit ? |
| 14:29 |
grey-001 |
you want to shutdown your server if you haven't already |
| 14:30 |
Gundul |
Thanks. I did that already at 12:15 pm :) running backups now and try to repair |
| 14:30 |
CWz |
Gundul, VanessaE was effected first |
| 14:30 |
CWz |
i think |
| 14:30 |
VanessaE |
no I wasn't. |
| 14:30 |
VanessaE |
a couple other guys had exploits before me |
| 14:30 |
Gundul |
My server was hit between 11 and 12 UTC+1 |
| 14:31 |
VanessaE |
shut it down, remove worldedit_gui or update it, reboot the server. |
| 14:31 |
CWz |
who where they |
| 14:31 |
fwhcat |
today or yesterday Gundul? |
| 14:31 |
VanessaE |
well and clean up whatever the blackhat fucked up. |
| 14:31 |
Gundul |
today. fwhcat |
| 14:32 |
|
MarioBranco joined #minetest |
| 14:32 |
fwhcat |
well our server was attacked at 0.30 am UTC+2 |
| 14:32 |
Gundul |
I am running a backup from 2 days ago. Saved the image file from this morning only for inspection |
| 14:32 |
CWz |
fortunetly mine weren't attacked |
| 14:32 |
VanessaE |
fwhcat, Gundul just remove worldedit_gui or update it to current HEAD, clean up any fucked up privs, boot the server, and clean up any griefing |
| 14:33 |
CWz |
but i disabled new registrations until i hear a confirmed headshot |
| 14:33 |
VanessaE |
and make sure no one has privs who shouldn't |
| 14:33 |
fwhcat |
we did VanessaE but thanks. |
| 14:33 |
rubenwardy |
how many servers are still running old worldedit_gui? |
| 14:33 |
VanessaE |
rubenwardy: most. |
| 14:33 |
Gundul |
already done, Thanks VanessaE |
| 14:33 |
JDCodeIt |
fhwcat indicates the hackers modified scripts in the file system - one should check them carefully |
| 14:33 |
VanessaE |
because the patch is only a day old. |
| 14:33 |
CWz |
I think 70% |
| 14:34 |
VanessaE |
JDCodeIt: that's possible only if mod security is disabled. |
| 14:34 |
tm3 |
venessaE ?? only clearing worldedit_gui works or total worldedit atleast as a temporary soln. And wha are those privs no one should have?? |
| 14:34 |
VanessaE |
tm3: just worldedit_gui |
| 14:34 |
VanessaE |
privs = everything |
| 14:35 |
VanessaE |
on my server, the attacker granted himself ALL. as in `/grantme all` |
| 14:35 |
tm3 |
oh you mean privs priv? |
| 14:35 |
VanessaE |
so I literally mean, everything |
| 14:35 |
tm3 |
oh i got it :) thanks :) |
| 14:35 |
DS-minetest |
btw how could worldedit priv be gotten? |
| 14:35 |
CWz |
glad i quit selfhosting |
| 14:36 |
tm3 |
oh no one have privs in our server though not even i even i am a supervisor ;P admin has it though. |
| 14:36 |
|
MarioBranco joined #minetest |
| 14:36 |
Gundul |
you got their ip VanessaE ? my logfiles habe been deleted. |
| 14:36 |
Gundul |
*have |
| 14:36 |
VanessaE |
now, on my server it should be impossible for a blackhat to compromise my mod files because you can't write to a mod's directory since I have mod security enabled, and all critical files are stored on my home PC and synced to the server when I need to update something |
| 14:36 |
VanessaE |
[05-13 01:42] <VanessaE> ["REAPERMAN"] = true, |
| 14:36 |
VanessaE |
[05-13 01:42] <VanessaE> ["::ffff:87.184.19.200"] = true, |
| 14:36 |
VanessaE |
[05-13 01:42] <VanessaE> ... |
| 14:36 |
VanessaE |
[05-13 01:42] <VanessaE> ["::ffff:93.205.60.210"] = true, |
| 14:36 |
VanessaE |
[05-13 01:42] <VanessaE> ["REAPER"] = true, |
| 14:37 |
* VanessaE |
waits for ShadowBot to kick :P |
| 14:37 |
tm3 |
oh |
| 14:37 |
Fixer |
VanessaE: you have we_gui ? |
| 14:37 |
VanessaE |
Fixer: I used to. that's how the attacker got in. I removed it. |
| 14:37 |
* CWz |
activates his trap card to prevent ShadowBot from kicking |
| 14:37 |
tm3 |
is it the ip of that hacker? i guess it's just a stupid noob trying to hide is ass behind a hacked client he downloaded. No f88king blackhat has time for this s88t |
| 14:38 |
Fixer |
VanessaE: when you removed it btw? I already changede my password on your servers |
| 14:38 |
VanessaE |
Fixer: I removed it after the second attack (I didn't know worldedit_gui was the cause, the first time), so a day after. |
| 14:38 |
JDCodeIt |
Bonn, Germany |
| 14:39 |
CWz |
i wonder if deezl's server were effected |
| 14:41 |
|
xerox123_ joined #minetest |
| 14:41 |
Gundul |
tm3 what you said was the name of the guy in jungle ? |
| 14:42 |
tm3 |
which one? |
| 14:42 |
tm3 |
i mean when?? |
| 14:43 |
Gundul |
this morning, you told me a few minutes ago |
| 14:43 |
tm3 |
oh you had argument with? i asked about him? Oh he is a noob in coding bro. let alone hacking |
| 14:43 |
tm3 |
few mins. ago?? |
| 14:43 |
JDCodeIt |
there was that argument with ektod |
| 14:43 |
Gundul |
ok, maybe I misunderstood you |
| 14:43 |
tm3 |
Aule is a noob you banned he is total noob |
| 14:44 |
tm3 |
i know |
| 14:44 |
Gundul |
ektod was from venezuela |
| 14:44 |
JDCodeIt |
he didn't want to replant trees |
| 14:45 |
|
xerox123 joined #minetest |
| 14:46 |
|
IhrFussel joined #minetest |
| 14:46 |
IhrFussel |
Regarding the WE exploit: My last version was from over a year ago, so my server was most likely never affected by it? (I updated a few hours ago though to be safe) |
| 14:47 |
JDCodeIt |
IP belongs to Deutsche Telekom Ag, D-90492 Nuernberg, Germany |
| 14:47 |
Fixer |
lol |
| 14:47 |
Fixer |
IhrFussel: it is affected |
| 14:48 |
Fixer |
IhrFussel: _update now_ |
| 14:48 |
Fixer |
IhrFussel: also check if it was not compromised (silently) |
| 14:48 |
IhrFussel |
Fixer, so the exploit existed for a YEAR and more? |
| 14:48 |
Fixer |
IhrFussel: possibly since ages |
| 14:48 |
grey-001 |
since 2013 iirc |
| 14:49 |
|
linushsao joined #minetest |
| 14:49 |
IhrFussel |
I already updated and restarted 20 minutes ago...but how would I check if my system was modified? |
| 14:49 |
|
fwhcat joined #minetest |
| 14:50 |
JDCodeIt |
did you have mod security disabled? |
| 14:50 |
IhrFussel |
I had to disable it, too many mods complained about it |
| 14:51 |
JDCodeIt |
then you must go through your scripts and OS files to see if any were changed |
| 14:51 |
Fixer |
probably since 12 Dec 2013 |
| 14:51 |
|
rubywarden joined #minetest |
| 14:52 |
Fixer |
IhrFussel: check your mod folders, check logs, etc |
| 14:52 |
Fixer |
IhrFussel: check new privilages |
| 14:52 |
IhrFussel |
Nothing can touch the system files..I'm not stupid I run minetestserver not under root |
| 14:52 |
|
paly2 joined #minetest |
| 14:52 |
tm3 |
rubywarden :P i didn't know ;) |
| 14:53 |
JDCodeIt |
OK, check what could have been changed under the non-privielged user |
| 14:53 |
tm3 |
linus?? |
| 14:53 |
fwhcat |
torvalds ? |
| 14:53 |
paly2 |
Hey :) |
| 14:53 |
tm3 |
no linushsao. admin of mars server :0 |
| 14:53 |
tm3 |
:) |
| 14:54 |
tm3 |
i am a supervisor there ;) |
| 14:54 |
fwhcat |
Oh I remember you sorry :) |
| 14:54 |
tm3 |
hey hi :) you didn't come. Don't remember your home is there or not :P may be it's there ;) |
| 14:55 |
linushsao |
hi,i'm here |
| 14:55 |
fwhcat |
I haven't been here for 3 months but i'm back |
| 14:55 |
Fixer |
critical vulnerability in worldedit_gui |
| 14:55 |
tm3 |
lol ;P |
| 14:55 |
|
lumidify joined #minetest |
| 14:55 |
Fixer |
please update now, and check if your server was compromised |
| 14:55 |
tm3 |
linus read msg i sent in irc :) |
| 14:55 |
tm3 |
in our channel |
| 14:55 |
Fixer |
check any file/playerpriv changes etc |
| 14:56 |
linushsao |
torvalds..no, my "linus" is about the comic "the peanut". |
| 14:56 |
tm3 |
every player's privs?? uh |
| 14:56 |
fwhcat |
Fixer: the problem is: the hacker did even delete the logs (at least on our server) he wasn't stupid enough to give himself privs. |
| 14:57 |
Fixer |
tm3: not every, but with nonstandard privs |
| 14:57 |
Fixer |
fwhcat: thats better, better inspect everything, and recheck everything includins OS |
| 14:58 |
linushsao |
delete system log? |
| 14:58 |
tm3 |
ok thanks :) i am a nonstandard one ;P i have to check mine and another mod. :) |
| 14:58 |
Fixer |
"thats better = thats worse" * |
| 14:58 |
linushsao |
throught sshd-server? or that server has ssd service? |
| 14:58 |
tm3 |
yes linus jungle's log were deleted |
| 14:59 |
tm3 |
Gundul wasn't able to find the log even. :'( |
| 14:59 |
linushsao |
it means hacker hack into server,not only minetestserver. |
| 14:59 |
tm3 |
spawn, meselab in jungle completely destroyed ;P |
| 14:59 |
Fixer |
better recheck everything, make sure there are no backdoors on server |
| 14:59 |
|
SaadM joined #minetest |
| 14:59 |
Fixer |
if mod security was off, even worse |
| 15:00 |
|
xerox123 joined #minetest |
| 15:00 |
linushsao |
it's almost the standard process of hacker to delete log, even log-backup couldnt help . |
| 15:00 |
tm3 |
may be but i don't think so a hacker has time for hacking a foss game like this. I guess it's just a dumbass trying to save his ass behind a powerful hacked client made by a hacker :) |
| 15:00 |
fwhcat |
no no debug.txt log only, some mods were changed etc. |
| 15:00 |
fwhcat |
if he could change syslogs that would mean he had root access xD |
| 15:00 |
paly2 |
Indeed mod security was disabled on our server. I guess that's how the hacker made debug.txt a symlink to /dev/null. Now we've adapted our mods and enabled it (too late, as usual...) |
| 15:00 |
tm3 |
just give me the ip of that MF, i will teach him what real hacking is xD |
| 15:00 |
fwhcat |
so yeah in that case, you better reinstall the whole system. |
| 15:00 |
Fixer |
if you run from root - yes |
| 15:01 |
Fixer |
running anything from root is very bad idea |
| 15:01 |
linushsao |
yes,fwhcat. |
| 15:01 |
paly2 |
We don't :) |
| 15:01 |
rubenwardy |
> running Minetest as null |
| 15:01 |
rubenwardy |
*root |
| 15:01 |
rubenwardy |
:O |
| 15:01 |
fwhcat |
who would do that? xD |
| 15:01 |
tm3 |
:P |
| 15:01 |
grey-001 |
people |
| 15:01 |
Krock |
windows users. |
| 15:02 |
grey-001 |
said by a windows user |
| 15:02 |
tm3 |
yes :) s88t happens. we learn like that :) |
| 15:02 |
Fixer |
proper windows user runs from nonroot |
| 15:02 |
Krock |
on top of that: said by a windows user that runs all software in administrator mode |
| 15:02 |
tm3 |
lol :P |
| 15:02 |
Krock |
try to beat that |
| 15:03 |
Krock |
good luck :P |
| 15:03 |
linushsao |
no running on root,of course. |
| 15:04 |
Krock |
<.< I meant like "try running the stuff more insecure than me" |
| 15:05 |
fwhcat |
I can, just for fun Run an old XP and surf the web |
| 15:05 |
fwhcat |
but.... in a VM :D |
| 15:07 |
tm3 |
:D |
| 15:09 |
linushsao |
mars server on debian... |
| 15:09 |
linushsao |
if on windows,maybe run on root...@@a |
| 15:10 |
linushsao |
(i remember it's account "administrator". |
| 15:10 |
rubenwardy |
anyone have any experience in auditing a server to check if it's been compromised? If so, please post here (links to good resources are fine: https://forum.minetest.net/viewtopic.php?f=6&t=17601&p=269578#p269578 |
| 15:14 |
Krock |
rubenwardy, as you most likely already have seen: https://pastebin.com/raw/4NXGQ4Ej - list of the currently announced servers using worledit_gui |
| 15:15 |
Krock |
filtering those better would require to join the server and run a test |
| 15:15 |
rubenwardy |
I don't think it's best to publish that |
| 15:15 |
Krock |
surely it isn't. |
| 15:16 |
Krock |
that would only help black hat people to cause more damage |
| 15:18 |
IhrFussel |
Here is a useful command to check which files have been last modified on a Linux system (recursively) find [ENTERPATH] -type f -exec stat --format '%Y :%y %n' "{}" \; | sort -nr | cut -d: -f2- | head -n 500 | less |
| 15:20 |
rubenwardy |
fancy posting that in the topic? |
| 15:20 |
rubenwardy |
along with a disclaimer that the signatures can be modified |
| 15:21 |
tm3 |
as per ip provided by venessa, that dumbass's ip from weiden and bonn, germany both ip are registered in deutsche telekom broadband. |
| 15:21 |
* VanessaE |
growls at tm3 |
| 15:21 |
tm3 |
?? sorry if i did something :) |
| 15:21 |
VanessaE |
why does everyone insist on misspelling my fscking name... |
| 15:21 |
tm3 |
oh ... |
| 15:22 |
tm3 |
VanessaE :) |
| 15:22 |
tm3 |
now :) |
| 15:22 |
VanessaE |
:) |
| 15:22 |
Fixer |
lol |
| 15:22 |
Fixer |
venessa |
| 15:23 |
tm3 |
lol there goes fixer :P |
| 15:24 |
tm3 |
red was at red-001 first. now at 005. soon he will reach 007 :) |
| 15:24 |
DS-minetest |
lol |
| 15:24 |
red-005 |
lol |
| 15:25 |
|
MarioBranco joined #minetest |
| 15:25 |
Krock |
tm3, assuming a linear increase would mean he'll pass 007 and goes over to 009 |
| 15:25 |
DS-minetest |
your name will be red, james red |
| 15:26 |
|
paly2 joined #minetest |
| 15:26 |
|
xerox123 joined #minetest |
| 15:27 |
IhrFussel |
rubenwardy, done |
| 15:27 |
tm3 |
lol :P yes james red 009... tatatataannn...taon taon ... |
| 15:27 |
rubenwardy |
thanks |
| 15:37 |
IhrFussel |
I think one GOOD thing is that the exploiters likely don't know the actual WORLD names and therefore cannot delete world files |
| 15:38 |
IhrFussel |
Or can they just use "*" ? Not sure |
| 15:39 |
DS-minetest |
i think, they can get the world path |
| 15:39 |
paly2 |
They can list the world directory content |
| 15:39 |
rubenwardy |
if the lua code can return input, they could just do "io.popen('ls')" |
| 15:41 |
IhrFussel |
Wait...the GUI allows you to input Lua and RETURNS output as well? I thought the output would just be something like "successful" or "failed" |
| 15:41 |
paly2 |
You can use minetest.chat_send_player |
| 15:41 |
|
Mator_ joined #minetest |
| 15:43 |
IhrFussel |
True...well it seems like they avoided my server...log files exist, no new high privs in auth.txt ... the last modified files on my machine are the ones I edited manually |
| 15:43 |
|
tm3 left #minetest |
| 15:44 |
|
proller__ joined #minetest |
| 15:44 |
|
tpe joined #minetest |
| 15:45 |
paly2 |
Does someone have new privs in auth.txt ? 0.o |
| 15:45 |
IhrFussel |
But since the exploit existed for YEARS likely, there is absolutely no reliable way to tell whether or not somebody changed something in that timeframe I guess |
| 15:45 |
|
jubalh joined #minetest |
| 15:47 |
rubenwardy |
it's quite interesting |
| 15:47 |
Krock |
but the leak was undiscovered for years. now that there's so much hurry about the recent >>fix<<, only caused all this trouble |
| 15:49 |
rubenwardy |
well, most exploited vulnerabilities are not 0 days, but recently patched things |
| 15:49 |
rubenwardy |
attackers watch update channels |
| 15:49 |
rubenwardy |
although in this case it was a 0 day |
| 15:50 |
rubenwardy |
[citation needed] |
| 15:54 |
IhrFussel |
I just found "find -cmin -N" it lists all files that were last modified within the recent N minutes..very useful |
| 15:54 |
jubalh |
hi |
| 15:54 |
jubalh |
does minetest have enemies yet? |
| 15:54 |
|
mrtux joined #minetest |
| 15:54 |
|
mrtux joined #minetest |
| 15:54 |
jubalh |
or just neutral figures? |
| 15:55 |
rubenwardy |
well, there's terasology |
| 15:55 |
rubenwardy |
but that's more of a competitor than an enemy |
| 15:55 |
|
mrtux joined #minetest |
| 15:55 |
|
mrtux joined #minetest |
| 15:55 |
|
QwertyDragon joined #minetest |
| 16:00 |
Krock |
minecraft, our worse enemy! |
| 16:00 |
Krock |
*worst |
| 16:00 |
Krock |
</wink> |
| 16:06 |
|
tm3 joined #minetest |
| 16:07 |
|
ensonic joined #minetest |
| 16:16 |
|
kimitux joined #minetest |
| 16:17 |
|
DS-minetest joined #minetest |
| 16:20 |
|
kaeza joined #minetest |
| 16:23 |
|
octacian joined #minetest |
| 16:25 |
|
mrtux joined #minetest |
| 16:25 |
|
mrtux joined #minetest |
| 16:28 |
Raven262 |
Minecraft is not your enemy, it never showed to have anything against minetest. |
| 16:36 |
|
Raven262 joined #minetest |
| 16:38 |
|
dabbill joined #minetest |
| 16:44 |
|
mrtux-laptop left #minetest |
| 16:44 |
|
the0loko joined #minetest |
| 16:53 |
|
M6HZ joined #minetest |
| 16:55 |
DS-minetest |
does it make sense to get the camera in csm like this: local camera |
| 16:55 |
DS-minetest |
minetest.register_on_connect(function() |
| 16:55 |
DS-minetest |
minetest.after(0, function() |
| 16:55 |
DS-minetest |
camera = minetest.camera |
| 16:55 |
DS-minetest |
end) |
| 16:55 |
DS-minetest |
end) |
| 16:55 |
DS-minetest |
? |
| 16:55 |
paly2 |
Same for minetest.localplayer :/ |
| 16:56 |
DS-minetest |
not exactly same |
| 16:56 |
DS-minetest |
localplayer doesn't need that extra after |
| 16:56 |
red-005 |
why the after? |
| 16:56 |
Krock |
the camera is not guaranteed to be initialized when the scripts are run |
| 16:57 |
DS-minetest |
camera seems like if it's not there when player starts beeing there |
| 16:57 |
DS-minetest |
hm, i could also very often use the reference |
| 17:00 |
|
mega-giga joined #minetest |
| 17:00 |
mega-giga |
How many server are hack ? ?? |
| 17:02 |
VanessaE |
mega-giga: anyone whose server has a copy of worldedit_gui that's more than a day or two old is vulnerable. |
| 17:02 |
VanessaE |
how many were compromised is not known as yet, but I know two of mine were, and a few others. |
| 17:03 |
mega-giga |
Mynet est |
| 17:03 |
mega-giga |
Mynetest* |
| 17:03 |
mega-giga |
Acidité |
| 17:03 |
mega-giga |
Axinite* |
| 17:04 |
paly2 |
(french autocorrect?) |
| 17:04 |
mega-giga |
T'es |
| 17:04 |
mega-giga |
Yes* |
| 17:04 |
mega-giga |
Mdrr |
| 17:05 |
Fixer |
kek |
| 17:14 |
|
Peppy joined #minetest |
| 17:25 |
|
ensonic joined #minetest |
| 17:29 |
|
proller__ joined #minetest |
| 17:31 |
IhrFussel |
Are we 100% that mesecons doesn't have such an exploit? AFAIK there are elements that allow Lua code as well |
| 17:32 |
IhrFussel |
100% sure* |
| 17:32 |
nore |
IhrFussel: yes, but in a protected environment |
| 17:32 |
paly2 |
AFAIK the LuaController executes code in a highly restricted environment |
| 17:32 |
nore |
and I tried more than once to attack it |
| 17:33 |
nore |
personally I consider it sage |
| 17:33 |
nore |
*safe |
| 17:33 |
paly2 |
MoreMesecons has a LuaBlock that allows to execute code in the global namespace, but it cannot even be placed without the server privilege |
| 17:33 |
kaeza |
the issue has nothing to do with running Lua code. it was not setting the correct privs |
| 17:34 |
kaeza |
or so I see anyway |
| 17:35 |
|
MarioBranco joined #minetest |
| 17:35 |
IhrFussel |
kaeza, it didn't check for ANY privs if I see that correctly |
| 17:37 |
IhrFussel |
And mesecons doesn't require any (high) privs either right? So I wondered if the exploit could exist there too |
| 17:38 |
IhrFussel |
But if it's safe then good |
| 17:48 |
|
admicos joined #minetest |
| 18:00 |
|
fireglow- joined #minetest |
| 18:01 |
|
Markow joined #minetest |
| 18:02 |
|
Dargod joined #minetest |
| 18:02 |
|
stormchaser3000_ joined #minetest |
| 18:03 |
|
jonasbits__ joined #minetest |
| 18:04 |
|
TC03 joined #minetest |
| 18:04 |
|
jomatv6_ joined #minetest |
| 18:06 |
|
georgeowell_ joined #minetest |
| 18:07 |
|
PsychoVision joined #minetest |
| 18:07 |
|
Fixer joined #minetest |
| 18:07 |
|
Thomas-S_ joined #minetest |
| 18:07 |
|
celeron55_ joined #minetest |
| 18:08 |
|
sfan5_ joined #minetest |
| 18:08 |
|
Someguy1234 joined #minetest |
| 18:08 |
|
dabascht joined #minetest |
| 18:11 |
|
glorfindel joined #minetest |
| 18:21 |
|
tm3 left #minetest |
| 18:22 |
|
Yst joined #minetest |
| 18:37 |
Out`Of`Control |
hi |
| 18:43 |
|
Grandolf joined #minetest |
| 19:08 |
Yst |
Does anyone know how to generate a formspec that matches unified_inventory? Specifically, I need to set the player's formspec to something that isn't one of the registered unified_inventory pages, but I want to keep the feel the same and provide the buttons for reaching actual unified_inventory pages. |
| 19:09 |
Yst |
I guess it'd be the unified_inventory equivalent of sfinv.make_formspec(). Would someone know what function that'd be? |
| 19:19 |
|
Darcidride joined #minetest |
| 19:25 |
|
Peppy joined #minetest |
| 19:28 |
|
rubenwardy joined #minetest |
| 19:33 |
|
calculon joined #minetest |
| 19:38 |
|
Fixer joined #minetest |
| 19:45 |
|
Fixer_ joined #minetest |
| 19:48 |
|
xerox123 joined #minetest |
| 19:49 |
IhrFussel |
"local name=inv:get_stack("give" .. n,1):get_name()" will this return a string like "default:sand" ? |
| 19:51 |
IhrFussel |
I'm trying to disallow certain nodes in the smartshop mod, but the code looks EXTREMELY complicated and I need to know if that's the var I need to check |
| 19:51 |
rubenwardy |
yes |
| 19:51 |
rubenwardy |
not sure what it returns if the stack is empty though |
| 19:52 |
IhrFussel |
rubenwardy, I think the code already makes sure it's not nil..those are the lines before it: local inv = meta:get_inventory() if meta ~= nil then |
| 19:54 |
|
kaeza joined #minetest |
| 19:54 |
calculon |
you could still have empty stacks in a non-nil inventory |
| 19:54 |
rubenwardy |
^ |
| 19:55 |
|
Fixer joined #minetest |
| 19:55 |
calculon |
and why meta ~= nil ? is this a typo ? |
| 19:57 |
IhrFussel |
I'll give you a pastebin in a sec |
| 20:02 |
IhrFussel |
https://pastebin.com/ieb2wLgF |
| 20:05 |
calculon |
so i think yes, you should take care of empty stacks |
| 20:05 |
calculon |
iirc get_name() returns an empty string in that case, but i'm not sure |
| 20:06 |
kaeza |
>string.find(name,"ingot") |
| 20:06 |
IhrFussel |
Oops I just noticed I forgot to add the player name in chat_send_player xP |
| 20:07 |
kaeza |
great, now I can't buy a bingo table or something |
| 20:08 |
rubenwardy |
IhrFussel, it's pointless to check a table after you call a function in it |
| 20:08 |
IhrFussel |
kaeza, well I could add an underscore at the beginning and hope that the mods name their ingots properly "[material]_ingot" |
| 20:08 |
rubenwardy |
it: meta ~= nil |
| 20:10 |
IhrFussel |
rubenwardy, so I can remove that part of the condition? |
| 20:10 |
rubenwardy |
yeah |
| 20:11 |
rubenwardy |
or check before then |
| 20:11 |
rubenwardy |
it's pointless as the server would have already crashed |
| 20:12 |
calculon |
and i guess get_meta always return a value anyway |
| 20:12 |
calculon |
ho, maybe not if not if the node is not loaded |
| 20:14 |
IhrFussel |
calculon, the mod crashed a few times already with "meta nil" |
| 20:15 |
rubenwardy |
you need to check before you use it |
| 20:15 |
calculon |
ok |
| 20:26 |
Hijiri |
static typing would have prevented the exploit |
| 20:26 |
Hijiri |
we should have all used haskell for minetest |
| 20:26 |
rubenwardy |
not really |
| 20:26 |
rubenwardy |
you could have still done the exploit with a statically typed language |
| 20:27 |
rubenwardy |
as long as you had the ability to run code from user input |
| 20:27 |
Hijiri |
there was a check, "not admin == name" aka "(not admin) == name" to see if the lua runner was the admin |
| 20:27 |
Hijiri |
that would have been a type error since admin is not a bool |
| 20:28 |
Hijiri |
unless you are using C or something |
| 20:28 |
rubenwardy |
ah, I see |
| 20:28 |
Hijiri |
It wouldn't prevent all exploits of this class though, true |
| 20:29 |
Hijiri |
except maybe by being hard enough to interpret at runtime that nobody bothered to make a mod that runs user lua |
| 20:29 |
Hijiri |
or user haskell |
| 20:30 |
kaeza |
that's why I have the habit of always using parentheses when using the `not` operator ;) |
| 20:30 |
rubenwardy |
Haskell is an awful choice for game modding though |
| 20:32 |
Hijiri |
probably also true |
| 20:35 |
|
MarioBranco joined #minetest |
| 20:37 |
Hijiri |
rubenwardy: actually my mistake, the check was "not admin ~= name" to return early |
| 21:07 |
Calinou |
heh |
| 21:07 |
Calinou |
https://forum.minetest.net/viewtopic.php?f=53&t=17046 |
| 21:07 |
Calinou |
someone made an X-Ray cheat with CSM |
| 21:07 |
Calinou |
that was a while ago, but I'm just starting to browse the CSM section now |
| 21:09 |
PureTryOut[m] |
ooh no 😞 I guess that's the downside of having CSM |
| 21:10 |
KaadmY |
Calinou: TIL the item_image formspec element can handle an item count |
| 21:10 |
KaadmY |
I've been doing it manually |
| 21:10 |
KaadmY |
So the item cound thing is fixed |
| 21:10 |
KaadmY |
count* |
| 21:10 |
KaadmY |
Groups are still wonky, I can fix easily though |
| 21:10 |
Calinou |
tons of cheats can be made with CSM, yeah |
| 21:11 |
|
Hawk777 joined #minetest |
| 21:14 |
PureTryOut[m] |
there needs to be a way to protect servers from those... |
| 21:14 |
rubenwardy |
the fix is to not allow get_node if there's no air nearby |
| 21:15 |
rubenwardy |
ie: neighbour |
| 21:15 |
rubenwardy |
and to check LOS or less than 20 |
| 21:15 |
rubenwardy |
the problem is that these restrictions make an ambience mod a lot less efficient |
| 21:17 |
PureTryOut[m] |
couldn't an Ambiance mod be made entirely server-side? I thought mods could play sounds per player |
| 21:18 |
Calinou |
hmm, trying out CSM, pretty nice |
| 21:18 |
Calinou |
I need to make some mods again :) |
| 21:18 |
Calinou |
eg. a wallclock on HUD |
| 21:18 |
Calinou |
PureTryOut[m]: they can but it causes lag |
| 21:18 |
|
halt_ joined #minetest |
| 21:19 |
Calinou |
also, aesthetic things like these are better left to the client |
| 21:19 |
Calinou |
so the user can easily disable it, etc |
| 21:20 |
PureTryOut[m] |
I guess |
| 21:20 |
PureTryOut[m] |
still, I don't like X-ray mods lol |
| 21:20 |
Hijiri |
what if you use a hybrid approach |
| 21:21 |
|
ThomasMonroe joined #minetest |
| 21:21 |
Hijiri |
like when requested, the server will calculate the ambience stuff for some area, and send taht to the client |
| 21:21 |
Hijiri |
and it will cache that, and so will the client |
| 21:21 |
Hijiri |
or maybe only the client caches it |
| 21:21 |
Hijiri |
I guess that doesn't work for swimming in water and that kind of thing though |
| 21:22 |
Hijiri |
But maybe some effects could be purely client modding, while others are a hybrid like I described |
| 21:22 |
rubenwardy |
it's funny how people have been wanting CSM for years, but now it's been introduced everyone's against it |
| 21:22 |
Hijiri |
I'm sort of against client-provided client mods |
| 21:22 |
rubenwardy |
well, same |
| 21:22 |
PureTryOut[m] |
I'd love a way for mods to send certain commands/functions to the client to do |
| 21:22 |
Hijiri |
The kind of CSM I've wanted is code sent from the server |
| 21:22 |
PureTryOut[m] |
same ^ |
| 21:23 |
PureTryOut[m] |
never asked for CSM like it is now |
| 21:23 |
PureTryOut[m] |
I just want my mod to be able to listen to keypresses 😞 |
| 21:23 |
Hijiri |
listening to keypresses would be against what the direction of game controls has been though |
| 21:23 |
Hijiri |
because of Android stuff |
| 21:24 |
rubenwardy |
registering events though |
| 21:24 |
rubenwardy |
but that could be done with a server API |
| 21:24 |
Hijiri |
I think the spells idea nerzhul has been mentioning would provide extra controls |
| 21:25 |
Hijiri |
anyway I have to go |
| 21:26 |
PureTryOut[m] |
Hijiri: tbh I don't give a damn about Android |
| 21:26 |
PureTryOut[m] |
I don't want to be limited on PC because of mobile support... |
| 21:27 |
PureTryOut[m] |
and even then, you can probably let the mods make some extra button for touchscreens or whatever |
| 21:29 |
|
PsychoVision joined #minetest |
| 21:38 |
|
octacian_ joined #minetest |
| 21:40 |
|
book`_ joined #minetest |
| 21:41 |
Yst |
I never wanted client-side scripting either. Now that it's here though, I'll probably check it out. After I finish a server-side mod I've been wanting for a couple months though. |
| 21:41 |
|
Sanskrit1ritz joined #minetest |
| 21:42 |
|
Calinou_ joined #minetest |
| 21:43 |
|
svartarmar joined #minetest |
| 21:58 |
|
Brackston joined #minetest |
| 21:59 |
|
Foz joined #minetest |
| 22:00 |
|
PsychoVision joined #minetest |
| 22:08 |
|
wilkgr joined #minetest |
| 22:24 |
KaadmY |
When can we get a fog distance multiplier? |
| 22:25 |
KaadmY |
So rain becomes foggier |
| 22:32 |
|
MarioBranco joined #minetest |
| 22:56 |
|
ThomasMonroe joined #minetest |
| 22:57 |
|
halt_ joined #minetest |
| 23:09 |
|
octacian__ joined #minetest |
| 23:11 |
|
proller__ joined #minetest |
| 23:18 |
Fixer |
KaadmY: is not this already possible? |
| 23:18 |
KaadmY |
I dont think so |
| 23:18 |
KaadmY |
The API has no mention of fog |
| 23:19 |
KaadmY |
And to clarify: I mean as a mod, not client setting |
| 23:19 |
Fixer |
rubenwardy: but but you can locate nyan cat now with ore detect!!111 Oh ... nyan was removed... and dog too... |
| 23:19 |
KaadmY |
Was Nyan removed? :/ |
| 23:19 |
Fixer |
KaadmY: i have some impression that some weather mods already do this, i may be wrong |
| 23:19 |
Fixer |
KaadmY: yep |
| 23:19 |
KaadmY |
Awww |
| 23:20 |
Fixer |
KaadmY: because of trademark issues |
| 23:20 |
Fixer |
iirc |
| 23:20 |
KaadmY |
Darn |
| 23:20 |
Fixer |
KaadmY: you can still use it as a mod |
| 23:20 |
KaadmY |
Why not have a cyan cat |
| 23:20 |
Fixer |
LOL |
| 23:20 |
KaadmY |
Just a cyan cat :D |
| 23:20 |
KaadmY |
Also I'm looking at the 0.4.16 API |
| 23:20 |
KaadmY |
It looks like there's TONS of changes from 0.4.15 |
| 23:20 |
KaadmY |
And I really want to get my hands on them :D |
| 23:21 |
Fixer |
KaadmY: release is pretty soon btw |
| 23:21 |
KaadmY |
Yeah |
| 23:21 |
KaadmY |
June or something? |
| 23:21 |
KaadmY |
Feature freeze is May 21 |
| 23:21 |
KaadmY |
So mid-June/early July? |
| 23:21 |
Fixer |
don't remember, but soon |
| 23:22 |
Fixer |
afk |
| 23:25 |
frostsnow |
Why is there no 50% probability rule in the L-system? |
| 23:25 |
|
Dargod joined #minetest |
| 23:31 |
wilkgr |
2017-05-15 09:30:43: ERROR[Main]: Access denied. Reason: You are using an unofficial client. Use the official client from minetest.org |
| 23:31 |
KaadmY |
Hm? |
| 23:31 |
rubenwardy |
which server? |
| 23:32 |
wilkgr |
Captain's Corner (it's a minetesthosting one) |
| 23:32 |
KaadmY |
How does the server tell if its an unofficial client? |
| 23:32 |
rubenwardy |
sfan5 ^ |
| 23:32 |
rubenwardy |
it's not an unofficial client |
| 23:32 |
rubenwardy |
oldcoder is trying to take over the project |
| 23:33 |
rubenwardy |
so he's put that notice in his version to try and get people to use his |
| 23:33 |
rubenwardy |
notice .org |
| 23:33 |
KaadmY |
Oh |
| 23:33 |
rubenwardy |
which is OldCoder's domain |
| 23:33 |
wilkgr |
Indeed, that's why I was so confused |
| 23:33 |
red-005 |
does anyother server need to be added to the ban list? |
| 23:34 |
KaadmY |
minetest.org seems to be down anyway |
| 23:34 |
rubenwardy |
not for me |
| 23:34 |
KaadmY |
Huh, DNS problem |
| 23:34 |
red-005 |
I think I had that issue too |
| 23:35 |
rubenwardy |
would be good to make a bot which auto-bans servers from the server list that display that message |
| 23:36 |
|
M6HZ joined #minetest |
| 23:44 |
|
tpepin96 joined #minetest |
| 23:58 |
|
slemonide joined #minetest |
