| Time |
Nick |
Message |
| 00:03 |
|
NathanS21 joined #minetest |
| 00:31 |
|
Lunatrius joined #minetest |
| 00:53 |
|
Lunatrius` joined #minetest |
| 01:22 |
|
Conradish006 joined #minetest |
| 02:58 |
|
kamdard joined #minetest |
| 03:17 |
|
FennecCode joined #minetest |
| 03:21 |
|
shangul joined #minetest |
| 04:38 |
|
riff_IRC joined #minetest |
| 04:45 |
|
Talkless joined #minetest |
| 07:18 |
|
stiell joined #minetest |
| 07:31 |
|
stiell joined #minetest |
| 07:35 |
|
stiell joined #minetest |
| 07:59 |
|
calcul0n joined #minetest |
| 08:00 |
|
ShadowNinja joined #minetest |
| 08:15 |
|
proller joined #minetest |
| 08:38 |
|
FeXoR joined #minetest |
| 08:42 |
|
proller joined #minetest |
| 09:05 |
|
calcul0n_ joined #minetest |
| 10:21 |
|
tuedel joined #minetest |
| 10:30 |
|
stiell joined #minetest |
| 10:32 |
|
SwissalpS joined #minetest |
| 10:32 |
|
bhree[m] joined #minetest |
| 10:32 |
|
xose[m] joined #minetest |
| 10:32 |
|
Fulgen joined #minetest |
| 10:41 |
|
Fixer joined #minetest |
| 11:18 |
|
sec^nd joined #minetest |
| 11:32 |
|
dievri joined #minetest |
| 11:39 |
|
mizux joined #minetest |
| 11:40 |
|
BFHLX joined #minetest |
| 11:42 |
|
ROllerGuy joined #minetest |
| 11:45 |
|
Taoki joined #minetest |
| 12:08 |
|
minduser00 joined #minetest |
| 12:26 |
|
minduser00 joined #minetest |
| 12:28 |
|
Conradish006 joined #minetest |
| 12:32 |
|
Taoki joined #minetest |
| 12:38 |
dievri |
hello. Today I'm trying to write my own authentication. I would like to store user password in plain form (not hashed). I'm defined get_auth and create_auth function and registered them as auth handler. But get_auth get called already with hashed password. How can I avoid hashing? |
| 12:40 |
|
proller joined #minetest |
| 12:43 |
|
Conradish006 joined #minetest |
| 13:01 |
MTDiscord |
<jakeh04> why would you avoid hashing? |
| 13:02 |
Ingar |
easier to steal plaintext passwords from users |
| 13:04 |
guzzi |
sounds illegal. |
| 13:04 |
MTDiscord |
<jakeh04> ah the ol logging into your user's bank accounts that reuse their passwords lol |
| 13:05 |
guzzi |
you planning on creating a honeypot to try to get peoples passwords? |
| 13:05 |
guzzi |
evil |
| 13:06 |
Ingar |
imho, a bug if the mt client would actually accomodate sending plaintext passwords |
| 13:09 |
MTDiscord |
<jakeh04> yeah, let us know if you succeed so we can make an emergency release to fix the huge security flaw lol |
| 13:10 |
MTDiscord |
<shivajiva> lmao ? |
| 13:17 |
|
ubone joined #minetest |
| 13:17 |
ubone |
https://paste.ubuntu.com/p/4N2ShXdMcT/ |
| 13:18 |
ubone |
im trying to proxy minetest with nginx but connection fails |
| 13:18 |
|
Pie-jacker875 joined #minetest |
| 13:19 |
guzzi |
Ingar is probably creating a fork and then join the serverlist. |
| 13:19 |
guzzi |
he wouldn't dare do a pull request |
| 13:19 |
guzzi |
but he would still be able to collect passwords |
| 13:20 |
sfan5 |
there is no way for the server to get a plaintext password |
| 13:20 |
guzzi |
I am sure if you forked the server too you could do it |
| 13:21 |
guzzi |
Not sure how we could prevent this server from joining the list |
| 13:21 |
sfan5 |
no you can't |
| 13:21 |
guzzi |
really? |
| 13:22 |
guzzi |
i doubt that. |
| 13:22 |
sfan5 |
minetest uses SRP to securey do password authentication |
| 13:22 |
sfan5 |
the plaintext password is never sent |
| 13:24 |
sfan5 |
ubone: are you sure nginx isn't attempting a tcp connection? |
| 13:25 |
ubone |
is minetest udp only? |
| 13:25 |
ubone |
idk what nginx does, there's nothing in the logs |
| 13:25 |
sfan5 |
yes minetest is udp only |
| 13:27 |
guzzi |
oh i see like private public key sorta. |
| 13:27 |
guzzi |
srp is beyond my understanding, but basicaly the server never stores the users password. |
| 13:27 |
guzzi |
one would have to completely overhaul the system. |
| 13:28 |
MTDiscord |
<jakeh04> or trick someone into using an evil client |
| 13:28 |
guzzi |
right. you would need to redo the server to accept plain text passwords and store them . then also get the user to use your modified client. |
| 13:28 |
guzzi |
that is a tough sell |
| 13:29 |
guzzi |
I guess webapps dont have this issue since no client thus django just saves the hashed password |
| 13:29 |
guzzi |
thanks sfan5, i learned something new |
| 13:30 |
guzzi |
man, between here and NodeCore i learn so much |
| 13:30 |
MTDiscord |
<jakeh04> the browser is the client on the web and all the code that makes it works is downloaded from the server |
| 13:31 |
guzzi |
right. thus no worry about saving a hashed password as much |
| 13:34 |
MTDiscord |
<jakeh04> there's still a lot of that stuff happenning on the web. same authentication ideas really. I'm sure you could make a website implement SRP |
| 13:38 |
MTDiscord |
<Warr1024> There's stuff like digest auth but nobody particularly cares about that kind of thing on the web. Digest auth was actually originally intended to solve more like 3rd party eavesdropping issues, which it actually doesn't solve, but TLS does. So everyone just does basic over TLS, or the moral equivalent with web forms. |
| 13:40 |
MTDiscord |
<jakeh04> is ssl/tls to slow for gaming? |
| 13:40 |
MTDiscord |
<Warr1024> Tbh I'd be more comfortable with MT sending plaintext passwords over a fully encrypted authenticated connection, as I'm already trained by the web not to reuse passwords, but the infrastructure to authenticate an MT server would probably be prohibitive. |
| 13:41 |
MTDiscord |
<Warr1024> There are datagram versions of TLS and modern TLS has something like a 1% overhead. OpenVPN is designed on I think a mix of IPSec and DTLS paradigms. |
| 13:41 |
MTDiscord |
<Warr1024> The problem though is establishing server identity and trust... |
| 13:42 |
MTDiscord |
<jakeh04> I can sell certs for 5.99 |
| 13:42 |
MTDiscord |
<jakeh04> lol |
| 13:43 |
MTDiscord |
<Warr1024> Yeah, I mean, just having a central server authority in the first place is an undertaking, an possibly anathema to the kind of decentralization that MT probably wants to support. Trust on first use schemes are limited if you hop between clients, as users realistically don't compare fingerprints. |
| 13:44 |
|
mtplayer joined #minetest |
| 13:45 |
MTDiscord |
<Warr1024> I suppose as it stands doing SRP over an encrypted connection to a TOFU-authenticated server to establish a session that is subsequently hard to hijack or snoop would be an improvement at least, but no small task. |
| 13:45 |
mtplayer |
Hello! I'm playing Minetest on FreeBSD. (I'll admit, 5.2.0) Is it intentional that papyrus only grows on dirt and not on soil? I used the hoe on quite a bit of dirt earlier and noticed papyrus won't grow on it, but does grow on on-hoe'd dirt. |
| 13:46 |
mtplayer |
on un-hoe'd dirt* |
| 13:46 |
MTDiscord |
<Warr1024> I had actually considered a way of tunneling MT connections over websockets as a means for people behind extremely restrictive firewalls (i.e. web browsing only) to self-host an MT server with the help of a host on the outside. |
| 13:49 |
MTDiscord |
<jakeh04> yeah but those kids in the school computer lab should be doing homework lol |
| 13:49 |
mtplayer |
https://files.catbox.moe/0ilc2r.png |
| 13:50 |
MTDiscord |
<jakeh04> papyrus is setup to grow on regular dirt. i agree though, it should grow on hoed dirt too though |
| 13:51 |
MTDiscord |
<jakeh04> could open an issue on minetest game github repo if it bothers you enough |
| 13:51 |
mtplayer |
won't make a github account, but if you guys have a mailing list, I'll send it that way |
| 13:52 |
mtplayer |
or someone else can make the github issue :P |
| 13:53 |
MTDiscord |
<jakeh04> no likey github? |
| 13:54 |
mtplayer |
n'aww, just won't make an account for a single issue is all |
| 13:54 |
mtplayer |
if I was a dev in a project using GH I'd have one |
| 13:54 |
mtplayer |
but email's just lower-effort for now |
| 13:55 |
MTDiscord |
<jakeh04> dunno about a mailing list |
| 13:56 |
|
BFHLX joined #minetest |
| 14:03 |
|
FreeFull joined #minetest |
| 14:56 |
MTDiscord |
<appguru> MTG is ded AFAIK |
| 14:56 |
MTDiscord |
<appguru> although this could be seen as a bug |
| 15:11 |
MTDiscord |
<Warr1024> I wouldn't file the issue. MTG isn't exactly "dead" but this doesn't sound like something that's clearly and undebatably a bug, and thus is likely not to get changed. 3rd party mods can also probably change this too, so that makes it less likely to be changed upstream... |
| 15:12 |
specing |
Please stop using github. It makes no sense to me to use a proprietary software host to host development of a free software project |
| 15:12 |
specing |
additionally, it is fast becomming a monopoly (if it isnt one already) |
| 15:12 |
specing |
Also please stop using discord. Readings its ToS should provide you enough reason |
| 15:13 |
MTDiscord |
<Warr1024> haha, "it's a monopoly" i.e. "there's no competition" is a kinda paradoxical argument to make for "you should switch to a competitor," you have to admit... |
| 15:14 |
MTDiscord |
<Warr1024> if you don't like github I believe there are gitlab mirrors of all of the relevant MT projects somewhre |
| 15:14 |
MTDiscord |
<jakeh04> I like getting paid for work so I can't bash others that do the same |
| 15:15 |
MTDiscord |
<Warr1024> Dunno about access to the issues, but from my perspective I prefer to use pure git, so that projects are not vendor-locked-in by any service, whether they're open-source themselves or not, so I avoid using the issues features. |
| 15:15 |
specing |
jakeh04 are you paid to work on Minetest? |
| 15:15 |
MTDiscord |
<Warr1024> Is anybody? |
| 15:16 |
specing |
That comment made me think that jakeh04 is |
| 15:16 |
MTDiscord |
<appguru> Monte's staff prolly |
| 15:16 |
MTDiscord |
<jakeh04> hmm could make a jakehcraft fork lol |
| 15:16 |
MTDiscord |
<Warr1024> though you gotta admit that, again, "nobody is paid to do this stuff" does seem like a weird argument for "they should have higher standards about the services they use." |
| 15:17 |
|
Pie-jacker875 joined #minetest |
| 15:17 |
|
BFHLX joined #minetest |
| 15:17 |
MTDiscord |
<appguru> specing: There has been lotta discussion, conclusion being that migration is not worth the effort. There's a mirror on GitLab. As GitHub gets microsoftified, I might decide to switch. But ATM there's been no good reason for doing so. |
| 15:18 |
MTDiscord |
<Warr1024> git hub/lab can't really exercise lock-in over the repo contents, since that's plain git and easily portable/mirrorable. They CAN make you dependent on things like issue tracking, wikis, CI setups, integrations, etc. so I would definitely encourage projects to have a way to keep mirrors of that data and be prepared to move it if necessary. I don't really worry about whether the service is proprietary or not; in a way, gitlab is |
| 15:18 |
MTDiscord |
big enough that I treat it as if some parts of it must be proprietary somewhere. Claims of purity are generally exaggerated :-) |
| 15:18 |
MTDiscord |
<jakeh04> That would be nice to get paid for mt stuff. It shall remain hobby effort until then and hobby stuff gets a lower priority than paid work and tends to be less polished because it is hobby work |
| 15:19 |
specing |
Warr1024 if they are easily portable then why aren't you moving away? |
| 15:19 |
MTDiscord |
<Warr1024> In a way not getting paid for MT stuff is kinda nice too, assuming you get paid for other stuff, as it helps keep MT stuff all about having fun and doesn't make it get too serious |
| 15:19 |
MTDiscord |
<appguru> Both GitHub and GitLab have a proper API, which means it should be fairly trivial to migrate. |
| 15:19 |
MTDiscord |
<appguru> specing: Because there's no hecking reason apart from FLOSS dogmatism |
| 15:19 |
MTDiscord |
<Warr1024> specing: I'm not moving away because ... I'm already fully moved away? |
| 15:20 |
MTDiscord |
<Warr1024> I host all my own projects in basically "pure git"; they're on gitlab, but I don't depend on any of the "lab" parts either. |
| 15:20 |
specing |
Ok Warr1024 |
| 15:20 |
MTDiscord |
<appguru> I will move away as soon as I can't put up with the changes for the worse MS is applying to GitHub anymore |
| 15:20 |
MTDiscord |
<Warr1024> As for the engine folks, they can do what they want too, but there's a heckuva lot of those folks so getting them all moved at the same time would take some significant effort, and they'd need an equally compelling reason to halt all other work and make that leap. |
| 15:22 |
MTDiscord |
<Warr1024> I already applied my own standards of ideological purity when I chose where to host my own projects, but I'm okay with working with other projects where they want to host even if they're less puritanical about those ideological factors. |
| 15:23 |
MTDiscord |
<jakeh04> if mt was proprietary, it would probably already have rtx multi render passes and a MTG design team that makes a fun default game lol |
| 15:23 |
MTDiscord |
<Warr1024> haha, nah, it'd be a dead project with no funding, or it'd be all about microtransactions and loot boxes in a desperate effort to compete with roblox or something |
| 15:23 |
Copenhagen_Bram |
Which Minetest mods are mostly translated to Spanish? I'd like to try playing Minetest in Spanish to practice the language. |
| 15:24 |
|
Hawk777 joined #minetest |
| 15:24 |
MTDiscord |
<Warr1024> again, in a way not bringing money into the picture can actually be FREEING, at least in part because it allows you to attract people who share a passion for something. Once you bring any amount of money into the picture it tends to start driving passion away... |
| 15:24 |
Copenhagen_Bram |
Oh hey warr |
| 15:25 |
MTDiscord |
<Warr1024> Big popular packages are most likely to have some level of translation, probably |
| 15:25 |
MTDiscord |
<Warr1024> also hi :-) |
| 15:25 |
Copenhagen_Bram |
For a moment I thought this discussion had something to do with using prills as currency in nodecore |
| 15:26 |
MTDiscord |
<jakeh04> i think management practices play the biggest part in a loss of passion. One boss makes life suck and the other crafts a productive environment |
| 15:26 |
Warr1024 |
Haha, tbh I'm also a first-class IRC citizen but often cba to switch over to my IRC client. Took me a long time to even find one that lets me hop between mobile and desktop reasonably well, which is basically like 99% of the reason why I got into Discord in the first place. |
| 15:26 |
MTDiscord |
<jakeh04> same can happen with OSS. say your PRs always get shutdown for instance lol |
| 15:26 |
MTDiscord |
<Warr1024> CB: you did mention you were interested in doing spanish translations for nodecore ... I should set you up that weblate account one of these days... :-/ |
| 15:27 |
* Copenhagen_Bram |
checks what client Warr1024 is using |
| 15:27 |
MTDiscord |
<appguru> Ze Bridge |
| 15:27 |
Copenhagen_Bram |
Huh. If I want IRC on mobile, I can run weechat with tmux on my computer and ssh in using termux on my phone |
| 15:27 |
Warr1024 |
I wonder if my client responds to such requests properly. It's TheLounge, which is a bit weird and feature-barren, but it has good mobile-to-desktop-hopping support, and I can self-host it. |
| 15:28 |
Warr1024 |
I tried the irssi-in-tmux-in-ssh thing for a while but ssh clients for mobile add so much awkwardness |
| 15:28 |
rom1504 |
weechat + glowing bear works fine |
| 15:28 |
Copenhagen_Bram |
You might like to look into termux, it's not an SSH client, it's an entire linux terminal |
| 15:29 |
Copenhagen_Bram |
It even has an apt package manager |
| 15:29 |
Warr1024 |
I wouldn't call TheLounge ready quite yet to receive my general recommendation though. It lacks certain features that bother me from time to time, and I'd really love to see some kind of scriptability. |
| 15:29 |
Copenhagen_Bram |
Hmm |
| 15:30 |
Warr1024 |
btw, if you're looking for a good "mobile ssh client" WeTTY is an interesting project to look into, if you're okay substituting TLS security for SSH. Most mobile clients will have a browser, and with WeTTY you basically can turn that into a no-installation-needed SSH client... |
| 15:30 |
Copenhagen_Bram |
> I wonder if my client responds to such requests properly. |
| 15:30 |
Copenhagen_Bram |
Well, it responded to my CTCP request |
| 15:30 |
Warr1024 |
though I haven't tried certain things in it like all the keybinds for example... |
| 15:31 |
Copenhagen_Bram |
How would you define a good mobile ssh client? |
| 15:31 |
Warr1024 |
One of the problems with the irssi+tmux solution I had was all the hoops I had to jump through to get push notifications sent to my phone. I think what I used was email-to-SMS in the end, but it was a PITA. First-class mobile support makes the push notification thing cleaner... |
| 15:32 |
Warr1024 |
I define a good mobile ssh client as (1) mobile, (2) an ssh client, and (3) doesn't find ways to piss me off when I try to actually use it for stuff. |
| 15:32 |
Copenhagen_Bram |
And how do I find WeTTY? Duckduckgo searches aren't case sensitive it seems, and searching for wetty brings up a song and a male shaving brand |
| 15:33 |
Warr1024 |
https://github.com/butlerx/wetty |
| 15:34 |
Warr1024 |
Basically I run nginx reverse proxy -> wetty running in nodejs -> ssh server and it makes a good emergency way to access my machines' terminals when I might not have proper access to an ssh client, or I'm running into firewall problems, like those networks that only let 443/tcp and 80/tcp outbound. |
| 15:35 |
specing |
you could have port 80 redirect to 22 |
| 15:35 |
Warr1024 |
Get yourself a dynamic DNS that you can maintain (I actually use a paid one from dyn.com because :shrug: and it works fine for me) plus a TLS cert from LetsEncrypt... |
| 15:35 |
specing |
IPv6 addresses are plentiful |
| 15:36 |
specing |
no need for a ton of javascript |
| 15:36 |
Warr1024 |
Redirecting from 80 to 22 would be tricky because it would require some complex analysis to determine if the protocol being used is actually ssh or http, and it wouldn't work for some networks I've used where they actually do some heuristic inspection of the packet content and verify that it sanely matches the set of protocols they allow. |
| 15:40 |
specing |
no |
| 15:40 |
specing |
use one of the 2^64 IPv6 addresses that you arent using |
| 15:41 |
Warr1024 |
I'm pretty sure that I'm not using a lot more IPv6 addresses than just that. |
| 15:42 |
swift110 |
hey all |
| 15:42 |
Warr1024 |
I'd be more inclined to use IPv6 addresses if I didn't have to worry about networks that don't support them, forcing me to use IPv4 fallbacks anyway. It's kind of a shame that IPv6 never really caught on, but I guess I have to live with that. |
| 15:42 |
|
olliy joined #minetest |
| 15:45 |
MTDiscord |
<jakeh04> gonna be a pain to type those adresses though lol |
| 15:46 |
MTDiscord |
<Warr1024> I wouldn't recommend typing any addresses one way or another anyway. Get a hostname :-) |
| 15:48 |
MTDiscord |
<jakeh04> ideally |
| 16:51 |
|
homthack joined #minetest |
| 16:59 |
|
Pie-jacker875 joined #minetest |
| 16:59 |
|
gera joined #minetest |
| 17:54 |
|
Edwardplayz joined #minetest |
| 18:09 |
|
Pie-jacker875 joined #minetest |
| 18:15 |
|
nuala joined #minetest |
| 18:40 |
|
awell joined #minetest |
| 19:46 |
|
fluxflux joined #minetest |
| 20:05 |
|
swift110-phone joined #minetest |
| 20:28 |
|
Pie-jacker875 joined #minetest |
| 20:36 |
|
Verticen joined #minetest |
| 20:49 |
|
homthack joined #minetest |
| 21:04 |
|
homthack77 joined #minetest |
| 21:05 |
|
DS-minetest joined #minetest |
| 21:06 |
|
Pie-jacker875 joined #minetest |
| 21:09 |
DS-minetest |
What is the best way to get the latest version of the minimal game? |
| 21:09 |
DS-minetest |
I'd like to look into my old maps. |
| 21:14 |
sfan5 |
grab the one from the commit before devtest was added |
| 21:14 |
sfan5 |
or any old one e.g. 5.2.0 |
| 21:14 |
sfan5 |
there haven't really been relevant changes |
| 21:14 |
DS-minetest |
ok, thanks |
| 21:26 |
DS-minetest |
for logs (so that someone who reads this won't search for the commit): I've gotten latest minimal via git checkout a9b74f4c3966ad38c2f9a97364d3fdda0e514c93 games/ |
| 22:34 |
|
vormgear joined #minetest |
| 22:41 |
|
Taoki joined #minetest |
| 22:56 |
|
Seirdy joined #minetest |
| 23:42 |
|
Verticen joined #minetest |
| 23:53 |
|
lisac joined #minetest |
| 23:59 |
|
minduser00 joined #minetest |
