Minetest logo

IRC log for #minetest, 2020-09-06

| Channels | #minetest index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:03 NathanS21 joined #minetest
00:31 Lunatrius joined #minetest
00:53 Lunatrius` joined #minetest
01:22 Conradish006 joined #minetest
02:58 kamdard joined #minetest
03:17 FennecCode joined #minetest
03:21 shangul joined #minetest
04:38 riff_IRC joined #minetest
04:45 Talkless joined #minetest
07:18 stiell joined #minetest
07:31 stiell joined #minetest
07:35 stiell joined #minetest
07:59 calcul0n joined #minetest
08:00 ShadowNinja joined #minetest
08:15 proller joined #minetest
08:38 FeXoR joined #minetest
08:42 proller joined #minetest
09:05 calcul0n_ joined #minetest
10:21 tuedel joined #minetest
10:30 stiell joined #minetest
10:32 SwissalpS joined #minetest
10:32 bhree[m] joined #minetest
10:32 xose[m] joined #minetest
10:32 Fulgen joined #minetest
10:41 Fixer joined #minetest
11:18 sec^nd joined #minetest
11:32 dievri joined #minetest
11:39 mizux joined #minetest
11:40 BFHLX joined #minetest
11:42 ROllerGuy joined #minetest
11:45 Taoki joined #minetest
12:08 minduser00 joined #minetest
12:26 minduser00 joined #minetest
12:28 Conradish006 joined #minetest
12:32 Taoki joined #minetest
12:38 dievri hello. Today I'm trying to write my own authentication. I would like to store user password in plain form (not hashed). I'm defined get_auth and create_auth function  and registered them as auth handler. But get_auth get called already with hashed password. How can I avoid hashing?
12:40 proller joined #minetest
12:43 Conradish006 joined #minetest
13:01 MTDiscord <j​akeh04> why would you avoid hashing?
13:02 Ingar easier to steal plaintext passwords from users
13:04 guzzi sounds illegal.
13:04 MTDiscord <j​akeh04> ah the ol logging into your user's bank accounts that reuse their passwords lol
13:05 guzzi you planning on creating a honeypot to try to get peoples passwords?
13:05 guzzi evil
13:06 Ingar imho, a bug if the mt client would actually accomodate sending plaintext passwords
13:09 MTDiscord <j​akeh04> yeah, let us know if you succeed so we can make an emergency release to fix the huge security flaw lol
13:10 MTDiscord <s​hivajiva> lmao ?
13:17 ubone joined #minetest
13:17 ubone https://paste.ubuntu.com/p/4N2ShXdMcT/
13:18 ubone im trying to proxy minetest with nginx but connection fails
13:18 Pie-jacker875 joined #minetest
13:19 guzzi Ingar is probably creating a fork and then join the serverlist.
13:19 guzzi he wouldn't dare do a pull request
13:19 guzzi but he would still be able to collect passwords
13:20 sfan5 there is no way for the server to get a plaintext password
13:20 guzzi I am sure if you forked the server too you could do it
13:21 guzzi Not sure how we could prevent this server from joining the list
13:21 sfan5 no you can't
13:21 guzzi really?
13:22 guzzi i doubt that.
13:22 sfan5 minetest uses SRP to securey do password authentication
13:22 sfan5 the plaintext password is never sent
13:24 sfan5 ubone: are you sure nginx isn't attempting a tcp connection?
13:25 ubone is minetest udp only?
13:25 ubone idk what nginx does, there's nothing in the logs
13:25 sfan5 yes minetest is udp only
13:27 guzzi oh i see like private public key sorta.
13:27 guzzi srp is beyond my understanding, but basicaly the server never stores the users password.
13:27 guzzi one would have to completely overhaul the system.
13:28 MTDiscord <j​akeh04> or trick someone into using an evil client
13:28 guzzi right. you would need to redo the server to accept plain text passwords and store them .  then also get the user to use your modified client.
13:28 guzzi that is a tough sell
13:29 guzzi I guess webapps dont have this issue since no client thus django just saves the hashed password
13:29 guzzi thanks sfan5, i learned something new
13:30 guzzi man, between here and NodeCore i learn so much
13:30 MTDiscord <j​akeh04> the browser is the client on the web and all the code that makes it works is downloaded from the server
13:31 guzzi right.  thus no worry about saving a hashed password as much
13:34 MTDiscord <j​akeh04> there's still a lot of that stuff happenning on the web. same authentication ideas really. I'm sure you could make a website implement SRP
13:38 MTDiscord <W​arr1024> There's stuff like digest auth but nobody particularly cares about that kind of thing on the web.  Digest auth was actually originally intended to solve more like 3rd party eavesdropping issues, which it actually doesn't solve, but TLS does.  So everyone just does basic over TLS, or the moral equivalent with web forms.
13:40 MTDiscord <j​akeh04> is ssl/tls to slow for gaming?
13:40 MTDiscord <W​arr1024> Tbh I'd be more comfortable with MT sending plaintext passwords over a fully encrypted authenticated connection, as I'm already trained by the web not to reuse passwords, but the infrastructure to authenticate an MT server would probably be prohibitive.
13:41 MTDiscord <W​arr1024> There are datagram versions of TLS and modern TLS has something like a 1% overhead.  OpenVPN is designed on I think a mix of IPSec and DTLS paradigms.
13:41 MTDiscord <W​arr1024> The problem though is establishing server identity and trust...
13:42 MTDiscord <j​akeh04> I can sell certs for 5.99
13:42 MTDiscord <j​akeh04> lol
13:43 MTDiscord <W​arr1024> Yeah, I mean, just having a central server authority in the first place is an undertaking, an possibly anathema to the kind of decentralization that MT probably wants to support.  Trust on first use schemes are limited if you hop between clients, as users realistically don't compare fingerprints.
13:44 mtplayer joined #minetest
13:45 MTDiscord <W​arr1024> I suppose as it stands doing SRP over an encrypted connection to a TOFU-authenticated server to establish a session that is subsequently hard to hijack or snoop would be an improvement at least, but no small task.
13:45 mtplayer Hello!  I'm playing Minetest on FreeBSD. (I'll admit, 5.2.0)  Is it intentional that papyrus only grows on dirt and not on soil?  I used the hoe on quite a bit of dirt earlier and noticed papyrus won't grow on it, but does grow on on-hoe'd dirt.
13:46 mtplayer on un-hoe'd dirt*
13:46 MTDiscord <W​arr1024> I had actually considered a way of tunneling MT connections over websockets as a means for people behind extremely restrictive firewalls (i.e. web browsing only) to self-host an MT server with the help of a host on the outside.
13:49 MTDiscord <j​akeh04> yeah but those kids in the school computer lab should be doing homework lol
13:49 mtplayer https://files.catbox.moe/0ilc2r.png
13:50 MTDiscord <j​akeh04> papyrus is setup to grow on regular dirt. i agree though, it should grow on hoed dirt too though
13:51 MTDiscord <j​akeh04> could open an issue on minetest game github repo if it bothers you enough
13:51 mtplayer won't make a github account, but if you guys have a mailing list, I'll send it that way
13:52 mtplayer or someone else can make the github issue :P
13:53 MTDiscord <j​akeh04> no likey github?
13:54 mtplayer n'aww, just won't make an account for a single issue is all
13:54 mtplayer if I was a dev in a project using GH I'd have one
13:54 mtplayer but email's just lower-effort for now
13:55 MTDiscord <j​akeh04> dunno about a mailing list
13:56 BFHLX joined #minetest
14:03 FreeFull joined #minetest
14:56 MTDiscord <a​ppguru> MTG is ded AFAIK
14:56 MTDiscord <a​ppguru> although this could be seen as a bug
15:11 MTDiscord <W​arr1024> I wouldn't file the issue.  MTG isn't exactly "dead" but this doesn't sound like something that's clearly and undebatably a bug, and thus is likely not to get changed.  3rd party mods can also probably change this too, so that makes it less likely to be changed upstream...
15:12 specing Please stop using github. It makes no sense to me to use a proprietary software host to host development of a free software project
15:12 specing additionally, it is fast becomming a monopoly (if it isnt one already)
15:12 specing Also please stop using discord. Readings its ToS should provide you enough reason
15:13 MTDiscord <W​arr1024> haha, "it's a monopoly" i.e. "there's no competition" is a kinda paradoxical argument to make for "you should switch to a competitor," you have to admit...
15:14 MTDiscord <W​arr1024> if you don't like github I believe there are gitlab mirrors of all of the relevant MT projects somewhre
15:14 MTDiscord <j​akeh04> I like getting paid for work so I can't bash others that do the same
15:15 MTDiscord <W​arr1024> Dunno about access to the issues, but from my perspective I prefer to use pure git, so that projects are not vendor-locked-in by any service, whether they're open-source themselves or not, so I avoid using the issues features.
15:15 specing jakeh04 are you paid to work on Minetest?
15:15 MTDiscord <W​arr1024> Is anybody?
15:16 specing That comment made me think that jakeh04 is
15:16 MTDiscord <a​ppguru> Monte's staff prolly
15:16 MTDiscord <j​akeh04> hmm could make a jakehcraft fork lol
15:16 MTDiscord <W​arr1024> though you gotta admit that, again, "nobody is paid to do this stuff" does seem like a weird argument for "they should have higher standards about the services they use."
15:17 Pie-jacker875 joined #minetest
15:17 BFHLX joined #minetest
15:17 MTDiscord <a​ppguru> specing: There has been lotta discussion, conclusion being that migration is not worth the effort. There's a mirror on GitLab. As GitHub gets microsoftified, I might decide to switch. But ATM there's been no good reason for doing so.
15:18 MTDiscord <W​arr1024> git hub/lab can't really exercise lock-in over the repo contents, since that's plain git and easily portable/mirrorable.  They CAN make you dependent on things like issue tracking, wikis, CI setups, integrations, etc. so I would definitely encourage projects to have a way to keep mirrors of that data and be prepared to move it if necessary.  I don't really worry about whether the service is proprietary or not; in a way, gitlab is
15:18 MTDiscord big enough that I treat it as if some parts of it must be proprietary somewhere.  Claims of purity are generally exaggerated :-)
15:18 MTDiscord <j​akeh04> That would be nice to get paid for mt stuff. It shall remain hobby effort until then and hobby stuff gets a lower priority than paid work and tends to be less polished because it is hobby work
15:19 specing W​arr1024 if they are easily portable then why aren't you moving away?
15:19 MTDiscord <W​arr1024> In a way not getting paid for MT stuff is kinda nice too, assuming you get paid for other stuff, as it helps keep MT stuff all about having fun and doesn't make it get too serious
15:19 MTDiscord <a​ppguru> Both GitHub and GitLab have a proper API, which means it should be fairly trivial to migrate.
15:19 MTDiscord <a​ppguru> specing: Because there's no hecking reason apart from FLOSS dogmatism
15:19 MTDiscord <W​arr1024> specing: I'm not moving away because ... I'm already fully moved away?
15:20 MTDiscord <W​arr1024> I host all my own projects in basically "pure git"; they're on gitlab, but I don't depend on any of the "lab" parts either.
15:20 specing Ok Warr1024
15:20 MTDiscord <a​ppguru> I will move away as soon as I can't put up with the changes for the worse MS is applying to GitHub anymore
15:20 MTDiscord <W​arr1024> As for the engine folks, they can do what they want too, but there's a heckuva lot of those folks so getting them all moved at the same time would take some significant effort, and they'd need an equally compelling reason to halt all other work and make that leap.
15:22 MTDiscord <W​arr1024> I already applied my own standards of ideological purity when I chose where to host my own projects, but I'm okay with working with other projects where they want to host even if they're less puritanical about those ideological factors.
15:23 MTDiscord <j​akeh04> if mt was proprietary, it would probably already have rtx multi render passes and a MTG design team that makes a fun default game lol
15:23 MTDiscord <W​arr1024> haha, nah, it'd be a dead project with no funding, or it'd be all about microtransactions and loot boxes in a desperate effort to compete with roblox or something
15:23 Copenhagen_Bram Which Minetest mods are mostly translated to Spanish? I'd like to try playing Minetest in Spanish to practice the language.
15:24 Hawk777 joined #minetest
15:24 MTDiscord <W​arr1024> again, in a way not bringing money into the picture can actually be FREEING, at least in part because it allows you to attract people who share a passion for something.  Once you bring any amount of money into the picture it tends to start driving passion away...
15:24 Copenhagen_Bram Oh hey warr
15:25 MTDiscord <W​arr1024> Big popular packages are most likely to have some level of translation, probably
15:25 MTDiscord <W​arr1024> also hi :-)
15:25 Copenhagen_Bram For a moment I thought this discussion had something to do with using prills as currency in nodecore
15:26 MTDiscord <j​akeh04> i think management practices play the biggest part in a loss of passion. One boss makes life suck and the other crafts a productive environment
15:26 Warr1024 Haha, tbh I'm also a first-class IRC citizen but often cba to switch over to my IRC client.  Took me a long time to even find one that lets me hop between mobile and desktop reasonably well, which is basically like 99% of the reason why I got into Discord in the first place.
15:26 MTDiscord <j​akeh04> same can happen with OSS. say your PRs always get shutdown for instance lol
15:26 MTDiscord <W​arr1024> CB: you did mention you were interested in doing spanish translations for nodecore ... I should set you up that weblate account one of these days... :-/
15:27 * Copenhagen_Bram checks what client Warr1024 is using
15:27 MTDiscord <a​ppguru> Ze Bridge
15:27 Copenhagen_Bram Huh. If I want IRC on mobile, I can run weechat with tmux on my computer and ssh in using termux on my phone
15:27 Warr1024 I wonder if my client responds to such requests properly.  It's TheLounge, which is a bit weird and feature-barren, but it has good mobile-to-desktop-hopping support, and I can self-host it.
15:28 Warr1024 I tried the irssi-in-tmux-in-ssh thing for a while but ssh clients for mobile add so much awkwardness
15:28 rom1504 weechat + glowing bear works fine
15:28 Copenhagen_Bram You might like to look into termux, it's not an SSH client, it's an entire linux terminal
15:29 Copenhagen_Bram It even has an apt package manager
15:29 Warr1024 I wouldn't call TheLounge ready quite yet to receive my general recommendation though.  It lacks certain features that bother me from time to time, and I'd really love to see some kind of scriptability.
15:29 Copenhagen_Bram Hmm
15:30 Warr1024 btw, if you're looking for a good "mobile ssh client" WeTTY is an interesting project to look into, if you're okay substituting TLS security for SSH.  Most mobile clients will have a browser, and with WeTTY you basically can turn that into a no-installation-needed SSH client...
15:30 Copenhagen_Bram > I wonder if my client responds to such requests properly.
15:30 Copenhagen_Bram Well, it responded to my CTCP request
15:30 Warr1024 though I haven't tried certain things in it like all the keybinds for example...
15:31 Copenhagen_Bram How would you define a good mobile ssh client?
15:31 Warr1024 One of the problems with the irssi+tmux solution I had was all the hoops I had to jump through to get push notifications sent to my phone.  I think what I used was email-to-SMS in the end, but it was a PITA.  First-class mobile support makes the push notification thing cleaner...
15:32 Warr1024 I define a good mobile ssh client as (1) mobile, (2) an ssh client, and (3) doesn't find ways to piss me off when I try to actually use it for stuff.
15:32 Copenhagen_Bram And how do I find WeTTY? Duckduckgo searches aren't case sensitive it seems, and searching for wetty brings up a song and a male shaving brand
15:33 Warr1024 https://github.com/butlerx/wetty
15:34 Warr1024 Basically I run nginx reverse proxy -> wetty running in nodejs -> ssh server and it makes a good emergency way to access my machines' terminals when I might not have proper access to an ssh client, or I'm running into firewall problems, like those networks that only let 443/tcp and 80/tcp outbound.
15:35 specing you could have port 80 redirect to 22
15:35 Warr1024 Get yourself a dynamic DNS that you can maintain (I actually use a paid one from dyn.com because :shrug: and it works fine for me) plus a TLS cert from LetsEncrypt...
15:35 specing IPv6 addresses are plentiful
15:36 specing no need for a ton of javascript
15:36 Warr1024 Redirecting from 80 to 22 would be tricky because it would require some complex analysis to determine if the protocol being used is actually ssh or http, and it wouldn't work for some networks I've used where they actually do some heuristic inspection of the packet content and verify that it sanely matches the set of protocols they allow.
15:40 specing no
15:40 specing use one of the 2^64 IPv6 addresses that you arent using
15:41 Warr1024 I'm pretty sure that I'm not using a lot more IPv6 addresses than just that.
15:42 swift110 hey all
15:42 Warr1024 I'd be more inclined to use IPv6 addresses if I didn't have to worry about networks that don't support them, forcing me to use IPv4 fallbacks anyway.  It's kind of a shame that IPv6 never really caught on, but I guess I have to live with that.
15:42 olliy joined #minetest
15:45 MTDiscord <j​akeh04> gonna be a pain to type those adresses though lol
15:46 MTDiscord <W​arr1024> I wouldn't recommend typing any addresses one way or another anyway.  Get a hostname :-)
15:48 MTDiscord <j​akeh04> ideally
16:51 homthack joined #minetest
16:59 Pie-jacker875 joined #minetest
16:59 gera joined #minetest
17:54 Edwardplayz joined #minetest
18:09 Pie-jacker875 joined #minetest
18:15 nuala joined #minetest
18:40 awell joined #minetest
19:46 fluxflux joined #minetest
20:05 swift110-phone joined #minetest
20:28 Pie-jacker875 joined #minetest
20:36 Verticen joined #minetest
20:49 homthack joined #minetest
21:04 homthack77 joined #minetest
21:05 DS-minetest joined #minetest
21:06 Pie-jacker875 joined #minetest
21:09 DS-minetest What is the best way to get the latest version of the minimal game?
21:09 DS-minetest I'd like to look into my old maps.
21:14 sfan5 grab the one from the commit before devtest was added
21:14 sfan5 or any old one e.g. 5.2.0
21:14 sfan5 there haven't really been relevant changes
21:14 DS-minetest ok, thanks
21:26 DS-minetest for logs (so that someone who reads this won't search for the commit): I've gotten latest minimal via git checkout a9b74f4c3966ad38c2f9a97364d3fdda0e514c93 games/
22:34 vormgear joined #minetest
22:41 Taoki joined #minetest
22:56 Seirdy joined #minetest
23:42 Verticen joined #minetest
23:53 lisac joined #minetest
23:59 minduser00 joined #minetest

| Channels | #minetest index | Today | | Google Search | Plaintext