| Time |
Nick |
Message |
| 00:01 |
|
Extex joined #minetest |
| 00:13 |
|
illwieckz joined #minetest |
| 00:20 |
independent56 |
I have finally got a navigational sidebar for my rapidly growing server wiki. Should help navigation |
| 00:44 |
|
detrout joined #minetest |
| 00:51 |
|
detrout joined #minetest |
| 01:09 |
jonadab |
rubenwardy: Maybe have a look at this patch, which seems to have fixed the crash bugs for me, or at least the most common ones. https://termbin.com/amae |
| 01:10 |
jonadab |
My lua skills are terrible, so feel free to view that as a starting point or whatever. |
| 01:13 |
jonadab |
mazes_81: You also might be interested ^ |
| 01:14 |
jonadab |
Since you were expressing interest in the pipeworks autocrafter group: recipe support patch the other day; this one is meant to be applied after that one, to fix crashes. |
| 01:16 |
Noclip[m] |
Which group do I need to add a node to so that it can only be destroyed in creative mode but not in survival? |
| 01:16 |
Noclip[m] |
Is there group for it or would I need to make such a group myself? |
| 01:19 |
|
detrout joined #minetest |
| 01:27 |
MTDiscord |
<Warr1024> I believe last I checked neither NodeCore nor MTG had such a group. NodeCore does have an admin item that can unconditionally pick up any node that can be pointed at; devtest is likely to have something very similar. |
| 01:29 |
|
independent56 joined #minetest |
| 01:29 |
jonadab |
I think you have to take account for all the different ways nodes can be destroyed in your game/modpack. |
| 01:30 |
jonadab |
For example, if you have digtron, you have to make sure digtron can't remove it. |
| 01:31 |
Noclip[m] |
Well, I mainly wanted to know if such a group already exists. |
| 01:31 |
jonadab |
If you have TNT, you have to make sure TNT can't blow it up. |
| 01:31 |
jonadab |
I don't think there's a generic "can't be destroyed in any way" group, no. |
| 01:31 |
Noclip[m] |
As it doesn't exist I will probably just add it to another group. |
| 01:32 |
jonadab |
I assume you either don't have WorldEdit or would consider it equivalent to creative mode. Otherwise, you'd have to look at that too. |
| 01:32 |
jonadab |
And I don't even know if it's possible for a node to block we. |
| 01:32 |
MTDiscord |
<Warr1024> In NodeCore nodes should be indestructible if they don't have any dig groups, and mods that fail to respect that are basically bugged. |
| 01:33 |
MTDiscord |
<Warr1024> World edit would fall under the "removed by admin" case tho |
| 01:33 |
jonadab |
Fair. |
| 01:33 |
jonadab |
Personally I consider WE tantamount to creative. |
| 01:34 |
jonadab |
It's amazingly useful for testing changes to mods, though. |
| 01:34 |
MTDiscord |
<Warr1024> Basically each game can establish conventions around destructibility, and mods are technically always able to bypass those.. m |
| 01:34 |
jonadab |
Yeah, you really have to know which mods you have. |
| 01:34 |
Noclip[m] |
I added a node in MTG and because I didn't add it to a dig group it's indestructible, too. So I wondered if there would be a group that makes it only destructable for creative mode. But it's not really important in the long run, I'm just playing around a bit. |
| 01:35 |
jonadab |
Oh, just add a type of tool that has no crafting recipe, and can remove the node. |
| 01:35 |
jonadab |
Then it requires creative or admin privs (like /give) |
| 01:35 |
MTDiscord |
<Warr1024> You could create a tool only creative mode players could access with a custom group, or you could just add an on_punch callback that checks for creative mode privs or something... Lots of ways, no really clear convention I know of. |
| 01:36 |
jonadab |
Or that, yeah. |
| 01:36 |
jonadab |
Though I think checking for creative mode requires 5.x |
| 01:37 |
MTDiscord |
<Warr1024> Could be ... but pre-5.x MT is basically pretty dead here now ... using it at all could really be considered like a fork by this point, it's diverged so much. |
| 01:38 |
MTDiscord |
<Warr1024> It's been so long since I dropped all 0.4.x support for all my stuff... |
| 01:40 |
MTDiscord |
<Warr1024> Actually, creative mode being a 5.x thing is a builtin thing, not an engine thing, right? That would mean games still have the power to manage that themselves. |
| 01:41 |
|
detrout joined #minetest |
| 01:43 |
Noclip[m] |
I think creative mode isn't implemented in the engine, yea. |
| 01:44 |
Noclip[m] |
The engine just provides a checkbox in the menu to select creative mode if available. |
| 01:44 |
MTDiscord |
<Warr1024> Ripping it out for me only required overriding one function in builtin, and finding it accidentally enabled only actually affected one thing, so I suspect it's really mostly in builtin ... |
| 01:45 |
MTDiscord |
<Warr1024> In 5.5 that checkbox can be hidden ? |
| 01:45 |
Noclip[m] |
Cool! |
| 01:45 |
MTDiscord |
<Warr1024> But adding new checkboxes for different game features is still in the whiteboarding phase... |
| 01:46 |
Noclip[m] |
Nahh, I don't like the checkbox thing anyways. |
| 01:46 |
Noclip[m] |
That's not how you should configure game based stuff! |
| 01:46 |
Noclip[m] |
game based stuff should be configured through privs and commands. |
| 01:48 |
Noclip[m] |
One serious issue with the creative and damage checkboxes is that it makes both settings a global thing and can only be changed on server restart. |
| 01:49 |
Noclip[m] |
Unlike Minecraft you cannot set damage and creative mode per player and you can't change it while the game is running. |
| 01:49 |
Noclip[m] |
Of course as a dev you can solve that issue through modding but that shouldn't be needed in the first place. |
| 01:51 |
Noclip[m] |
There should be a priv and a command to change creative and damage on a running server per player. |
| 01:57 |
|
Hawk777 joined #minetest |
| 01:58 |
jonadab |
game-based stuff should be configured through minetest.conf mainly, with privs and commands secondarily. |
| 01:59 |
jonadab |
But yes, anything you need to change on a per-player basis obviously should be a priv. |
| 02:00 |
Noclip[m] |
Everything that the user might want to configure while the game is running should be configurable through privs and commands. |
| 02:01 |
Noclip[m] |
jonadab: Privs aren't always enough: You might not want to give a player creative but instead give them access to a command which they can then use to change their mode when ever they like to do so. |
| 02:01 |
jonadab |
Noclip[m]: So you have a command that only works if you have a given priv. |
| 02:01 |
jonadab |
Like /teleport |
| 02:01 |
Noclip[m] |
Exactly |
| 02:02 |
Noclip[m] |
Or you use two privs where on privs allows them to change the other priv. |
| 02:02 |
jonadab |
I suppose. |
| 02:02 |
Noclip[m] |
Or is this not possible? |
| 02:03 |
jonadab |
Probably? |
| 02:03 |
Noclip[m] |
It should at least be possible through a new command but that would kind of defeat the purpose of a second priv. |
| 02:04 |
|
riff-IRC joined #minetest |
| 02:18 |
jonadab |
I mean, make the initial priv allow using a key binding to toggle something, like fly does. |
| 02:20 |
|
detrout joined #minetest |
| 02:20 |
MTDiscord |
<Warr1024> The problem with configuring things in minetest.conf is that there's only one for all worlds, and SP is a thing. General world-specific config would help a lot. |
| 02:20 |
MTDiscord |
<Warr1024> I think there are proposals out there to clean up some config handling stuff like that, but I forget specifics. |
| 02:25 |
Noclip[m] |
Yea, that's another big issue with it. |
| 02:26 |
|
queria joined #minetest |
| 02:26 |
Noclip[m] |
As we don't have world-specific configs yet I'd say mod and game makers should avoid using minetest.conf as much as they can. |
| 02:27 |
Noclip[m] |
Either use commands and privs for configuration or read configs from a file within the world folder. |
| 02:30 |
|
queria joined #minetest |
| 02:31 |
MTDiscord |
<Warr1024> minetest.conf stuff can be okay for play style tweaks, or emergency things that you might only use temporarily, or things only relevant to dedicated servers that pretty much always have their own config. |
| 02:32 |
|
detrout joined #minetest |
| 02:32 |
MTDiscord |
<Warr1024> Other than that, player or mod meta is a good place to store in-game state stuff that doesn't already fit privs. |
| 02:56 |
|
detrout joined #minetest |
| 03:06 |
|
detrout joined #minetest |
| 03:31 |
|
detrout joined #minetest |
| 04:00 |
|
MTDiscord joined #minetest |
| 04:16 |
|
Alias joined #minetest |
| 05:01 |
|
riff-IRC joined #minetest |
| 05:33 |
|
reumeth joined #minetest |
| 06:09 |
|
CWz joined #minetest |
| 06:14 |
|
Flabb joined #minetest |
| 06:47 |
|
riff-IRC joined #minetest |
| 07:57 |
|
frostsnow joined #minetest |
| 08:00 |
|
simon816 joined #minetest |
| 08:01 |
|
specing_ joined #minetest |
| 08:08 |
|
absurb joined #minetest |
| 08:18 |
|
independent56 joined #minetest |
| 08:21 |
|
independent56 joined #minetest |
| 08:27 |
|
independent56 joined #minetest |
| 08:28 |
|
independent56 joined #minetest |
| 08:36 |
erlehmann |
<Noclip[m]> Which group do I need to add a node to so that it can only be destroyed in creative mode but not in survival? |
| 08:36 |
erlehmann |
haha bedrock destruction goes brrrrrr |
| 09:05 |
|
mdk joined #minetest |
| 09:19 |
MinetestBot |
[git] nerzhul -> minetest/minetest: Add debian 11 to Gitlab-CI (#11571) a7188bd https://git.io/JEzUq (2021-08-27T09:19:15Z) |
| 09:45 |
|
Talkless joined #minetest |
| 10:02 |
|
Tusha joined #minetest |
| 10:04 |
|
calcul0n_ joined #minetest |
| 10:11 |
|
independent56 joined #minetest |
| 10:15 |
|
independent56 joined #minetest |
| 10:37 |
|
Tusha joined #minetest |
| 10:38 |
|
independent56 joined #minetest |
| 10:44 |
|
independent56 joined #minetest |
| 10:49 |
|
Guest40 joined #minetest |
| 10:59 |
|
calcul0n__ joined #minetest |
| 11:04 |
independent56 |
Lets say someone SSH'd into my server and did a rm -r ~ as a joke. I was not aware, nor did i permiss this acion. Would this be legal ground for some punishment under the computer misue act? |
| 11:05 |
independent56 |
it is unauthorised access and destroys valuble data |
| 11:06 |
Tusha |
I would say that depending where you live, it could be at least a civil illicit act |
| 11:07 |
independent56 |
I live in the uk, thus my mention of the computer misuse act. What laws does the criminal follow? do they get imprisioned by britishofficers or law or officers of law of their home country or officers of law of the country they're in> |
| 11:07 |
Tusha |
As long as you can give evidence to the authorities and let them investigate the case, and that they want to take it seriously, but as far as I know, getting into other's computer wihout permission usually can be considered a crime |
| 11:08 |
Tusha |
It all depends from where the attack came from |
| 11:08 |
Tusha |
If it is international maybe interpol can act |
| 11:08 |
Tusha |
All depends on how the authorities treat the case though |
| 11:09 |
independent56 |
Is reading my sister's browsing history considered a crime? it facilitates unauthorised access. |
| 11:10 |
Tusha |
Again, I guess it would depend on the country, doesn't the uk has a site with info about those things? I would say it could constitute a privacy attack, if the user didn't had permission to do |
| 11:11 |
Tusha |
to do so*, although it can always be interpreted by a lawyer, like if she left the computer on and logged-in, that could imply a granted permission |
| 11:12 |
independent56 |
it does |
| 11:12 |
Tusha |
But I would consult an expert, all this is comes from police-based series and I doubt it can hold to real-life cases |
| 11:12 |
independent56 |
ha |
| 11:13 |
independent56 |
"it does" refer to the governemnt having a site |
| 11:13 |
Tusha |
I see, I would ask there then, maybe they can guide you |
| 11:13 |
independent56 |
https://www.legislation.gov.uk/ukpga/1990/18/crossheading/computer-misuse-offences |
| 11:13 |
independent56 |
I have a unambiguous text here |
| 11:14 |
Tusha |
All I know about UK law is that they don't let you have strong encryption, which I feel is lame |
| 11:16 |
independent56 |
Citation needed |
| 11:19 |
Tusha |
Indeed, I may have understood it, can't find where I found it, but it seems more like a government intention and not actual law, for what I'm finding so far |
| 11:22 |
Tusha |
https://en.wikipedia.org/wiki/Encryption_ban_proposal_in_the_United_Kingdom |
| 11:24 |
Tusha |
https://techcrunch.com/2021/06/30/uk-tells-messaging-apps-not-to-use-e2e-encryption-for-kids-accounts |
| 11:24 |
Tusha |
Can't find the actual place where I saw that info in the first place, sadly |
| 11:36 |
|
Guest5224 joined #minetest |
| 11:36 |
independent56 |
hmm |
| 11:37 |
independent56 |
it hasn't acted yet. until protonmail stops working,it hasn't |
| 11:37 |
independent56 |
It's a horrible idea, and ideas like thisis why we use democracies. |
| 11:41 |
Tusha |
Indeed |
| 11:41 |
Tusha |
And yeah, reading this: https://www.gp-digital.org/world-map-of-encryption/ I rememered what I read |
| 11:42 |
Tusha |
It is that if you have evidence encripted, and it makes you guilty, you are forced by law to unencrypt it to the authorities |
| 11:43 |
|
longerstaff13 joined #minetest |
| 11:43 |
Tusha |
Maybe I could have phrased it better, but the thing is, you must de-crypt all info if asked by law, even if doing so creates evidence against you |
| 11:43 |
independent56 |
Well, my evidence will be in the form of system logs, so i can see why an attacker would like to remove them. |
| 11:44 |
Guest5224 |
wiki.minetest.net SEC_ERROR_EXPIRED_CERTIFICATE 2021-08-11 |
| 11:44 |
Tusha |
I guess this is why veracrypt has plausible denyability which makes you be able to have dual partitions in the file depending on password given |
| 11:44 |
Tusha |
They got deleted? |
| 11:45 |
Tusha |
There are some linux distros that let you recover files though |
| 11:45 |
independent56 |
Guest5224, yeah cirtificate has been expired for months and nobody has fixed it. |
| 11:45 |
independent56 |
i hope there is software for that, as i use the fringe bodhi linux |
| 11:46 |
independent56 |
And they aren't deleted. they are a tapestry of my server. |
| 11:46 |
Tusha |
Who could fix it? I mean, anyone with admin access to the web server could create a cronjob with a certbot nowdays, even I managed to do that xD... |
| 11:46 |
Guest5224 |
letsencrypt is widely used for this. https://letsencrypt.org/ |
| 11:47 |
sfan5 |
independent56: 2021-08-11 is less than three weeks ago |
| 11:47 |
Tusha |
independent56 Just unmount the drive and mount in read only so it isn't altered and files aren't overwritten |
| 11:47 |
sfan5 |
in any case we're aware on it and a fix is being worked on |
| 11:48 |
independent56 |
sfan5, Feels like months |
| 11:48 |
independent56 |
Tusha, good idea. |
| 11:48 |
independent56 |
I also create daily backups copied to my main computer |
| 11:49 |
Tusha |
Well, you may then just restore the backup and save the hassle of recovering the data, which can be a pita |
| 11:49 |
Tusha |
sfan5 nice to know you are working on it :) |
| 11:50 |
independent56 |
That's what the backups are for. I hope i can get a cut of the fine if they get such a low punishment. |
| 11:51 |
Tusha |
Just keep everything untouched if you plan to ask for compensation, as they may need the evidence |
| 11:52 |
independent56 |
yeah, but how do i serve the evidence? ssh access? |
| 11:52 |
Tusha |
Dang can't find the article that introduced me to ddrescue |
| 11:52 |
independent56 |
entire computer transfer? |
| 11:52 |
Tusha |
Maybe they need physical access to the harddrive |
| 11:52 |
Tusha |
I don't know as I never saw how law operates in those cases |
| 11:53 |
Tusha |
Just common sense kicking-in about having stuff as untampered as possible |
| 11:53 |
independent56 |
ah yeah |
| 11:53 |
Tusha |
So you can't be accused of manipulating it |
| 11:54 |
independent56 |
it would be impossible to login with a removed home directory ( i oncedid that on a vm and it was funny) |
| 11:54 |
sfan5 |
Tusha: well not literally me, I don't host the wiki |
| 11:55 |
Tusha |
independent56, Interesting, never tried that |
| 11:56 |
independent56 |
In actuality, i used the same hardware as the server, but it was a minimal installtion, meant for writing on a usb. So my data was fine, the computer wasn't. Ihad to reinstall bodhi |
| 11:58 |
|
proller joined #minetest |
| 12:00 |
Tusha |
I think there are ways to rebuild the home directory, from adduser I think (or however the command is called) |
| 12:03 |
Tusha |
If you want forensic distros (just searched now) last I used for data recovery was CAINE, although it is a bit bloated, also ParrotOS should help |
| 12:21 |
sfan5 |
By some unscientific log parsing I have determined that most of the Minetest players who use Windows are on Windows 10 20H1 (65%) |
| 12:21 |
sfan5 |
second biggest group is on Windows 7 SP1 (which is EOL), third biggest on Windows 10 19H1 (which is also EOL) |
| 12:22 |
Tusha |
I win (no pun intended) as I'm in 1607 |
| 12:22 |
Tusha |
win10 that is |
| 12:22 |
sfan5 |
that's the 9th largest group |
| 12:27 |
|
independent56 joined #minetest |
| 12:33 |
erlehmann |
independent56 regarding the computer misuse act, you should know that what will be considered a crime by the authorities usually depends on who does it. it is not just about the letter of the law, but about who is inconvenienced. |
| 12:33 |
independent56 |
oh god... what about me? how would i be treated? |
| 12:34 |
erlehmann |
independent56 if a police person does something that *might* be seen as a crime, they are much less likely to be punished than, say, a journalist or some random person not in a position of power. |
| 12:35 |
erlehmann |
independent56 on the contrary, normal people can be punished for stuff that might not even be reasonably considered a crime if they inconvenience the authorities. |
| 12:36 |
|
independent56 joined #minetest |
| 12:38 |
erlehmann |
independent56 for specific legal advice i would always advise you to ask a lawyer. not only are they professionals, usually lawyer-client communication is protected (in theory) by the law as well. |
| 12:39 |
independent56 |
oh |
| 12:39 |
independent56 |
well crap |
| 12:40 |
erlehmann |
only trust your fists, police will never help you! |
| 12:40 |
erlehmann |
(that's a quote from a video game) |
| 12:42 |
erlehmann |
https://nitter.snopyta.org/Foone/status/1002735322948440064#m |
| 12:43 |
erlehmann |
nah, it's not a quote from a video game after all |
| 12:59 |
|
kamdard joined #minetest |
| 13:39 |
MTDiscord |
<MisterE> why does this cause a segfault? |
| 13:39 |
MTDiscord |
<MisterE> -- on_place = function(itemstack, placer, pointed_thing) -- if pointed_thing.type == "node" then -- local pos = pointed_thing.above -- minetest.set_node(pos , {name="mesewars:stone"}) -- local inv = placer:get_inventory() -- inv:remove_item("main", "mesewars:stone") -- end -- end, -- on_dig = function(pos, node, digger) -- local wielded = digger |
| 13:39 |
MTDiscord |
and digger:get_wielded_item() -- local drops = minetest.get_node_drops(node, wielded and wielded:get_name()) -- minetest.handle_node_drops(pos, drops, digger) -- minetest.dig_node(pos) -- end, |
| 13:40 |
MTDiscord |
<MisterE> the on_dig |
| 13:41 |
sfan5 |
doesn't dig_node call on_dig itself? |
| 13:42 |
MTDiscord |
<MisterE> I want to bypass protection |
| 13:42 |
MTDiscord |
<MisterE> I guess I should do that by modifying minetest.is_protected |
| 13:43 |
sfan5 |
uh what |
| 13:43 |
sfan5 |
just call remove_node?! |
| 13:44 |
MTDiscord |
<MisterE> I also want to give the player the node |
| 13:44 |
MTDiscord |
<MisterE> oh, instead of dignode |
| 13:50 |
sfan5 |
on_dig does not get called when protection kicks in |
| 13:50 |
sfan5 |
so your approach is indeed wrong |
| 13:53 |
|
Splyncryth_ joined #minetest |
| 13:54 |
|
Fixer joined #minetest |
| 13:54 |
|
olliy1or joined #minetest |
| 14:03 |
|
Verticen joined #minetest |
| 14:47 |
|
queria joined #minetest |
| 14:56 |
|
Guest71 joined #minetest |
| 14:59 |
|
Extex joined #minetest |
| 15:02 |
Noclip[m] |
independent56: Your IT security shouldn't rely on law enforcement, that's a very dumb strategy to begin with! |
| 15:03 |
independent56 |
Ha, yeah, probably |
| 15:06 |
Noclip[m] |
You probably want to be able to get full root access through SSH so sandboxing isn't really an option here. Make sure that SSH itself is setup in a very secure way. |
| 15:06 |
Noclip[m] |
If possible use only public key login and disable password based login in the SSH config. |
| 15:08 |
|
independent56 joined #minetest |
| 15:09 |
Noclip[m] |
independent56: Those are my default config optimizations for the SSH server:... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/09b0adddca56e9fac88c0b8f5b08f67e8cfccb86) |
| 15:10 |
Noclip[m] |
Make sure that you setup public key authentication before you make those changes otherwise you won't be able to login to your server through ssh anymore! |
| 15:10 |
independent56 |
thanks.... >:-) |
| 15:11 |
|
longerstaff13 joined #minetest |
| 15:11 |
independent56 |
wait why i get error "invalid user"? |
| 15:12 |
|
independent56 joined #minetest |
| 15:12 |
Noclip[m] |
independent56: Also setup a firewall and allow incoming traffic only for those ports where you really need it. (For example the ports for ssh and minetest.) |
| 15:13 |
Noclip[m] |
independent56: "wait why i get error "invalid user"?" |
| 15:13 |
Noclip[m] |
-> Not sure what you did there. |
| 15:14 |
Noclip[m] |
Because of "PermitRootLogin no" you cannot login as root anymore. You will need to first login to another user and then elevate privs from within that user account. |
| 15:15 |
independent56 |
hmm |
| 15:15 |
independent56 |
andwhat i did was joking |
| 15:15 |
independent56 |
(pronounced "joe-king") |
| 15:16 |
|
Guest71 left #minetest |
| 15:17 |
|
Hawk777 joined #minetest |
| 15:18 |
Noclip[m] |
independent56: Also do not run the minetest server with root privs, it really doesn't need them! |
| 15:18 |
independent56 |
i never do |
| 15:18 |
independent56 |
(i never did) |
| 15:19 |
Noclip[m] |
Good! If you want some additional security for the mintest server you should run it either inside a sandbox or a virtual machine. |
| 15:20 |
Noclip[m] |
Unless your server has a lot of unneeded power a virtual machine is probably a bit overkill. |
| 15:20 |
Noclip[m] |
A sandbox on the other hand is less secure but has pretty much no overhead at all so you won't lose any performance. |
| 15:22 |
Noclip[m] |
independent56: For sandboxing you could use firejail, bubblewrap or minijail. |
| 15:22 |
independent56 |
too much effort |
| 15:22 |
independent56 |
for such a weak thing. |
| 15:26 |
Noclip[m] |
independent56: Well if someone finds a zero-day exploit in minetest they might be able to run arbitrary code as the user which started the minetest server. Depending on your security setup they might be able to work their way up to root then. With root they would then have full control over the operating system. |
| 15:26 |
independent56 |
ahrgh! |
| 15:27 |
independent56 |
and that's why backup is so important |
| 15:27 |
Noclip[m] |
It wouldn't surprise me if finding such a zero-day in minetest would be fairly easy. |
| 15:30 |
Noclip[m] |
independent56: Is there any sensitive/private data on your server which could get you in trouble if someone would publish it? |
| 15:31 |
independent56 |
erm... give me some examples to jog my memeory. I certainly do not keep my 0x volumes, exhaustive reruns of my life, showing off my absolute shittiness. |
| 15:31 |
independent56 |
... on the server |
| 15:31 |
Noclip[m] |
Backups do not protect you against data theft! |
| 15:34 |
MinetestBot |
[git] sfan5 -> minetest/minetestmapper: Modernize CMake build script 8b563f4 https://git.io/JEggc (2021-08-27T15:30:42Z) |
| 15:34 |
MinetestBot |
[git] sfan5 -> minetest/minetestmapper: Switch from Travis-CI to Github Actions f26070e https://git.io/JEggW (2021-08-27T14:56:24Z) |
| 15:34 |
Noclip[m] |
independent56: Examples for sensitive data would be for example pictures of yourself or your family, data that can be used to identify you or official documents like your ID, drivers license or certificates. |
| 15:35 |
independent56 |
Oh yeah, that. Darn... i will need to take a minute to think. |
| 15:36 |
Noclip[m] |
Especially those official documents would be a serious threat as they can be used for identity theft! |
| 15:38 |
Noclip[m] |
independent56: You should delete any sensitive data from the server which doesn't need to be there. (Of course you should do that in such a way that it can't be recovered anymore.) |
| 15:38 |
independent56 |
90% sure there is no sensitive information |
| 15:39 |
independent56 |
Not even my name, Vitra is over there |
| 15:40 |
Noclip[m] |
independent56: You should check that just to be sure. If there is really no sensitive data on the server then relying on backups might be okay. |
| 15:41 |
independent56 |
But i might as well put my name on the wiki, for vertification purposes |
| 15:41 |
Noclip[m] |
(Of course you should have backups anyways, you often just need some additional protections.) |
| 15:42 |
Noclip[m] |
independent56: That's your decision. If it's just for verification you could probably use a public key instead. |
| 15:42 |
independent56 |
hmm |
| 15:44 |
Noclip[m] |
As long as you don't lose the private key and keep it secret that should actually be the best verification method available today. |
| 15:44 |
independent56 |
hmm |
| 15:47 |
Noclip[m] |
independent56: public key cryptography seems to be uncrackable without quantum computers from the future. |
| 15:48 |
independent56 |
i mean like on other parts of the web "oh yeah, vitra made an account here, he owns his own wiki" |
| 15:48 |
Noclip[m] |
"he owns his own wiki" lul |
| 15:50 |
Noclip[m] |
independent56: You could make a new account on a platform and then sign a message with your private key to prove that the message is from you. |
| 15:52 |
independent56 |
I might as well make fake personal details |
| 15:52 |
independent56 |
and fake incriminating evidence. |
| 15:52 |
independent56 |
To deter deeper efforts |
| 15:54 |
Noclip[m] |
Unlike public key cryptography those fake details could be faked again by others fairly easy. |
| 15:54 |
Noclip[m] |
And isn't the point of verification that no one can fake it? |
| 15:55 |
independent56 |
meh |
| 16:06 |
Noclip[m] |
I will probably be offline for now, bye. |
| 16:13 |
Hawk777 |
Hmm, the problem with the “verify via signed message” thing is that, if you lose the private key, you can’t verify; if you verify via personal details, you likely still have those. And if you say, well, back up your private key, I say, if you have good backups, you won’t lose the original password that you were trying to recover anyway, because you’ll back up your machine regularly (with your password manager database on |
| 16:13 |
Hawk777 |
and have a way to access those backups later. |
| 16:27 |
|
garywhite joined #minetest |
| 16:27 |
|
garywhite joined #minetest |
| 16:46 |
|
Verticen joined #minetest |
| 17:08 |
Noclip[m] |
Hawk777: Normal passwords are far easier to steal and fake than a private key. |
| 17:08 |
independent56 |
i do. I copy them using SCP to my main every day |
| 17:08 |
independent56 |
It really helps |
| 17:10 |
Hawk777 |
It depends on what your goal is. If you’re talking about using private keys instead of passwords as an everyday login system, great; they are definitely superior in lots of ways (but also useless for most services, since when’s the last time you saw a website that uses a private key to log in? really only useful for SSH and a few other things). If you’re talking about using them as an account recovery mechanism, for when you |
| 17:10 |
Hawk777 |
your normal credentials, that’s what I was talking about—might as well just back up your passwords instead of your private key, and then you won’t lose them in the first place. |
| 17:10 |
Noclip[m] |
Hawk777: And if you use something like a hardware key with fido to store and use your private key then stealing them should be pretty much impossible without also stealing the hardware key as the private key should never leave the hardware key. |
| 17:11 |
Hawk777 |
This is true, if you have one of those, though the question then becomes, what do you do when the hardware breaks? You obviously can’t have backed up the key because the point is that it’s nonexportable. |
| 17:13 |
Tusha |
Using a disposable usb extension could help with that, saving wearing from the hardware key |
| 17:13 |
Hawk777 |
Also, while avoiding credential theft is a nice property, it would be a good idea not to rely on it too much. After all, if I want to gain long-term access to your server (for example), I don’t have to steal your SSH private key. Assuming I’ve already broken into your desktop but I can’t access your private key (i.e. the security perimeter that the hardware key provides), I just wait until you SSH into your server, create a s |
| 17:13 |
Hawk777 |
d terminal session in the existing SSH connection, and use it to add my own key to your authorized_keys file. How often do you check that for extra lines being mysteriously added to it? |
| 17:14 |
Noclip[m] |
Hawk777: When I came up with public key cryptography I actually wasn't talking about website logins at all. I was talking about a method to prove your identity to other humans and not to a server. For server logins you have to rely of course on what the server offers you as login options. |
| 17:14 |
Hawk777 |
Oh yeah, it’s fine there. |
| 17:15 |
Hawk777 |
Tusha: Helps with some problems, but doesn’t really help if a lightning bolt comes through the USB cable and into the key, or if you drop it down a sewer grate, or if you get hit by a car and it’s in your pocket and gets crushed, or whatever. I’m still uncomfortable with critical things that can’t be backed up at all. |
| 17:16 |
Tusha |
Yeah non-predictable damage is still something to worry about Hawk777 |
| 17:17 |
Hawk777 |
Sadly, like everything, we can’t have our cake and eat it too. Either you make it really secure but vulnerable to loss, or you make it very redundantly backed up but easier to steal. |
| 17:17 |
Tusha |
The further thing I saw about backups was converting bineries to base64 and generate high failsafe qr codes and print them to backup the data |
| 17:17 |
Tusha |
binaries* |
| 17:19 |
Noclip[m] |
If for example I would have a Twitter account, Twitter would get hacked and someone would take over my account they could post messages with my account but they cannot sign them with my private key and thus can't prove that they are me. In the same scenario I could just create a new Twitter account, post a message which says that my account got taken over and sign it with my key to prove my identity. |
| 17:20 |
Hawk777 |
Yep. Which solves the problem for whatever percentage of your followers actually downloaded your public key and know how to use it to verify the message. I think that’s the sort of thing that keybase.io automates a bit, isn’t it? Posting signed attestations of mappings between keys and various online accounts? |
| 17:20 |
Noclip[m] |
Hawk777: I don't know that much about those hardware keys. Is there really no way to back them up? |
| 17:21 |
|
independent56 joined #minetest |
| 17:21 |
Hawk777 |
I don’t either; I don’t own one. I think some of them might have an “export PIN” or something that you can enter to export the key, and another PIN that you can enter to use the key without exporting it, but I’m not sure. And some might not allow exporting at all, or have the option to generate non-exportable keys. |
| 17:21 |
detrout |
Noclip[m], backing them up is considered a security vulnerability, the recommendation for backup is either have a couple of them or some other method to authenticate |
| 17:24 |
Noclip[m] |
detrout: So you generate the private key on a normal computer which is considered secure and then import it into all your hardware keys? |
| 17:24 |
detrout |
I think you can do that, though you can also generate private keys on the token itself |
| 17:24 |
|
proller joined #minetest |
| 17:25 |
Noclip[m] |
Hawk777: Isn't keybase just a alternative to Signal? Iirc Keybase uses proprietary server software. That's not really a security concern but not very nice either. |
| 17:26 |
detrout |
I thought keybase is a different product, it was trying to help connect identities to keys |
| 17:26 |
Noclip[m] |
detrout: Which you then cannot export and thus can't copy into other hardware keys, right? |
| 17:26 |
Hawk777 |
Maybe I’m thinking of something else, but I thought Keybase was (at least when it was first launched) a tool for automating things like posting a GPG-signed message on Twitter, Facebook, or whatever else, and verifying said messages from other people, to bind identities to keys. |
| 17:26 |
detrout |
signal was an IM system that had very convienent to use crypto setup. |
| 17:27 |
Noclip[m] |
detrout: Mhh, on their website it just says "End-to-end encryption for things that matter. Keybase is secure messaging and file-sharing." |
| 17:27 |
detrout |
huh apparently keybase branched out? https://keybase.io/ |
| 17:28 |
detrout |
wow they switched a long time ago |
| 17:29 |
detrout |
This is the keybase I'm remembering https://web.archive.org/web/20150209180753/https://keybase.io/ |
| 17:29 |
detrout |
but they had pivoted to messaging by 2018 |
| 17:29 |
Noclip[m] |
Interesting |
| 17:29 |
detrout |
and i don't care enough to trawl through archive.org to see when they changed |
| 17:34 |
celeron55_ |
interesting |
| 17:35 |
celeron55_ |
keybase has a blog that goes back man years, you can see what happened there https://keybase.io/blog |
| 17:35 |
celeron55_ |
many years* |
| 17:37 |
celeron55_ |
https://keybase.io/blog/keybase-chat |
| 17:37 |
celeron55_ |
this is where the chat was introduced |
| 17:37 |
celeron55_ |
that's 2017 |
| 17:40 |
celeron55_ |
i think their goal became "crypto for everyone" quite early and then they decided there's no other way forward than a messaging platform |
| 17:41 |
celeron55_ |
which makes sense |
| 17:42 |
celeron55_ |
messaging is the main use of crypto, and no existing messaging platform is going to take in your technology no matter how nice you make it |
| 17:42 |
celeron55_ |
especially if you have a business to run |
| 17:43 |
celeron55_ |
but then https://keybase.io/blog/keybase-joins-zoom |
| 17:44 |
celeron55_ |
zoom bought the entire thing, and i don't think any original user of keybase wants to use anything published by zoom |
| 17:44 |
detrout |
Eh... anyone sufficiently paranoid wasn't going to use keybase in the firstplace |
| 17:45 |
celeron55_ |
it was an interesting concept |
| 17:46 |
celeron55_ |
sadly zoom isn't going to use any of it, they just want keybase's capable team to work on their existing problems |
| 17:49 |
|
proller joined #minetest |
| 17:49 |
|
independent56 joined #minetest |
| 17:54 |
rubenwardy |
Keybase dev also died after zoom bought them |
| 17:54 |
rubenwardy |
Like, activity dropped right off |
| 17:57 |
|
delta23 joined #minetest |
| 18:03 |
celeron55_ |
obviously |
| 18:23 |
MinetestBot |
[git] Treer -> minetest/minetest: Add group-based tool filtering for node drops (#10141) 149d8fc https://git.io/JEgAS (2021-08-27T18:23:20Z) |
| 18:23 |
MinetestBot |
[git] Kalabasa -> minetest/minetest: Optimize vector length calculations (#11549) d36dca3 https://git.io/JEgA9 (2021-08-27T18:22:35Z) |
| 18:26 |
MinetestBot |
[git] NeroBurner -> minetest/minetest: Joystick sensitivity for player movement (#11262) 1d69a23 https://git.io/JEgxt (2021-08-27T18:24:24Z) |
| 18:45 |
|
Elzington_ joined #minetest |
| 18:55 |
MinetestBot |
[git] sfan5 -> minetest/minetestmapper: Add simple functional test to CI 5c435f6 https://git.io/JEgjb (2021-08-27T18:53:16Z) |
| 19:02 |
|
independent56 joined #minetest |
| 19:04 |
|
independent56 joined #minetest |
| 19:07 |
independent56 |
Are there times where you become at one with your computer, and end up waching time slip through your hands? |
| 19:08 |
MTDiscord |
<Noodlemire> Yes |
| 19:08 |
MTDiscord |
<Noodlemire> Usually when coding. |
| 19:12 |
independent56 |
I do it all the time, and then i stand up and i am all wibbly wobbly ebcause i spent 2 straight hours on the compuer |
| 19:13 |
MTDiscord |
<Noodlemire> Only 2? |
| 19:13 |
independent56 |
ha, soemtimes more |
| 19:13 |
independent56 |
At night i get too tired, so i end up looking at the clock again and again 1;45... 1:55... 2:05 |
| 19:14 |
Extex |
I'm using the one-line compiler |
| 19:14 |
Extex |
https://forum.minetest.net/viewtopic.php?f=42&t=26509 |
| 19:17 |
|
Extex joined #minetest |
| 19:19 |
Extex |
But when MT starts compiling it stops and says that IrrlichtMT isn't installed |
| 19:19 |
Extex |
"Irrlicht Mt is required to build the client, but it was not found." |
| 19:24 |
celeron55_ |
that guide is definitely outdated for the latest development version |
| 19:24 |
celeron55_ |
you'll need to take a look at the official readmes |
| 19:43 |
|
manjaro-user joined #minetest |
| 19:47 |
rubenwardy |
https://github.blog/2021-08-27-30-free-and-open-source-linux-games-part-3/ |
| 19:49 |
sfan5 |
neat |
| 19:55 |
specing |
Excellent, Microsoft Minetest |
| 19:55 |
celeron55_ |
wait do all of the games mentioned in that series of posts have their code on github |
| 19:55 |
specing |
Isn't that the point of a github blog post? |
| 19:56 |
celeron55_ |
well, not necessarily, but looks like it |
| 19:57 |
|
specing_ joined #minetest |
| 19:57 |
detrout |
that's a pretty good list of most of the best open source games |
| 20:01 |
celeron55_ |
what is interesting is that basically microsoft (under the name github) links to minetest and recommends it, while they have a commercial proprietary product to sell |
| 20:02 |
celeron55_ |
i mean, competing product |
| 20:02 |
MTDiscord |
<Warr1024> it's free advertising |
| 20:03 |
celeron55_ |
i don't think they have competing commercial products for any of the other games mentioned in that blog series unless you count games distributed in their app stores |
| 20:03 |
|
Elzington joined #minetest |
| 20:03 |
MTDiscord |
<Warr1024> people playing something that's basically perceived as "knock-off Minecraft" are people thinking about playing games a lot like Minecraft, such as, say, Minecraft. |
| 20:03 |
MTDiscord |
<GreenXenith> Minecraft isnt a competing product |
| 20:03 |
MTDiscord |
<GreenXenith> Theres no competition |
| 20:04 |
MTDiscord |
<Warr1024> heh, that's kinda true on a couple levels |
| 20:04 |
MTDiscord |
<GreenXenith> Yeah, and I meant it on a couple levels |
| 20:04 |
MTDiscord |
<GreenXenith> Two separate applications intended for separate purposes |
| 20:05 |
MTDiscord |
<GreenXenith> They just both happen to like blocks |
| 20:06 |
celeron55_ |
well in the eyes of the general public, it kind of is |
| 20:07 |
MTDiscord |
<GreenXenith> While that may be true, GitHub/Microsoft and its employees are not the general public |
| 20:07 |
MTDiscord |
<GreenXenith> Besides, some Minecraft devs have (and might still) played Minetest. If they understand the difference, who cares what everyone else thinks |
| 20:12 |
celeron55_ |
i can see it's the brand that's most valuable. it wouldn't even matter if minetest became very popular among technically minded people and was developed to some kind of killer product - if that happened, microsoft would literally just start distributing minetest re-branded as minecraft |
| 20:12 |
celeron55_ |
in reality, of course, not going to happen |
| 20:14 |
celeron55_ |
not that anyone a decade or two ago would have believed some of the stuff microsoft is doing these days |
| 20:14 |
detrout |
(Also never assume that large companies have consistent positions, there are always scores of different people or factions who can be in various levels of conflict) |
| 20:27 |
|
proller joined #minetest |
| 20:36 |
|
independent56 joined #minetest |
| 20:38 |
|
independent56 joined #minetest |
| 20:50 |
|
independent56 joined #minetest |
| 20:55 |
|
independent56 joined #minetest |
| 20:56 |
|
independent56 joined #minetest |
| 21:00 |
|
independent56 joined #minetest |
| 21:18 |
|
proller joined #minetest |
| 21:36 |
|
YuGiOhJCJ joined #minetest |
| 21:41 |
|
Talkless joined #minetest |
| 21:42 |
mazes_81 |
yes jonadab thumbs up, I'm interested in this new feature |
| 21:44 |
|
proller joined #minetest |
| 22:10 |
|
olliy joined #minetest |
| 22:17 |
|
independent56 joined #minetest |
| 22:34 |
|
z812 joined #minetest |
| 22:42 |
|
Verticen joined #minetest |
| 23:13 |
|
independent56 joined #minetest |
| 23:30 |
|
proller joined #minetest |
| 23:58 |
|
independent56 joined #minetest |
| 23:59 |
|
independent56 joined #minetest |
