| Time |
Nick |
Message |
| 00:08 |
|
Verticen joined #minetest |
| 00:35 |
|
proller joined #minetest |
| 01:29 |
|
delta23 joined #minetest |
| 01:33 |
|
Hawk777 joined #minetest |
| 02:07 |
|
olliy joined #minetest |
| 02:15 |
|
hendursaga joined #minetest |
| 02:29 |
|
queria joined #minetest |
| 02:33 |
|
queria joined #minetest |
| 02:41 |
|
Sven_vB_ joined #minetest |
| 03:35 |
|
kamdard joined #minetest |
| 03:37 |
|
hendursaga joined #minetest |
| 04:00 |
|
MTDiscord joined #minetest |
| 04:01 |
|
specing_ joined #minetest |
| 04:15 |
|
ssieb joined #minetest |
| 05:01 |
|
riff-IRC joined #minetest |
| 05:09 |
|
hendursaga joined #minetest |
| 05:43 |
|
asdflkj_sh joined #minetest |
| 05:58 |
|
TomTom joined #minetest |
| 06:04 |
|
CWz_ joined #minetest |
| 07:23 |
|
hlqkj joined #minetest |
| 07:28 |
|
bingfengzs joined #minetest |
| 07:51 |
|
delta23 joined #minetest |
| 08:05 |
|
hendursa1 joined #minetest |
| 08:06 |
|
absurb joined #minetest |
| 08:11 |
|
hlqkj_ joined #minetest |
| 08:17 |
|
hlqkj_ joined #minetest |
| 08:24 |
|
HiliganFootFoot joined #minetest |
| 08:41 |
|
CWz_ joined #minetest |
| 09:13 |
|
hlqkj joined #minetest |
| 09:57 |
BuckarooBanzai |
sfan5: when you have some spare time can you update the "worldedit" mod on the contentdb (https://content.minetest.net/packages/sfan5/worldedit/) or give me the go-ahead and i'll do it for you :) |
| 09:58 |
BuckarooBanzai |
latest master doesn't error out if you don't have a inv-mod installed |
| 10:04 |
sfan5 |
BuckarooBanzai: done |
| 10:38 |
|
GNUHacker joined #minetest |
| 10:45 |
BuckarooBanzai |
Thanks ;) |
| 11:16 |
|
queria^afk joined #minetest |
| 11:35 |
|
calcul0n joined #minetest |
| 12:08 |
|
basxto joined #minetest |
| 12:11 |
|
GNUHacker joined #minetest |
| 12:12 |
MTDiscord |
<SX> "package managers packaging mods is weird though" Is there possibly examples of games or other software where core is released as package but software uses its own package format and repository? I can't recall any similar to minetest right now but if you can it could be good to provide few examples for that debian guy. Keeping engine release package up to date would be more useful. |
| 12:13 |
erlehmann |
SX which bug are you referring to? |
| 12:13 |
erlehmann |
> examples of games or other software where core is released as package but software uses its own package format and repository? |
| 12:14 |
erlehmann |
openttd, and it sucked until openttd-opengfx, openttd-openmsx, openttd-opensfx were packaged |
| 12:14 |
erlehmann |
battle for wesnoth, and it sucked when you wanted to install campaigns for all users |
| 12:14 |
MTDiscord |
<SX> Only reason I could see to use packages would be to allow easy global installs. erlehmann, referring to short discussion between sfan5/rubenwardy (yesterday). |
| 12:16 |
erlehmann |
well, there is also the issue that contentdb is full of fun stuff that is *always* the newest version |
| 12:16 |
erlehmann |
when a distribution delivers minetest engine + mod packages, it basically should make sure they match |
| 12:18 |
erlehmann |
and with some mod devs only workig on bleeding edge engine stuff and the engine devs aggressively deleting/refactoring stuff, i bet distributions will want to be more conservative, not less |
| 12:19 |
MTDiscord |
<SX> Yeah, problem with packaging games (and some other larger software) like that is mostly with rapid upgrades at upstream and users trying to find ways to upgrade ultimately breaking their package managers :p |
| 12:20 |
erlehmann |
rapid upgrades at upstream are not a problem until you have a hostile upstream |
| 12:20 |
erlehmann |
hostile, as in, breaking stuff in minor revisions (instead of being honest about it) |
| 12:20 |
MTDiscord |
<SX> It does increase workload if you're trying to assure too much. |
| 12:20 |
MTDiscord |
<Sublayer plank> I hate domain specific package managers |
| 12:21 |
erlehmann |
i hate it too if everything under the sun wants its own package management. windows and OS X have it and it is a nuisance. |
| 12:21 |
erlehmann |
also that way all users have to upgrade separately. |
| 12:22 |
MTDiscord |
<SX> Seen many attempts fail because of that workload, simply not enough free time. That's why IMO ContentDB should be used as much as possible. Still packaging would be useful for few use cases but probably way less than "regular" gamers for minetest. |
| 12:23 |
erlehmann |
the thing is, the distro usually do all the work |
| 12:23 |
MTDiscord |
<SX> I mean mod packaging as distribution / version specific packages. ContentDB already knows what should be compatible. |
| 12:23 |
erlehmann |
like they apply patches if upstream is being stupid |
| 12:23 |
MTDiscord |
<Sublayer plank> I have all of my minetest games installed as system packages |
| 12:23 |
MTDiscord |
<Sublayer plank> I'd do the same with mods but it'd take too much work and they're more intertwined |
| 12:23 |
MTDiscord |
<SX> Yeah, there's that. But that's why core engine should have distribution specific package, but mods should not. |
| 12:24 |
rubenwardy |
erlehmann: ContentDB only installs versions of packages that support the engine version |
| 12:24 |
erlehmann |
SX contentdb packages are not even cryptographically signed |
| 12:24 |
rubenwardy |
so only supporting bleeding edge enging is fine |
| 12:24 |
rubenwardy |
erlehmann: HTTPS |
| 12:24 |
rubenwardy |
mod env is also sandboxed |
| 12:25 |
rubenwardy |
Signing is used with apt to support multiple mirrors, which isn't something that we aim to support |
| 12:25 |
erlehmann |
rubenwardy i live in a country (germany) where the gov can legally distribute malware |
| 12:25 |
rubenwardy |
mod downloads tend to be small |
| 12:25 |
erlehmann |
https does not protect against that |
| 12:25 |
rubenwardy |
it does |
| 12:25 |
rubenwardy |
it's impossible for them to hijack ContentDB unless you trust their CA |
| 12:25 |
rubenwardy |
in which case, you have bigger issues |
| 12:26 |
MTDiscord |
<Sublayer plank> if the german government were to send you malware by MITMing CDB, wouldn't it give a certificate error? unless they somehow obtain a valid certificate |
| 12:26 |
erlehmann |
i didn't say MITM |
| 12:26 |
MTDiscord |
<SX> erlehmann: if gov did already install custom root certs to your machines then I don't think anything can save you... |
| 12:27 |
erlehmann |
look, i once found a break-in in a server that distributed software, https did not save anyone from downloading it. |
| 12:27 |
erlehmann |
(and it was not government, obv) |
| 12:27 |
erlehmann |
but verifying signatures would have helped |
| 12:27 |
erlehmann |
it was years ago |
| 12:27 |
erlehmann |
nowadays i do, for example, gpg sign my commits |
| 12:28 |
rubenwardy |
it's massively overkill |
| 12:28 |
MTDiscord |
<SX> exactly same happens when someone steals package signing keys |
| 12:28 |
MTDiscord |
<Sublayer plank> well if the centralized server gets hacked, any hackers worth their salt would have changed the signatures to match the malicious software |
| 12:28 |
rubenwardy |
also, I wouldn't trust modders to safely store a key |
| 12:28 |
MTDiscord |
<Sublayer plank> keep in mind we're not talking about binary packages, but packages where you can easily read the source code it contains |
| 12:28 |
erlehmann |
rubenwardy that is why distributions do it. you don't need to put in much work. |
| 12:29 |
erlehmann |
in fact, i think they prefer if you don't try to interfere |
| 12:29 |
rubenwardy |
in which case, the distributions have an important key and you have the same issue |
| 12:29 |
erlehmann |
true, but more likely that they get it right than any random game ;) |
| 12:29 |
rubenwardy |
in that a hacker can gain access to the server |
| 12:30 |
erlehmann |
yeah but access to the download server doesn't get you anything |
| 12:30 |
|
proller joined #minetest |
| 12:30 |
rubenwardy |
I don't trust distributions to handle mods properly, they'll be super outdated and probably missing dependencies |
| 12:30 |
erlehmann |
you have to have the signature, the debian devs use nitrokey or yubikey USB HSMs i think? |
| 12:30 |
rubenwardy |
and also only support a subset of mods |
| 12:30 |
erlehmann |
well i happen to have worked on mods i want in distributions |
| 12:31 |
erlehmann |
and honestly, i think you can't really do something against them packaging it, can you? |
| 12:31 |
rubenwardy |
I can't, but I can say that it's dumb |
| 12:32 |
MTDiscord |
<SX> Thing is, engine would be signed package and executes mods in sandbox environment. There main security of course comes by assuming that sandbox is fine and core package is checked well enough. |
| 12:32 |
rubenwardy |
do they have browser plugins packages as well? |
| 12:32 |
erlehmann |
yes and with browser plugins it is really important |
| 12:32 |
MTDiscord |
<Jonathon> Linux distro serving mods and games is stupid, we already have problems with distro keeping mte up to date |
| 12:32 |
MTDiscord |
<Sublayer plank> there are firefox extensions packaged in arch |
| 12:32 |
erlehmann |
rubenwardy, chrome browser plugins often get taken over (bought out) and malware gets added |
| 12:32 |
erlehmann |
a coworker researched that topic a few years ago |
| 12:33 |
erlehmann |
basically when an extension gets bought, it is often that the new owner adds a “load this code from this random host and use the existing permissions to do … somethinng” |
| 12:33 |
rubenwardy |
you're not allowed to do that |
| 12:33 |
erlehmann |
so with browser plugins/extensions it is *really* important |
| 12:33 |
rubenwardy |
both Chrome and Firefox ban running code from remote hosts |
| 12:34 |
erlehmann |
well, as i understand it firefox does actual reviews |
| 12:34 |
erlehmann |
but the chrome team only removes that shit when you point it out |
| 12:34 |
erlehmann |
but i may be wrong, my info is years outdated |
| 12:34 |
rubenwardy |
distro packaging of extensions only helps if you review the updates, and this will inevitably result in extensions becoming outdated |
| 12:34 |
erlehmann |
regardless, that can *not* happen with distro extensions |
| 12:35 |
MTDiscord |
<Sublayer plank> for the "the great suspender" extension which was bought out and embedded with malware, google ended up taking it down several months after the malicious update was uploaded |
| 12:35 |
erlehmann |
yeah lol |
| 12:35 |
erlehmann |
and meanwhile those extensions have permissions like “inject arbitrary code on all sites” |
| 12:37 |
erlehmann |
rubenwardy “engine content will be outdated” is only a concern for devs that can't do backwards compatibility and minetest has been reasonably good on that so far. renpy for example though changes so much that games basically come with 1 version of renply in the download and then bitrot. |
| 12:38 |
rubenwardy |
it's a concern for users too, especially on a platform like arch |
| 12:38 |
erlehmann |
rubenwardy openttd also is so good on backwards compatibility that ms dos mods run on it. nothing gets deprecated bc ppl know that no one will upgrade the existing content. |
| 12:39 |
erlehmann |
what does arch have to do with this? |
| 12:39 |
MTDiscord |
<Sublayer plank> I mentioned it packaging firefox extensions |
| 12:40 |
erlehmann |
yeah debian does that too |
| 12:40 |
erlehmann |
and tbh i'd not use password manager extension if it can be bought at any time lol |
| 12:40 |
erlehmann |
(flamebait before i go make food: arch breaks all the time, isn't that the unique selling proposition?) |
| 12:41 |
MTDiscord |
<Sublayer plank> grr |
| 12:50 |
|
kamdard joined #minetest |
| 13:07 |
|
erle joined #minetest |
| 13:18 |
|
hendursa1 joined #minetest |
| 13:35 |
|
Flabb joined #minetest |
| 14:18 |
|
Fixer joined #minetest |
| 14:47 |
|
proller joined #minetest |
| 14:49 |
|
koowgnojeel joined #minetest |
| 14:51 |
koowgnojeel |
Mafdet :3 |
| 14:51 |
|
koowgnojeel left #minetest |
| 15:07 |
|
Toothless66 joined #minetest |
| 15:15 |
|
Verticen joined #minetest |
| 15:46 |
|
Thomas-S joined #minetest |
| 15:46 |
|
Thomas-S joined #minetest |
| 15:51 |
|
Extex joined #minetest |
| 15:59 |
|
CWz_ joined #minetest |
| 16:01 |
|
player1234 joined #minetest |
| 16:08 |
|
delta23 joined #minetest |
| 16:23 |
|
hlqkj joined #minetest |
| 16:26 |
|
wolfshappen joined #minetest |
| 16:42 |
|
wolfshappen joined #minetest |
| 16:51 |
|
proller joined #minetest |
| 17:00 |
|
Talkless joined #minetest |
| 17:05 |
|
specing joined #minetest |
| 17:06 |
|
kamdard_ joined #minetest |
| 17:07 |
|
kamdard_ joined #minetest |
| 17:10 |
|
player1234 joined #minetest |
| 17:18 |
|
player1234 left #minetest |
| 17:53 |
|
hendursaga joined #minetest |
| 17:53 |
|
delta23 joined #minetest |
| 17:58 |
MTDiscord |
<luatic> sfan5: Any opinion on pay-to-win scam servers on the serverlist? |
| 18:02 |
|
specing joined #minetest |
| 18:07 |
sfan5 |
those exist? |
| 18:08 |
sfan5 |
and you'll have to define what "scam" is, pay2win != scam |
| 18:11 |
MTDiscord |
<luatic> See https://media.discordapp.net/attachments/369123275877384192/903287519674773585/Screenshot_2021-10-28_16-21-04.png |
| 18:12 |
MTDiscord |
<luatic> The "scam" part is that it claims to be "for FREE" while it clearly isn't: Mining cryptocurrency costs computational power, which equals real world money. |
| 18:13 |
MTDiscord |
<luatic> Luckily, it seems nobody fell for it yet - according to the stats on the linked website, nobody is mining that cryptocurrency. |
| 18:41 |
|
appguru joined #minetest |
| 18:56 |
|
ROllerozxa joined #minetest |
| 18:57 |
|
garywhite joined #minetest |
| 18:57 |
|
garywhite joined #minetest |
| 19:04 |
|
ROllerozxa joined #minetest |
| 19:06 |
|
proller joined #minetest |
| 19:08 |
|
ROllerozxa joined #minetest |
| 19:12 |
|
proller joined #minetest |
| 19:16 |
sfan5 |
eh well if that's what they want to do |
| 19:17 |
Krock |
bitcoin mining CSM when? |
| 19:20 |
Chpy0 |
wen rug ser |
| 19:57 |
|
ssieb joined #minetest |
| 20:05 |
|
sy joined #minetest |
| 20:13 |
|
hlqkj joined #minetest |
| 21:26 |
|
Sven_vB joined #minetest |
| 22:00 |
|
Sven_vB joined #minetest |
| 22:34 |
|
jess joined #minetest |
| 22:35 |
|
not_here joined #minetest |
| 22:38 |
|
AristotIe joined #minetest |
| 23:06 |
|
jess left #minetest |
| 23:06 |
|
AliasAlreadyTake joined #minetest |
| 23:40 |
|
Extex joined #minetest |
