Minetest logo

IRC log for #minetest, 2021-11-24

| Channels | #minetest index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:30 kamdard joined #minetest
00:36 AliasAlreadyTake joined #minetest
00:56 grouinos joined #minetest
00:58 LazyJ joined #minetest
01:02 LazyJ Question about the mapfix mod's settings syntax -- there is no indication whether to use a space or "=" between the first part of the statement and the integer. Which example is correct: "mapfix_default_size 32" or "mapfix_default_size = 32"?
01:15 MTDiscord <Jonathon> The latter
01:16 MTDiscord <Jonathon> And it gets it from minetest.conf via minetest.settings, so its actually minetests setting syntax
01:19 LazyJ Jonathon, thanks. ;)
01:22 MTDiscord <Jonathon> if thats wrong it would be rather awkward as i wrote that
01:27 LazyJ It would help if modders would include example versions of the settings, verbatim.
01:27 LazyJ But I don't think they would understand why the extra work would be useful.
01:28 LazyJ When you are steeped in a project it is easy to forget or be oblivious to things that other's not as involved would need or not know intuitively.
01:30 MTDiscord <Jonathon> what is settingtypes.txt
01:30 MTDiscord <Jonathon> if it has that file, a modder has done there job
01:31 MTDiscord <Jonathon> your question was a how are settings in minetest.conf formatted question
01:31 LazyJ It has a settingtypes.txt but the operator to use is not specified. In the past there have been settings that use comma separated values, spaces, operators, sums, and individual integers.
01:33 MTDiscord <Jonathon> again >your question was a how are settings in minetest.conf formatted question
01:33 LazyJ My confusion comes from previous years where Minetest's setting info and mod info where quiet messy.
01:34 LazyJ I'm sorry for not forming the question precisely enough. I won't bother with it again. Thanks.
01:34 MTDiscord <Jonathon> thats fine, but its not really a modders thing to include even tho some do https://github.com/wsor4035/liquid_restriction#setup
01:34 MTDiscord <Jonathon> np
01:50 behalebabo joined #minetest
01:51 GNUHacker joined #minetest
02:07 Hawk777 joined #minetest
02:10 GNUHacker joined #minetest
02:49 Verticen joined #minetest
03:09 Verticen joined #minetest
03:14 Sven_vB joined #minetest
03:28 queria^clone joined #minetest
03:33 queria^clone joined #minetest
04:05 Wikiwide joined #minetest
04:24 erlehmann joined #minetest
04:32 grouinos joined #minetest
04:48 erlehmann joined #minetest
05:00 MTDiscord joined #minetest
05:22 rogerm[m] joined #minetest
05:34 reumeth joined #minetest
05:52 Verticen joined #minetest
06:01 riff-IRC joined #minetest
08:07 erstazi joined #minetest
08:17 CWz joined #minetest
08:50 olliy joined #minetest
09:11 calcul0n joined #minetest
09:14 specing_ joined #minetest
09:17 Sven_vB joined #minetest
09:29 GNUHacker joined #minetest
09:54 Wikiwide_ joined #minetest
09:55 plainoldcheese joined #minetest
10:13 Fixer joined #minetest
10:13 absurb joined #minetest
11:01 Sven_vB joined #minetest
11:20 Guest35 joined #minetest
11:21 Guest35 rubenwardy: Your contentdb api is not good: "Access to fetch at 'https://content.minetest.net/api/whoami/' from origin 'http://localhost' has been blocked by CORS policy (...)"
11:22 Guest35 please fix that!
11:24 Guest35 (...) = "No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."
11:42 jvalleroy joined #minetest
11:56 definitelya joined #minetest
12:26 MiniontobyPI joined #minetest
12:33 Fixer joined #minetest
12:38 proller joined #minetest
12:46 MTDiscord <Warr1024> I'm pretty sure CORS should not just be disabled without considering the consequences, like whether it could make CDB vulnerable to a CSRF attack against logged-in users or something.
12:50 rubenwardy I would only apply it the API
12:50 rubenwardy and only API endpoints that don't except cookie auth
12:56 MTDiscord <Warr1024> Every article I have read about CORS only explains how to open it up, and the only explanation they give for why it's closed by default is "security reasons" but they say neither whose security nor from what.
13:07 rubenwardy maybe I could only allow read APIs through CORS to begin with
13:08 rubenwardy eh
13:08 MTDiscord <SX> CORS is more about client security than server security, client is doing something it probably should not if it triggers, it can guard against multiple things like certain XSS scams
13:09 MTDiscord <SX> It is request from server for client to protect itself
13:10 MTDiscord <SX> Most sane web browsers will follow advice of server and protect themselves.
13:20 MTDiscord <Warr1024> If it were to protect the client then it doesn't make sense for a server to be the one that makes the override decision.  If it was that nonsensically designed then no wonder everyone keeps turning it off.
13:23 olliy1or joined #minetest
13:25 MTDiscord <SX> There is command line switches or configuration for web browsers to disable CORS security...
13:31 MiniontobyPI but how
13:31 MiniontobyPI if i use no-cors mode, then my thing not works....
13:31 delta23 joined #minetest
13:32 MiniontobyPI maybe only allow the api urls or some kind of auth code (there is something with cors and authentictaion)
13:34 olliy joined #minetest
13:35 GNUHacker joined #minetest
13:38 MTDiscord <SX> see debug log and check if it blocks requests anyway because of another client side security policy like https://en.wikipedia.org/wiki/Same-origin_policy
13:39 MTDiscord <SX> CORS is simply extension of same-origin policy allowing origins that server reported as trusted
13:40 MTDiscord <SX> Web browser then trusts that server knows those origin domains are safe to use while using their site
13:41 MTDiscord <SX> And therefore web browser will not block requests to those domains.
13:42 MiniontobyPI I can run my browser for now in no-cors mode, but i dont rellay like that... And i cannot do it with shell code, but that worked...
13:43 MiniontobyPI Yeah, I am for now going to add a bit of code to my extension which is going to add aceess allow *
13:43 MTDiscord <SX> And you should not do that unless you just want shortcut to test some application you trust without being able to have proper configuration right now
13:47 olliy1or joined #minetest
13:49 MiniontobyPI shortcuts wont work
13:49 Elzington joined #minetest
13:53 MTDiscord <SX> What are you actually trying to do?
14:09 MiniontobyPI I am trying to allow cors
14:22 TempestMancer joined #minetest
14:29 reumeth joined #minetest
14:30 TempestMancer joined #minetest
14:50 Conradish006 joined #minetest
15:02 MTDiscord <SX> Server allows CORS not you, CORS is basically list of domains that server reports as trusted so that web browser knows if it is safe or not to make request with current open site context.
15:03 MiniontobyPI yeah
15:03 MiniontobyPI I am trying to edit the request when heeaders got received
15:04 MiniontobyPI but no luck
15:04 MiniontobyPI 405 errors
15:05 MTDiscord <SX> But there's several ways to get around that restriction (with proper limitations), I think JSONP is most used method by site front ends but as you're it sounds just trying to avoid it without revealing exact use case then just make your program to not follow same-origin policy and implement your own security policy that is sufficient for you (like no user input for URLs or static URL validation)
15:08 MTDiscord <Warr1024> Sometimes the easiest workaround is just to proxy the remote back-end through a local back-end.
15:11 est31 joined #minetest
15:15 MiniontobyPI ¨Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.¨
15:16 MiniontobyPI but yeah
15:19 MiniontobyPI WHy am I not able to talk on the discord server
15:21 MTDiscord <Jonathon> someone obviously didnt read the rules
15:22 MiniontobyPI I read rules
15:22 MTDiscord <Jonathon> well, didnt read #rules-info
15:22 MiniontobyPI oh i see
15:22 MiniontobyPI You must be Lurker rank or higher to: Chat in IRC channels.
15:23 MTDiscord <Jonathon> people reading the rules? impossible
15:23 MiniontobyPI hmmmm
15:23 MiniontobyPI I am going to stay at irc
15:23 MiniontobyPI F to discord
15:23 MTDiscord <SX> "I am trying to edit the request when heeaders got received", it sounds that you do not yet completely understand that CORS is client side blocking. You program where you send requests is blocking requests, to be clear your computer is not allowing you to make thing that seems unsafe.
15:24 MiniontobyPI It works
15:24 MiniontobyPI for the non-screenshot url
15:24 MiniontobyPI whoami url works fine
15:25 MTDiscord <SX> probably server says that there's every origin is fine
15:28 MiniontobyPI hmmmm
15:29 MTDiscord <SX> (or your problem is not anymore same-origin and your requests do not anymore require following that policy but something else is broken)
15:30 kamdard joined #minetest
15:34 MTDiscord <SX> To get basics thing why CORS is a thing: it is mostly to prevent evil web request injection where your current data (in your web browser program) meant to be only available for current website is possibly being sent to another server.
15:35 MTDiscord <SX> That's also why you can work around it by making requests that are similar to opening new site with new context, that's what JSONP is about.
15:35 MiniontobyPI But i only need to bypass it
15:36 MTDiscord <Warr1024> That whole threat model doesn't make sense because it's the API server that controls CORS.  If you ask the server "can I trust you?" why wouldn't an attacker just say "um, yes"
15:36 MTDiscord <SX> It is not API of server that controls CORS, you clearly have no idea what CORS is...
15:37 MTDiscord <SX> API of server advices browser by telling browser that server trusts certain sites. After server told browser that it is itself trusting those sites then browser allows requests to be made.
15:38 rubenwardy I suggest waiting 30 minutes for me to just allow CORS
15:38 MTDiscord <Warr1024> I'm going to have to assume this is just a language barrier.
15:39 MTDiscord <Warr1024> Yeah, if nobody can make a case why you shouldn't add the CORS headers then I guess 🤷 just allow them and move on.
15:39 MTDiscord <SX> If you ask the server "can I trust you?", you do not ask server if you can trust it. You trust server and server tells what can be trusted
15:39 MTDiscord <Warr1024> Especially if it's just read-only, and especially especially if it's just public stuff.
15:40 MTDiscord <SX> If server does not tell what can be trusted then browser blocks all request but ones going towards original server
15:40 MTDiscord <SX> However if server says that also foo.com is fine then browser allows requests to that server too
15:40 MTDiscord <Warr1024> If the threat model is really this badly mangled then maybe they should just flip the default to open and take a different approach, like they did with HPKP and CAA
15:41 celeron55 doesn't warr1024 imply he doesn't trust any server he connects to? what's the point of opening the browser at all then
15:41 rubenwardy Am I right in thinking that browsers will send OPTIONS to each URL to check CORS?
15:41 MTDiscord <SX> Warr1024, problem is that you clearly do not understand why CORS is available.
15:42 MTDiscord <SX> CORS will not improve your server security at all, not a bit. And it is not meant to.
15:42 kamdard_ joined #minetest
15:42 celeron55 what doesn't seem to be logical at first is that why would a server tell the browser to ask for resources from places the server doesn't want resources to be fetched from
15:42 celeron55 and the answer is XSS and such that users injected to the server
15:43 celeron55 like, imagine someone manage to put an <img> tag inside your bank invoice that you're viewing on your bank's website
15:43 rubenwardy CORS is about different origins
15:43 rubenwardy that doesn't protect against that though
15:44 rubenwardy because the attacker site can still just allow CORS
15:44 rubenwardy CORS is done on the site you're connecting to, not the site you're on
15:44 rubenwardy CSP can be used to prevent <img> tags to other sites in bank invoices
15:44 celeron55 wait, was it that way around
15:44 rubenwardy to prevent XSS, you want CSP really
15:45 rubenwardy CORS makes DDoS harder
15:45 rubenwardy as attackers can't just use JS on user machines to make loads of big requests to a website, only preflight requests
15:45 celeron55 this is so badly written https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
15:46 rubenwardy CORS also prevents websites from accessing local services
15:47 celeron55 i insist on trying to put this into simpler words so: with CORS a server says "don't make requests to me unless the user is on one of these domains"
15:47 rubenwardy yeah
15:47 MTDiscord <SX> To make things clearer: CORS makes DDoS harder only if DDoS is executed from script in browser that supports CORS.
15:48 celeron55 and the browser assumes local services say "don't make requests to me from any domain"
15:48 rubenwardy MiniontobyPI: done
15:48 MiniontobyPI oke
15:48 rubenwardy (The ContentDB API now allows all origins)
15:49 MiniontobyPI doesnt work yet for me....
15:49 MiniontobyPI oh wait
15:49 celeron55 and with CSP the server says "if i tell you to request a resource from somewhere other than these domains, don't do it"
15:50 rubenwardy yeah
15:50 rubenwardy you can also disable loading inline scripts
15:50 rubenwardy which is a huge protection against XSS
15:50 rubenwardy CDB has strict CSP enabled
15:50 MTDiscord <Warr1024> Yes, there never was a question of WHAT CORS is.  The question was simply WHY.
15:50 rubenwardy to the detriment of those that want images in long descriptions
15:50 MTDiscord <Warr1024> And putting the what in other terms has really not helped explain the why.
15:51 rubenwardy The main why is to protect firewalled websites from being accessed
15:51 rubenwardy not sure if session cookies are also sent as well
15:51 MiniontobyPI hmm i see the acceess crontrol thing on the api page it self, but when it is trying to fetch it, it doesnt wokr
15:51 MTDiscord <Warr1024> The DDoS thing is an interesting angle but it seems kind of thin (you can still flood someone with OPTIONS requests) and really seems out of scope for what web standards normally try to tackle anyway (usually they punt this to the network layer)
15:51 rubenwardy that could be an issue, would result in CSRF
15:52 rubenwardy https://mobilejazz.com/blog/which-security-risks-do-cors-imply/
15:52 MTDiscord <SX> I think celeron55 got WHY covered in just 3 first comments very nicely :)
15:52 Krock joined #minetest
15:52 rubenwardy which first 3 comments? I don't see any whys
15:52 celeron55 i agree with Warr1024, CORS doesn't make sense for an API because it kind of makes the API an internal API but with only enforcement for good parties
15:53 MTDiscord <Warr1024> So it sounds like CORS is just CSRF-protection-lite where they tried to protect against exfiltration of data from a protected API, but you need full CSRF protection anyway to prevent mutations being pushed in.  Seems to make CORS sound pretty useless...?
15:53 rubenwardy yeah, which is why I've just disabled CORS for the CDB API
15:53 rubenwardy Warr1024: CSRF protection won't help if you turn off CORS
15:54 rubenwardy because a malicious script could just make a request to first get the CORS tokens
15:54 MTDiscord <Warr1024> you mean the CSRF tokens?
15:54 rubenwardy yeah that
15:54 rubenwardy assuming CORS requests send any session tokens, which is what would cause the CSRF
15:55 MTDiscord <Warr1024> Yeah, I was gonna say that CORS can't be defaulted off because there's no such thing as a general automatic CSRF protection yet, you need to design it into the flow of your entire protocol, so that's probably why they left it in place even though it's inadequate.
15:55 rubenwardy again, turning off CORS would make CSRF protections ineffective
15:56 MTDiscord <Warr1024> How would that even work?
15:56 MiniontobyPI hmmmm
15:56 MiniontobyPI Access to fetch at 'https://content.minetest.net/api/whoami/' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
15:56 rubenwardy fake news
15:59 MiniontobyPI AHHHHHHHHHHh
15:59 definitelya D:
16:00 rubenwardy https://i.rubenwardy.com/493ea.png
16:00 MTDiscord <Warr1024> Try clearing your cache, then restarting your browser, then rebooting your computer, then dropping it in a vat of acid and buying a new computer and see if it still happens on the new one.
16:01 MiniontobyPI I did
16:01 MiniontobyPI shift-f5
16:01 MiniontobyPI and ctrl-shift-del
16:01 MTDiscord <luatic> That's not a hard reload
16:02 rubenwardy Using devtools network is super useful
16:02 MiniontobyPI I do
16:02 rubenwardy you can see whether it's cached
16:02 MiniontobyPI I ahve enabled ¨disable cache¨
16:02 MiniontobyPI also not work
16:02 rubenwardy ctrl+shift+r
16:02 MiniontobyPI but when I go to the url it self
16:03 MiniontobyPI then if i look at headers
16:03 MiniontobyPI it is there
16:03 MiniontobyPI ctrl+shift+r -> not helps
16:03 rubenwardy also, errors like this may happen with incorrect URLs
16:03 rubenwardy so check the request URL
16:03 rubenwardy eg: ContentDB has trailing slashes
16:04 rubenwardy method also matters
16:04 MiniontobyPI oh
16:04 rubenwardy the wrong method will trigger a CORS Failure
16:04 MiniontobyPI maybe that
16:04 MiniontobyPI let me see
16:04 rubenwardy needs to be GET
16:04 MiniontobyPI https://content.minetest.net/api/whoami/
16:04 MiniontobyPI this should be good
16:04 MiniontobyPI {headers: headers, method: "GET"}
16:04 MiniontobyPI so yeah
16:05 MiniontobyPI and it worke
16:05 MiniontobyPI with my cors blocker
16:05 rubenwardy what was it?
16:05 MiniontobyPI but then packages/(...)/mypackes/screenshot
16:05 MiniontobyPI didnt
16:05 rubenwardy screenshots
16:05 MiniontobyPI Oh wait
16:05 MiniontobyPI I got idea
16:06 rubenwardy I suppose I should do this at the nginx level so that 404s etc in /api/ will allow CORS
16:06 rubenwardy but heh
16:07 MiniontobyPI I can change them
16:07 MiniontobyPI instead of adding new one
16:07 rubenwardy whatcha making btw?
16:08 MiniontobyPI I am trying to make a webapp where you can just use the methods
16:08 MiniontobyPI so i can test
16:09 MiniontobyPI for later
16:09 MiniontobyPI when I might make a bot to find packages
16:09 MiniontobyPI or something like that
16:10 rubenwardy nice
16:11 MiniontobyPI contentdb.html:1 Access to fetch at 'https://content.minetest.net/api/packages/Miniontoby/doorbell/screenshots/960' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
16:11 MiniontobyPI but I got the other one now working
16:12 MiniontobyPI becuase i edited it
16:13 rubenwardy missing
16:13 rubenwardy /
16:13 rubenwardy "Redirect is not allowed for a preflight request." means you've got the URL wrong
16:13 rubenwardy well, it means you've got the URL wrong in a way that CDB redirects
16:13 rubenwardy so either http or missing /
16:14 MiniontobyPI oh
16:15 MiniontobyPI now
16:15 MiniontobyPI has been blocked by CORS policy: Method PUT is not allowed by Access-Control-Allow-Methods in preflight response.
16:16 IceDragon joined #minetest
16:16 rubenwardy it's in the allowed methods
16:16 rubenwardy maybe caching issue again
16:16 MiniontobyPI Idk
16:16 IceDragon hello
16:16 MiniontobyPI let me see
16:17 MiniontobyPI access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
16:17 MiniontobyPI That says netwrok
16:17 MiniontobyPI thing
16:18 MiniontobyPI I have edited it now from my client side
16:22 MiniontobyPI PUT https://content.minetest.net/api/packages/Miniontoby/doorbell/screenshots/960/ 405
16:22 MiniontobyPI wait thats a mistype in my code
16:23 MiniontobyPI or maybe not
16:24 rubenwardy there's no PUT API for screenshots
16:24 rubenwardy you'll need to delete and recreate it
16:24 rubenwardy if there was a put API, it would only allow updating the title anyway
16:25 Lunatrius` joined #minetest
16:31 MiniontobyPI I got it working now
16:31 appguru joined #minetest
16:32 MiniontobyPI I gtg
16:32 MTDiscord <Warr1024> Trying to do a PUT from a browser...?  I have a hard time imagining a use-case for that...
16:33 MTDiscord <Warr1024> I mean especially for screenshots I guess
16:34 rubenwardy The ContentDB API uses PUT for anything that edits/updates
16:34 rubenwardy the browser is the new GUI platform
16:34 rubenwardy could be a fancy CDB client
16:44 MTDiscord <Warr1024> I suppose that could be the case ... but if there are any UX deficiencies in CDB that others can cure, it'd be nicer to see those as PRs :-)
16:47 rubenwardy yeah definitely
16:51 olliy joined #minetest
17:00 LazyJ joined #minetest
17:03 grouinos joined #minetest
17:06 absurb_ joined #minetest
17:07 delta23_ joined #minetest
17:08 BuckarooBanzai0 joined #minetest
17:09 specing_ joined #minetest
17:11 erstazi_ joined #minetest
17:11 Talkless joined #minetest
17:11 search_s1cial joined #minetest
17:11 Teckla_ joined #minetest
17:12 adam_mc_ joined #minetest
17:12 nuala2 joined #minetest
17:20 Noisytoot joined #minetest
17:22 garywhite joined #minetest
17:22 Conradish006 joined #minetest
17:22 grouinos joined #minetest
17:22 Krock joined #minetest
17:22 TempestMancer joined #minetest
17:24 Taoki joined #minetest
17:37 bgg joined #minetest
17:37 LazyJ joined #minetest
17:52 ggITA52_ joined #minetest
18:27 ___nick___ joined #minetest
18:46 z812 joined #minetest
18:48 z812 joined #minetest
18:49 fluxionary joined #minetest
18:53 proller joined #minetest
18:56 fluxionary joined #minetest
19:15 Teckla joined #minetest
19:30 ___nick___ joined #minetest
19:31 ___nick___ joined #minetest
19:38 emanuele6 joined #minetest
19:38 emanuele6 joined #minetest
19:38 IceDragon joined #minetest
19:45 Verticen joined #minetest
19:58 proller joined #minetest
20:01 icefox joined #minetest
20:08 Extex joined #minetest
20:11 Big_Caballito joined #minetest
20:21 proller joined #minetest
20:30 Conradish006 joined #minetest
20:57 proller joined #minetest
21:09 MTDiscord joined #minetest
21:11 MTDiscord <MisterE> Is it possible for a client to upload media to a server? I could see a usecase for taking screenshots and then uploadind them to the server to be added as dynamig media for a photography mod
21:11 MTDiscord <Jonathon> via csm's and modchannels
21:12 MTDiscord <MisterE> What are modchannels?
21:12 MTDiscord <Jonathon> maybe
21:12 sfan5 in theory via CSM but how would you get the media into there
21:12 sfan5 so effectly the answer is just "no"
21:12 MTDiscord <Jonathon> https://github.com/minetest/minetest/blob/master/doc/lua_api.txt#L6401-L6418
21:13 MTDiscord <Jonathon> the easiest way in reality is to have a formspec for providing a url, and http api to grab it
21:13 MTDiscord <MisterE> Thx
21:13 MTDiscord <MisterE> Or a csm to upload automatically to the url
21:14 MTDiscord <Jonathon> that seems stupid
21:14 MTDiscord <Jonathon> but you do you
21:14 MTDiscord <MisterE> ?
21:14 MTDiscord <Jonathon> why use csms when you have absolutely no need or reason to
21:14 MTDiscord <Jonathon> given its a hassle to enforce users to install and use thm
21:14 MTDiscord <Jonathon> *them
21:15 specing_ joined #minetest
21:15 MTDiscord <MisterE> Well any idea of when we get sscsm or is that still undetermined?
21:16 sfan5 undetermined
21:20 MTDiscord <MisterE> Ok well @wsor yeah it will be stupid util then
21:22 MTDiscord <SX> send message to server and make it move some spectator character running another instance at server at player location, take screenshot, make server handle it :p
21:23 MTDiscord <SX> then you should also have camera as item in game
21:25 MTDiscord <SX> it is very much doable but wont look exactly same for most clients but having actual in game camera to take screenshots and also over complicated hack to take actual screenshots server side sounds kinda fun
21:28 MTDiscord <SX> I guess it would be harder (or near impossible) to make server itself take screenshots without having client logged in?
21:30 MTDiscord <MisterE> Well I suppose you could make a script to make the server log in automatically
21:30 MTDiscord <MisterE> The server would hae to be running x11
21:32 MTDiscord <MisterE> Would a server-controlled fake player be useful for anything else?
21:32 MTDiscord <SX> forceload world anchor
21:33 MTDiscord <MisterE> Yeah that
21:33 MTDiscord <SX> make /kick command move player to target and kick him
21:33 MTDiscord <MisterE> Huh?
21:34 rubenwardy I could see there being a file input GUI element
21:34 rubenwardy not sure about large formspec submissions though
21:36 MTDiscord <SX> well, not best idea but I was saying move your fake spectator player to target and kick in game instead of actually disconnecting
21:37 MTDiscord <MisterE> Like add an element to the formspeg api @rubenwardy?
21:37 rubenwardy yeah
21:37 MTDiscord <MisterE> That would be cool
21:38 rubenwardy the Irrlicht file explorer sucks a bit
21:38 MTDiscord <MisterE> It would allow ingame skin submissions
21:38 MTDiscord <SX> Would be cool but is it good idea considering users?
21:38 rubenwardy generally, in a game you want to avoid opening up native GUIs as it's distracting to the user
21:38 rubenwardy this may be a case where you may want to use the native file mgr gui though
21:39 MTDiscord <MisterE> You mean like the spectator gomes and swings their foot and hits you?
21:39 rubenwardy SX: with a limited upload size and content types, I don't see much of a technical risk
21:39 rubenwardy however, from a moderation point of view it's risky to have players upload skins like thi
21:40 MTDiscord <MisterE> About moderation true but there are ways to handle it like requireing admins to approve each submission
21:40 MTDiscord <MisterE> @oderators im
21:41 MTDiscord <SX> that but I guess moderation could be handled, however I was thinking a bit that direct and easy upload could be tool for scams and there's a lot of users that are not really that tech savvy
21:41 MTDiscord <MisterE> Scams?
21:41 MTDiscord <MisterE> Like?
21:42 MTDiscord <MisterE> Im on mobile btw whioh is why my typing sucks
21:44 MTDiscord <SX> probably would open many ways but simplest would be collecting larger amounts of information. using native file manager would probably reduce that risk a bit, also file type and size limitations.
21:46 MTDiscord <SX> very much possible that it wont be problem really but I think users who might fall to good scams on discord will fall for any scam in game
21:46 Verticen joined #minetest
21:47 MTDiscord <MisterE> for there to be a scam you have to have evil intent from the server owner. If the server owner is evil intentioned then I think that they could find other ways to scam anyways, right?
21:47 MTDiscord <SX> I mean it seems like many ppl somehow always trust that game is protected and nothing "real" can happen there
21:48 MTDiscord <SX> Yes, they will find ways but having thing integrated into game might make it way simpler. Not sure though and I think there would be ways to reduce that risk
21:55 GNUHacker left #minetest
22:36 Fusl joined #minetest
22:44 Wikiwide_ joined #minetest
22:50 * Wikiwide waves sleepily
22:51 specing Hi Wikiwide
22:51 Wikiwide A question: what is a practical/utilitarian impetus to actually play minetest? You see, I want to counter my younger brother's obsession with Minecraft by diving into Minetest - the open-source alternative that doesn't try to cajole real-world money out of users. But, since I am not generally a fun of video games or entertainment for entertainment's sake...
22:52 Wikiwide ...I need a cause. And "It will give you skills" doesn't fit - if I wanted skills, I would go to a real-world welding workshop in a makerspace. Pity is, I don't have welding-ready boots yet - but that's off-topic.
22:53 specing I think it boils down to motivation and goal-setting. Since minetest has no goal, you have to set yourself up with goals
22:53 specing you can also play with a community of players
22:54 specing and each can motivate another
22:54 Wikiwide So far, I scrounged that if Minetest physics are near enough to real-world physics, then I could use it for simulation for urban island effect, and construction of different buildings with goal to figure out how to minimise energy usage for heating/cooling/air-conditioning while still providing denizens with sufficient/healthy amount of sunlight
22:55 Wikiwide But I am not sure if the temperatures are even simulated. Are there any bushfires in Minetest? Lighting? Droughts?
22:55 specing Not really, no
22:55 * Wikiwide tsks
22:57 Wikiwide I understand that simulating whole planet, and its climate, would be too much. But is it possible to include with ecosystem a setting for its climate? Does Minetest include seasons - winter-spring-summer-autumn? Rain, hail, and such?
22:57 Wikiwide Well, I remember it can include snow. For the one time I tried out minetest a few years ago.
22:57 MTDiscord <Warr1024> Minetest is actually pretty good for learning programming and modding skills that are generalizable.  Sure, you could go to a workshop, but those aren't all necessarily that fun...
22:58 MTDiscord <josiah_wi> Wikiwide, I think you're looking for the Exile game for Minetest.
23:00 Sven_vB joined #minetest
23:00 MTDiscord <Warr1024> Yeah, on the "why Minetest" question, there are also some exclusive games for it that you can't get on Minecraft.
23:01 Wikiwide But there are also probably some exlusive games for Minecraft that you can't get on Minetest?
23:02 MTDiscord <Warr1024> Could be, sure.  It's only a "why Minetest" argument, not necessarily a "why not Minecraft" one.
23:03 MTDiscord <Warr1024> I haven't played Minecraft in about 8 years, but I did still pay for it.  It can be both.
23:04 Wikiwide Hmm, going by > Taigas are cold snow-covered biomes with rich vegetation with snow and dirt with snow as surface. < , there are no seasons yet. And I cannot see anything about wind. At least, there is changing brightness of sunlight, even if it's always vertical. And there isn't a recipe for glass lens, yet, so no nifty "Create fire from sunlight" thing yet.
23:04 MTDiscord <GreenXenith> Not in MTG at least
23:04 MTDiscord <GreenXenith> You can light a fire with a lens in NodeCore though
23:07 Wikiwide <josiah_wi> : Thank you. I find the premise of Exile strange, I am more of a city person. But having jumped to ContentDB, I now see https://content.minetest.net/packages/TestificateMods/climate_api/
23:11 Wikiwide Very interesting... So, https://content.minetest.net/packages/TestificateMods/climate/ mentions lightning. 1) Does that include dry lightnings, or only rainstorm-lightnings? Because dry lightning sparkled one of the largest bushfires during Black Summer, when ring of fire surrounded Sydney. 2) Does this model include bushfires?
23:12 Wikiwide Could you please share whether these climate packages include non-vertical sunlight? Or heat generated on different surfaces (grass vs sand vs stone vs asphalt) by sunlight?
23:15 Wikiwide Also, if I connect to a multiplayer server, the mod's availability depends on the server more so than on my client's configuration, right? How do I know if a server has the climate package installed?
23:17 calcul0n you can type /mods in the server chat to get the list of installed mods
23:17 specing Wikiwide: wget 'https://servers.minetest.net/list' -O - | python3 -m json.tool /dev/stdin  | less
23:18 specing search there
23:33 Wikiwide Lol, I did wonder why maximum number of people on a server would have been 200, when I was reading https://www.minetest.net/servers/. Now I recognise that it is software-imposed limit, probably for the sake of reducing lag, and not a matter of not-enough-people-to-reach-more-than-200-clients-on-a-server.
23:36 rymiel_ joined #minetest
23:40 Wikiwide specing: Thank you. 4 servers equipped with climate_api. 1) ZAP server at minetest; 2) [CraftLab] Craft Test Dummies [FR] at perdu.com ; 3) Notre Ami Le Cube (Survival & PVP) [FR/EN] at sys4.fr ; 4) "Vineland Survival [0.4, 5.x]" aka "vine.edgy1.net" . In no particular order.
23:41 MTDiscord <Warr1024> I think it's because saying you'll support WAY more players than any server could ever realistically be challenged to actually handle could only serve to manipulate scores or reputation without actually ever being called to account or something.
23:46 specing Wikiwide: when checking out the servers, ask what their policy towards CSMs is. Client-side mods allow you to enhance your experience (even modify physics a bit)
23:54 Wikiwide Hmm, I currently like Vineland Survival, probably because carpathian map generator. But then sys4.fr with "Be a builder, engineer, warrior or even a magician." sounds good, too. Either of them supports IRC and IRC_commands mods, whatever that means.
23:55 specing probably means that they have an irc channel bridged from somewhere

| Channels | #minetest index | Today | | Google Search | Plaintext