| Time |
Nick |
Message |
| 00:30 |
|
kamdard joined #minetest |
| 00:36 |
|
AliasAlreadyTake joined #minetest |
| 00:56 |
|
grouinos joined #minetest |
| 00:58 |
|
LazyJ joined #minetest |
| 01:02 |
LazyJ |
Question about the mapfix mod's settings syntax -- there is no indication whether to use a space or "=" between the first part of the statement and the integer. Which example is correct: "mapfix_default_size 32" or "mapfix_default_size = 32"? |
| 01:15 |
MTDiscord |
<Jonathon> The latter |
| 01:16 |
MTDiscord |
<Jonathon> And it gets it from minetest.conf via minetest.settings, so its actually minetests setting syntax |
| 01:19 |
LazyJ |
Jonathon, thanks. ;) |
| 01:22 |
MTDiscord |
<Jonathon> if thats wrong it would be rather awkward as i wrote that |
| 01:27 |
LazyJ |
It would help if modders would include example versions of the settings, verbatim. |
| 01:27 |
LazyJ |
But I don't think they would understand why the extra work would be useful. |
| 01:28 |
LazyJ |
When you are steeped in a project it is easy to forget or be oblivious to things that other's not as involved would need or not know intuitively. |
| 01:30 |
MTDiscord |
<Jonathon> what is settingtypes.txt |
| 01:30 |
MTDiscord |
<Jonathon> if it has that file, a modder has done there job |
| 01:31 |
MTDiscord |
<Jonathon> your question was a how are settings in minetest.conf formatted question |
| 01:31 |
LazyJ |
It has a settingtypes.txt but the operator to use is not specified. In the past there have been settings that use comma separated values, spaces, operators, sums, and individual integers. |
| 01:33 |
MTDiscord |
<Jonathon> again >your question was a how are settings in minetest.conf formatted question |
| 01:33 |
LazyJ |
My confusion comes from previous years where Minetest's setting info and mod info where quiet messy. |
| 01:34 |
LazyJ |
I'm sorry for not forming the question precisely enough. I won't bother with it again. Thanks. |
| 01:34 |
MTDiscord |
<Jonathon> thats fine, but its not really a modders thing to include even tho some do https://github.com/wsor4035/liquid_restriction#setup |
| 01:34 |
MTDiscord |
<Jonathon> np |
| 01:50 |
|
behalebabo joined #minetest |
| 01:51 |
|
GNUHacker joined #minetest |
| 02:07 |
|
Hawk777 joined #minetest |
| 02:10 |
|
GNUHacker joined #minetest |
| 02:49 |
|
Verticen joined #minetest |
| 03:09 |
|
Verticen joined #minetest |
| 03:14 |
|
Sven_vB joined #minetest |
| 03:28 |
|
queria^clone joined #minetest |
| 03:33 |
|
queria^clone joined #minetest |
| 04:05 |
|
Wikiwide joined #minetest |
| 04:24 |
|
erlehmann joined #minetest |
| 04:32 |
|
grouinos joined #minetest |
| 04:48 |
|
erlehmann joined #minetest |
| 05:00 |
|
MTDiscord joined #minetest |
| 05:22 |
|
rogerm[m] joined #minetest |
| 05:34 |
|
reumeth joined #minetest |
| 05:52 |
|
Verticen joined #minetest |
| 06:01 |
|
riff-IRC joined #minetest |
| 08:07 |
|
erstazi joined #minetest |
| 08:17 |
|
CWz joined #minetest |
| 08:50 |
|
olliy joined #minetest |
| 09:11 |
|
calcul0n joined #minetest |
| 09:14 |
|
specing_ joined #minetest |
| 09:17 |
|
Sven_vB joined #minetest |
| 09:29 |
|
GNUHacker joined #minetest |
| 09:54 |
|
Wikiwide_ joined #minetest |
| 09:55 |
|
plainoldcheese joined #minetest |
| 10:13 |
|
Fixer joined #minetest |
| 10:13 |
|
absurb joined #minetest |
| 11:01 |
|
Sven_vB joined #minetest |
| 11:20 |
|
Guest35 joined #minetest |
| 11:21 |
Guest35 |
rubenwardy: Your contentdb api is not good: "Access to fetch at 'https://content.minetest.net/api/whoami/' from origin 'http://localhost' has been blocked by CORS policy (...)" |
| 11:22 |
Guest35 |
please fix that! |
| 11:24 |
Guest35 |
(...) = "No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled." |
| 11:42 |
|
jvalleroy joined #minetest |
| 11:56 |
|
definitelya joined #minetest |
| 12:26 |
|
MiniontobyPI joined #minetest |
| 12:33 |
|
Fixer joined #minetest |
| 12:38 |
|
proller joined #minetest |
| 12:46 |
MTDiscord |
<Warr1024> I'm pretty sure CORS should not just be disabled without considering the consequences, like whether it could make CDB vulnerable to a CSRF attack against logged-in users or something. |
| 12:50 |
rubenwardy |
I would only apply it the API |
| 12:50 |
rubenwardy |
and only API endpoints that don't except cookie auth |
| 12:56 |
MTDiscord |
<Warr1024> Every article I have read about CORS only explains how to open it up, and the only explanation they give for why it's closed by default is "security reasons" but they say neither whose security nor from what. |
| 13:07 |
rubenwardy |
maybe I could only allow read APIs through CORS to begin with |
| 13:08 |
rubenwardy |
eh |
| 13:08 |
MTDiscord |
<SX> CORS is more about client security than server security, client is doing something it probably should not if it triggers, it can guard against multiple things like certain XSS scams |
| 13:09 |
MTDiscord |
<SX> It is request from server for client to protect itself |
| 13:10 |
MTDiscord |
<SX> Most sane web browsers will follow advice of server and protect themselves. |
| 13:20 |
MTDiscord |
<Warr1024> If it were to protect the client then it doesn't make sense for a server to be the one that makes the override decision. If it was that nonsensically designed then no wonder everyone keeps turning it off. |
| 13:23 |
|
olliy1or joined #minetest |
| 13:25 |
MTDiscord |
<SX> There is command line switches or configuration for web browsers to disable CORS security... |
| 13:31 |
MiniontobyPI |
but how |
| 13:31 |
MiniontobyPI |
if i use no-cors mode, then my thing not works.... |
| 13:31 |
|
delta23 joined #minetest |
| 13:32 |
MiniontobyPI |
maybe only allow the api urls or some kind of auth code (there is something with cors and authentictaion) |
| 13:34 |
|
olliy joined #minetest |
| 13:35 |
|
GNUHacker joined #minetest |
| 13:38 |
MTDiscord |
<SX> see debug log and check if it blocks requests anyway because of another client side security policy like https://en.wikipedia.org/wiki/Same-origin_policy |
| 13:39 |
MTDiscord |
<SX> CORS is simply extension of same-origin policy allowing origins that server reported as trusted |
| 13:40 |
MTDiscord |
<SX> Web browser then trusts that server knows those origin domains are safe to use while using their site |
| 13:41 |
MTDiscord |
<SX> And therefore web browser will not block requests to those domains. |
| 13:42 |
MiniontobyPI |
I can run my browser for now in no-cors mode, but i dont rellay like that... And i cannot do it with shell code, but that worked... |
| 13:43 |
MiniontobyPI |
Yeah, I am for now going to add a bit of code to my extension which is going to add aceess allow * |
| 13:43 |
MTDiscord |
<SX> And you should not do that unless you just want shortcut to test some application you trust without being able to have proper configuration right now |
| 13:47 |
|
olliy1or joined #minetest |
| 13:49 |
MiniontobyPI |
shortcuts wont work |
| 13:49 |
|
Elzington joined #minetest |
| 13:53 |
MTDiscord |
<SX> What are you actually trying to do? |
| 14:09 |
MiniontobyPI |
I am trying to allow cors |
| 14:22 |
|
TempestMancer joined #minetest |
| 14:29 |
|
reumeth joined #minetest |
| 14:30 |
|
TempestMancer joined #minetest |
| 14:50 |
|
Conradish006 joined #minetest |
| 15:02 |
MTDiscord |
<SX> Server allows CORS not you, CORS is basically list of domains that server reports as trusted so that web browser knows if it is safe or not to make request with current open site context. |
| 15:03 |
MiniontobyPI |
yeah |
| 15:03 |
MiniontobyPI |
I am trying to edit the request when heeaders got received |
| 15:04 |
MiniontobyPI |
but no luck |
| 15:04 |
MiniontobyPI |
405 errors |
| 15:05 |
MTDiscord |
<SX> But there's several ways to get around that restriction (with proper limitations), I think JSONP is most used method by site front ends but as you're it sounds just trying to avoid it without revealing exact use case then just make your program to not follow same-origin policy and implement your own security policy that is sufficient for you (like no user input for URLs or static URL validation) |
| 15:08 |
MTDiscord |
<Warr1024> Sometimes the easiest workaround is just to proxy the remote back-end through a local back-end. |
| 15:11 |
|
est31 joined #minetest |
| 15:15 |
MiniontobyPI |
¨Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.¨ |
| 15:16 |
MiniontobyPI |
but yeah |
| 15:19 |
MiniontobyPI |
WHy am I not able to talk on the discord server |
| 15:21 |
MTDiscord |
<Jonathon> someone obviously didnt read the rules |
| 15:22 |
MiniontobyPI |
I read rules |
| 15:22 |
MTDiscord |
<Jonathon> well, didnt read #rules-info |
| 15:22 |
MiniontobyPI |
oh i see |
| 15:22 |
MiniontobyPI |
You must be Lurker rank or higher to: Chat in IRC channels. |
| 15:23 |
MTDiscord |
<Jonathon> people reading the rules? impossible |
| 15:23 |
MiniontobyPI |
hmmmm |
| 15:23 |
MiniontobyPI |
I am going to stay at irc |
| 15:23 |
MiniontobyPI |
F to discord |
| 15:23 |
MTDiscord |
<SX> "I am trying to edit the request when heeaders got received", it sounds that you do not yet completely understand that CORS is client side blocking. You program where you send requests is blocking requests, to be clear your computer is not allowing you to make thing that seems unsafe. |
| 15:24 |
MiniontobyPI |
It works |
| 15:24 |
MiniontobyPI |
for the non-screenshot url |
| 15:24 |
MiniontobyPI |
whoami url works fine |
| 15:25 |
MTDiscord |
<SX> probably server says that there's every origin is fine |
| 15:28 |
MiniontobyPI |
hmmmm |
| 15:29 |
MTDiscord |
<SX> (or your problem is not anymore same-origin and your requests do not anymore require following that policy but something else is broken) |
| 15:30 |
|
kamdard joined #minetest |
| 15:34 |
MTDiscord |
<SX> To get basics thing why CORS is a thing: it is mostly to prevent evil web request injection where your current data (in your web browser program) meant to be only available for current website is possibly being sent to another server. |
| 15:35 |
MTDiscord |
<SX> That's also why you can work around it by making requests that are similar to opening new site with new context, that's what JSONP is about. |
| 15:35 |
MiniontobyPI |
But i only need to bypass it |
| 15:36 |
MTDiscord |
<Warr1024> That whole threat model doesn't make sense because it's the API server that controls CORS. If you ask the server "can I trust you?" why wouldn't an attacker just say "um, yes" |
| 15:36 |
MTDiscord |
<SX> It is not API of server that controls CORS, you clearly have no idea what CORS is... |
| 15:37 |
MTDiscord |
<SX> API of server advices browser by telling browser that server trusts certain sites. After server told browser that it is itself trusting those sites then browser allows requests to be made. |
| 15:38 |
rubenwardy |
I suggest waiting 30 minutes for me to just allow CORS |
| 15:38 |
MTDiscord |
<Warr1024> I'm going to have to assume this is just a language barrier. |
| 15:39 |
MTDiscord |
<Warr1024> Yeah, if nobody can make a case why you shouldn't add the CORS headers then I guess ? just allow them and move on. |
| 15:39 |
MTDiscord |
<SX> If you ask the server "can I trust you?", you do not ask server if you can trust it. You trust server and server tells what can be trusted |
| 15:39 |
MTDiscord |
<Warr1024> Especially if it's just read-only, and especially especially if it's just public stuff. |
| 15:40 |
MTDiscord |
<SX> If server does not tell what can be trusted then browser blocks all request but ones going towards original server |
| 15:40 |
MTDiscord |
<SX> However if server says that also foo.com is fine then browser allows requests to that server too |
| 15:40 |
MTDiscord |
<Warr1024> If the threat model is really this badly mangled then maybe they should just flip the default to open and take a different approach, like they did with HPKP and CAA |
| 15:41 |
celeron55 |
doesn't warr1024 imply he doesn't trust any server he connects to? what's the point of opening the browser at all then |
| 15:41 |
rubenwardy |
Am I right in thinking that browsers will send OPTIONS to each URL to check CORS? |
| 15:41 |
MTDiscord |
<SX> Warr1024, problem is that you clearly do not understand why CORS is available. |
| 15:42 |
MTDiscord |
<SX> CORS will not improve your server security at all, not a bit. And it is not meant to. |
| 15:42 |
|
kamdard_ joined #minetest |
| 15:42 |
celeron55 |
what doesn't seem to be logical at first is that why would a server tell the browser to ask for resources from places the server doesn't want resources to be fetched from |
| 15:42 |
celeron55 |
and the answer is XSS and such that users injected to the server |
| 15:43 |
celeron55 |
like, imagine someone manage to put an <img> tag inside your bank invoice that you're viewing on your bank's website |
| 15:43 |
rubenwardy |
CORS is about different origins |
| 15:43 |
rubenwardy |
that doesn't protect against that though |
| 15:44 |
rubenwardy |
because the attacker site can still just allow CORS |
| 15:44 |
rubenwardy |
CORS is done on the site you're connecting to, not the site you're on |
| 15:44 |
rubenwardy |
CSP can be used to prevent <img> tags to other sites in bank invoices |
| 15:44 |
celeron55 |
wait, was it that way around |
| 15:44 |
rubenwardy |
to prevent XSS, you want CSP really |
| 15:45 |
rubenwardy |
CORS makes DDoS harder |
| 15:45 |
rubenwardy |
as attackers can't just use JS on user machines to make loads of big requests to a website, only preflight requests |
| 15:45 |
celeron55 |
this is so badly written https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS |
| 15:46 |
rubenwardy |
CORS also prevents websites from accessing local services |
| 15:47 |
celeron55 |
i insist on trying to put this into simpler words so: with CORS a server says "don't make requests to me unless the user is on one of these domains" |
| 15:47 |
rubenwardy |
yeah |
| 15:47 |
MTDiscord |
<SX> To make things clearer: CORS makes DDoS harder only if DDoS is executed from script in browser that supports CORS. |
| 15:48 |
celeron55 |
and the browser assumes local services say "don't make requests to me from any domain" |
| 15:48 |
rubenwardy |
MiniontobyPI: done |
| 15:48 |
MiniontobyPI |
oke |
| 15:48 |
rubenwardy |
(The ContentDB API now allows all origins) |
| 15:49 |
MiniontobyPI |
doesnt work yet for me.... |
| 15:49 |
MiniontobyPI |
oh wait |
| 15:49 |
celeron55 |
and with CSP the server says "if i tell you to request a resource from somewhere other than these domains, don't do it" |
| 15:50 |
rubenwardy |
yeah |
| 15:50 |
rubenwardy |
you can also disable loading inline scripts |
| 15:50 |
rubenwardy |
which is a huge protection against XSS |
| 15:50 |
rubenwardy |
CDB has strict CSP enabled |
| 15:50 |
MTDiscord |
<Warr1024> Yes, there never was a question of WHAT CORS is. The question was simply WHY. |
| 15:50 |
rubenwardy |
to the detriment of those that want images in long descriptions |
| 15:50 |
MTDiscord |
<Warr1024> And putting the what in other terms has really not helped explain the why. |
| 15:51 |
rubenwardy |
The main why is to protect firewalled websites from being accessed |
| 15:51 |
rubenwardy |
not sure if session cookies are also sent as well |
| 15:51 |
MiniontobyPI |
hmm i see the acceess crontrol thing on the api page it self, but when it is trying to fetch it, it doesnt wokr |
| 15:51 |
MTDiscord |
<Warr1024> The DDoS thing is an interesting angle but it seems kind of thin (you can still flood someone with OPTIONS requests) and really seems out of scope for what web standards normally try to tackle anyway (usually they punt this to the network layer) |
| 15:51 |
rubenwardy |
that could be an issue, would result in CSRF |
| 15:52 |
rubenwardy |
https://mobilejazz.com/blog/which-security-risks-do-cors-imply/ |
| 15:52 |
MTDiscord |
<SX> I think celeron55 got WHY covered in just 3 first comments very nicely :) |
| 15:52 |
|
Krock joined #minetest |
| 15:52 |
rubenwardy |
which first 3 comments? I don't see any whys |
| 15:52 |
celeron55 |
i agree with Warr1024, CORS doesn't make sense for an API because it kind of makes the API an internal API but with only enforcement for good parties |
| 15:53 |
MTDiscord |
<Warr1024> So it sounds like CORS is just CSRF-protection-lite where they tried to protect against exfiltration of data from a protected API, but you need full CSRF protection anyway to prevent mutations being pushed in. Seems to make CORS sound pretty useless...? |
| 15:53 |
rubenwardy |
yeah, which is why I've just disabled CORS for the CDB API |
| 15:53 |
rubenwardy |
Warr1024: CSRF protection won't help if you turn off CORS |
| 15:54 |
rubenwardy |
because a malicious script could just make a request to first get the CORS tokens |
| 15:54 |
MTDiscord |
<Warr1024> you mean the CSRF tokens? |
| 15:54 |
rubenwardy |
yeah that |
| 15:54 |
rubenwardy |
assuming CORS requests send any session tokens, which is what would cause the CSRF |
| 15:55 |
MTDiscord |
<Warr1024> Yeah, I was gonna say that CORS can't be defaulted off because there's no such thing as a general automatic CSRF protection yet, you need to design it into the flow of your entire protocol, so that's probably why they left it in place even though it's inadequate. |
| 15:55 |
rubenwardy |
again, turning off CORS would make CSRF protections ineffective |
| 15:56 |
MTDiscord |
<Warr1024> How would that even work? |
| 15:56 |
MiniontobyPI |
hmmmm |
| 15:56 |
MiniontobyPI |
Access to fetch at 'https://content.minetest.net/api/whoami/' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. |
| 15:56 |
rubenwardy |
fake news |
| 15:59 |
MiniontobyPI |
AHHHHHHHHHHh |
| 15:59 |
definitelya |
D: |
| 16:00 |
rubenwardy |
https://i.rubenwardy.com/493ea.png |
| 16:00 |
MTDiscord |
<Warr1024> Try clearing your cache, then restarting your browser, then rebooting your computer, then dropping it in a vat of acid and buying a new computer and see if it still happens on the new one. |
| 16:01 |
MiniontobyPI |
I did |
| 16:01 |
MiniontobyPI |
shift-f5 |
| 16:01 |
MiniontobyPI |
and ctrl-shift-del |
| 16:01 |
MTDiscord |
<luatic> That's not a hard reload |
| 16:02 |
rubenwardy |
Using devtools network is super useful |
| 16:02 |
MiniontobyPI |
I do |
| 16:02 |
rubenwardy |
you can see whether it's cached |
| 16:02 |
MiniontobyPI |
I ahve enabled ¨disable cache¨ |
| 16:02 |
MiniontobyPI |
also not work |
| 16:02 |
rubenwardy |
ctrl+shift+r |
| 16:02 |
MiniontobyPI |
but when I go to the url it self |
| 16:03 |
MiniontobyPI |
then if i look at headers |
| 16:03 |
MiniontobyPI |
it is there |
| 16:03 |
MiniontobyPI |
ctrl+shift+r -> not helps |
| 16:03 |
rubenwardy |
also, errors like this may happen with incorrect URLs |
| 16:03 |
rubenwardy |
so check the request URL |
| 16:03 |
rubenwardy |
eg: ContentDB has trailing slashes |
| 16:04 |
rubenwardy |
method also matters |
| 16:04 |
MiniontobyPI |
oh |
| 16:04 |
rubenwardy |
the wrong method will trigger a CORS Failure |
| 16:04 |
MiniontobyPI |
maybe that |
| 16:04 |
MiniontobyPI |
let me see |
| 16:04 |
rubenwardy |
needs to be GET |
| 16:04 |
MiniontobyPI |
https://content.minetest.net/api/whoami/ |
| 16:04 |
MiniontobyPI |
this should be good |
| 16:04 |
MiniontobyPI |
{headers: headers, method: "GET"} |
| 16:04 |
MiniontobyPI |
so yeah |
| 16:05 |
MiniontobyPI |
and it worke |
| 16:05 |
MiniontobyPI |
with my cors blocker |
| 16:05 |
rubenwardy |
what was it? |
| 16:05 |
MiniontobyPI |
but then packages/(...)/mypackes/screenshot |
| 16:05 |
MiniontobyPI |
didnt |
| 16:05 |
rubenwardy |
screenshots |
| 16:05 |
MiniontobyPI |
Oh wait |
| 16:05 |
MiniontobyPI |
I got idea |
| 16:06 |
rubenwardy |
I suppose I should do this at the nginx level so that 404s etc in /api/ will allow CORS |
| 16:06 |
rubenwardy |
but heh |
| 16:07 |
MiniontobyPI |
I can change them |
| 16:07 |
MiniontobyPI |
instead of adding new one |
| 16:07 |
rubenwardy |
whatcha making btw? |
| 16:08 |
MiniontobyPI |
I am trying to make a webapp where you can just use the methods |
| 16:08 |
MiniontobyPI |
so i can test |
| 16:09 |
MiniontobyPI |
for later |
| 16:09 |
MiniontobyPI |
when I might make a bot to find packages |
| 16:09 |
MiniontobyPI |
or something like that |
| 16:10 |
rubenwardy |
nice |
| 16:11 |
MiniontobyPI |
contentdb.html:1 Access to fetch at 'https://content.minetest.net/api/packages/Miniontoby/doorbell/screenshots/960' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request. |
| 16:11 |
MiniontobyPI |
but I got the other one now working |
| 16:12 |
MiniontobyPI |
becuase i edited it |
| 16:13 |
rubenwardy |
missing |
| 16:13 |
rubenwardy |
/ |
| 16:13 |
rubenwardy |
"Redirect is not allowed for a preflight request." means you've got the URL wrong |
| 16:13 |
rubenwardy |
well, it means you've got the URL wrong in a way that CDB redirects |
| 16:13 |
rubenwardy |
so either http or missing / |
| 16:14 |
MiniontobyPI |
oh |
| 16:15 |
MiniontobyPI |
now |
| 16:15 |
MiniontobyPI |
has been blocked by CORS policy: Method PUT is not allowed by Access-Control-Allow-Methods in preflight response. |
| 16:16 |
|
IceDragon joined #minetest |
| 16:16 |
rubenwardy |
it's in the allowed methods |
| 16:16 |
rubenwardy |
maybe caching issue again |
| 16:16 |
MiniontobyPI |
Idk |
| 16:16 |
IceDragon |
hello |
| 16:16 |
MiniontobyPI |
let me see |
| 16:17 |
MiniontobyPI |
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS |
| 16:17 |
MiniontobyPI |
That says netwrok |
| 16:17 |
MiniontobyPI |
thing |
| 16:18 |
MiniontobyPI |
I have edited it now from my client side |
| 16:22 |
MiniontobyPI |
PUT https://content.minetest.net/api/packages/Miniontoby/doorbell/screenshots/960/ 405 |
| 16:22 |
MiniontobyPI |
wait thats a mistype in my code |
| 16:23 |
MiniontobyPI |
or maybe not |
| 16:24 |
rubenwardy |
there's no PUT API for screenshots |
| 16:24 |
rubenwardy |
you'll need to delete and recreate it |
| 16:24 |
rubenwardy |
if there was a put API, it would only allow updating the title anyway |
| 16:25 |
|
Lunatrius` joined #minetest |
| 16:31 |
MiniontobyPI |
I got it working now |
| 16:31 |
|
appguru joined #minetest |
| 16:32 |
MiniontobyPI |
I gtg |
| 16:32 |
MTDiscord |
<Warr1024> Trying to do a PUT from a browser...? I have a hard time imagining a use-case for that... |
| 16:33 |
MTDiscord |
<Warr1024> I mean especially for screenshots I guess |
| 16:34 |
rubenwardy |
The ContentDB API uses PUT for anything that edits/updates |
| 16:34 |
rubenwardy |
the browser is the new GUI platform |
| 16:34 |
rubenwardy |
could be a fancy CDB client |
| 16:44 |
MTDiscord |
<Warr1024> I suppose that could be the case ... but if there are any UX deficiencies in CDB that others can cure, it'd be nicer to see those as PRs :-) |
| 16:47 |
rubenwardy |
yeah definitely |
| 16:51 |
|
olliy joined #minetest |
| 17:00 |
|
LazyJ joined #minetest |
| 17:03 |
|
grouinos joined #minetest |
| 17:06 |
|
absurb_ joined #minetest |
| 17:07 |
|
delta23_ joined #minetest |
| 17:08 |
|
BuckarooBanzai0 joined #minetest |
| 17:09 |
|
specing_ joined #minetest |
| 17:11 |
|
erstazi_ joined #minetest |
| 17:11 |
|
Talkless joined #minetest |
| 17:11 |
|
search_s1cial joined #minetest |
| 17:11 |
|
Teckla_ joined #minetest |
| 17:12 |
|
adam_mc_ joined #minetest |
| 17:12 |
|
nuala2 joined #minetest |
| 17:20 |
|
Noisytoot joined #minetest |
| 17:22 |
|
garywhite joined #minetest |
| 17:22 |
|
Conradish006 joined #minetest |
| 17:22 |
|
grouinos joined #minetest |
| 17:22 |
|
Krock joined #minetest |
| 17:22 |
|
TempestMancer joined #minetest |
| 17:24 |
|
Taoki joined #minetest |
| 17:37 |
|
bgg joined #minetest |
| 17:37 |
|
LazyJ joined #minetest |
| 17:52 |
|
ggITA52_ joined #minetest |
| 18:27 |
|
___nick___ joined #minetest |
| 18:46 |
|
z812 joined #minetest |
| 18:48 |
|
z812 joined #minetest |
| 18:49 |
|
fluxionary joined #minetest |
| 18:53 |
|
proller joined #minetest |
| 18:56 |
|
fluxionary joined #minetest |
| 19:15 |
|
Teckla joined #minetest |
| 19:30 |
|
___nick___ joined #minetest |
| 19:31 |
|
___nick___ joined #minetest |
| 19:38 |
|
emanuele6 joined #minetest |
| 19:38 |
|
emanuele6 joined #minetest |
| 19:38 |
|
IceDragon joined #minetest |
| 19:45 |
|
Verticen joined #minetest |
| 19:58 |
|
proller joined #minetest |
| 20:01 |
|
icefox joined #minetest |
| 20:08 |
|
Extex joined #minetest |
| 20:11 |
|
Big_Caballito joined #minetest |
| 20:21 |
|
proller joined #minetest |
| 20:30 |
|
Conradish006 joined #minetest |
| 20:57 |
|
proller joined #minetest |
| 21:09 |
|
MTDiscord joined #minetest |
| 21:11 |
MTDiscord |
<MisterE> Is it possible for a client to upload media to a server? I could see a usecase for taking screenshots and then uploadind them to the server to be added as dynamig media for a photography mod |
| 21:11 |
MTDiscord |
<Jonathon> via csm's and modchannels |
| 21:12 |
MTDiscord |
<MisterE> What are modchannels? |
| 21:12 |
MTDiscord |
<Jonathon> maybe |
| 21:12 |
sfan5 |
in theory via CSM but how would you get the media into there |
| 21:12 |
sfan5 |
so effectly the answer is just "no" |
| 21:12 |
MTDiscord |
<Jonathon> https://github.com/minetest/minetest/blob/master/doc/lua_api.txt#L6401-L6418 |
| 21:13 |
MTDiscord |
<Jonathon> the easiest way in reality is to have a formspec for providing a url, and http api to grab it |
| 21:13 |
MTDiscord |
<MisterE> Thx |
| 21:13 |
MTDiscord |
<MisterE> Or a csm to upload automatically to the url |
| 21:14 |
MTDiscord |
<Jonathon> that seems stupid |
| 21:14 |
MTDiscord |
<Jonathon> but you do you |
| 21:14 |
MTDiscord |
<MisterE> ? |
| 21:14 |
MTDiscord |
<Jonathon> why use csms when you have absolutely no need or reason to |
| 21:14 |
MTDiscord |
<Jonathon> given its a hassle to enforce users to install and use thm |
| 21:14 |
MTDiscord |
<Jonathon> *them |
| 21:15 |
|
specing_ joined #minetest |
| 21:15 |
MTDiscord |
<MisterE> Well any idea of when we get sscsm or is that still undetermined? |
| 21:16 |
sfan5 |
undetermined |
| 21:20 |
MTDiscord |
<MisterE> Ok well @wsor yeah it will be stupid util then |
| 21:22 |
MTDiscord |
<SX> send message to server and make it move some spectator character running another instance at server at player location, take screenshot, make server handle it :p |
| 21:23 |
MTDiscord |
<SX> then you should also have camera as item in game |
| 21:25 |
MTDiscord |
<SX> it is very much doable but wont look exactly same for most clients but having actual in game camera to take screenshots and also over complicated hack to take actual screenshots server side sounds kinda fun |
| 21:28 |
MTDiscord |
<SX> I guess it would be harder (or near impossible) to make server itself take screenshots without having client logged in? |
| 21:30 |
MTDiscord |
<MisterE> Well I suppose you could make a script to make the server log in automatically |
| 21:30 |
MTDiscord |
<MisterE> The server would hae to be running x11 |
| 21:32 |
MTDiscord |
<MisterE> Would a server-controlled fake player be useful for anything else? |
| 21:32 |
MTDiscord |
<SX> forceload world anchor |
| 21:33 |
MTDiscord |
<MisterE> Yeah that |
| 21:33 |
MTDiscord |
<SX> make /kick command move player to target and kick him |
| 21:33 |
MTDiscord |
<MisterE> Huh? |
| 21:34 |
rubenwardy |
I could see there being a file input GUI element |
| 21:34 |
rubenwardy |
not sure about large formspec submissions though |
| 21:36 |
MTDiscord |
<SX> well, not best idea but I was saying move your fake spectator player to target and kick in game instead of actually disconnecting |
| 21:37 |
MTDiscord |
<MisterE> Like add an element to the formspeg api @rubenwardy? |
| 21:37 |
rubenwardy |
yeah |
| 21:37 |
MTDiscord |
<MisterE> That would be cool |
| 21:38 |
rubenwardy |
the Irrlicht file explorer sucks a bit |
| 21:38 |
MTDiscord |
<MisterE> It would allow ingame skin submissions |
| 21:38 |
MTDiscord |
<SX> Would be cool but is it good idea considering users? |
| 21:38 |
rubenwardy |
generally, in a game you want to avoid opening up native GUIs as it's distracting to the user |
| 21:38 |
rubenwardy |
this may be a case where you may want to use the native file mgr gui though |
| 21:39 |
MTDiscord |
<MisterE> You mean like the spectator gomes and swings their foot and hits you? |
| 21:39 |
rubenwardy |
SX: with a limited upload size and content types, I don't see much of a technical risk |
| 21:39 |
rubenwardy |
however, from a moderation point of view it's risky to have players upload skins like thi |
| 21:40 |
MTDiscord |
<MisterE> About moderation true but there are ways to handle it like requireing admins to approve each submission |
| 21:40 |
MTDiscord |
<MisterE> @oderators im |
| 21:41 |
MTDiscord |
<SX> that but I guess moderation could be handled, however I was thinking a bit that direct and easy upload could be tool for scams and there's a lot of users that are not really that tech savvy |
| 21:41 |
MTDiscord |
<MisterE> Scams? |
| 21:41 |
MTDiscord |
<MisterE> Like? |
| 21:42 |
MTDiscord |
<MisterE> Im on mobile btw whioh is why my typing sucks |
| 21:44 |
MTDiscord |
<SX> probably would open many ways but simplest would be collecting larger amounts of information. using native file manager would probably reduce that risk a bit, also file type and size limitations. |
| 21:46 |
MTDiscord |
<SX> very much possible that it wont be problem really but I think users who might fall to good scams on discord will fall for any scam in game |
| 21:46 |
|
Verticen joined #minetest |
| 21:47 |
MTDiscord |
<MisterE> for there to be a scam you have to have evil intent from the server owner. If the server owner is evil intentioned then I think that they could find other ways to scam anyways, right? |
| 21:47 |
MTDiscord |
<SX> I mean it seems like many ppl somehow always trust that game is protected and nothing "real" can happen there |
| 21:48 |
MTDiscord |
<SX> Yes, they will find ways but having thing integrated into game might make it way simpler. Not sure though and I think there would be ways to reduce that risk |
| 21:55 |
|
GNUHacker left #minetest |
| 22:36 |
|
Fusl joined #minetest |
| 22:44 |
|
Wikiwide_ joined #minetest |
| 22:50 |
* Wikiwide |
waves sleepily |
| 22:51 |
specing |
Hi Wikiwide |
| 22:51 |
Wikiwide |
A question: what is a practical/utilitarian impetus to actually play minetest? You see, I want to counter my younger brother's obsession with Minecraft by diving into Minetest - the open-source alternative that doesn't try to cajole real-world money out of users. But, since I am not generally a fun of video games or entertainment for entertainment's sake... |
| 22:52 |
Wikiwide |
...I need a cause. And "It will give you skills" doesn't fit - if I wanted skills, I would go to a real-world welding workshop in a makerspace. Pity is, I don't have welding-ready boots yet - but that's off-topic. |
| 22:53 |
specing |
I think it boils down to motivation and goal-setting. Since minetest has no goal, you have to set yourself up with goals |
| 22:53 |
specing |
you can also play with a community of players |
| 22:54 |
specing |
and each can motivate another |
| 22:54 |
Wikiwide |
So far, I scrounged that if Minetest physics are near enough to real-world physics, then I could use it for simulation for urban island effect, and construction of different buildings with goal to figure out how to minimise energy usage for heating/cooling/air-conditioning while still providing denizens with sufficient/healthy amount of sunlight |
| 22:55 |
Wikiwide |
But I am not sure if the temperatures are even simulated. Are there any bushfires in Minetest? Lighting? Droughts? |
| 22:55 |
specing |
Not really, no |
| 22:55 |
* Wikiwide |
tsks |
| 22:57 |
Wikiwide |
I understand that simulating whole planet, and its climate, would be too much. But is it possible to include with ecosystem a setting for its climate? Does Minetest include seasons - winter-spring-summer-autumn? Rain, hail, and such? |
| 22:57 |
Wikiwide |
Well, I remember it can include snow. For the one time I tried out minetest a few years ago. |
| 22:57 |
MTDiscord |
<Warr1024> Minetest is actually pretty good for learning programming and modding skills that are generalizable. Sure, you could go to a workshop, but those aren't all necessarily that fun... |
| 22:58 |
MTDiscord |
<josiah_wi> Wikiwide, I think you're looking for the Exile game for Minetest. |
| 23:00 |
|
Sven_vB joined #minetest |
| 23:00 |
MTDiscord |
<Warr1024> Yeah, on the "why Minetest" question, there are also some exclusive games for it that you can't get on Minecraft. |
| 23:01 |
Wikiwide |
But there are also probably some exlusive games for Minecraft that you can't get on Minetest? |
| 23:02 |
MTDiscord |
<Warr1024> Could be, sure. It's only a "why Minetest" argument, not necessarily a "why not Minecraft" one. |
| 23:03 |
MTDiscord |
<Warr1024> I haven't played Minecraft in about 8 years, but I did still pay for it. It can be both. |
| 23:04 |
Wikiwide |
Hmm, going by > Taigas are cold snow-covered biomes with rich vegetation with snow and dirt with snow as surface. < , there are no seasons yet. And I cannot see anything about wind. At least, there is changing brightness of sunlight, even if it's always vertical. And there isn't a recipe for glass lens, yet, so no nifty "Create fire from sunlight" thing yet. |
| 23:04 |
MTDiscord |
<GreenXenith> Not in MTG at least |
| 23:04 |
MTDiscord |
<GreenXenith> You can light a fire with a lens in NodeCore though |
| 23:07 |
Wikiwide |
<josiah_wi> : Thank you. I find the premise of Exile strange, I am more of a city person. But having jumped to ContentDB, I now see https://content.minetest.net/packages/TestificateMods/climate_api/ |
| 23:11 |
Wikiwide |
Very interesting... So, https://content.minetest.net/packages/TestificateMods/climate/ mentions lightning. 1) Does that include dry lightnings, or only rainstorm-lightnings? Because dry lightning sparkled one of the largest bushfires during Black Summer, when ring of fire surrounded Sydney. 2) Does this model include bushfires? |
| 23:12 |
Wikiwide |
Could you please share whether these climate packages include non-vertical sunlight? Or heat generated on different surfaces (grass vs sand vs stone vs asphalt) by sunlight? |
| 23:15 |
Wikiwide |
Also, if I connect to a multiplayer server, the mod's availability depends on the server more so than on my client's configuration, right? How do I know if a server has the climate package installed? |
| 23:17 |
calcul0n |
you can type /mods in the server chat to get the list of installed mods |
| 23:17 |
specing |
Wikiwide: wget 'https://servers.minetest.net/list' -O - | python3 -m json.tool /dev/stdin | less |
| 23:18 |
specing |
search there |
| 23:33 |
Wikiwide |
Lol, I did wonder why maximum number of people on a server would have been 200, when I was reading https://www.minetest.net/servers/. Now I recognise that it is software-imposed limit, probably for the sake of reducing lag, and not a matter of not-enough-people-to-reach-more-than-200-clients-on-a-server. |
| 23:36 |
|
rymiel_ joined #minetest |
| 23:40 |
Wikiwide |
specing: Thank you. 4 servers equipped with climate_api. 1) ZAP server at minetest; 2) [CraftLab] Craft Test Dummies [FR] at perdu.com ; 3) Notre Ami Le Cube (Survival & PVP) [FR/EN] at sys4.fr ; 4) "Vineland Survival [0.4, 5.x]" aka "vine.edgy1.net" . In no particular order. |
| 23:41 |
MTDiscord |
<Warr1024> I think it's because saying you'll support WAY more players than any server could ever realistically be challenged to actually handle could only serve to manipulate scores or reputation without actually ever being called to account or something. |
| 23:46 |
specing |
Wikiwide: when checking out the servers, ask what their policy towards CSMs is. Client-side mods allow you to enhance your experience (even modify physics a bit) |
| 23:54 |
Wikiwide |
Hmm, I currently like Vineland Survival, probably because carpathian map generator. But then sys4.fr with "Be a builder, engineer, warrior or even a magician." sounds good, too. Either of them supports IRC and IRC_commands mods, whatever that means. |
| 23:55 |
specing |
probably means that they have an irc channel bridged from somewhere |
