| Time |
Nick |
Message |
| 00:09 |
|
gnulinuxuser joined #minetest |
| 00:28 |
|
lemonzest joined #minetest |
| 00:29 |
|
gnulinuxuser joined #minetest |
| 00:29 |
|
gnulinuxuser28 joined #minetest |
| 00:38 |
|
Trifton joined #minetest |
| 00:47 |
MTDiscord |
<savilli> sfan5: Yo. Have you even heard about https://kitsunemimi.pw/ (and https://servers.minetest.net/ as the result) being blocked by ISPs because of youtube-dl? |
| 01:18 |
|
smk joined #minetest |
| 02:17 |
Blockhead256[m] |
Pexin: I'm afraid I can't help much with Inside the Box stuff - I've never actually played it. I just stumbled upon a PR that related to trampolines and added what I knew about trampoline behaviour from following development. |
| 02:27 |
|
Verticen joined #minetest |
| 02:43 |
|
ball joined #minetest |
| 02:50 |
|
TheSilentLink joined #minetest |
| 03:21 |
|
Zambyte joined #minetest |
| 03:32 |
|
Lesha_Vel joined #minetest |
| 04:00 |
|
MTDiscord joined #minetest |
| 04:30 |
|
v-rob joined #minetest |
| 05:02 |
|
calcul0n_ joined #minetest |
| 05:03 |
|
ball left #minetest |
| 05:17 |
|
Lesha_Vel joined #minetest |
| 05:36 |
|
Lesha_Vel joined #minetest |
| 05:46 |
|
loggingbot_ joined #minetest |
| 05:46 |
|
Topic for #minetest is now The official Minetest channel | Latest version: 5.7.0 (2023-04-08) | General, player and modding discussion is on-topic. If in doubt, post here | Responses may take a while, be patient | Rules: https://wiki.minetest.net/IRC#Rules | Development: #minetest-dev | Server list: https://minetest.net/servers | IRC logs: https://irc.minetest.net/minetest |
| 06:29 |
MTDiscord |
<jordan4ibanez> Why would YouTube dl cause those to be blocked by an isp? |
| 06:30 |
MTDiscord |
<jordan4ibanez> Unless you can now pirate a YouTube video |
| 06:32 |
|
amfl2 joined #minetest |
| 06:37 |
|
DrFrankenstone joined #minetest |
| 06:41 |
|
definitelya joined #minetest |
| 06:57 |
|
TomTom joined #minetest |
| 07:17 |
|
Lesha_Vel joined #minetest |
| 07:28 |
muurkha |
jordan4ibanez: there was a recent appalling court decision about this |
| 07:28 |
MTDiscord |
<jordan4ibanez> That's brutal |
| 07:28 |
MTDiscord |
<jordan4ibanez> Youtube had a good run though, but not really |
| 07:36 |
|
est31 joined #minetest |
| 08:33 |
|
bodiccea joined #minetest |
| 09:41 |
|
mrkubax10 joined #minetest |
| 09:48 |
|
Leopold_ joined #minetest |
| 10:14 |
sfan5 |
@savilli no. how would I even find this out? |
| 10:52 |
|
fling joined #minetest |
| 10:55 |
Blockhead256[m] |
ISPs really are complicit in such tosh |
| 10:55 |
Blockhead256[m] |
Political censorship and censorship on behalf of major copyright holders |
| 10:55 |
Blockhead256[m] |
Not to mention, have fun in the year 2023 if your internet is interrupted while you dispute with them |
| 10:55 |
Blockhead256[m] |
yt-dlp still works fine for me though :) |
| 10:56 |
Blockhead256[m] |
but what has the server list got to do with youtube-dl though? |
| 10:57 |
Blockhead256[m] |
because the same host serves a version of it? Someone had to go and report this obscure website |
| 10:57 |
Blockhead256[m] |
just wow |
| 10:58 |
mrkubax10 |
maybe shared IP? |
| 10:58 |
muurkha |
Blockhead256[m]: servers.minetest.net.300INCNAMEkitsunemimi.pw. |
| 10:58 |
Blockhead256[m] |
yeah two DNS records pointing to that same IP |
| 10:59 |
mrkubax10 |
so that's the reason probably |
| 10:59 |
muurkha |
it's a DNS record that points to the name, not to the IP |
| 11:00 |
muurkha |
but that's a minor quibble in this context |
| 11:06 |
MTDiscord |
<MNH48> might be related to https://torrentfreak.com/youtube-dl-hosting-ban-paves-the-way-to-privatized-censorship-230411/ .. ISP in some place might had to block all web servers that host any version of ytdl due to that court rule |
| 11:08 |
MTDiscord |
<MNH48> if that's the case then it's possible that this had got the server blocked by ISP: https://kitsunemimi.pw/ytdl/ |
| 11:08 |
muurkha |
yeah |
| 11:28 |
|
fling joined #minetest |
| 13:17 |
|
fluxionary joined #minetest |
| 13:21 |
MTDiscord |
<Warr1024> The Minetest server list is not really what I would have expected as a heuristic for whether somebody actually lives in the "free world" or not. |
| 13:28 |
|
illwieckz joined #minetest |
| 13:40 |
|
TomTom joined #minetest |
| 13:57 |
|
fluxionary joined #minetest |
| 14:40 |
|
fling joined #minetest |
| 14:41 |
|
LandarVargan joined #minetest |
| 14:46 |
|
PrairieWind joined #minetest |
| 14:46 |
|
PrairieWind joined #minetest |
| 14:59 |
|
A_Dragon joined #minetest |
| 15:32 |
|
Desour joined #minetest |
| 15:43 |
MinetestBot |
[git] SmallJoker -> minetest/minetest: InventoryManager: Disallow resizing or deleting inventory lists that … 0fb6dba https://github.com/minetest/minetest/commit/0fb6dbab360813536b5b62a7ee4aa03e7757eeb4 (2023-04-22T15:42:36Z) |
| 16:04 |
|
proller joined #minetest |
| 16:51 |
|
Niklp joined #minetest |
| 17:38 |
|
Desour joined #minetest |
| 18:14 |
|
sofar_ joined #minetest |
| 18:15 |
|
Leopold joined #minetest |
| 18:30 |
celeron55_ |
https://devclass.com/2023/01/24/eus-proposed-ce-mark-for-software-could-have-dire-impact-on-open-source/ |
| 18:44 |
|
Leopold joined #minetest |
| 19:12 |
|
Niklp3 joined #minetest |
| 19:14 |
|
appguru joined #minetest |
| 19:22 |
MTDiscord |
<jordan4ibanez> They're just like, let's just destroy everything |
| 19:25 |
Pexin |
my google fu is weak. what does compliance even mean in this case, other than paying a central authority for a digital signature? |
| 19:25 |
muurkha |
remembeer the EU already banned, of all things, borax |
| 19:26 |
|
proller joined #minetest |
| 19:26 |
Pexin |
exactly what type of "security" is it meant to protect? |
| 19:26 |
muurkha |
supply chain malicious code injection attacks? just guessing |
| 19:28 |
Pexin |
if nothing else, the bit about "unfinished software" makes the whole thing sound like a joke |
| 19:30 |
muurkha |
what is the proper response to the combination of such immense ineptitude with such immense power? |
| 19:30 |
MTDiscord |
<jordan4ibanez> All software is unfinished, and if someone stops updating it claiming yes finished. Well, now it's unfinished and outdated. |
| 19:31 |
muurkha |
nearly all. TeX is plausibly finished |
| 19:31 |
|
mrkubax10 joined #minetest |
| 19:34 |
|
kamdard joined #minetest |
| 19:41 |
potatoxel[m] |
noh |
| 19:43 |
|
proller joined #minetest |
| 19:43 |
MTDiscord |
<jordan4ibanez> Bro the entire existence of humanity in the internet age relies on open source software. If they mess that up and it all gets pulled back. Pulled off. They don't even understand the scope of the horrors they will experience. They think 290 billion is a lot for security? Let's triple that number and change the b to a t. Everything you're using in your life which is technological is using open source software under the hood, even your |
| 19:43 |
MTDiscord |
car. These people are idiots for even attempting to stifle this |
| 19:57 |
muurkha |
jordan4ibanez: similarly disastrous government policies have happened many times before |
| 19:58 |
muurkha |
Madagascar just kicked off a famine with price controls on staple foods |
| 20:07 |
MTDiscord |
<SX> "how can free software developers afford the cost of compliance" Well, who says they should care? And if it would be like CE marking then there's no direct costs at all as long as product is already safe to use. |
| 20:08 |
MTDiscord |
<SX> But I guess it probably isn't anything like CE marking... |
| 20:10 |
muurkha |
software is never safe to use; it always has defects. we call them 'bugs' |
| 20:10 |
|
proller joined #minetest |
| 20:11 |
MTDiscord |
<SX> Same goes with hardware that can still have CE markings, they also call them bugs or sometimes defects. |
| 20:11 |
muurkha |
except maybe seL4 or something. but they had to patch it for Spectre |
| 20:11 |
muurkha |
with hardware the guy who put the defects in there is getting paid to take the risk |
| 20:12 |
MTDiscord |
<SX> But like hardware reputable software also goes through QA testing, that also happens with open source and even with small projects. |
| 20:12 |
muurkha |
naw, most SaaS is tested in production through gradual rollout |
| 20:13 |
MTDiscord |
<SX> And I wouldn't call that safe unless it is safe for environment it targets, but then.. well it is safe. |
| 20:13 |
MTDiscord |
<SX> Safety after all is relative, not absolute. |
| 20:15 |
MTDiscord |
<SX> CE marking for example is a stamp than tells customer that manufacturer of product (not some trusted authority but manufacturer) guarantees that certain requirements are fullfilled. |
| 20:19 |
MTDiscord |
<jordan4ibanez> What if a requirement causes a security flaw? |
| 20:19 |
MTDiscord |
<SX> If linked article is anywhere near correct then situation should be somewhat similar and for many open source projects situation is kind of similar already if you consider documentation and how it works out in the end depends mostly on exact requirements. |
| 20:19 |
MTDiscord |
<SX> If requirements cause a security flaw then I guess requirements aren't well thought. And then I guess people would begin avoiding such "security" lables. |
| 20:20 |
MTDiscord |
<SX> If for example CE marking would make power tools inherently unsafe then ppl would probably start avoiding anything with CE marking. |
| 20:23 |
MTDiscord |
<SX> There's already standards that attempt to handle this and many open source projects do fulfill a lot of security related standards required for example by many government computer infrastructure systems, I guess issue is more that there's no simple stamp for consumers. |
| 20:26 |
MTDiscord |
<SX> If it is good or bad probably depends mostly on 2 things: requirements for stamp and what one has to do to get such security stamp. |
| 20:39 |
muurkha |
in the EEA the CE marking is not a voluntary thing |
| 20:40 |
muurkha |
ppl can't avoid things with CE marking there |
| 20:40 |
muurkha |
and the EEA is the world's biggest economy, we aren't talking about a few villages in Zimbabwe |
| 20:43 |
celeron55_ |
i don't think the CE analogy in that post is very good. don't get hung up on that |
| 20:45 |
muurkha |
you're right, I'm sorry |
| 20:45 |
celeron55_ |
and besides it anyway looks like nobody understands how CE works. CE is just basically the company producing a product stamping a paper that says "this product conforms to the relevant EU standards and thus we can put it on the EU market". if you don't do that you're not allowed to sell it in EU |
| 20:46 |
muurkha |
right, and if you do do that and it's not true then you're criminally liable |
| 20:47 |
celeron55_ |
also, more often than not companies do use external companies to do the paperwork and checks. just figuring out which standards the product has to comply with can be difficult |
| 20:48 |
celeron55_ |
but you can do it all in house if you want to. like you say, whoever signs the paper is liable if the product is found to not conform |
| 20:49 |
celeron55_ |
(of course and employee signing it makes the company liable, not the employee) |
| 20:49 |
celeron55_ |
an employee* |
| 20:49 |
MTDiscord |
<jordan4ibanez> How will this affect open source development like libraries, apps, and games? |
| 20:49 |
celeron55_ |
that's the question |
| 20:50 |
muurkha |
it would have to go underground, like in Iran |
| 20:51 |
muurkha |
purely pseudonymous |
| 20:51 |
MTDiscord |
<jordan4ibanez> Also minetest is located in San Francisco Cali USA so it's safe until america just pokes itself in the chest like that thing |
| 20:51 |
muurkha |
celeron55_ and sfan5 are not located in sf.ca.us |
| 20:51 |
MTDiscord |
<jordan4ibanez> I think people are just going to pretend that it never happened |
| 20:51 |
muurkha |
they are located in the EEA |
| 20:51 |
MTDiscord |
<jordan4ibanez> Then that means the entirety of the eu would have to block github |
| 20:51 |
rubenwardy |
Minetest is not in San fran |
| 20:52 |
celeron55_ |
it does seem like to me that it's aimed towards IoT type things which are already heavily covered by EU standards, and what they have found out there are no standards for cybersecurity related things |
| 20:52 |
MTDiscord |
<jordan4ibanez> It's on github's servers yes? I'm looking at it right now |
| 20:52 |
Pexin |
minetest is in your heart. |
| 20:52 |
muurkha |
no, it means people who upload code to github would get sued in the EU for it, and lose |
| 20:52 |
MTDiscord |
<jordan4ibanez> Not sure how that's going to work, it's in america |
| 20:53 |
MTDiscord |
<jordan4ibanez> And if github pulls access from the eu, phew boi |
| 20:53 |
celeron55_ |
if github has to ban EU from accessing github due to some legislation, then minetest can't be on github and your argument is invalid |
| 20:53 |
MTDiscord |
<jordan4ibanez> It's in the arctic code vault |
| 20:54 |
muurkha |
right, which means past contributors can't escape liability under such laws by removing it from github |
| 20:54 |
muurkha |
just like in Iran |
| 20:54 |
Pexin |
vast likelyhood is this is just another "offer the worst thing imaginable, wait for backlash, then replace with the second worst thing, and the people will Love you for it (all according to keikaku)" |
| 20:55 |
MTDiscord |
<jordan4ibanez> oof, you're both very correct |
| 20:55 |
MTDiscord |
<jordan4ibanez> Welp, the only thing we can really do is tell other projects like gnome, kde, linux, and blah blah |
| 20:56 |
Pexin |
to elaborate: because 1) the public has the attentionspan of a goldfish, and 2) politicians have this thing down to a literal science |
| 20:56 |
MTDiscord |
<jordan4ibanez> Oracle, linux foundation, fsf yada yada |
| 20:59 |
MTDiscord |
<jordan4ibanez> This is oss what happens to this? https://github.com/gcc-mirror/gcc so absolutely dangerous |
| 20:59 |
celeron55_ |
anyway. i haven't read the CRA, but i'm assuming it's some sort of requirement to use some kind of quality management method not too far off from something like ISO 9001 for the cybersecurity related parts in a commercial product. the main thing that means is that if you're selling a commercial product, you can't just ship it with open source software you downloaded from the internet without checking |
| 20:59 |
celeron55_ |
it over and not having any security processes/practices in place. however again i haven't read it, if someone knows it's not something like that, let me know |
| 20:59 |
MTDiscord |
<SX> What happens to some git mirror is dangerous? |
| 20:59 |
celeron55_ |
the pdf is 87 pages, i need to find some time |
| 20:59 |
MTDiscord |
<jordan4ibanez> It's a git mirror straight from the gcc project |
| 21:00 |
MTDiscord |
<SX> Yeah, it's a mirror |
| 21:00 |
MTDiscord |
<SX> Among with countless other mirrorsa |
| 21:00 |
MTDiscord |
<jordan4ibanez> So what happens when eu snoops up to the master branch's repo and then server and finds who owns it when they do not comply? |
| 21:01 |
MTDiscord |
<SX> And not even listed as a official mirror. |
| 21:02 |
MTDiscord |
<jordan4ibanez> Yeah exactly, that's what I'm getting at. Open source is like a dynamic environment, what happens if they take this to robocop levels and go after every person that hosts a copy of it? |
| 21:02 |
|
Shorp_Tr joined #minetest |
| 21:02 |
MTDiscord |
<jordan4ibanez> It's unfinished |
| 21:02 |
MTDiscord |
<SX> They'll probably start with themselves in that case and it'll take long enough before they get away with themselves... |
| 21:03 |
celeron55_ |
it being on github surely doesn't count as it being a product that's being traded in the EU |
| 21:03 |
celeron55_ |
altough, that seems to be one of the questions |
| 21:04 |
celeron55_ |
it clearly needs to be made sure that you can make software downloads available on the internet without them being subject to these rules. that seems to be the point of the post i linked |
| 21:05 |
|
fling_ joined #minetest |
| 21:05 |
MTDiscord |
<SX> After all EU has been driving open source to public sector for very long time, during last year there's been some talk about if it causes security issues. Mostly connected to one specific geopolitical conflict round EU borders. |
| 21:05 |
MTDiscord |
<jordan4ibanez> Yeah seriously |
| 21:05 |
celeron55_ |
i'm glad they're bringing some regulations onto the IoT crap market though |
| 21:06 |
potatoxel[m] |
internet of tomatoes ;o |
| 21:06 |
MTDiscord |
<jordan4ibanez> Hack into someone's coffee machine and run a crypto miner because they left root with password " " :P |
| 21:06 |
celeron55_ |
one of the main goals seem to be that products that are IoT crap are marked as such. the surprise "oh i need to register to this chinese server in order to use the product" need to go |
| 21:07 |
muurkha |
celeron55_: if it were just what you were describing, ASF et al. wouldn't be up in arms. it imposes liability on software authors if their software is defective |
| 21:07 |
potatoxel[m] |
most my software is defective ;o |
| 21:07 |
celeron55_ |
muurkha: have you read it? i'd be very glad if i could ask questions from someone who has had the time to read it |
| 21:07 |
muurkha |
not people who host copies, as jordan4ibanez seems to think |
| 21:07 |
potatoxel[m] |
but its just games i made for fun |
| 21:08 |
muurkha |
Minetest itself would probably not be affected |
| 21:08 |
MTDiscord |
<jordan4ibanez> I'm not sure about that, it seems pretty vague in wording |
| 21:08 |
muurkha |
but irrlichtmt might be, if someone uses it to build a 3D view of a self-driving car environment |
| 21:09 |
celeron55_ |
why would the developers be liable? the one liable should be the one who brings the end product to the market |
| 21:09 |
celeron55_ |
are you sure that's the case |
| 21:09 |
MTDiscord |
<jordan4ibanez> Headline: "Tesla uses minetest for the new model 12, simulates roads in voxels, more news at 11" |
| 21:10 |
MTDiscord |
<jordan4ibanez> It's silly |
| 21:10 |
potatoxel[m] |
minetest crashes, so tesla crashes, person died because minetest is buggy |
| 21:10 |
potatoxel[m] |
oh no ;o |
| 21:10 |
MTDiscord |
<Flamore> the Tesla would stop at chunk borders :trollface: |
| 21:10 |
muurkha |
celeron55_: sadly I have not, just people's commentary. I do kind of know where people like Simon Phipps stand, though |
| 21:11 |
potatoxel[m] |
MTDiscord: lol |
| 21:11 |
celeron55_ |
i'm going to link this to the guy in my company who does our CE stuff. he will have to read it on company time and then i can ask questions from him. life hack |
| 21:11 |
MTDiscord |
<jordan4ibanez> That's genius! |
| 21:11 |
potatoxel[m] |
lol |
| 21:11 |
muurkha |
celeron55_: the developers would be liable if the CRA is enacted because its point is to make them liable |
| 21:12 |
celeron55_ |
i refuse to believe that from anyone who hasn't read the paper. that makes no sense to me |
| 21:12 |
potatoxel[m] |
when you make people that are writing free code liable, you just make less of them write it. or none of them write it. |
| 21:12 |
muurkha |
I agree that it makes no sense |
| 21:12 |
MTDiscord |
<jordan4ibanez> Oh right so like here's the other one I forgot to ask: Which developer? The one that wrote the library? Or the one that made the entry point? Or the one that made the line of code that caused the crash? Or is it the developer that checked the code before it went into the master branch? |
| 21:12 |
muurkha |
and I also agree that you shouldn't trust me |
| 21:12 |
potatoxel[m] |
like why would me writing code and putting it in my website make me liable for someone who uses it |
| 21:12 |
muurkha |
on this, anyway |
| 21:13 |
MTDiscord |
<SX> I guess would be similar to if someone uses rat poison to produce meatball stew who would then be liable if someone gets sick. |
| 21:13 |
potatoxel[m] |
i didnt read it either just talking about what i heard |
| 21:13 |
celeron55_ |
in finland we had a widely publicized court case about a company that had totally shit security practices and leaked patient information due to it. the court gave practically no liability to the developers or even the CEO, and put all the liability on the hacker that basically connected to ther internet facing database without a password |
| 21:13 |
MTDiscord |
<jordan4ibanez> Are they all jointly responsible? Vagueness is dangerous boi |
| 21:13 |
muurkha |
potatoxel[m]: see Simon Phipps' commentary: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13410-Cyber-resilience-act-new-cybersecurity-rules-for-digital-products-and-ancillary-services/F3376611_en |
| 21:13 |
potatoxel[m] |
anyway, all the text i just wrote is provided to you under no warantee, not even merchentability for a particular purpose. also its not legal or medical advice, or any advice. |
| 21:14 |
celeron55_ |
if the CRA says what muurkha is saying, that would put the court case totally on its head |
| 21:14 |
muurkha |
celeron55_: I don't think you should believe me but I do think you should believe Simon :) |
| 21:14 |
MTDiscord |
<jordan4ibanez> How did they even let that pass into a branch, never mind the master branch. That's mind boggling |
| 21:16 |
celeron55_ |
muurkha: it does sound worrying |
| 21:25 |
Desour |
the article linked by celeron55_ is quite old (january). here's something more recent (found via web search): https://linuxfoundation.eu/cyber-resilience-act |
| 21:49 |
|
migdyn joined #minetest |
| 21:53 |
|
migdyn left #minetest |
| 22:32 |
|
panwolfram joined #minetest |
| 22:49 |
muurkha |
thanks, Desour! |
| 23:04 |
|
Leopold joined #minetest |
| 23:24 |
|
fling_ joined #minetest |
