Time Nick Message 11:57 Lsabz Hello! I'm playing on a Server and I suspect that a player has bad intentions. Is it possible for a hacker to be tracking my IP? This is how it hits me 11:58 muurkha your IP is 2804:1b5c:11e2:af00:47da:122b:ce2:b3ca 12:00 Lsabz muurkha I don't know I didn't check it. But is possible from chat of minetest? 12:00 muurkha this suggests that you are in Matao in Sao Paulo (according tohttps://www.maxmind.com/en/geoip-demo) 12:00 muurkha I don't know 12:01 muurkha certainly if they're on this IRC channel they could see it 12:01 muurkha I don't think Minetest normally reveals the IPs of other players the way IRC or things like Jitsi do 12:03 muurkha there's an API for this that a mod can call: https://gist.github.com/davisonio/686aba40989419dbdff2 12:03 muurkha and certainly it's possible for the server admin to install that and make it available to players 12:03 Lsabz The server is not mine, but I I just play there 12:07 Lsabz Sorry I'm back 12:10 muurkha no worries 12:10 muurkha anyway I don't think there's standard functionality that makes player IPs available to other players 12:11 muurkha but it's certainly easy for the admin to add 12:11 Lsabz In this server they ban some players by ip, is it possible to a hacker get the players ip list 12:11 muurkha anything is possible 12:12 ROllerozxa if someone posts an IP grabber in a server's chat and you click on it then they could obtain your IP too 12:13 muurkha good point 12:15 Lsabz Oh yes, it happens, but I don't see nothing a normal with the link 12:15 Lsabz Anormal 12:16 Lsabz From individuos 12:16 MTDiscord Oh yes, attack vectors everywhere, organic or code 12:17 MTDiscord We can only do so much, but if you type in your credit card info or password into the public chat, we can't really do anything about that one 12:17 MTDiscord A simple mod would be url disposer 12:18 MTDiscord That can probably be built into the game with a regex filter 12:18 MTDiscord A priv like "url" or something could be enabled for this 12:20 Ingar or ask your players not to paste stupid thigns in the chat 12:20 Lsabz I'll suggest that to admin 12:21 MTDiscord Lsabz: in principle, there is no easy way known to me that would allow a malicious player to obtain your IP without you making a mistake 12:22 Lsabz Ok, but except that way the chances so is low 12:23 MTDiscord in other words: the Minetest server, to my knowledge, does not divulge IPs (at least by default; maybe there are mods that change this). this includes bans - for obvious reasons, the IP blacklist is serverside. the only way to "query" it is by attempting to join with a specific IP, which is (a) very inefficient and (b) requires you to be able to spoof a gazillion IPs without your ISP or anyone else along the route noticing this. 12:24 MTDiscord Let's say there is some kind of buffer overflow exploit built into the server by accident that we have not discovered 12:24 MTDiscord Someone figured out a way to get to the address of the incoming IPs on the server by sending a specific ascii string as a packet to the server 12:25 MTDiscord This would mean that no IP is safe unless you are hidden behind an ip hider thing, like a vpn or whatnot 12:25 MTDiscord This is a very specific scenario and I find it highly unlikely but not 0 12:26 MTDiscord someone capable of exploiting a buffer overflow most probably wouldn't blow it on grabbing some randos' IPs 12:27 MTDiscord I dunno man I've seen some people do some pretty wacky stuff over the years with this project 12:27 MTDiscord Remember the guy that tried to payload base64 to give himself server privs in whatever mod it was? hahaha 12:27 MTDiscord yeah, t'was a much shrimpler thingy tho 12:28 MTDiscord it was HybridDog PR'ing techage iirc btw 12:28 MTDiscord This might be a simple thing for a higly advances C/C++ dev 12:28 MTDiscord highly* 12:28 MTDiscord i kinda wanna find a RCE in minetest 12:28 MTDiscord Do I smell RCE tracker on the horizon? 12:30 Lsabz Well, I know that server is host in a PC in a home, a moderator tell that in a chat I don't know if is real but I think it maybe not safe 12:31 MTDiscord Oh right, if you join a no-name server they can just snatch up your IP like it's nothing, it's literally built into the API 12:32 MTDiscord yes, servers get your IP. 12:32 MTDiscord What are they going to do with an address? I dunno m8 12:32 Lsabz So if the server has a mod to moderate ban options and the attack is do there someone catch the ip list 12:33 Lsabz Noname is server that don't appear in server list? 12:33 MTDiscord no, this holds for all servers 12:33 MTDiscord if a server issues a ban command / submits a ban formspec, a man in the middle could indeed read the IP that is being banned 12:33 MTDiscord but this again seems rather unlikely to me 12:34 MTDiscord a server moderator* 12:34 MTDiscord This is an attack vector equivalent to robbing the mail truck to get someone's house address 12:35 MTDiscord well, the main problem for an attacker here would be to get the mail truck to pass by a node where he can at least inspect packets 12:35 Lsabz Noname server don't shows in server list? Is it? 12:35 MTDiscord no-name: a server that isn't in the official server list 12:35 MTDiscord this is irrelevant. a server that shows in the server list gets your ip just as well. 12:36 MTDiscord I don't think someone wants to have their server removed doing something that immensely stupid 12:36 Lsabz Oh OK, I just to understand what is noname 12:36 MTDiscord "yeah we got jordan4ibanez's ip address, 5 bucks" and you've been black listed from the server list and we had to send out a forum warning not to join this server, OOPS 12:37 MTDiscord it's 13:37 12:37 MTDiscord just saying 12:37 MTDiscord (at least in Germany) 12:38 MTDiscord https://tenor.com/view/hmm-thinking-gif-1696455838339387033 12:38 MTDiscord It was the minute of hacking in germany 12:39 Lsabz I understand. I was worry because the conversation in chat was some creepy 12:39 Lsabz And how I don't know anything about this 12:39 MTDiscord Oh yeah you'll meet people that pretend to be admins, people sending you to strange links, people are people and people can be crazy. Best to not engage 12:40 MTDiscord There are plenty of wannabe "hackers" who barely know what an IP yet will try to intimidate you. 12:42 MTDiscord Yeah exactly, just remember you had to have the IP/address to actually join the server, and I'm pretty sure most servers are just raw IPs unless they're the really fancy ones like yourland. You know the server's address spooky 12:42 Lsabz Yes, this player turn be a friend in game, and but I never share personal info and he tells something weird suggest that not to me exactly 12:42 MTDiscord Note that even if - and that's a giant if - they got your IP, what are they gonna do? I highly doubt that they have some valuable exploits at their disposal. They probably just get a rough geolocation. And if you have a dynamic IP, you can usually just reboot your router to get a fresh one; it also usually changes periodically. 12:45 Lsabz Yes, I reboot the router, I know that. well I'm most calm 12:45 Lsabz And I'll suggest to admin to control link shares 12:47 Lsabz So thank you so much guys. I need to go out now 12:48 MTDiscord I was gonna write a whole bit and bob, but even if they get past everything and you notice that there's a random TTY doing random stuff, you can annoy the poop out of them by plugging and unplugging in your ethernet cable 12:49 MTDiscord why plug it back in? 😂 12:49 MTDiscord To give them hope a few times before you change the user/root password 12:49 MTDiscord all their hope is just risk for you 12:50 MTDiscord i'd just unplug and shut down if i suspected i was under attack, then probably nuke it from the orbit 12:50 MTDiscord https://tenor.com/view/dangerous-gif-6113187 12:50 Lsabz 😀 I understand put in down the connection 12:51 Lsabz Is there some free VPN and cool 12:51 MTDiscord If they can get past the first line of defense, that means that there's a serious problem with the main entry point of your network and nuking it from orbit really wouldn't do anything, you'll have to do a change to the settings on your router/access point/blah 12:52 MTDiscord Unless you're in public of course then NUKE THAT THING OH GOD 12:52 MTDiscord Most routers just hardly are a "line of defense" 12:52 MTDiscord I guess I spent too much time configuring mine 12:53 MTDiscord I don't think Minetest would necessarily work well with a VPN, btw. You want low latency, and you want UDP. I kinda doubt that you'll find a good, free VPN that fits this bill, but maybe there is. 12:53 MTDiscord It is excusable if your router uses Lua for configuration 😁 12:54 MTDiscord I honestly have no idea. But if it does run lua then I deserve what's coming to me when a blackhat reads this conversation lmao 12:54 Lsabz 😆 I guess no 12:56 MTDiscord We need routers written in... 12:56 MTDiscord # rust 12:56 DeepThgt no 12:56 DeepThgt rust shouldt be used in production 12:56 MTDiscord https://tenor.com/view/emoji-emoji-disintegrating-emoji-disappearing-meme-21st-century-gif-24891417 12:56 DeepThgt its a toy 12:57 DeepThgt there isnt even a spec 12:57 MTDiscord Yeah, it's a joke 12:57 DeepThgt oh 12:57 Lsabz Well guys, thank you so much, I hope I need to go out now 12:57 DeepThgt woosh 12:57 DeepThgt lo 12:57 DeepThgt l 12:57 MTDiscord Yeah, we should fire mozilla immediately 12:57 MTDiscord hmm i think i can't block specific IRC users on Discord, can i? 12:57 MTDiscord No, you'd block the entire bridge 12:58 MTDiscord I think I can't even block the bridge 12:59 MTDiscord just mute the entire channel at that point 😂 13:21 MTDiscord This actually brings up a great point now that I've thought about it for a bit 13:22 MTDiscord Why did ISPs ship out network switches and routers for so long with literally the same password/username for the root account even when they claimed they were secure? I mean now they kinda randomize it but it's got some weird default settings in it 13:24 MTDiscord because the router interface is meant to be LAN-only and not internet accessible, I assume 13:25 MTDiscord Wait a second, I just realized I've been saying router instead of modem 13:26 MTDiscord Welp, that's what I get for talking when I'm waking up lmao 13:29 MTDiscord No, no, I was referring to the right thing, I was wrong about being wrong, incredible 15:16 jonadab The short version is, most people are bad at thinking about security. 15:17 jonadab And that includes most IT security professionals. 15:19 celeron55 most of the time when people talk about routers or modems they actually mean a device that integrates both a router and a modem 15:19 celeron55 so, essentially, it's all wrong 15:22 MTDiscord the perfect compromise, everyone is wrong :D 15:25 MTDiscord this is unacceptable 15:25 MTDiscord but, because everyone is wrong, my claim that it is unacceptable is wrong, so it is in fact acceptable 15:26 MTDiscord but what if i now claim that everyone is wrong? 15:26 MTDiscord i would have to be wrong about this 17:43 jonadab These days, when people say "router", they usually mean an 802.11 hotspot specifically. Which, yes, technically is a _type_ of router. 17:45 jonadab "Everything you know is wrong." -- Weird Al Yankovic 17:47 MTDiscord When people say "router" they mean "that one funny looking box that makes the internet work in my house" 17:49 jonadab Well yes. 17:50 jonadab That's ok, I remember when people used to use the terms "CPU", "hard drive", and in some cases "modem", for a PC tower case and all its contents collectively. 17:51 jonadab And "computer" for the monitor. 17:52 Ingar I'm in customer support, you have no idea :D 17:53 MTDiscord Monitors nowadays have whole ARM computers inside them, so it's technically correct 17:54 celeron55 everything nowadays has a whole ARM computer inside it 17:54 jonadab Ingar: I'm the entire IT department for a small-town public library. I have *some* idea. 17:54 Ingar jonadab: :D 17:55 Ingar jonadab: coincidently, we have a number of libraries between our customers 17:55 MTDiscord Except ARM computers, but I'm sure there are some exceptions 17:58 MTDiscord I've heard "CPU" and "hard drive" for tower, but "modem" is a new one to me 😆 17:58 MTDiscord I've also heard the old joke about the optical drive tray == cupholder, but never seen that one in the wild. 17:59 MTDiscord I did once get to see a teacher in middle school struggling to get a computer to power on, I suggested the most obvious thing "check to make sure it's plugged in," and he said "I'm SURE it's plugged it", then spent the next several minutes messing around with everything else before checking and finding it not plugged in. 18:00 MTDiscord Not as good as the old joke about "let me get a flashlight" "why?" "oh, the power is out here." but pretty funny at the time. 18:01 jonadab I've never seen an authentic, non-ironic use of "cupholder" for CD drive either. 18:02 Ingar I did, althoug hthe person in question was fully aware that it was a CD and didnt care 18:02 MTDiscord It seems like a shame because it becoming well known as a joke may have warned off people from authentically making the mistake. 18:03 jonadab I think by the time most computers came with a CD-ROM drive, most people knew what a CD was. They maybe didn't realize it could be used for things other than music, but they knew what it was. 18:03 MTDiscord I know that calling chess knights "horses" annoys people, so sometimes I would take it a step further and call the rooks "ashtrays" but it's not quite the same. 18:04 MTDiscord Every floppy disk drive could be called a "floppy disk launcher" if you hit the button hard and fast enough. 18:04 jonadab There are substantial regions of the English-speaking world where chess rooks are routinely called "castles". 18:04 jonadab Eh, not sure about the old ones, warr1024. Some of them, you lifted the lever out of the way and then just pulled the diskette out. This was in the single-sided days. 18:06 Ingar it worked with a 3 1/2" drive 18:06 jonadab Oh, right, I'm thinking 5.25" 18:06 jonadab Yeah, the 3.5" ones were all spring-loaded. 18:07 jonadab I'm not quite old enough to have ever had dealings with 8" floppies. They existed during my lifetime, but the kinds of computers that had them, were not exposed to young children. 18:13 MTDiscord I seem to remember the 5.25" ones being somewhat spring loaded too, though there was no way to change the speed or force of the spring. 18:15 jonadab Yeah, the later ones were, @warr1024. By the time the drives could read double-sided floppies without you having to physically flip the disk over, they had an auto-eject mechanism, at least usually. 18:16 jonadab Also, by then they were usually only half height, meaning they only took up what would now be one full-sized drive bay on a tower/server case. 18:19 MTDiscord I can't imagine why they would need to be taller when the disk itself is so thin. Needed a lot of clearance to fit vacuum tubes or something? 18:21 celeron55 they were industrial grade chunky, with through hole components on the circuit boards and aluminium castings as structure 18:21 jonadab I think in the very early days, they wanted room to _work_ on the things, mechanically. 18:21 celeron55 stepper motors like in 3d printers nowadays 18:21 jonadab And yes, the motors were a lot chunkier than in later years. 18:21 celeron55 no surface mount, no sheet metal, no miniaturization of any kind 18:23 celeron55 it's difficult to find a good side picture of the insides of an ibm pc, with more than 3 pixels 18:23 jonadab But yeah, in the seventies, they used to actually repair such components when something went bad. So e.g. if a motor burned out, they'd remove it and put a replacement motor in, and the floppy drive would work again. 18:24 celeron55 to show the chunkiness of the drives 18:24 MTDiscord Ah, of course, those big stepper motors ... just in case the disk inexplicably weighed several tons and you needed a lot of torque to get it spinning 😆 18:25 celeron55 https://i.pcmag.com/imagery/articles/03bmOl8eBV4DmWgft4j5kbQ-23..v1628537974.jpg http://oldcomputers.net/pics/ibm5150-topless.jpg 18:25 MTDiscord Oh wow, yeah, I forgot how much people loved DIP packages back then 18:25 celeron55 it was more about the fact that nobody made slim stepper motors back then 18:25 celeron55 it was the only thing you could get 18:26 celeron55 the supply chain had to catch up 18:26 jonadab DIP was the only form RAM came in, among other things. 18:26 jonadab Also it was often used for logic chips, like the ones with gates on them and stuff. 18:27 celeron55 well any chips whatsoever 18:27 jonadab Sure. 18:27 jonadab These days the logic gates would be integrated into some much more advanced chip. 18:28 jonadab And the RAM would come as a DIMM. 18:29 jonadab Although, the amount of RAM a floppy disk needs, would be integrated into the I/O chip. 18:29 jonadab floppy disk *drive I mean. 18:29 celeron55 by the start of the 90s circuit boards still had some through hole components. at the end of the 90s nothing was, anymore. except maybe the bios rom chip 18:30 celeron55 (and big capacitors) 18:30 jonadab Some of the chunkier connectors remained through-hole for physical reasons. 18:30 celeron55 connectors still are 18:30 celeron55 at least partially 18:31 celeron55 they need to stay on the board when an overgrown ape tries to break them 18:31 jonadab Yeah. I'm guessing it makes the connection more robust, and the plugging/unplugging is an issue without that. 18:32 jonadab Although laptops can have some pretty delicate connectors in some cases. 18:32 celeron55 laptops can have very delicate internal connectors as they are not designed to be serviced by the average joe 18:33 celeron55 external ones... well you'd hope they'd be sturdy, but you get what you get 18:33 celeron55 these days, you might not get any external connectors 8) 18:34 jonadab I was thinking things like hard drive connectors, yeah. Theoretically user-serviceable but in practice, only kind-of user serviceable. 18:35 jonadab The ones for stuff like USB ports, should _in principle_ still be as robust as ever, one would hope. 18:36 jonadab Unless you buy Apple, in which case, yeah, you probably don't get any standard connectors because that would make you a plebe or something. 18:39 celeron55 apple users are neurotic about having anything else than the laptop on their desk so they wouldn't use any connectors anyway 18:39 MTDiscord The true "no external connectors" thing is only sort of theoretically possible with wireless charging, but it's super inefficient right now. Might be an interesting way to make a completely IP68 laptop that's completely sealed shut and you could use it safely at the bottom of a swimming pool or something, though I can't see all that much practical use for that. 18:40 jonadab What, you never want to check your email in the shower, or while deep-sea diving? 18:40 MTDiscord Hilariously, I have a work-issued macbook and one of the first things I wanted for it was a dock so I could connect stuff like a mouse, network adapter, etc. while still charging it... 18:40 celeron55 well, the shape of a laptop is an absolute nightmare to waterproof. huge surface area, the worst halfway point between bendy and not bendy, and the worst of all, you have a keyboard 18:41 MTDiscord If I wanted to just check my email, I'd just get a waterproof phone, and those are MUCH more practical. In fact, if you want an IP68 phone case, Ziploc makes them, you can buy them in packs of a hundred 😆 18:41 celeron55 it would be possible and there probably are waterproof ones, but they are probably absolutely awful to use 18:41 jonadab celeron55: Yes, if only people could learn how to do their computing tasks using a featurless sphere, instead of a laptop... 18:42 MTDiscord If I'm bringing a full laptop with me to the bottom of the ocean, it's because I want to program. "Hold on, I have to swap out my oxygen tank before the upcoming zoom call. Don't mind the fish, they're just curious about the camera." 18:42 jonadab Heh. 18:42 MTDiscord Featureless sphere computing would at least make physicists happy. 18:44 jonadab Point mass would be even better. 18:44 celeron55 we already have featureless slab computing 18:45 celeron55 the day they integrate an AI voice assistant into internet banking, people will be free to move into featureless sphere computing 18:45 celeron55 it'll take some years still 18:46 celeron55 mostly because there are banks involved in internet banking 20:23 MinetestBot 02[git] 04appgurueu -> 03minetest/minetest: Extend bone override capabilities (#12388) 130d61598 https://github.com/minetest/minetest/commit/0d61598d8aef6466fe232e97bd0de1ed4e726a54 (152023-12-20T20:21:53Z) 20:23 MinetestBot 02[git] 04grorp -> 03minetest/minetest: Fix touch input on Linux 133b346fd https://github.com/minetest/minetest/commit/3b346fd3c916851af1d8bbee8f4bd0d9b2750938 (152023-12-20T20:22:15Z) 20:24 MinetestBot 02[git] 04sfan5 -> 03minetest/minetest: Enable segment heap on Windows 1347e557b https://github.com/minetest/minetest/commit/47e557b96ad4b9f053cf35150b2f46fe623b4dc7 (152023-12-20T20:23:08Z) 20:26 MinetestBot 02[git] 04grorp -> 03minetest/minetest: Fix TouchScreenGUI ignoring server-sent pitch changes 1304dc4a1 https://github.com/minetest/minetest/commit/04dc4a10f03c2f7d28ae59c772bc726a9b6856cc (152023-12-20T20:24:10Z) 21:31 MTDiscord Assuming you have some kind of mouse input that works underwater, the usecase is dolphin research; having underwater computers with enough power for AI is a big proplem for dolphin communication researchers (source: radiolab, iirc) 21:31 MTDiscord Oh, in reference to Warr1024's underwater computer reference