Minetest logo

IRC log for #minetest, 2024-12-16

| Channels | #minetest index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:05 Eragon joined #minetest
01:38 MTDiscord joined #minetest
02:50 clavi joined #minetest
02:50 clavi joined #minetest
03:07 jadedctrl joined #minetest
04:05 Thermoriax joined #minetest
04:59 tzenfore joined #minetest
05:00 MTDiscord joined #minetest
05:35 CRISPR joined #minetest
07:03 repetitivestrain joined #minetest
07:04 repetitivestrain Hello, mineclonia developer here.  has anyone explored exposing client-side active objects to CSMs much the same way LuaEntities are able to define or override actions taken on each step affecting server-side lua active objects?
07:07 repetitivestrain e.g., by providing a callback that is run whenever a client CAO of a specified type's on_step is called
07:08 repetitivestrain and also something capable of replacing LocalPlayer's `move' and `applyControl' functions?
07:09 repetitivestrain lest you think this is an XY problem, i'm asking because mineclonia has a wealth of mobs and other entities with custom physics that are steerable, and also provides devices that enable players to ``fall fly'', or rather glide through the air
07:10 repetitivestrain and these physics perform poorly in the face of server or network lag, for they rely on control packets being delivered to clients in response to input received by the server
07:12 repetitivestrain in Minecraft, physics for ordinary entities are controlled by the server, and the client receives only velocity information, as in minetest, but entities controlled by a player (and obviously players themselves) are controlled by the client, which shares a copy of their physics engine with the server
07:13 repetitivestrain and i was wondering whether it wouldn't be trivially possible to expose enough player and CAO internals to csms for minetest CSMs to implement similar functionality as well
07:15 repetitivestrain given that we already have a physics engine for server-side mobs that does not assume a fixed dtime size, is quite isolated, and is capable of accurately reproducing minecraft's living entity physics, i think such a facility would, beyond just improving elytra responsiveness, also benefit a number of players who dislike minetest's player physics, and permit us to implement fall damage detection more consistent with minecraft and
07:15 repetitivestrain finally fix the annoying issue where falling into water displays the damage animation even though the player will not sustain any actual damage
08:53 MacroFaxSax joined #minetest
09:26 gregon joined #minetest
09:48 ireallyhateirc joined #minetest
10:13 tarsovbak joined #minetest
10:20 mrkubax10 joined #minetest
10:41 SwissalpS it seems possible to set a meta string so large that the server crashes when trying to read it
10:43 sfan5 repetitivestrain: there's many obvious applications for CSM in this space but it's basically all blocked on the server being able to control the CSM the client executes, which itself is blocked on having a sandbox we can trust
10:45 repetitivestrain sfan5: i'm not asking for SSCSM :-)  just a client-installed CSM that users can optionally install to get more minecraft-like physics
10:46 sinvet joined #minetest
10:48 sfan5 adding such an API to client-controlled CSM is like adding official cheats to the engine
10:50 repetitivestrain why not place it behind another restriction flag?
10:50 shinbet joined #minetest
10:51 sfan5 so the server owner can choose to have improved client prediction/physics/etc. but also free cheating?
10:51 repetitivestrain Yes
10:51 sfan5 acceptable for an experiemental feature or API IMO
10:51 sfan5 but not the end goal
10:52 repetitivestrain i think ultimately client provided CSM is a dead alley, but SSCSM doesn't exist yet
10:52 sfan5 either way I'd say the reason why CSM is frozen is half between "we don't have working SSCSM incl. sandboxing yet" and half nobody being interested to work on it
10:53 repetitivestrain right now i'm quite motivated to work on csm playerphysics (but not SSCSM since the organizational politics around it are daunting to put it mildly)
10:53 repetitivestrain i'm putting the finishing touches to the mineclonia mob rewrite
10:54 sinvet joined #minetest
10:54 repetitivestrain and i see another application for the physics engine i wrote for the mob rewrite in this domain
10:54 repetitivestrain so i suppose what i want to ask is
10:55 repetitivestrain if i implement facilities for providing custom on_step functions for client-side active objects, gated behind a new csm restriction flag, will they be welcome upstream
11:01 jluc joined #minetest
11:22 CRISPR joined #minetest
11:58 sfan5 please open an issue on that
11:58 MTDiscord <luatic> I have a SRCSM proposal which forgoes the in my opinion excessive sandboxing requirements which have been part of the reason this has been held back for so long
11:59 MTDiscord <luatic> foregoes*
11:59 MTDiscord <luatic> actually I think both forgo and forego would work here
11:59 sfan5 does it include switching to javascript?
12:00 MTDiscord <luatic> no, of course we'd be switching to an esoteric programming language i am still in the process of designing
12:01 sfan5 brainfuck is easy to sandbox
12:01 sfan5 I heard
12:02 MTDiscord <luatic> I mean something like a minimal Scheme would be easy to sandbox I imagine, but would also be a pain in the ass for modders, and a homegrown interpreter would be lacking many optimizations
12:03 sfan5 personally I think my IPC idea isn't so bad
12:05 sfan5 but someone needs to implement it obv
12:05 MTDiscord <luatic> Here is my proposal. I think IPC isn't a good idea for the first version of SRCSM. https://gist.github.com/appgurueu/4f419f4b4c10dc850cc4049962cb101a
12:10 sfan5 will you post it somewhere where I can comment on it?
12:16 grorp joined #minetest
12:18 MTDiscord <luatic> sfan5: I have posted (the link to) it on the CSM discussion issue, it's probably best if you comment there
12:23 qur joined #minetest
12:49 CRISPR joined #minetest
13:16 MTDiscord <grorp> I've commented on your proposal
13:20 MTDiscord <siliconsniffer> a man in high demand
13:48 runxiyu lua wasn't difficult to sandbox either
13:49 jordan4ibanez joined #minetest
14:01 CRISPR joined #minetest
14:04 erle <SwissalpS> it seems possible to set a meta string so large that the server crashes when trying to read it
14:05 erle yes, don't do that
14:05 erle SwissalpS what have you set?
14:05 jordan4ibanez Large strings are the platform on which I reside
14:06 erle repetitivestrain hey i played the mob rewrite thing on oysterity anarchy and i think a bunch of my sheep lost color. can you check what's up with that?
14:07 erle luatic i am very sorry, but “Additionally, the Luanti community has, to my knowledge, hardly ever seen any attempts at (sophisticated) "malicious" mods.” – HAHAHAHAHAHAHA
14:07 erle “build a stone cluster at locations where people logged out”
14:07 erle “fill this area with water sources”
14:08 jordan4ibanez Go look at my ultra_key_2000 on the forum for an injection attack lol
14:08 erle “lag out this player that is attacking me”
14:08 jaca122 joined #minetest
14:08 MTDiscord <luatic> erle: what i'm concerned about is someone posting a malicious mod or client-side mod. has that happened? i hardly remember any instances.
14:08 erle luatic if you have not seen malicious CSM, i have an eiffel tower to sell to you
14:08 erle you are doing the same thing zughy did with texmods
14:08 MTDiscord <luatic> what
14:09 erle zughy once posted “i haven't used more than 3 texmods ever, so is it important to support more?”
14:09 erle obviously zughy has never used banners in the various mineclones
14:09 MTDiscord <luatic> can you name a single instance of a mod that had to be taken off CDB because someone tried to, say, abuse luanti users computers for botnet purposes or whatever
14:09 jordan4ibanez no
14:09 erle an argument from ignorance is not good. CSMs are not on cdb, but on cheatdb.
14:09 MTDiscord <luatic> you are looking at the wrong things
14:09 erle > We probably have a decent attack surface already via our current networking API and dubious file readers already (though those have improved since sfan's fuzzing efforts a while ago).
14:10 erle i am VERY VERY sorry for you, but that reasoning is bollocks
14:10 jordan4ibanez alright no need to get british on him
14:11 MTDiscord <luatic> my reasoning, in the bigger picture, essentially is that while yielding security improvements, a process sandbox will be far from a 100% or even a 99% or even a 90% risk reduction (though it is of course difficult to estimate)
14:11 erle whenever you see people say “oh we don't need security because we already have little” what they are saying is “i have no formal security training and really don't *want* to care”
14:11 MTDiscord <luatic> no
14:11 MTDiscord <luatic> this is security absolutist bullshit
14:11 MTDiscord <luatic> i get that that is your role
14:11 jordan4ibanez if we do sscccsmscm we can have a more apparent usage of csm and we can find mor problems instead of it being in a chest locked away like some kind of horrible project that we shield away from people's eyes
14:11 erle uh, the “security absolutist bullshit” is “context-free or regular”
14:12 erle luatic i do not disagree with some of your conclusions btw
14:12 MTDiscord <luatic> that is security absolutist absolutist bullshit
14:12 erle luatic i disagree with the way you arrive there
14:12 MTDiscord <luatic> in my opinion we will never be secure enough that we can have servers just send code to clients
14:12 erle i think CSMs should be made first-class engine citcizens. i don't think servers should be able to require them.
14:12 MTDiscord <luatic> we will always need explicit trust
14:13 erle in fact, my “oh can i modify the main menu from a client” (a capability that was soon patched out by some fun-hater) was explicitly to add a tab to manage csms
14:13 erle maybe made by jordan4ibanez, was it?
14:14 MTDiscord <luatic> servers being able to communicate to the client which CSMs they need to install - and then a quick way to install them - is crucial for good UX
14:14 erle luatic a very easy and (probably) non-controversial first step would be to host CSMs on CDB, just like cheatdb does (or did?)
14:14 erle no no no no no no no no no
14:15 erle luatic have you read “Security Applications of Formal Language Theory” and/or “The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them”
14:15 erle ?
14:16 jordan4ibanez I always make the worst and most egregious mods so I probably did it
14:16 MTDiscord <luatic> I think I have read the latter, but it was a while ago
14:16 jordan4ibanez half of my original game was in csm
14:17 erle https://git.minetest.land/erle/mainmenu_csm
14:17 erle > The CSM tab was created by oilboi a.k.a jordan4ibanez.
14:17 erle https://git.minetest.land/erle/mainmenu_csm/src/branch/master/init.lua
14:18 erle minetest.settings:set("main_menu_path", main_menu_path)
14:18 jordan4ibanez gasp, my identity is revealed
14:18 erle YOU TOOK THIS AWAY FROM ME
14:18 erle with main menu changes we could have CDB provided CSMs the whole time
14:18 erle BUT YOU SABOTAGED IT
14:18 erle :DDDD
14:18 jordan4ibanez Yeah I did that and no one let me do it
14:18 erle anyway
14:18 erle luatic the problem is the “required”
14:19 erle luatic at the point where stuff becomes required, you simply have server-provided CSMs with extra steps
14:19 jordan4ibanez yeah, that pretty much defines crafter lol
14:19 erle you can see how well this goes with high-profile extension repositories like, e.g. google chrome. a coworker once found a vulnerability in a chrome extension that was in the top 100 downloads i think … then another.
14:20 erle there *are* solutions that do not rely on full-blown scripting
14:20 erle those solutions rely on “traits”, the openRA engine does it like that
14:20 erle basically, you define whatever you want to script in the engine as a package and then declaratively say “this game thing has these traits”
14:21 jordan4ibanez Been using rust I see
14:21 erle no
14:21 erle openRA just calls it like that
14:22 MTDiscord <luatic> erle: i am done with trying solutions that do not rely on full-blown scripting
14:22 MTDiscord <luatic> we want to be a game engine. game engines must allow full-blown client scripting. period
14:22 jordan4ibanez this is a true fact
14:22 erle anyway, the *very common* “i want to steer my mob/boat/minecart without lag and with special physics” along with “i want better movement prediction” are always brought up as a case for CSMs and i have yet to see anyone who advocates CSMs that has even *tried* to do it in a simpler way
14:22 MTDiscord <luatic> (well, done is an overstatement, but i see them mostly as medium-term solutions)
14:24 erle luatic the problem is that the genie does not go back in the bottle. as soon as you provide CSM capabilities that exceed the complexity of the task at hand, people *will* use them.
14:24 MTDiscord <luatic> it has been done in simpler ways and time and time again it has been proven that it was too simple and the engine is accumulating game-specific bloat. just look at player physics.
14:24 erle and then you can *never* make a simpler or more secure or less resource intensive API
14:24 erle i have an example
14:24 MTDiscord <luatic> i want people to use them. i want luanti to be a solid engine / platform for game development. there is no way around CSM for that.
14:25 erle look at javascript-based animation vs SVG animation
14:25 jordan4ibanez aren't javascript animations more portable?
14:25 erle nah, SVG animation run on smartphone from 2011
14:26 erle i have some old nokia lying around where it works
14:26 MTDiscord <luatic> if i give you a simple a scheme-based language with basic drawing capabilities i hacked together in a weekend you can do everything SVG animations can do and more
14:26 erle yeah you don't get it
14:26 MTDiscord <luatic> if instead i had to implement and maintain SVGs that's a task for a lifetime
14:26 MTDiscord <luatic> SVG*
14:26 ___nick___ joined #minetest
14:26 erle the crux is: for a lot of tasks, people think they are equivalent. but they are not. SVG animations are declarative, so they allow the browser to optimize stuff. and run it independent of any js code. so there is no additional stuttering.
14:27 erle and you can do stuff like “start this animation exactly 1 second before this other one ends” or so
14:27 MTDiscord <luatic> what's a tiny SVG library like? 40kloc?
14:28 erle i think you are still not comprehending
14:28 MTDiscord <luatic> i'm not saying SVG isn't a cool thing as it is
14:28 erle i am talking about the bigger picture by means of an example familiar to you
14:28 MTDiscord <luatic> yes and i think this example is also a good example for why this is not the best option
14:28 erle this is similar to the problem of “CSM-provided movement prediction vs declarative movement prediction”
14:28 MTDiscord <luatic> in any case there will still be auxiliary APIs and file formats, we aren't getting rid of skinned meshes
14:28 celeron55 talking about SVG is not a valid way to argue about player physics. that's ridiculous
14:28 MTDiscord <luatic> browsers have both SVGs and JS
14:29 erle celeron55 it's about declarative vs turing-complete
14:29 erle “this entity is now 100% steerable by the player” would be a declarative statement
14:29 erle that is what devs *want* ultimately
14:29 MTDiscord <luatic> we want to give users the full power of turing complete first
14:29 erle and the engine can provide
14:29 MTDiscord <luatic> then we can add useful declarative abstractions on top
14:29 jordan4ibanez wait this is about player physics lol
14:29 MTDiscord <luatic> no, the engine can't provide, because we don't have the time to implement everything any modder could ever want
14:29 MTDiscord <luatic> we must give modders the power to implement stuff themselves from a reasonably low lua level
14:30 jordan4ibanez this is true
14:30 ___nick___ joined #minetest
14:30 celeron55 jordan4ibanez: CSM is mostly about player physics and lag-free camera and HUD. everything else CSM can do is only extra and not strictly necessary
14:30 celeron55 that's the first thing to realize
14:30 MTDiscord <luatic> what's overlooked a lot is that CSM can be about rendering
14:30 erle luatic okay, you maybe have read the papers, but you haven't comprehended them. the LANGSEC lesson is that “we provide something more powerful and then put less powerful abstractions on top of them” is *guaranteed* to never work. it's a law of nature (of mathematics/compsci actually). “no amount of testing can get this right” and so on.
14:30 jordan4ibanez well you can do better weather, better client side only effects with entities, possible shader runs, etc
14:30 celeron55 (yeah, I clump a lot of rendering in to "HUD" when saying that. it's probably a mistake)
14:31 erle the moment you open the turing-complete box of pandora you have painted yourself into a corner
14:31 MTDiscord <luatic> this is the corner i want to be in
14:31 erle the ways guaranteed to get it right however much corner-paining you want to do is that the CSM language needs to be context-free, regular, or calc-regular
14:32 MTDiscord <luatic> no
14:32 celeron55 erle: the only way you can proceed with what you are saying is to provide an actual design of something something that matches your vision
14:32 erle this puts a lot of engineering work up-front but also guarantees you are doing it correctly
14:32 MTDiscord <luatic> no
14:32 celeron55 nobody believes you. talking more will not work
14:32 MTDiscord <luatic> your assertion of a mathematical law is very false
14:33 celeron55 erle: you need to come up with and propose a design that allows lag-free custom player physics, camera, HUD and rendering
14:33 jordan4ibanez math is a conspiracy theory so this checks out
14:33 erle luatic i kinda doubt the corner you want to paint yourself into is “you can have a halting problem on the client if a mod does something stupid”, or is it?
14:33 jordan4ibanez You can have a halting problem either way lol
14:33 jordan4ibanez if it blows up, it blows up, oops
14:34 MTDiscord <luatic> erle: it is. a game engine must allow that.
14:34 celeron55 erle: if you can do what I ask from you, i will immediately be on board with you and it will definitely end up in luanti
14:34 erle celeron55 these designs exist, which is why i am pointing to openRA, which by the way, also allows custom lua. it's just not the norm for it, because it solves *most* stuff using its trait system.
14:35 celeron55 erle: that's not enough
14:35 celeron55 i'm not taking "these designs exist" as an answer
14:36 celeron55 this has been talked before, and as you can see, it has not helped. talk does not help
14:41 erle given the “pretty much exactly 1 year after we banned you from filing issues for 1 year we ripped out support for your hardware in particular” i have the suspicion that more complex contributions are not *exactly* welcome
14:41 celeron55 when you're trying to think of the extent of the required system, think of the physics, camera and special rendering for two things: 1) an airplane, 2) a top-down strategy game
14:41 jordan4ibanez your hardware? opengl fixed pipeline hardware
14:41 erle jordan4ibanez not this shit again
14:41 celeron55 that's the breadth of the practical requirements, given that everything in between is possible
14:41 MTDiscord <luatic> proper designs for Lua game engines / frameworks also exist, see love2d and lovr, which is what i would be pointing at
14:41 jordan4ibanez If you want fixed functions go use glide
14:42 lmat luatic Thank you for the note! I see the removal of bronze recipe here: https://github.com/minetest-mods/technic/blob/59643c45d485e938296933e59665bc68caebab15/technic/crafts.lua#L5 but I'm having trouble finding the replacement recipe. I guess I can just remove the "clear_craft" thing so we can make it again.
14:42 MinetestBot lmat: Dec-15 11:31 UTC <MTDiscord> ./technic/technic/crafts.lua--- Remove some recipes and the following line certainly look like technic removing the bronze recipe in order to force you to create bronze the technic way (via the alloy furnace iirc)
14:42 erle celeron55 good pointers. i think extra ordinance shows what is missing a lot.
14:42 lmat MinetestBot: thank you <3
14:42 MTDiscord <luatic> lmat: the replacement recipe uses technic processes, i think it was the alloy furnace in this case, it's not a normal crafting recipe
14:43 celeron55 i CAN think of a declarative system that could be up to these requirements, BUT it's impossible to talk about it in a busy open room like this one. if some people want to do an in-depth review of the idea, let me know and i'll see if it's worth diving into
14:43 erle celeron55 i am interested. and i'll ofc trying to put holes into it and argue it to death if you want a sparring partner.
14:43 MTDiscord <luatic> no declarative system will ever be good enough to allow us to live up to the definition of "game engine"
14:44 celeron55 erle: no. you're going to be the main presenter. get your materials ready. you're going to have to be constructive
14:44 celeron55 instead of being destructive
14:44 erle i also STRONGLY suggest to ask people who actually have the use cases what is important to them and then try to distill the requirements from it.
14:44 MTDiscord <luatic> but if i misread our website and we're still going for "highly scriptable game" sure, let's have declarative system after declarative system to distract us from ever implementing real game engine capabilities
14:45 erle i have done that in the past (at my job) and usually what a coder comes up with as the shape of an API in the first place is either hyper-tailored (luatics critcism) or so general it offloads the work to someone else and leads to endless security/reliability issues (my criticism)
14:45 erle luatic are you arguing in a vacuum or do you have concrete examples of games that are held back, like i mentioned EXTRA ORDINANCE?
14:46 celeron55 @luatic i think about it in this way: you don't actually have to let the client know about every nuance of the system. like, if you have car physics, the car should start steering right if you lose the right wheel. but the declarative physics don't necessarily need to know about this, it's a slow enough process that the server can simply send a new set of physics rules for that situation. but you're
14:46 celeron55 right in that some people would find it to be an odd system and could be turned away due to that
14:46 erle i have btw proposed a solution for better movement prediction years ago (send future path descriptions for largely non-interactive entities to the client) and IIRC only v-rob was mildly interested in it.
14:47 MTDiscord <luatic> i do remember that, it can help some use cases like trains or carts, but by far not all of them
14:48 erle yeah, it does not help all. but you *can* see how it is a vastly simpler thing for a train than needing “train CSM” and one that is actually of a scope where it is possible to get it right.
14:48 MTDiscord <luatic> erle: do i need to argue the definition of a game engine?
14:48 erle you can build a perfect machine from imperfect parts, but only if your scope is limited
14:48 MTDiscord <luatic> for every declarative API you propose i will be able to come up with a gazillion things you can't do with it
14:48 erle and “oh lets just add a turing complete scripting language” is akin to saying “this is someone else's problem, i have solved all possible problems” right?
14:49 MTDiscord <luatic> the "someone else's problem" is a big part of it. i want to be able to tell developers "this is possible, but you may need to do some work", not "you now need to pester the core devs to add more or less game specific logic to their engine (but abstracted just enough that it doesn't look game-specific anymore)".
14:50 lmat !tell luatic I was able to craft copper using technic:coal_alloy_furnace. The fact that this is not discoverable using the crafting guide is an horrible user experience. It looks like that has been noted: https://github.com/minetest-mods/technic/issues/585. Thank you again!
14:50 MinetestBot lmat: I'll pass that on when luatic is around
14:50 erle luatic the reasons why people want CSMs are a limited set. you are thinking (and designing around) unlimited possibilities. my argument is that a non-zero amount of these possibilities is dangerous maintenance-wise and create problems that *can not* be fixed.
14:50 lmat s/craft copper/craft bronze/
14:50 celeron55 the gist of minetest 0.4 onwards has exactly been "this is someone else's problem", and it's worked quite well. i don't see a reason not to continue on that path
14:50 MacroFaxSax joined #minetest
14:50 erle celeron55 there is a middle ground. apparently “mods can set the main menu” was not someone elses problem after i tried it.
14:51 erle specifically because security i guess
14:51 erle the absurdist solution to APIs is of course “tell the client to poke that RAM with that value” which is horrible maintenance AND security-wise
14:52 celeron55 yeah, but "tell the client to poke that pixel" would be fine
14:52 erle that is declarative, btw
14:52 erle which is why it is fine
14:52 jordan4ibanez that's what I had to do in mineos
14:52 erle (security- and maintenance-wise)
14:53 erle the LANGSEC papers basically tell people about an architectural boundary that you only ever want to approach from one side (the low-complexity side) because once you are over that boundary, you run into halting problems and other stuff known as unsolvable bullshit (you don't want to run into a halting problem when parsing network packets for example)
14:54 celeron55 i would still like to tear down the current CSM system and replace it with a CCSCM-only system with minimal environments for specific things
14:54 erle what is CCSCM?
14:54 MTDiscord <luatic> without "unsolvable bullshit" there is no absolute power of computation
14:54 celeron55 SSCSM*
14:55 erle luatic what i am saying is that not only do you not need “absolute power of computation” for most-if-not-all problems i have seen CSMs being brought up, you do not want it (because the set of possibilities contains things you would want not to, but you can't put the toothpaste back into the tube, so to say)
14:55 erle classic customer situation btw
14:55 celeron55 this branch is my vision and proof of concept of ideal client-side scripting: https://github.com/celeron55/minetest/tree/client_player_physics_script
14:56 erle celeron55 so client-provided CSMs like the things cora or fleckenstein or so do are not welcome by you?
14:56 celeron55 even this might be against luatic's ideal, though
14:57 erle i think, having a CSM main menu like jordan4ibanez did and hosting CSMs against the current API on CDB would be a good first step, *regardless* of where the journey goes. celeron55 luatic do you agree or disagree?
14:57 erle *written against the current API
14:57 celeron55 and that's fine. this is mostly a do-o-cracy, i.e. if people want to proceed with the current CSM/SSCSM system, so be it
14:57 celeron55 (i.e. i think it's possible to make it secure enough with process sandboxing)
14:57 MTDiscord <luatic> erle: i agree because in my proposal CDB is essential for distribution of SRCSM
14:58 erle luatic second-order effects are critical here though.
14:58 celeron55 erle: yes, i don't like client-provided mods. it's against the idea of minetest 0.4 and i have never liked the system that was set up (not by me)
14:58 erle do-o-cracy falls flat if coras API improvements would never be merged
14:58 erle she has done things like “a CSM can listen to where a particle spawner shows up”
14:59 erle (useful to debug location leaks, some people send spawners to every user and that way every particle leaks your location)
14:59 celeron55 yes, i also don't like the idea of CSMs on contentdb. they're too centralized
14:59 erle well, cheatDB (set up by lizzy fleckenstein IIRC) existed
14:59 erle but cora went for “the client comes with a set of CSMs”
14:59 celeron55 luanti should be centralized, but only around each and every server there is. not around cdb. cdb should be just a convenience, nothing more
15:00 celeron55 this is again "the spirit of minetest 0.4"
15:00 MTDiscord <luatic> off to a lecture, i may continue this discussion in the evening
15:01 erle celeron55 okay, but consider the rumble support CSM that li0n and me wrote. it could easily add rumble support to games … but is not game- and server-specific. and it's of no concern to a server if i own an xbox-compatible gamepad (or a remote-controlled buttplug, for that matter) and play with it.
15:01 Ingar buttplug.io
15:01 erle Ingar yes, it does indeed use that
15:01 Ingar lol
15:02 erle because intiface allows you to generally control vibrations
15:02 celeron55 i can see the benefit of those kinds of additions. that's why having the current CSM system for those, with a separate environment and more minimal api for server-sent code could also make sense
15:02 erle regardless if you shove the gamepad up your holes or hold it in your hand
15:02 celeron55 i.e. keep them completely separate
15:02 Ingar erle: combing that with cues looks a bit weird to me though :)
15:02 Ingar *cubes
15:02 erle and you might want to configure the events on which the vibrations are triggered on the client, not by the server. also the intensity.
15:03 erle Ingar intiface/buttplug.io is in fact the easiest way i know of adding rumble support to games, i am not joking :D
15:03 celeron55 (altough, general client additions could just be added to the client with less effort than making the API + the addition)
15:04 erle also there are debug CSMs that work well with the vanilla API. i remember that cora once sent me one for detecting ghost inventories.
15:04 erle in fact, i bet long-running servers still have ghost inventories
15:04 erle (where you have air or water with inventories because someone once confused reference/copy in relation to inventories hehe)
15:05 erle i could literally pluck items out of thin air
15:05 celeron55 that's very far from the subject we were trying to talk about
15:06 celeron55 i'd be fine with a debugtooldb, and that could be a reasonable use for CSM, you've heard me agree on that before
15:06 erle celeron55 i also think the question is not only one of sandboxing, but one of tight/loose coupling. the current “style” of the engine is very loosely coupled. you can mix and match mods. some of the interfaces are VERY limited, like having aux1 and only a few specific keys to press – but if you make a more general “allow server to detect keycode” API for example, lots of touch devices and people with uncommon keyboard layouts will have issue
15:06 erle s because of tight coupling.
15:06 celeron55 and we've agreed the cheaters wouldn't be happy with it, because servers would disable them via a flag. which would be necessary to prevent cheating
15:07 erle celeron55 so who needs to be convinced to get already existing CSMs on CDB? rubenwardy? someone else?
15:07 erle since cheatdb exists … one moment, i'll look for it
15:08 erle https://github.com/dragonfireclient/cheatdb
15:08 rubenwardy CDB matches engine policy. CSMs are still experimental and hidden
15:08 rubenwardy if we went with CSMs-from-CDB instead of SSCSM then that would be a reason to support them
15:09 erle lol very lazy https://github.com/dragonfireclient/cheatdb/commit/0580d88122be5c502ed7fb009dcfbf9d5aecb10b
15:09 erle rubenwardy well, as celeron55 said, the CSM from CDB and SSCSM (or SRCSM) are different use cases
15:09 erle IIRC there was a mumble positional audio CSM too
15:09 MTDiscord <zmv7> Hidden? ContentDB supports CSMs already?
15:09 erle something that a server would probably be as unlikely to require as the rumble thing
15:09 rubenwardy hidden in the client
15:10 MTDiscord <zmv7> Ah
15:10 rubenwardy No, CSMs-from-CDB would allow servers/games to request certain CSMs be installed and enabled on the client
15:10 rubenwardy so instead of the server sending code it would request certain packages
15:10 erle and also i have seen people use chat CSMs. cora's client even has some cryptography so admins can't read user conversations (that IS something that a CSM is definitely useful for when not server-provided, because it is supposed to protect against the server admin)
15:11 celeron55 rubenwardy: what do you think of the extreme centralization caused by that?
15:11 rubenwardy users should still be able to install CSMs manually, verified by a checksum
15:13 erle well what if the checksum does not match? can i *decline* the CSM the server suggests?
15:13 rubenwardy yeah I'd suggest that users can decline CSMs. But then the server can decline the users if they wish
15:14 erle and this has only one end state: ublock origin or so, which tells the server “i totally got your CSM, pinky swear”
15:14 rubenwardy this is more to make sure the version matches
15:14 celeron55 the thing is, it's very tempting to give it a go, because basically all of it is already set up. but we're most likely then stuck with it because nobody wants to give it up
15:14 erle celeron55 btw, i think for your top-down real time strategy game thing it is useful to see when openRA uses traits and when it uses custom lua scripting. that kinda defines the boundary on where the engine devs think it is useful.
15:15 erle yeah, the “you will be stuck with it” is why i only proposed to distribute CSMs via CDB. you can see then if any of them start being used. and if not, simply abort the experiment.
15:15 rubenwardy The benefit is CDB is an auditable public repository. You can safely show package names and authors to the users without requiring code signing. So it's similar to the current threat model of installing mods for singleplayer
15:15 erle like, don't require them as a first step
15:16 rubenwardy With SSCSM you have remove code execution and need to be very very careful with sandboxing
15:16 erle i doubt i will be given the possibility to set a new main menu from CDB though, sadly. (i'd only use this to add jordan4ibanez CSM tab anyway and revert the “settings gear” icon to its textual description, i have seen “where are the settings now?” WAYYYY to often)
15:17 celeron55 SRCSM is very flexible when you don't mind the extreme centralization. and the public auditing of all code is very nice
15:17 celeron55 but it's a very specific model that's not really in use anywhere else, in any project, and it's not the original minetest 0.4 model
15:17 rubenwardy we plan to allow games to provide custom menus when installed
15:17 rubenwardy I'd say SRCSM is most common in games
15:18 rubenwardy OpenTTD and project zomboid both do this
15:18 rubenwardy OpenTTD downloads mods from BANANAS when you join a modded multiplayer server
15:18 rubenwardy Project Zomboid from steam workshop
15:18 rubenwardy a lot of games require mods on the client too
15:19 rubenwardy so it's less of a client/server split, and more 'you need this mod installed thx'
15:19 celeron55 ok, well, that somewhat clears that up
15:19 jordan4ibanez I was listening to this as this conversation went on https://youtu.be/BJhF0L7pfo8
15:19 MTDiscord <zmv7> Multicraft kinda have some SSCSM implementation
15:20 erle if chrome can't prevent malware to get into the top 100 extensions i have little hope for luanti/minetest
15:20 celeron55 here's a remaining question: why is this popping up today, and why does it now seem like a good idea to go with it?
15:20 jordan4ibanez because I subconciously injected this idea into your minds
15:20 erle rubenwardy openttd mods are very limited in what they can do though
15:20 rubenwardy implying chrome actually uses humans to review extensios
15:20 erle celeron55 same question as any other programming trend
15:21 rubenwardy SSCSM scares me as it's hard to get right and could be a venue for remote code execution
15:21 erle “could be”, that's the intended goal!
15:21 celeron55 SSCSM is awesome because of its scalability. and its terrifying due to its scalability
15:21 rubenwardy outside of the sandbox that is
15:22 jordan4ibanez when will we get a hand api
15:22 rubenwardy ok rephrasing - SSCSM scares me as it's hard to get right, it's literally intentional remote code execution
15:22 jordan4ibanez \ / \ / \ / | current hand
15:22 rubenwardy but also we're making a C++ networked application, so there are probably major vulnerabilities hidden already (:
15:23 celeron55 so, place your bets: if we enable SRCSM on contentdb, how many mods will we get monthly that try to sneakily implement SSCSM on top of SRCSM?
15:24 celeron55 (sorry for the nightmares, but this is quite important and it will happen)
15:24 rubenwardy if we disable loadstring in the sandbox that might be quite hard
15:24 celeron55 well, just implement an interpreter on top of lua, what's so difficult about t
15:24 celeron55 it?*
15:24 erle celeron55 the thing is if you don't *require* the CSM from CDB you can easily check if games start doing “please download this CSM for better experience” and then act accordingly
15:24 rubenwardy So what we could do is enable CSM but not SRCSM on ContentDB. Servers can require users install a CSM via text / a kick if they don't have it installed
15:25 jordan4ibanez this idea went so far off the rails it landed on another pair of tracks
15:25 erle what rubenwardy said
15:25 celeron55 rubenwardy: that doesn't help. it's just the same thing but more inconvenient
15:25 erle the kick thing is also in line with modified clients (coras client screams HEY EVERYBODY I AM USING A MODDED CLIENT YOU MIGHT WANT TO KICK ME so griefers have it bad in life)
15:25 celeron55 we don't want to make things intentionally inconvenient
15:26 erle celeron55 sometimes making things intentionally inconvenient is a good idea to see where the journey goes
15:27 celeron55 most users will just blidnly follow any advice the server gives. so basically it's SRCSM but with an error generator (human) executing the orders
15:27 celeron55 blindly* (i can't type)
15:27 erle you have to follow up with critcism from stakeholders though, which … the engine does not exactly have the best track records in the history of track records (it's the do-o-cracy thing again: if you have a problem but are unwilling/unable to fix them, it will at best be fixed by people not having that problemm, thus not getting you what you want, at worst ignored)
15:28 erle celeron55 not requiring a CSM also means that games have to account for it not being there though.
15:28 erle which is a PLUS from a resilience standpoint
15:28 celeron55 a server can just kick the player out if they don't have it
15:28 erle (and allows you to back out)
15:28 rubenwardy there's still the issue of the CSM environment being immature and not that useful yet
15:28 erle rubenwardy at least positional audio, vibro support, chatlog CSMs have been used
15:29 erle in addition to numerous debug things (e.g. “print me the item string of the thing i am holding” to debug complex items)
15:29 rubenwardy the real power of CSM comes when you give it the ability to customise client side prediction and do low-latency stuff like rendering and UIs
15:30 celeron55 custom player physics and camera will be very big
15:31 rubenwardy yeah imagine being able to make a RTS player controller
15:37 celeron55 there's a bit of an executive decision to be made here
15:37 celeron55 (it's incredible that people are willing to wait for a good solution for so many years)
15:44 erle again, openRA has the “declarative RTS API with lua only for very special cases” nailed down … but i guess celeron55 is right and no one is listening beyond those who already have
15:44 erle celeron55 don't confuse “willing to wait” with “kinda knowing what they want, but not enough to propose something well-thought-out”!
15:45 erle something something henry ford asking the customers what they want and getting the answer “a faster horse”
16:08 Can0xfBows joined #minetest
16:34 ___nick___ joined #minetest
16:59 MacroFaxSax joined #minetest
17:18 Blockhead256 joined #minetest
17:19 Blockhead256 CSM on ContentDB is similar and different to OpenTTD's BaNaNaS
17:19 Blockhead256 BaNaNas has GRFs which aren't (I think) Turing-complete, and that it the main "modding" mechanism
17:20 Blockhead256 but it also has AI and Game scripts that are turing-complete and I think use either Lua or a cousin of Lua.. squirrel or something
17:21 Blockhead256 In both cases, you can configure it the client to connect a different backend server
17:22 Blockhead256 in fact it's easier in Luanti because it's in the GUI instead of an environment variable
17:23 qur left #minetest
17:24 ___nick___ joined #minetest
17:24 Blockhead256 luatic makes a great point in his SRCSM gist about version dependencies
17:24 Blockhead256 it's almost a mantra of mine: pin your dependencies!
17:25 Blockhead256 because every so often you hear about some package author going rogue and turning it into nagware, spyware, malware, crypto-miner, ....
17:26 erle Blockhead256 the thing with openTTD is, only GRFs are required by servers. AI and game scripts you enable yourself. or not. it is not relevant to clients much, they are analogoous to luanti/minetest server-side mods.
17:27 erle Blockhead256 regarding pinning dependencies … as soon as people start even parsing item meta client side, i BET you will have pinned dependencies with vulnerabilities.
17:28 Blockhead256 as to physics prediction: sure one could conceive of a system that's lower than turing complete on the chomsky hierarchy
17:28 erle i once crashed cora's client by dropping a specific item she had not accounted for near her and a CSM choked on it
17:28 Blockhead256 but then, the server's Lua mod would basically need to use the same system. But I guess there's incentive enough to rewrite in that
17:28 erle Blockhead256 physics prediction for non-interactive objects can be done server-side. and arguably it should, so everyone sees the same things. by simply adding a simple vector description (like SVG path syntax) to entities.
17:29 Blockhead256 when it comes to dependencies, the key is not to never update but to read the dern changelogs
17:29 erle and as we know from various minetest API rugpulls, everyone reads the changelogs … LOL
17:30 erle physics prediction for steerable objects should be on the client, but i am *very* sceptical that making it turing complete is good for an engine. the aircraft steering example that celeron55 is a good thing.
17:30 Blockhead256 well you can't control others but you either do your due diligence or you don't, not much else to it
17:30 erle i have done simple physics simulations and there are a lot of approaches that are a) obvious b) computationally wasteful c) riddled with edge cases and degenerate conditions where the model breaks down
17:31 Blockhead256 advtrains does have a precomputed zone for where it is going to brake and so on, so if it could be networked, that would work
17:31 Blockhead256 automatic trains are basically a best-case scenario for predictability of course
17:32 Blockhead256 there will still be jank in case of something unexpected happening from LuaATC or a signal changing, pretty much inevitably
17:32 erle Blockhead256 what do you think about my proposal to add “this is where it is going in the next few seconds” to entities and letting the engine do something else than “go straight ahead”? i think it would also help with lag.
17:32 erle this is, btw, analogouos to SVG animations along paths
17:33 Blockhead256 I support whatever is low-hanging fruit. Write something that is meant to help mods, have the mod authors try to use it, then rewrite it better from feedback
17:37 erle that is so entirely unlike an API gets developed in this engine :D
17:39 erle rubenwardy btw i want to tell you i have come around on the item image thing. doing the simplest thing was actually good – because you are not using the API yourself as far as i know. i doubt me or the stalinist (seriously, check her website) commenting on your PR will be eager to give feedback to such things in the future.
17:39 erle but it is an improvement over doing nothing
17:39 erle so i am sorry for being so frustrated about giving feedback that was, as far as i can tell, summarily rejected
17:39 Glaedr joined #minetest
17:39 erle no wait, i am sorry for being unfriendly afterwards
17:43 MTDiscord1 joined #minetest
17:46 Eragon_ joined #minetest
17:46 germ| joined #minetest
17:49 bdju_ joined #minetest
18:00 bdju joined #minetest
18:00 Fusl joined #minetest
18:03 Talkless joined #minetest
18:11 ireallyhateirc joined #minetest
18:15 kamdard joined #minetest
18:25 fluxionary joined #minetest
18:47 rubenwardy erle: development needs to be iterative, you can't land at a perfect solution first time
18:48 rubenwardy I believe the suggestion was something about states to make texture packs easier - this is something for another issue/pr as it applies to entities too. The inventory thing is very simple and fully powerful
19:27 SFENCE joined #minetest
19:38 SFENCE joined #minetest
19:53 cryne7 joined #minetest
20:02 SFENCE joined #minetest
20:08 kamdard joined #minetest
20:11 cryne7 joined #minetest
20:29 SFENCE joined #minetest
20:34 SFENCE joined #minetest
20:37 SFENCE joined #minetest
20:40 SFENCE joined #minetest
20:55 SFENCE joined #minetest
20:57 liceDibrarian joined #minetest
21:09 SFENCE joined #minetest
21:19 Thermoriax joined #minetest
21:31 silverwolf73828 joined #minetest
21:40 garywhite joined #minetest
21:44 Verticen joined #minetest
21:54 MTDiscord <greenxenith> For whatever its worth (and it may not be worth much), I think CSMs should be game-provided and CDB-verified. That means games (and thus, servers) may provide CSMs to the client (if singleplayer, this is free; if multiplayer, it must be sent) and the client may choose to reject the CSM if its checksum is not verified by CDB
22:05 MTDiscord <greenxenith> Such a checksum could be optional if explicitly disabled by the client
22:06 MTDiscord <greenxenith> Having the game (or mod) installed locally could also be a valid source if the checksums match
22:06 MTDiscord <greenxenith> Valid source for multiplayer*
22:07 MTDiscord <warr1024> A lot of browsers and OSs have decent UX for the "this shit is not properly signed, are you sure" workflows, where basically they make it take a few more clicks to "just make it run" than "okay I'll give up" to counteract users' natural bias to ignore security until after they've already been screwed.
22:09 MTDiscord <warr1024> Interacting with CDB during a server join operation, when the user is first discovering that CSMs are being requested, could complicate things a bit, I suppose, but as long as we have some graceful way of handling that scenario (cached checksums from previous runs, and just falling back on "integrity cannot be verified") it should be okay.
22:10 MTDiscord <greenxenith> CDB-provided CSMs has the major disadvantage of singleplayer (local) games having to download CSMs after the game should have already been downloaded. You could have a separate system for locally-downloaded games vs multiplayer games but that is sort of ridiculous when they could use the same system
22:11 MTDiscord <greenxenith> And since it would have to talk to CDB anyway in that scenario, verifying a checksum instead of downloading the mod from CDB shouldnt be much different
22:13 sfan5 I suggest reading up on OCSP and why it's no longer being used these days
22:13 MTDiscord <warr1024> OCSP works fine as long as you staple 😏  ... actually, that's a possibility with CDB as well.
22:14 MTDiscord <greenxenith> Advantages of this system: Games (and mods?) can conveniently provide client-side code in-package, it removes the hard centralization requirement for CDB, and it allows servers to provide unverified client code if clients are ok with it. Disadvantages: None? Same as the other proposed systems?
22:15 MTDiscord <greenxenith> sfan5: All of OCSP's pitfalls are applicable to the previous CDB-provided proposal
22:15 MTDiscord <warr1024> Unlike a TLS security warning where it's assumed that every session with the server could have arbitrary content and thus needs to be verified on the fly, when it comes to downloading code, users only need to verify (or bypass) a particular version of the code once.
22:16 MTDiscord <warr1024> The flaws in OCSP are not as bad as relying on CDB to distribute the CSMs, since you could always bypass OCSP if you need to and access the site, but if the site is served BY the OCSP server then if that server is inaccessible you'd just be screwed.
22:20 MTDiscord <greenxenith> The process would be rather simple: Server delivers code, client generates a checksum, queries the package checksum from CDB (or whatever the user has defined as their "certificate authority") to see if they match , if they do move on*, if not let the user know before joining the game to see if they want to trust that checksum anyway (or stop), repeat for each CSM.
22:21 MTDiscord <greenxenith> *Optionally, users could have to approve each CSM even if verified. Alternatively, they may want to trust this server altogether.
22:22 sfan5 a bit ironic that the proposal is meant to accelerate csm deployment by skipping unnecessary security stuff and now we're reinventing certificate revocation from scratch
22:23 MTDiscord <warr1024> Or it could be simpler: server delivers code, along with CDB-provided signature.  Client verifies signature, and if they match, knows that it was CDB-verified as of less than a day ago.  Basically OCSP MUST-STAPLE workflow.
22:23 MTDiscord <greenxenith> Isnt it a security risk to trust a server-provided signature?
22:23 MTDiscord <warr1024> I mean if you want to skip the revocation crap then just go with a TOFU scheme and let the user review the contents somehow if they want.
22:24 MTDiscord <luatic> sfan5: my initial hope was to basically derive the trust from serverlist + CDB which are both https
22:24 MTDiscord <warr1024> Green: the security comes from the party signing the signature, not the party delivering it.
22:24 MTDiscord <luatic> (at least for the use case of servers on the public server list, that is)
22:24 MTDiscord <greenxenith> sfan5: CDB providing the mod is security stuff; I am suggesting its the wrong security
22:25 MTDiscord <greenxenith> And both celeron and ruben have raised concerns about that approach
22:25 MTDiscord <warr1024> As long as the user is not screwed if CDB is down then whatever workflow we come up with is workable.  We also have to remember that for mobile users, "just install the code yourself from github or something" is not a viable workflow.
22:26 MTDiscord <bastrabun> What would servers do if they have no CDB access? I know of at least one not-small setup that cannot access internet
22:27 MTDiscord <greenxenith> With a verification system, the user would already have the code and could choose to ignore lack of verification
22:27 MTDiscord <greenxenith> Or would know that it is already verified without CDB
22:28 MTDiscord <warr1024> Using some existing security implementation is the easiest, but won't necessarily work for our use-case.  Reinventing an existing security workflow is more of a pain in the ass, but it might work for some of these limited connectivity scenarios, and it's still better than trying to come up with something completely from scratch at least.
22:29 MTDiscord <warr1024> We could have the server offer both a CDB link and the code to the client, and if the user can connect to CDB, they can get the code from there.  If they can't, they can then choose to bypass and use the server-provided copy, I suppose.
22:29 MTDiscord <warr1024> Making CDB mandatory would suck, but as long as we design a fallback in there, it's at least workable.
22:30 MTDiscord <warr1024> SRCSMOSSCSM
22:49 MTDiscord <bastrabun> There's a good amount of people not always-on. I'd advise against designing as if that were the normal. Intranets, authoritarian states, remote villages, mobile, ... ? Sure, one could argue that when one lives in such conditions one usually has better things to worry about than a "this is not verified" checkbox. Sure, it's a different level, but what made me quit windows was when win xp introduced this activation feature : P
22:56 MTDiscord <warr1024> Another benefit of the stapling approach is privacy.  Users aren't connecting to a separate watering hole that gets to see when they're trying to connect to something, they only interact with the one server they were already trying to connect to, in at least the ideal case.
23:18 erle rubenwardy not everything can be iterative, but yeah, i agree it is powerful.
23:18 erle rubenwardy any way to cancel the animation when i change the meta of an item?
23:19 erle > my initial hope was to basically derive the trust from serverlist + CDB which are both https
23:19 erle LMAO
23:22 erle today the most amazing lucky thing happened in mineclonia: i found a fishing rod with “luck of the sea III” … and then using that i immediately fished a fishing rod with “lure III”. i combined them and now i have a god rod. it has already yielded me 3 saddles, 3 enchanted bows, 3 nautilus shells, 2 enchanted books and a lot of fish.
23:22 erle it just needs mending so i do not have to repair it.
23:22 erle > <greenxenith> CDB-provided CSMs has the major disadvantage of singleplayer (local) games having to download CSMs after the game should have already been downloaded.
23:23 erle well not if a server-side mod can depend on a client-side mod?
23:23 erle <warr1024> Green: the security comes from the party signing the signature, not the party delivering it.
23:23 erle ^ this
23:24 erle some people see “oh there is cryptography in there” and then think you can use it for whatever
23:24 erle stuff needs to be conceptually sound, not only mechanically
23:32 MTDiscord <greenxenith> erle: Those two things had nothing to do with each other
23:33 panwolfram joined #minetest
23:34 MTDiscord <greenxenith> No idea who you think said "there is cryptography, we can use it for whatever" ... I was suggesting the client can match the received code with CDB code via checksum, which is a perfectly sound method. Signed code happens to be simpler.
23:34 MTDiscord <greenxenith> > well not if a server-side mod can depend on a client-side mod?
23:35 MTDiscord <greenxenith> Im not sure what that even means
23:35 MTDiscord <greenxenith> As far as I understood, the proposed method was to use CDB to download CSMs when the server says it needs them
23:36 MTDiscord <luatic> Yes. I agree that signatures are a good alternative. (Though there are also benefits to a powerful central host in that it relieves servers, see sofar's remote media server.)
23:37 MTDiscord <greenxenith> There are no benefits to requiring a second connection when the client is already connected to a server
23:37 MTDiscord <luatic> for the amount of code that will be transferred, probably not
23:39 MTDiscord <greenxenith> It is also rather unclear how CSMs are structured in that CDB system. If a mod wants to provide CSM code, how does it do so? Does it need to depend on a separate CSM which CDB then provides? Does a game have to follow the same function where an internal mod needs to depend on an external CSM? (That would be ridiculous). If I download a game locally and want to play it, does CDB download the CSM as a dependency when I download the game?
23:39 MTDiscord (That is also ridiculous) Or do I have to download the CSM once I start the game? (Even more ridiculous)
23:40 MTDiscord <luatic> For games I would propose a client_mods folder
23:41 MTDiscord <greenxenith> Then how would regular mods work?
23:41 MTDiscord <luatic> Mods would require client mods
23:41 MTDiscord <greenxenith> They have to depend on separately downloaded CSMs?
23:43 MTDiscord <greenxenith> From the client's point of view to the server, what's the difference? Either way they need to download a CSM from somewhere. If the server game bundles CSMs, how is the client supposed to obtain it? Download the whole game? Or is the mod extracted?
23:44 shaft joined #minetest
23:45 shaft erle, which short name for a gun mod isn't taken yet?
23:46 MTDiscord <luatic> guns5d :trollface:
23:46 shaft But they are 2d and there's no plan to change that.
23:47 illwieckz_ joined #minetest
23:51 shaft guns is taken, firearms is taken, is rifles still available?
23:52 MTDiscord <luatic> firearms is taken??
23:52 MTDiscord <greenxenith> Yeah, a long time ago
23:52 shaft https://forum.luanti.org/viewtopic.php?t=4562
23:52 MTDiscord <luatic> dang it is
23:52 MTDiscord <luatic> very sad
23:52 MTDiscord <greenxenith> rifles appears to be available (you could check this yourself)
23:52 MTDiscord <greenxenith> This is how I understand the proposed CDB-downloaded method. The highlighted issues are still relevant even with the signature method, fwiw
23:52 MTDiscord <greenxenith>
23:52 MTDiscord https://cdn.discordapp.com/attachments/749727888659447960/1318365286788894770/jryv16XmN7yA2XgEFEEAAAQQQQAABBJISICAm1Q4WgwACCCCAAAIIxBcgIMbvAStAAAEEEEAAAQSSEiAgJtUOFoMAAggggAACCMQXICDG7wErQAABBBBAAAEEkhIgICbVDhaDAAIIIIAAAgjEFyAgxu8BK0AAAQQQQAABBJISICAm1Q4WgwACCCCAAAIIxBcgIMbvAStAAAEEEEAAAQSSEiAgJtUOFoMAAggggAACCMQXICDG7wErQAABBBBAAAEEkhIgICbVDhaDAAIIIIAAAgjEFyAgxu8BK0AAAQQQQAABBJISICAm1Q4WgwACCCCAAAIIxBcgIMbvAStAAAEEEEAAAQSSEvgPMRsk2xy15AAAAAASUVORK5C
23:53 MTDiscord YII.png?ex=67620eda&is=6760bd5a&hm=27586cc71c723a6b3ad3d9648faa3d51576a7d255a0e9e587e0ec1c9e96acf59&
23:53 shaft There are mods that are neither on contentdb and on the forums, so I gotta ask right
23:53 shaft ?
23:53 MTDiscord <greenxenith> Just look it up
23:54 shaft And how?
23:54 MTDiscord <greenxenith> A search engine
23:54 shaft And if some asshole has some mod I don't know about that doesn't show up on a search engine?
23:54 MTDiscord <greenxenith> If you cant find it on CDB, forums, or a quick Gooduckbinglego search, assume it doesnt exist
23:55 shaft Okay, I'll do that from now on. And I don't wanna hear bickering in the release comments if it does exist.
23:56 MTDiscord <luatic> if you did your due diligence searching for it and couldn't find it, the reviewers shouldn't find it either
23:56 MTDiscord <greenxenith> If they didnt reserve the name they dont deserve the name
23:56 shaft Rifle is taken. That's a close one. Gonna take rifles.
23:56 MTDiscord <luatic> shooting_iron
23:57 MTDiscord <luatic> boomstick
23:57 MTDiscord <luatic> there's https://github.com/fluxionary/minetest-boomstick but i'll choose to ignore it since it's a testing mod
23:58 MTDiscord <greenxenith> Addendum to "issues are still relevant with signature method": CDB being down and using private CSMs are solved by using a signature (which can be bypassed ... unlike CDB being down or wanting a private CSM)
23:59 MTDiscord <greenxenith> IDs/names changing is also partially solved by signatures because it can be bypassed (and the server is already providing the code)

| Channels | #minetest index | Today | | Google Search | Plaintext