DDraceNetwork - developer

DDraceNetwork

Development / developer

Development discussion. Logged to https://ddnet.tw/irclogs/ Connected with DDNet's IRC channel, Matrix room and GitHub repositories — IRC: #ddnet on Quakenet | Matrix: #ddnet-developer:matrix.org GitHub: https://github.com/ddnet

Between 2018-10-13 00:00:00Z and 2018-10-14 00:00:00Z

[ddnet-maps:master] 1 new commit

b32afb1 A Loopie - def-

Image attachment

07:15

i have it (edited)

07:15

nobos

07:15

refresh page cache (edited)

ye

07:16

Image attachment

[ddnet/ddnet] Issue reopened: #1303 Editor full screen mode

doesn't working, but restarting the pages has 0.6.4 dude

Image attachment

maybe it's random

(200iq) how the heck would it be random... also there is some problem with the releasing? im worried a bit

Embedded image

08:24

why is that there anyways

because bam still exists

i downloaded it and uploaded it to mediafire

08:34

here's the link

08:34

bit.ly/18blKjN (edited)

not funny

it's all discord fault

08:38

:)

if its virus, i would pin gladly to jao for banning ya xd

09:16

HMMMM

thonkery

feelsamazingman

does any1 know how to savley use cookies to keep people logged in on a webpage

09:35

i guess simply saving the username and pass in cookies would be pretty insecure

yes

09:52

what technologies do you use to display the website?

09:52

php? python? which libraries?

[quakenet] <breton> ChillerDragon: invent a token

yes, but probably whatever tech stack he uses already has such a token

[quakenet] <breton> ChillerDragon: store uuid4 value as a token in cookies and store user <--> token association in the database

10:01

[quakenet] <breton> ChillerDragon: another idea: store username and password in cookies, but encrypted with a key stored on the server

does somebody have small amount of servers?

10:05

and big amount of players

@heinrich5991 http://chillerdragon.ddnss.de/DDNetPP-web/ (edited)

dyndns o:

?

[quakenet] <breton> Arseniy Zarche: yes, i do

[quakenet] <breton> who is axblk on github?

11:48

[quakenet] <breton> how does https://github.com/axblk/teeworlds/commit/63a2f779112b377ad2ec666aa0db3bb8d92cd1ac help against ddos?

Add DoS protection to server info requests (from DDNet) · axblk/t...

@heinrich5991 i use php no libraries. breton: i also had the idea with encrypting with key on the server.. but 1. i dont know how to do that 2. secret keys suck because i love to store everything on github and i dont want to hide all the secret stuff becuase i will forget it if i switch server or something 3. i wasnt sure if its save an a good way to do.. but since you say its ok i guess its ok Also the token thing was an idea i had but i didn't find any good ressource that explained it how to do it safely. And i have no idea what uuid4 is. I guess just create a random (hopefully unique) string on login and store it in the database with the account and also as cookie clientside. But when somebody gets that cookie he can login to the account? Isnt that unsave?

yes, when someon gets the token, they can use the account

12:01

but that's the best you can get

how hard is it to get cookies as an attacker?

12:01

i guess they are stored in plaintext somewhere on the computer

yes

sounds unsafe

how would you improve on that? ^^

idk

if the attacker has access to the computer, they can obviously copy all authentication data to their own computer and do it from there

hm ye

12:03

do big companys the same?

12:03

so if i am at a friends computer i can simply grab the token from the browser and sign in to his gmail account?

12:03

ah i guess they also have country and ip checks and so on

12:03

maybe i should implement that aswell

12:04

so cookies are highly sensitive data i guess.

@ChillerDragon >> base64 :v)

hm?

12:10

what should i use bas64 for?

@ChillerDragon run on your linux srv: $(echo "aWQK" | base64 -d)

i know what base64 is

12:12

well i think i know what it is

12:12

xd

ye but I was too bored so I learned some commands in base64 (edited)

12:12

aWQK is the id command

but why would i need it for

12:12

for me it looks like you just base64 the string "aWQK"

base64 -d

12:13

--decode

12:13

then you exec it: $()

[ddnet:master] 2 new commits

1082ba7 increase max score that can be displayed in scoreboard - fokkonaut 963cec6 Merge #1348 - bors[bot]

12:50

[ddnet/ddnet] Pull request closed: #1348 increase max score that can be displayed in scoreboard

I usually go for storing a token in an encrypted cookie with an expiry date

12:50

If I'm implementing OAuth I go for a refresh token

[ddnet-web:master] 1 new commit

2011917 Add Meldon, promote ChillerDragon - 12pm

[ddnet-scripts:master] 1 new commit

88fd362 Remove Facebook, update Map Testing location - 12pm

What is OAuth? @Learath2

[quakenet] <breton> we have a server with infclass. When we launch it, it appears in master servers for some time, then disappears, and to make it appear again (for a few minutes) we have to change the port. Any idea why it could be happening?

16:01

please solve it, we have some work to do and we cant do that until it will be solved

[quakenet] <breton> so we are not the only ones having the issue?

only on infclass server (Oi2 exlusive)

[quakenet] <breton> oh ok :3

Oauth is a standard/framework for authorization

@ChillerDragon big companies don't do IP address checks, otherwise mobile or roaming between wifi networks would be horrible

16:36

they might do country checks

ye country/city checks would be better

17:55

but vpns and vacation you know... i guess retyping the password would be ok when using a vpn or vacation i dunno

17:56

oh wait i just realized you could use an vpn to bypass the country check ^^

0.7 when?

0.6.5 now!

@heinrich5991 you could fix mem_alloc and free for vanilla too

yes… laters

@heinrich5991 when ddnet 0.6.5, 11.4.5

doesnt ddnet already have the security fixes

please stand by, PRs will follow

oke

ddnet has some different kind of security fixes

@heinrich5991 would you also have a look at my pr while creating yours?

I can do that, I guess

would be cool^^

Do we really want to upgrade ddnet to 0.7? I mean who cares about tw at this point?

this was about 0.6.5

Oh you did a 0.6.5?

y

yes

nobo

19:51

fake 0.7 hype

btw, could it be that the siz2 packet from the master server is currently unreliable?

19:51

https://i.imgur.com/wGWqmhZ.png

Embedded image

19:51

it's returning me 0 as server amount while I still get all servers (edited)

hmmm

so we wont have 0.7 for now feelsbadman

feelsbadman

[quakenet] <heinrich5991> deen: I'm sure you answered a lot of times already, but: have we tried hetzner before?

btw in case someone else has this problem: previously the master servers returned the game servers already on the SERVERBROWSE_GETLIST packet, now they only return it on the SERVERBROWSE_GETINFO packet

does visual studio c++ 2018 will be problem for default method of compilation teeworlds by mvc++ 2010? (or 2008, cant remember)

[quakenet] <Learath2> heinrich5991: I ran GER2 on hetzner for a month and a half

20:43

[quakenet] <Learath2> It worked pretty well imho

20:45

[quakenet] <heinrich5991> did you see that hetzner has truly unlimited traffic for dedis now?

20:46

[quakenet] <heinrich5991> also, interesting. ty

hetzner is at least not rated very good

20:47

Worst service provider I've been working with. A lot of network outages. More, they shutted down a server without even an email alert in advance. When we fixed things, access to Cloud services still not available for our account.

Luckily it was not blocking for our production workload, but what if it was?

Unprofessional.

20:48

multiple of the reviews are complaining about network outages or them shutting down servers without any kind of notice

null routing ❤

[quakenet] <Learath2> Yep, unlimited traffic and a gbit line

20:53

[quakenet] <Learath2> When did that happen? I've had pretty decent interaction with their support

I've read ~30-40 of the reviews and every 4th/5th is complaining about it

have you read reviews of other hosting providers as well?

20:57

maybe that's normal

hm, well just read some reviews, got no experience with it myself

O: best host ever

Image attachment

juniper?

yup, some good stuff

It's basically how ddos protection is done nearly anywhere

not at ovh

21:13

they do not use juniper stuff

Juniper is just a manufacturer

sure like cisco, like extreme networks...

21:14

but you can have some shitty products & some good

21:14

as I saw, juniper is providing some good products

OVH used to use Arbor + their own VACs

ik

21:15

home made VAC + arbor

nowadays they use a custom solution in place of Arbor aswell

at my university we got a lot of Juniper routers, SRX & QFX models

Exported 144 message(s)