Guild icon
DDraceNetwork
Development / developer
Development discussion. Logged to https://ddnet.tw/irclogs/ Connected with DDNet's IRC channel, Matrix room and GitHub repositories β€” IRC: #ddnet on Quakenet | Matrix: #ddnet-developer:matrix.org GitHub: https://github.com/ddnet
Between 2021-03-12 00:00:00Z and 2021-03-13 00:00:00Z
Avatar
https://github.com/fokkonaut/F-DDrace/blob/F-DDrace/src/game/server/entities/atom.cpp This sometimes crashes some ddnet clients, not sure why or how to reproduce, does happen very rarely and haven't got that bug myself often. I don't know how to reproduce, and it shouldn't be a bug in the CStableProjectile itself, because I use that not only for atom, but also for some other stuff and it seems like only atom is crashing at all.
Avatar
After setting cl_mouse_max_distance to some high value like 10000 and mooving cursor very far off the screen if you will enable dyncam without mooving your mouse after, your camera will warp to the place where your cursor was which lets you look very far off , mooving the cursor again brings it back to normal of course. Example: !screenshot_2021-03-12_10-05-07 Here is a screenshot...
Avatar
@deen https://ddnet.tw/stats/ max player count is now out of date, currently 2400 :)
Avatar
Reported by anonymous() on Discord:
when I tried to load a save from my main it said "you don't belong to this team" Then i tried from dummy and it worked
@Zwelf any idea?
Avatar
@Patiga this page is updated nightly, see bottom: Refreshed: 2021-03-12 05:59
Avatar
oh, nice
Avatar
It seems players really want top5 to behave as it used to. My concern with moving the new regional board to a new command was that it wouldn't have the exposure, but I think we could use the finish messages to let people know how they ranked in the regional board to promote the feature and keep top5 global. This should make everyone happy without completely hiding the feature and in the future I think we mostly agree that this should be a UI element anyway so it should be a decent compromise...
Avatar
@Learath2 cough
17:31
monkalaugh
17:32
monkaS
Avatar
couaccountsgh
Avatar
@Learath2 we have actually some kind of paradox, since we want polls across all servers and some want accounts we may need to make a poll for accounts when a poll needs accounts
17:34
Ok forget this i was just trolling
17:34
monkalaugh monkalaugh
Avatar
No poll for accounts please
Avatar
accounts in some way are just coming, I think. the question is "how?"
Avatar
I understand cosmetics I understand ux changes but something so core shouldn’t be polled...
Avatar
I rly dont want hats
Avatar
i want hats
Avatar
anyone interested in WIP https serverbrowse clients?
Avatar
it doesnt need to be tied to accounts
17:35
but hats will be very coo.
Avatar
Do u have a https master?
Avatar
I have a https master. it's called a script that dumps stuff into a file, and nginx
Avatar
Avatar
heinrich5991
accounts in some way are just coming, I think. the question is "how?"
Yes, I will be writing a summary of what I think so far on the issue and I’ll try to work with @Zodiac to come up with a complete proposal. It seems no one else is interested in forming the proposal together
17:36
I want in too
Avatar
If we have something complete maybe we can resume discussing on it and make changes to that
17:39
The amount of university material I need to get through is mind boggling and on top of that I seem to have even less ability to focus this week
17:39
I’m really starting to believe I got cursed πŸ˜›
Avatar
https://github.com/ddnet/ddnet/issues/3666#issuecomment-797650176
Remaining questions: How can the client detect that the response from a master server is stale? Should the client contact a second HTTPS master? When? How does the client choose which master to contact? It would be nice if it could select a geographically close one. Perhaps do a race? Unclear how to do this with curl, it's caching connections.
We want HTTPS masters. That would make the server list load instantaneous. Basically replaces #1074, I think.
πŸ‘ 1
17:46
ideas? also taking them on discord
Avatar
I replied on gh
Avatar
replied again
17:59
re no one else is interested in forming a proposal: are you referring to me not accepting a "good enough" solution and instead overengineering it? πŸ˜›
18:01
other than that I consider myself interested πŸ˜‰
Avatar
Well it’d be nice to see your goals, desirables, undesirables for the feature
18:17
I mean it’s arguably indeed possible to re implement the entire protocol and implement a decentralized accounts system and implement blockchain to fix the naming issue. But it’s not very realistic we could take on something of that size given we usually all just work alone on our features
18:19
Asymmetric cryptography makes some features that will be desirable for an account system for games actually rather tough unsolved problems
18:20
Like account recovery for an unsolved one. Though whatsapp has it figured out somehow maybe we could take a look there
18:21
We could store encrypted private keys for users using a more traditional password, but that requires two passwords one that we know and a separate recovery key that we don’t etcetcetc
18:24
There are many avenues to look into and before looking into them we need to know what we are looking for. Are we looking for a more centralized approach like OAuth maybe or a semi centralized approach where we host the address book, do we want a separate auth server handling this, maybe a decentralized approach but only on the serverside with a kerberos like solution.
18:26
Currently if I had to roll it out ASAP I would go for an OAuth like infrastructure as most players don’t really care to store 32 word tokens safely with no other form of recovery
πŸ‘ 1
Avatar
can we change this, or are we stricly against centering skins in scoreboard xd
19:17
this is how it looks like centered, tees are also too huge generally:
πŸ‘ 1
Avatar
http servers seem to serve their current time. maybe we could compare that to the last-modified header
Avatar
Google only having a dark mode on chrome is the most annoying thing I've heard in a decade
Avatar
Avatar
Learath2
Currently if I had to roll it out ASAP I would go for an OAuth like infrastructure as most players don’t really care to store 32 word tokens safely with no other form of recovery
if u wanted to roll it asap u would do it simple like any website
Avatar
Avatar
Ryozuki
if u wanted to roll it asap u would do it simple like any website
I personally wouldn't sacrifice letting other servers use our accounts
Avatar
i would use a jwt token and a refresh token thingy
Avatar
but as I said I only know my and Zodiac and maybe your positions on this
Avatar
Avatar
Ryozuki
i would use a jwt token and a refresh token thingy
I personally wouldn't really bother with the JWT you have to check if it's current with the backend either way, it's a waste of space imo
19:29
A nice session token with a quick in memory key value store is very hard to beat for me when it comes to authentication
19:29
maybe if I was doing microservices
Avatar
I want to take the crypto stuff as a foundation only. let people register their key to an email address by typing /register or so, and verifying the email address
Avatar
Avatar
Learath2
maybe if I was doing microservices
hmm arent most microservices sessionless
19:29
aka they use jwt
Avatar
then we and third party servers can query the account server to get the account name associated to a certain key
19:30
where the account name is an arbitrary email address
Avatar
one thing is registering, the other keeping the session
Avatar
yes, that's why I said that. If I was doing microservices and I was certain I wouldn't revoke tokens that's what I'd go for
Avatar
u can revoke tokens
19:30
blacklist them
19:30
until they expire
Avatar
you can't without communicating with the backend
Avatar
u can forget about ur token
19:31
ez logout
19:31
or what do u mean
19:32
i dont think u rly need to revoke a token for logging out
19:32
its just more secure i guess
19:33
Access tokens carry the necessary information to access a resource directly. In other words, when a client passes an access token to a server managing a resource, that server can use the information contained in the token to decide whether the client is authorized or not. Access tokens usually have an expiration date and are short-lived.
19:34
Refresh tokens carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server. Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-lived. Refresh tokens are usually subject to strict storage requirements to ensure they are not leaked. They can also be blacklisted by the authorization server.
Avatar
@Learath2 probably still too little specification? ^^
19:34
19:34
xd
Avatar
Avatar
Ryozuki
i dont think u rly need to revoke a token for logging out
e.g. revoking someones rcon access
Avatar
@Learath2 this is why u use refresh token thingy
19:35
the short lived token has the rcon info
19:35
if u have to blacklist it it wont be for long
Avatar
refresh tokens aren't this short lived usually
Avatar
refresh tokens live long
19:36
access token live short
19:36
access token has info about ur access rights
19:36
since u get it from the auth server
19:36
in my experience access tokens live for 15 mins to some hours
19:37
btw
19:37
ur oauth2 thingy uses this strategy
Avatar
yes but it's not stateless
19:37
I'm ingame I'll elaborate later
Avatar
please also tell me whether you want a longer idea for accounts from me later πŸ˜‰
Avatar
well ping me later then
19:38
gonna play some elite dangerous then
19:38
greenthing
Avatar
ya how will accounts work
19:43
are they finally being implemented
Avatar
I think they are saying all this shit and it will end like always
19:46
Im just seeing the drama when someone gets their name stolen or whatever
Avatar
not many people dont have forum or discord
Avatar
probably all chinese players
Avatar
I mean i jusy wanna see how you verify someone with 2k points
Avatar
but its not gonna be needed to finish maps right? its just to verify a player on servers
Avatar
Avatar
heinrich5991
please also tell me whether you want a longer idea for accounts from me later πŸ˜‰
Yes, I want to get into it, the details are the hard part with a asymmetric crypto solution
Avatar
but I'm doing a centralized one on top of the crypto one
19:49
except that you don't have a password
19:50
your account is your recovery info, basically
Avatar
Avatar
Ryozuki
in my experience access tokens live for 15 mins to some hours
With stateless JWT tokens you can't take immediate actions, if you want immediate actions there is always the cost of contacting the backend, so if we are contacting the backend anyway, might aswell get the entire user from there
19:51
@heinrich5991 so a classic account system with usernames and passwords that is used to store a private key?
Avatar
no, without a password
Avatar
uh what?
19:51
how do you recover anything then?
Avatar
okay, you're not a mind reader πŸ˜„
19:52
let me elaborate πŸ˜„
Avatar
Do your best guys and maybe add roles to the account system like admin/mod/tester/mapper/maybe roles based on points
19:54
Or evern years since first finish
Avatar
all clients generate a key. if a user wants to register an account, they type /login <email address> while they're on a server with their key. after verifying the email address, they have their account with one associated key. if they're on another client, they can type /login <email address> to also associate this key to the account. the central server then provides a public mapping from public key to account. we can associate data to the global accounts, like a discord account, forum account
19:56
e.g. the game servers can then also associate accounts to rcon level, doing away with the need for passwords there, too
19:57
@Learath2 does this become clearer?
Avatar
does this mean that nobody except me can name themselfes Im 'corneum?
Avatar
Even with that wont someone be able to for example just Rename as Aoe and do /login gmail@gmail.com to steal all his points? before he registers
Avatar
no because aoe has a forum and discord account which we already know he is (edited)
Avatar
But u could do it, he would have to reach out for support right?
Avatar
sure
Avatar
@bubliman I'm not talking about associating old points/ranks to the accounts yet
20:00
this is only about an account system for future ranks right now
Avatar
@heinrich5991 how about recovery for private keys? do we just let people associate new keys?
Avatar
Avatar
heinrich5991
@bubliman I'm not talking about associating old points/ranks to the accounts yet
One step at a time, good aproach ! πŸ™‚
Avatar
no recovery for keys. keys stay on the client, if you move to a new computer or reinstall your computer you get a new key and need to "log in" again
Avatar
Im 'corneumheute um 20:57 Uhr does this mean that nobody except me can name themselfes Im 'corneum?
Avatar
no
20:05
this has nothing to do with in game names right now
Avatar
what does it actually do? i dont really get it
20:05
like whats the goal
Avatar
it doesn't do much user-visible things, it lays the ground work
20:06
it provides some authentication that can be built upon for other features
Avatar
Yeah, now i get it, so every account can have multiple verified client keys tied to it
Avatar
yes @bubliman
Avatar
the only thing that would be useful is to know for sure someone is legit. so you can play like normal but when you wanna have a talk ingame you login so both know they are verified.
Avatar
yes, that's actually a thing that would be possible with this account system
Avatar
but i guess you want to attach the ranks later so nobody can fake finish anymore?
Avatar
Avatar
heinrich5991
no recovery for keys. keys stay on the client, if you move to a new computer or reinstall your computer you get a new key and need to "log in" again
why new key, how would it work
Avatar
on first startup, the client generates a key. it uses that to authenticate against the server (unconditionally)
Avatar
These are just results of accounts
20:08
it allows many things, we can do clans, we can actually ban people
Avatar
if you want to have a permanent "account", you need to /login <email>
Avatar
we can enforce spam rules
Avatar
@heinrich5991 maybe use the same symbol as on social media
Avatar
oh oh...
Avatar
can people just make new accs to spam
Avatar
ok cancel accountsjustatest
Avatar
yes, but you could maybe limit new accounts if there's active spamming going on
20:09
anyway, all this is just results of accounts
20:09
not implementation
Avatar
Avatar
Im 'corneum
but i guess you want to attach the ranks later so nobody can fake finish anymore?
that would be bad
Avatar
Avatar
Cristian
that would be bad
yes
Avatar
@Learath2 does that make my idea clearer?
Avatar
yes, it actually sounds very reasonable to a reasonably drunk me
Avatar
❀️
Avatar
any ideas about p2p verification or other servers wanting to use our db of accounts?
Avatar
also. how would this be for new players that just want to check the game out? wouldnt they just think: im not gonna create a account for this game so why bother finishing any maps?
Avatar
@Im 'corneum you can play without creating an account, nothing will change about that
20:11
they can query our server with the public key, and we'll send back an account identifier @Learath2
20:11
but they could do their own account system as well, on top of the keys
20:11
if they want
Avatar
Avatar
Im 'corneum
also. how would this be for new players that just want to check the game out? wouldnt they just think: im not gonna create a account for this game so why bother finishing any maps?
"accounts" are technically keys, they are auto generated in this scheme
Avatar
e.g. if KoG wants to do that
Avatar
i dont care much about the spam and ban thing but please keep the fake finishes. or switching tees with namechange
πŸ€” 1
Avatar
Avatar
Im 'corneum
i dont care much about the spam and ban thing but please keep the fake finishes. or switching tees with namechange
f3
Avatar
what about old clients
Avatar
they won't have accounts
Avatar
@noby
Avatar
Avatar
Im 'corneum
i dont care much about the spam and ban thing but please keep the fake finishes. or switching tees with namechange
switching tees is getting a new fix with /swap
20:15
fake finishes I never liked, but idk how to let them keep happening
Avatar
would that work instantly?
20:15
that would be epic to map with
Avatar
not instantly no
Avatar
mmh
Avatar
that's under discussion, check the github issue https://github.com/ddnet/ddnet/pull/3654
Added a new chat command /swap based on the discussion in the associated issue: #1103 Swaps the character&#39;s position with another tee using the existing Save/Load functionality. Restriction...
Avatar
if its instant maybe u can do something cool with dummy
20:16
maps
Avatar
if you want a game mechanic like that create an issue about that too
Avatar
nvm then. but dont make it one minute like save
Avatar
Avatar
Learath2
yes, it actually sounds very reasonable to a reasonably drunk me
the mail system looks reasonable to me too
Avatar
Avatar
Im 'corneum
nvm then. but dont make it one minute like save
uh there is a discussion there, if you want to have input on it please post
20:17
it'll likely have a one minute penalty in any case as we all seem to agree on that
Avatar
we can also make legacy points show in ur account as a reward for showing u were there before, if we cant find a way to get old points into new accounts
20:17
so u can brag
20:17
everyone loves to brag
Avatar
can we discuss the account system instead of what we're doing next?
Avatar
we are all arguing about the 1 minute crippling right now I think
Avatar
@Ryozuki Veteran, sound better... πŸ™‚
Avatar
this is just going to go in circles if we talk about what we want to do with accounts
Avatar
Avatar
heinrich5991
can we discuss the account system instead of what we're doing next?
I couldn't poke a hole in your scheme, the only thing it's missing imo is p2p verification
Avatar
suddenly there is more ppl in this chat
20:18
curious
20:18
monkalaugh the stalkers
Avatar
It was one of my initial desirables that I ditched on my implementation because I didn't want to bother
Avatar
fair, didn't realize @Learath2
20:19
im confuse
20:19
why cant u just implement /register with email and pass, why do u need this clientside key confirmation thingy
Avatar
because the password can be phished, is weak, etc.
Avatar
the email authentication with key is better
Avatar
we'd like to be able to log in automatically, e.g.
Avatar
a stored key*
20:20
you dont need a password
Avatar
So with the account system, I assume those using Steam would use their steam ID as their account or would you keep it completely separate?
Avatar
u just need to verify u own x email
Avatar
Avatar
louis
why cant u just implement /register with email and pass, why do u need this clientside key confirmation thingy
it allows us to do some very nice things
20:20
like p2p verification, encrypted chat, other servers easily using our accounts
Avatar
@SPYRES currently steam isn't integrated at all into that idea
Avatar
@SPYRES a bit far from that
Avatar
@heinrich5991 it should have a max of 2 tries per day or week
20:21
@heinrich5991 trolls can spam mails with known emails of others
Avatar
can u do the email/pass thign along with the client id
Avatar
All is in the title. Expected behaviour : vote for exact match first if it exists. In this case, voted map should be "Adrenaline 1"
Avatar
this would defeat the point. people would accidentally lose their passwords to other people and we have to play support
Avatar
we can associate steam and discord with email too, that shouldn't be a problem
Avatar
how can u link an account from a second computer
Avatar
/login <email address>
Avatar
u do /login <email>
20:22
and go to ur email
Avatar
we have todo smth about this, its really annoying
Avatar
oh and verify thru email
Avatar
and click the link
20:22
u verify through email every pc u have
Avatar
just keep fake finish
Avatar
and /login email pass will be phished easily cuz how tw servers work
20:22
and ppl will make binds and use them on nonddrnet
Avatar
@Cristian why?
Avatar
yes @louis
Avatar
ok makes sense
Avatar
@Deleted User make a huge formatting commit
Avatar
yes, but it will break some huge lines
20:24
bcs between clang 10 and 11 there is some difference
Avatar
example?
20:24
ah
20:24
can you maybe just commit the comments?
20:24
alternatively, install clang-format10
Avatar
dunno exact example but it was the ones with tinary operators
Avatar
what OS are you on?
Avatar
linux debian, it has clang 10, but have to switch it always when using different projects, bcs the ide has no per workspace setting for this appearently
Avatar
does it call the external clang-format?
Avatar
yes
Avatar
you could write a little shell script that decides which to use depending whether you're formatting ddnet files or not
Avatar
ah, interesting idea
Avatar
Avatar
bubliman
@Cristian why?
its good and ddnet was always like that
Avatar
tee settings scoreboard spectator board

Checklist

  • [x] Tested the change ingame
  • [ ] Provided screenshots if it is a visual change
  • [ ] Tested in combination with possibly related configuration options
  • [ ] Written a unit test if it works standalone, system.c especially
  • [ ] Considered possible null pointers and out of bounds array indexing
  • [ ] Changed no physics that affect existing maps
  • [ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.c...
Avatar
@Cristian not a valid reason imo
Avatar
Avatar
bubliman
@Cristian not a valid reason imo
there are others good reasons but important thing is why u dont want to keep it
Avatar
would take the benefits of having an account over not being able fake finish
Avatar
fake finishes should still be allowed
20:37
i mean its kinda tradition that if u murder someone during a play, u finish for them
Avatar
@louis sure the only way i guess is to auth their client, which would be a pain in the ass and if u want to keep them so much then the whole acc system would crumble
Avatar
m or someone before was talking about /swap which could work
Avatar
(note that this is unrelated to the account system as we discuss it. we're just doing client authentication right now)
Avatar
maybe if names are ever tied to accounts, the owner of account+name can choose to allow others to use that name or not
Avatar
Avatar
bubliman
would take the benefits of having an account over not being able fake finish
not worth
Avatar
@heinrich5991 what do you think about the name claiming?
Avatar
you mean reserving a name?
Avatar
your proposal gets us some form of accounts, what do we do about naming?
Avatar
I wouldn't go further than what steam etc. do
Avatar
Do we do sth like steam where you can have any display name you want?
Avatar
Learath2#5921
Avatar
That's more discord then steam
Avatar
ah, or battle.net
Avatar
ah battle net does it too
Avatar
yes, idk. but the thing is, I'd rather get the account system and do the bikeshedding about that later πŸ˜›
20:43
the bikeshedding of things that don't need to be fixed in order to implement accounts
20:43
fixed as in determined
Avatar
hm since you only used emails I guess you don't need to actually fix naming before accounts
Avatar
staff + "well-known" should have unique name maybe?
20:45
so ppl cant fake
20:46
would joe#0001 and joe#0002 share points
Avatar
@louis with that leaderboards could be a big mess
Avatar
maybe once u get 5k points u can unique-ify ur name
20:49
or something similar
20:52
meh
20:52
that just causes more problems
Avatar
Pop away for a moment and I am welcomed to 300 messages on accounts πŸ˜„
Avatar
@heinrich5991 I like the approach. It is a simple authentication process. It is similar to how Slack handles authentication - unless I am mistaken.
21:03
I don't think it precludes typical account functions like name storage. You going to have to store the access token associated to the email address, could also create other fields e.g. name etc. The benefit is that we don't store passwords and need to handle the handshake of them
Avatar
yea, those would be "normal" centralized accounts, except without passwords
❀️ 1
Avatar
/login <emailaddress> <name>
Avatar
why do you include a name in there?
Avatar
Well where else would you take in those extra fields?
21:05
Could include a /register <emailadress> <name>
Avatar
yea, or give a way to set names later
Avatar
True but then you create a state problem of inconsistent data
Avatar
@heinrich5991 with a name included u get rid of a ton of issues, and whats the point of the accounts without the names?
Avatar
user identification
Avatar
I think it is fine to extend it slightly to include other usual fields
21:06
it just means it is broken into two
Avatar
I don't think we need much on sign up tbh, most of the stuff can be optional, including the name. we already have the current in game name if we want to display something
Avatar
/register <emailadress> <name> <favourite pet> <birthday> <IdNumber> <place of birth>
justatest 1
21:07
/login <emailaddress>
Avatar
you forgot card number
πŸ˜„ 1
Avatar
Avatar
heinrich5991
I don't think we need much on sign up tbh, most of the stuff can be optional, including the name. we already have the current in game name if we want to display something
That is in-game though. We lose out the usefulness beyond that e.g. the website
Avatar
you can capture the ingame name πŸ™‚
Avatar
I really like the "almost no friction" of /login <email> πŸ™‚
Avatar
Fair enough. I think we pretty much agreed on the approach - just the smaller details at this point.
Avatar
@heinrich5991 sure the name can be added later or through email
Avatar
yes, true, these are details
Avatar
wont the client hide the commands anyway
21:10
like a loginscreen client side
Avatar
Alright team, so account system come Monday?
Avatar
πŸ˜„ first monday of 2022
πŸ˜† 1
Avatar
when teeworlds gets 30
Avatar
Namechange could be instant and automatic, instead of a year cooldown also it could sent and email where you could confirm this namechange /account name Aoe This name is already taken try another one /account name Korgi Namechange succesful What about this?
Avatar
let's try to actually do the account system before trying to figure out stuff like that @bubliman πŸ˜‰
Avatar
I'll try get the skeleton plan for it down later this weekend based on the above conversation.
21:20
Names don't need to be unique under an account system. One of the benefits.
Avatar
this will lead to endless bikeshedding otherwise @bubliman
πŸ‘ 1
Avatar
Annoying seeing my very "unique" name having maps finished that I haven't done.
Avatar
Avatar
bubliman
One step at a time, good aproach ! πŸ™‚
as i said πŸ™‚
Avatar
automatic namechange isnt good, will be so confusing when some people change their name 3 times a day
Avatar
Why? i mean it is possible on most modern games
21:23
could have a command for name history
Avatar
this is what I mean with bikeshedding
21:24
can you move to another channel fr this? ^^
Avatar
basically do ur thing, im now 🀐
21:27
on second thought account management shouldnt be in chat, now im truly 🀐
Avatar
I mean if we have an account system names dont matter do they
Avatar
technically not
21:45
pride is the reason we don't have an account system to begin with
Avatar
@heinrich5991 the key u store in ur pc is like a public key or how does it work
22:03
is it just some token
Avatar
like a private key
Avatar
c5f8fb1 Add donation by Gabi - def- c7f4ef9 2455 - def-
22:14
331ee9a Center tees in more places - Jupeyy 30d3aed Merge #3701 - bors[bot]
Exported 340 message(s)