DDraceNetwork - developer

DDraceNetwork

Development / developer

Development discussion. Logged to https://ddnet.tw/irclogs/ Connected with DDNet's IRC channel, Matrix room and GitHub repositories — IRC: #ddnet on Quakenet | Matrix: #ddnet-developer:matrix.org GitHub: https://github.com/ddnet

Between 2023-03-23 00:00:00Z and 2023-03-24 00:00:00Z

huh, discord sdk is open-source

GitHub

Click to see attachment 🖼️

wow

04:01

imagine casually creating pr with rebranding ddnet

probably just a mistake

What type of client is that, anyways?

[ddnet-maps:master] 1 new commit

c929ef2 M Resistance - ddnet-maps

[ddnet/ddnet] Pull request opened: #6454 Round by millisecond, not centisecond (fixes #6453)

Some servers seem to allow times with millisecond precision, official DDNet doesn't, so never noticed this issue.

Checklist

[ ] Tested the change ingame
[ ] Provided screenshots if it is a visual change
[ ] Tested in combination with possibly related configuration options
[ ] Written a unit test (especially base/) or added coverage to integration test
[ ] Considered possible null pointers and out of bounds array indexing
[ ] Changed no physics that affect existing ma...

Regarding Accounts-Issue#3411 (https://github.com/ddnet/ddnet/issues/3411), I created a very rough summary of the conversation since it's quite a long discussion. https://gist.github.com/UnlucksMcGee/0db6d3c2b887ecc34c66387f65b8dc15 Perhaps it may be beneficial to have a document that is easier for admins to edit/update. Or maybe heinrich5991 could edit his first comment at the top of https://github.com/ddnet/ddnet/issues/3411. I'm assuming there is still interest in the topic, not quite a "season 2", but some derivative that may be beneficial? (edited)

nice summary

we'd finally need to decide if we want it to be decentralized or not. for heinrichs half decrentralized approach i have no sympathies. The gain that having a cache of account mappings sounds not too useful to me, that can also be done by a game server itself. And u have your password stored on your computer all the time

https://youtu.be/TSCzC-WECw8?t=87 wouldn't be a good idea to implement raycasts on every step the player makes in high speeds to see if it collides with an entity that should trigger something? Like kill for example

The Problems with Walls in Super Mario 64

before we do that we can also do simple password with auth tokens

Cellegen

https://youtu.be/TSCzC-WECw8?t=87 wouldn't be a good idea to implement raycasts on every step the player makes in high speeds to see if it collides with an entity that should trigger something? Like kill for example

it does smth like that

11:45

just not for kill tiles

11:46

start etc. is unskippable

Honestly I like the decentralized stuff but I also know that it's just completely incomprehensible for the average user

the problem is, its not even decentralized anyway

11:49

if we want real decrentralized we can do this: ddnet has a account manager (for non it ppl) that saves the private key which the client downloads. but its a one time key. once its stolen or somehow lost, u done the sha of the pub key would be the account ID

11:49

and IT ppl could gen this key pair themself

11:51

thats also why i feel like the half decentralized approach is almost not worth it

11:51

it has imho not really many adnvatages over classic authing

The one major advantage (which I think is honestly a disadvantage) is that it allows for creating accounts instantly on the client side

11:54

I think that is actually a bad thing since it means our accounts will be useless in moderation

11:54

Except for people that care for their points, which we already can punish using name_bans

i guess the ddnet account mapper could still reject such accounts, but maybe its harder yes

11:56

central authing could also geolocate authes to an acc.. and the session could be ip/ipregion bound

11:56

the other type would really just need the keys

11:57

well i dunno. but i feel like we going in a circle about the account system

11:57

maybe ddnet has to be more ego and simply do accounts for ddnet first

11:57

before caring about the community

The freeform discussion in that issue didn't help much

11:58

Maybe we should have people make complete proposals and vote on those instead

1

[ddnet-web:master] 2 new commits

e381cdc Add 7 € funding for South Africa by UnlucksMcGee - def- 7242c2a Add 100 € donation by xx - def-

Jupstar ✪

we'd finally need to decide if we want it to be decentralized or not. for heinrichs half decrentralized approach i have no sympathies. The gain that having a cache of account mappings sounds not too useful to me, that can also be done by a game server itself. And u have your password stored on your computer all the time

another gain is that we don't have to handle insecure passwords by users

heinrich5991

another gain is that we don't have to handle insecure passwords by users

and if they want to change the key?

12:22

if its done by email, email also has a password

yes, but we don't manage it

what if i lost my email and want to change it?

why take responsability for insecure user passwords?

12:23

its their own fault

because they'll come to us and ask for their account to be restored

well u can also make requirements for passwords

requirements don't work

12:25

what would work is generating the password for the users

12:25

requirements can't force good passwords

12:25

it just doesn't work

ok

12:25

but saving the key file on the computer works?

i feel like we try to achieve to much and it wont lead us to do any thing btw what about a simple email password auth on a per network basis, other networks require registering there, but with oauth they can verify this account is linked to x ddnet account

I agree with you that it has the problem that a malicious client can fetch it

not only that. i actually assume ppl will leak it by being stupid

12:27

e.g. if we name the dir keys it doesnt sound like password related

Jupstar ✪

not only that. i actually assume ppl will leak it by being stupid

I wanted to hide it from the user. you think it'll still get leaked?

well the attacker will ask to send maps/skins and keys dir

12:27

i need it

12:27

for the epic game play

Ryozuki

i feel like we try to achieve to much and it wont lead us to do any thing btw what about a simple email password auth on a per network basis, other networks require registering there, but with oauth they can verify this account is linked to x ddnet account

with private keys, it's comparatively simple. the server has secure auth before the connection is established

name the folder "DO_NOT_SHARE" and put it in a separate dir than usual config

12:28

.config/ddnet-secrets/

Jupstar ✪

well the attacker will ask to send maps/skins and keys dir

e.g. I thought about storing a key used to encrypt the key in the registry, on windows

12:28

I thought that'd make it harder for people to tell you to fetch it for you

yes

or maybe in windows' built in password manager

but that probs requires admin right?

no

the registry?

user has their own registry

ok

HKEY_CURRENT_USER

what about linux

maybe some keyring there

i legit havent seen a game do pubkey auth yet

12:29

xd

is the password your main motivation for the key approach?

that and that it can also work for other networks without us

12:30

and the offline capabilities, i.e. that you can have retroactive auth

12:30

when the auth server is down

but that also only partially works doesnt it

12:31

e.g. by having a previous list

which part?

Ryozuki

i legit havent seen a game do pubkey auth yet

does teamspeak3 work?

i mean if u use the pubkey hash as account id, u probably want it to be changable?

I'd have multiple public keys that can be associated with a single ddnet account (edited)

but if u do a full recover

the public keys can be verified even if the auth server is down

i mean he lost his account

and afterwards, the linked ddnet account can be fetched

now he gets his email

12:33

creates a new key pair

12:33

this is all done by the ddnet account mapper

12:33

or whatever u call it

ye

so its only partially doable offline

yes

so 99% of the time it has to be online anyway xD

I wouldn't think so

12:34

say you deleted your keys

12:34

auth server is down

12:34

you generate new keys

12:34

you play on a server (it notes your public key)

12:34

later, when the auth server is up again, you associate your public key with your account

12:35

the server can then later associate your run with your account

12:35

the auth server outage wasn't bad in this case

mh yeah but then u could also say there is simply a fallback id for every client

12:35

similar to timeout code

the advantage of the public key is that it cannot be copied by the server you connect to

12:36

and not MITMed

12:36

etc

12:36

auth tokens don't have that advantage, with them, you even have to verify the server as genuine, I think

12:37

ah, you could do some zero-knowledge proof or so on them, but that sounds more complicated than doing public key auth

[ddnet:master] 2 new commits

5252667 Round by millisecond, not centisecond (fixes #6453) - def- f1149b8 Merge #6454 - bors[bot]

12:37

[ddnet/ddnet] Issue closed: #6453 Scoreboard bug on precise times

12:37

[ddnet/ddnet] Pull request closed: #6454 Round by millisecond, not centisecond (fixes #6453)

but even then, if the auth key would be done for 2 days the runs might be lost again

12:38

bcs u changed your keys twice

yes

12:38

if you change your keys before you authenticate, stuff might get lost

12:39

but I wouldn't show the not-linked-to-an-account state as "logged in" to the user (edited)

ok and about all the edge cases, did you think about account creation spamming and similar stuff.. are emails a must have with verification. ip bound account creation?

can the challenge be computationally hard for the client?

Ryozuki

can the challenge be computationally hard for the client?

not in a way that stops our current day-to-day spammer

12:41

but we could more easily introduce some "initial chat delay" that doesn't hurt users who already have a positive reputation

also if its an offline list u probs dont want it to be a few GBs?

12:42

dead accounts etc

12:42

and ofc spammed accounts

I would keep around accounts forever for now

the good thing about accounts is easier heuristics to battle bad actors

12:43

a little bit of social score kek

yes

dota 2 has that

but knowing how hobbyless the script kiddies in this community are

I think we can afford to save tens of bytes per email address or discord account or steam account that users create

when u reach a low score u cant chat

Ryozuki

when u reach a low score u cant chat

like in dota

troll

1

i mean yeah

12:43

i said dota

12:43

haha

oh

heinrich5991

I think we can afford to save tens of bytes per email address or discord account or steam account that users create

sure but every game server that fetches from ddnet has to keep in sync

didn't see that

he means dota 1

Jupstar ✪

sure but every game server that fetches from ddnet has to keep in sync

the game servers could potentially forget it after a while

12:44

I meant dota 2 ^^

12:44

dota 1 was more brutal

never played it

i wasnt even born

u were

"what's the price of boots of speed?"

12:45

3.

12:45

2.

12:45

1.

12:45

kicked ryozuki

bad ryozuki

450

12:45

iirc

too late, already kicked you ^^

xd

12:45

actually dota 2 trivia asks stuff like this

12:45

in the client

12:46

btw we need a janitor like in dota 2

12:46

our dev mascot

12:46

https://dota2.fandom.com/wiki/Shitty_Wizard

The Shitty Wizard is an inside joke within the Valve staff. It refers to a single person who is "responsible for all Dota 2 bugs". Adrian Finol, a senior programmer at Valve, is the inspiration for the character. Dota 2 contains many references to the Shitty Wizard. He is mentioned in a voice response line by every hero. The couriers Dolfrat and...

12:47

this would be robyt lately

but yeah that the connection is directly secure between server client and even client client is nice So i assume for the later, the client needs to fetch this information too. and somehow the server's information cannot be trusted for this either (they pubkey hash of the client that the server might send as server info or smth similar) Already thought about such things?

12:51

i already thought about such concepts for ddnet playground

12:51

but only in theory

how the server can prove to the masterserver that a specific client is online?

12:51

I haven't thought about that yet

yes

12:52

because if we have accounts we basically want friend lists anyway

12:52

and friendlist kinda must be secure too

@heinrich5991 is there a way to exchange pub keys between users in a server

12:52

my objective would be private encrypted chat between 2 users

12:52

for whispers

we can make a community server

12:52

as trusted authority

also we would need to add some handling for encrypted data right

but yeah u need some kind of authority

it would be nice to have it transparently on the game side, but the engine handles it

what do ya mean?

12:53

just encrypt everything

12:53

and decrypt in network

12:54

before its a game msg

i mean that the engine encrypts and decrypts packets transparently

12:54

i dont think we should encrypt everything

12:54

ur position etc is not needed

quic does that

we kinda need to encrypt anything

and its prob overhead no?

12:54

oh

12:54

i see

anyway, I'm working on quic

nvm then

which encrypts everything

nice

12:54

this is definitly a compatiblity break right?

who finishes first, heinrich with account system or me with ddnet playground?

12:55

place your bet now

what r u doign on the playground

12:55

vulkan stuff?

everything

12:55

i break what cant be broken

Ryozuki

this is definitly a compatiblity break right?

no, I don't like compat breaks ^^

im not doing anything, im a lazy bastard

Jupstar ✪

i break what cant be broken

xd

heinrich5991

no, I don't like compat breaks ^^

so u would support plain old udp too?

12:56

doesnt quic allows better ddos protection

12:56

idk

12:56

xd

I'm not opposed to stuff like "drop old-style connections when server is DoSed"

12:57

if it's beneficial

12:57

but I'm not sure if quic is good for ddos protection

12:57

it'd enable us to use steam relays without trusting them though

Ryozuki

what r u doign on the playground

btw the funny thing is, i also implemented a quic backend but i use quinn for it

12:58

heinrich uses the other

12:58

very competitive

is it easy to implement?

the auth took the longest time, I think ^^

well generally yes, but i dont have any real key exchange mechanism yet, since im not connected to a master server or smth

currently I'm refactoring and adding backcompat

poggers

also missing is: test on systems other than mine

@Jupstar ✪ btw are u working irl?

if i am employeed?

ye

yes

13:00

but i ignore that time

i feel like lately i waste too much brainpower on my job to do anything xd

and act as if i simply have less time now

13:01

yep thats hard

13:01

but somehow over the last 2 months i leanred to do both

yeah

13:02

@heinrich5991 is it in rust ?

yes

poggers

pff ddnet pg is also in rust

13:03

100% except the annoying deps that need c libs

13:03

compiler*

https://www.reddit.com/r/ProgrammerHumor/comments/11yxx7g/gigachad_ken_thomson/

r/ProgrammerHumor - Gigachad Ken Thomson.

40,351 votes and 735 comments so far on Reddit

13:05

xD

13:05

Image attachment

heinrich5991

currently I'm refactoring and adding backcompat

so u r already far. did you use cxx for the packet compability then?

no, I want to use the rust impl that I have lying around

yeah ok thats the libtw2 advantages probs

although I'm a bit anxious about bugs in there

13:09

because it hasn't been tested in a widespread manner

Ryozuki

Click to see attachment 🖼️

Why would he refuse? It'd be a good time to flex on the zoomers

he is 80y old

13:09

boomer flexing on da zoomers

13:09

im surprised he can work

i wanted to only refactors graphics first, but mixing rust idea of variants over enum structs and our way of putting stuff in a fat buffer and giving it IDs looked like a huge mess so i spent way too much time for this

do u thin its possible to forget details about ur own language

13:12

think

13:12

i mean he is old

I have this feeling that we'll end up with an account system that users don't understand at all, with features that are only appealing to the technically inclined, that has no use in moderation since we don't want to make it even a tad bit annoying to create accounts, has no use in detecting fakes because names are not singular, has no use in getting an accurate point count for people since we refuse to reset the ladder

yeah thats my fear

Learath2

I have this feeling that we'll end up with an account system that users don't understand at all, with features that are only appealing to the technically inclined, that has no use in moderation since we don't want to make it even a tad bit annoying to create accounts, has no use in detecting fakes because names are not singular, has no use in getting an accurate point count for people since we refuse to reset the ladder

well we'll make the account system look like a normal one

Ryozuki

do u thin its possible to forget details about ur own language

details, probably

it all happens under the hood

we don't want to expose any of that key mumbo jumbo to users

Learath2

details, probably

c is full of subtle details

it should just look like "log in"

13:13

and "log out"

13:13

like the users are used to

brb

A log in button which requires no credentials, a log out button that abstracts away an interesting key cycling scheme, and a way to associate a key which is supposed to be completely abstracted from you to an email

13:15

It's honestly bizarre to say the least

a log in button that logs you into your email address without a password

13:15

that's maybe a bit alien for the user

13:15

but I wouldn't describe it as "users don't understand it at all"

13:15

they can also click "log in with steam", which doesn't even need any kind of interaction

Even if it doesn't feel alien I feel it doesn't address much of any problem we have

it allows us to attach reputation to players

Which they can shed by just clicking log out

allowing us to temporarily exclude new accounts from writing stuff when somebody is being funny spamming the servers

Since we don't want to make it any more annoying to play without an account, we can't do much with reputation except maybe giving them an initial chat cooldown

[ddnet:master] 4 new commits

ea6e267 Add random_angle function - Robyt3 0cf5dd7 Add random_direction function - Robyt3 a9ef757 Add random_float functions with min and max arguments - Robyt3 971b166 Merge #6439 - bors[bot]

13:19

[ddnet/ddnet] Pull request closed: #6439 Refactor `random` functions

well we will see

13:19

if u so far anyway it doesnt matter anymore

13:19

but it generally feels more complex

13:20

and the edge cases sound more scarry

13:20

but yes from secure connection point of view its the cooler approach

I really don't want to have annoying account creation, because I love the way I can let new players just play the game

13:21

but even that can be slapped on top of the public/private key idea

13:21

basically make the association with an email address annoying

Also what do you have planned for names?

discord-style

sha256 hashes xdd

How does that work for people that want to play without an account?

they don't get an account name

So we still get an account name AND an ingame name?

I haven't thought about this a lot

13:24

but currently I'd say yes

Perhaps accounts are mandatory. e.g. Old username is: Aoe New account name is: Aoe#1234 You can opt-in to include the points of your former username with this account (but they're marked as "unverified")? (edited)

13:28

Donators get to customise their #1234 number trollet

trollet

I think it'd be in our best interest to get rid of ingame names. It'd be extremely confusing to figure out if Aoe#1256 with ingame name Aoe#1265 who is claiming to be the Aoe#1652 with the ingame name Aoe you played with last night is the real Aoe which you are supposed to know from another registry has the account name Aoe#1255

13:29

Even writing that sentence confused me and I'm sure our resident rat can make it much more annoying than my non troll brain can come up with konsti

konsti

$5/month to get blue tick trollet

trollet

Learath2

I think it'd be in our best interest to get rid of ingame names. It'd be extremely confusing to figure out if Aoe#1256 with ingame name Aoe#1265 who is claiming to be the Aoe#1652 with the ingame name Aoe you played with last night is the real Aoe which you are supposed to know from another registry has the account name Aoe#1255

Will account names be on a first come first serve basis, then?

Account names would be Nameyouwant#random-4digit-discriminator

observation: discord and steam allow you to change your nickname arbitrarily, even on a per-server basis

13:33

hmm... why does it work for them?

13:33

I think your example is confusing, too

But discord isn't a game, as soon as you click on my name here you'll get my real account name and discriminator

13:34

It also has clearly visible account creation and server join dates

since recently

And the per-server rename is annoying enough that we disabled it in this server

true

but pls

Steam idk, maybe faking isn't an issue there since no leaderboard would display your ingame name?

keep display names

13:35

else i can never be annonym

13:35

that would be huge downer

If you want to be anonymous I think you should be forced to log out

bad design

heinrich5991

hmm... why does it work for them?

it is difficult to determine whether something works without deciding what the goal is

So you want the ability to hide your account name from everyone else, I guess that's only possible if ingame names also exist

13:37

But that makes it extremely annoying to have a friend system of any kind

its probably not possible to make a system that prevents faking, allows anonymity, tracks points, is convenient to use, etc. but picking only a few of these is possible (?)

allows anonymity without logging out is where my brain goes logical contradiction

13:40

I can't think of a way to have one set name while also allowing anonymity

The game server simply doesn't expose the name

13:40

The non display name

Would someone still be able to report that player?

It's easy to do technically, but then you don't have one set name, which means we can't have friends lists that guarantee that you are talking to the same person

UnlucksMcGee

Would someone still be able to report that player?

i assume reporting would be the same as it is now by using ingame name or other descriptions, and the admin could see the account name

but I mean either you're anonymous, or other people can find you in the server browser

13:42

I don't see how to do both (edited)

Learath2

It's easy to do technically, but then you don't have one set name, which means we can't have friends lists that guarantee that you are talking to the same person

maybe there could be an indicator for when someone is using their "real" name but no indicator otherwise?

13:42

that way it would allow for verification and anonymity

Problem is pros need a anon button

13:43

In this game nubs and pros play same server

13:43

Is cool

13:43

But also sucks hard

13:43

They ask u the whole day

they could just use a different ingame name and lose the indicator but still the ranks would get logged t the same account? idk

Yeah

noby

they could just use a different ingame name and lose the indicator but still the ranks would get logged t the same account? idk

The account name would also have to be not displayed

right

The game server should know but not expose

i think thats how it works for bw server accounts

Which creates an even more confusing situation. Aoe that is logged in to an account, but you are not allowed to see the name

13:44

Is this really Aoe?

the account could be associated with one "real" ingame name

then I register an account with the real "noby" name

so if its real Aoe's account and he is using name Aoe it would show that

isn't that 'anonymous' mode that we talk about quite close to the offline or 'invisible' mode in steam?

thonkery

mh

Associating with one "real" ingame name is immediately back to the very start where konsti registers all the names

Patiga

isn't that 'anonymous' mode that we talk about quite close to the offline or 'invisible' mode in steam?

Even if you are offline or invisible in steam most games will still report your steam id on the scoreboard where you can go to peoples profiles

true

heinrich5991

observation: discord and steam allow you to change your nickname arbitrarily, even on a per-server basis

true, they have a underlying real steam id behind

13:47

i dont think how this cant work here

13:47

see*

Maybe if we make it extremely clear who is logged in, display real discriminators in a very distinct way only when the scoreboard is open, then maybe it's easy enough to spot fakes and lets people be anonymous too

faking initially will be a issue because we start from a blank state, trust is then formed when you make ur friendlist network

Maybe a unique username is better

13:49

Discord approach I'd say sucks

Ryozuki

faking initially will be a issue because we start from a blank state, trust is then formed when you make ur friendlist network

You can't even make a friendlist if the server never reports the account name

like most gamers do

13:49

tell ur id via discord

13:49

to ur friend

13:49

to add you

you'll also be able to see who's real by their points

Learath2

You can't even make a friendlist if the server never reports the account name

It can. Opt out

Ryozuki

tell ur id via discord

Can't have that either, if the server is hiding the account name you can't do anything with the account name

Learath2

Can't have that either, if the server is hiding the account name you can't do anything with the account name

i mean the name displayed is just vanity, i mean the account unique id

13:50

that is jut numbers

We need a way to disallow wildcard friend requests and we need anonymous gameplay

13:50

I don't see where the problem is

steam calls it friend code xde

13:51

well friend codes can be secret unless u share em

Learath2

Can't have that either, if the server is hiding the account name you can't do anything with the account name

ppl would be able to see their own account id though?

Jupstar ✪

I don't see where the problem is

The problem is that it's extremely confusing when there are two sets of names and 4 states a person can be in in which the names mean different things

Learath2

The problem is that it's extremely confusing when there are two sets of names and 4 states a person can be in in which the names mean different things

It works for CSGO players

just add key signing kek

Can't be too hard

i sign ur key and saying ur u

13:52

gpg in tw

Allow players to hide their account name (Aoe#1234) in-game. While that option is enabled, they lose the ability to add friends and other features that need the account name etc. But they can still finish maps that can count towards their points. If someone has their account name hidden to impersonate someone, then you can just automatically assume that its an impersonator

Jupstar ✪

It works for CSGO players

You are never anonymous in CSGO, right click on the scoreboard and I can have your unique steamid

are u new unlucks? or hiding behind anonimity

13:52

never seen u before

CSGO has no servers that are public as tw tho

Newly active in the discord, but been playing on/off since 2012 (edited)

And spectators chat is off

13:53

So ifu follow a pro u cannot chat with him

UnlucksMcGee

Allow players to hide their account name (Aoe#1234) in-game. While that option is enabled, they lose the ability to add friends and other features that need the account name etc. But they can still finish maps that can count towards their points. If someone has their account name hidden to impersonate someone, then you can just automatically assume that its an impersonator

Yeah, this is about what I'm thinking if this is a hard requirement, but we need extremely clear UI/UX to make it obvious who is in what state

that option would also probably have to disable showing ranks for that player in scoreboard + allowing people to /points them

noby

that option would also probably have to disable showing ranks for that player in scoreboard + allowing people to /points them

Yeah, when you are in that mode you'll appear as if you have no ranks

13:55

The server will treat you as if you are not logged in for all intents and purposes except mods who can see everyones account names

It would already be great but being searched over the server browser

13:55

Not

Jupstar ✪

CSGO has no servers that are public as tw tho

how so, there's a srv browser

Community servers

ReiTW

how so, there's a srv browser

Pros mostly just play ranked on valve servers anyway

13:56

(you can't guarantee to be matched with them by using their steamid)

they play on faceit

Surfers might rename for the same reason.. but u usually play solo in surf anyway

Ryozuki

they play on faceit

Whatever, either way, you can't force an encounter with them where you can type at them

13:59

Anyway, it is sort of doable now that I think more about it but it'll need some UI/UX thinking, maybe finally time to make the scoreboard clickable or atleast hoverable

anyway, as we see they is still so much discussion

13:59

if we have a complex account system + complex requirements

13:59

thats gonna be fun

14:00

with our 2 and a half devs around here

14:00

lmao

I really should have bolted on a central account system back in 2015

14:02

Another question would be whether we even expose the account names in the serverinfo. I think we should otherwise we'd need a very complex solution for friends lists where they'd have to be serverside and require actual friend requests and stuff

we need a complex solution for friend list anyway

14:04

probably a community server

14:05

u cannot trust a game server ever

what do you mean by "community server"?

it could lie around

what would it do?

heinrich5991

what do you mean by "community server"?

a server that u tell, "hi i am on this server"

ah

"hi i want to add this friend"

This can be solved by including a signed snippet from the person on the server but it's annoying to set up indeed

who would have said, security is complex

it's not that complex when you follow a well known recipe

xD

What we are doing here is probably one of a kind

teamspeak3? ^^

we would also need atleast some sensible plan for security issues

14:07

or what to do in case x happens

heinrich5991

teamspeak3? ^^

iirc doesn't bother with friends or if it does I think just lets p2p exchange of the keys to handle it

14:08

Also has no central authority with names and emails

what about activity pub

14:08

isnt it a proven decentralized protocol at this point

14:08

mastodon uses it

14:08

https://activitypub.rocks/

there is a reason a total of 10 people use mastodon

Learath2

iirc doesn't bother with friends or if it does I think just lets p2p exchange of the keys to handle it

it bothers with friends, but yea, p2p and no identities from the point where you remove your client data

14:09

mastodon doens't have strong auth AFAIK

14:09

it just trusts the server

Anyway, I'm fairly certain what we are trying to accomplish here is pretty unique and that comes with many challenges that require a lot of thinking time

yes, it is pretty unique

You can solve most of these problems with just biting the bullet and having a central auth server that contains all the friends lists and lets people do friend requests over it and stuff

14:11

but is that really the best solution? I don't think so

central auth is certainly the fast easy way

Do we do an n-way group key exchange when people join the server, I don't like that either, that's extremely heavy

14:12

key exchange as in literally exchanging keys btw, not the cryptographic sense

how does whatsapp handle encrypted group chats

Ryozuki

how does whatsapp handle encrypted group chats

they do a literal n-way key exchange

xD

establishing a common secret

14:12

https://z-p3-scontent.ftrn2-1.fna.fbcdn.net/v/t39.8562-6/328495424_498532869106467_756303412205949548_n.pdf?_nc_cat=104&ccb=1-7&_nc_sid=ad8a9d&_nc_ohc=U4DvVcBy2c0AX8ENoR2&_nc_ht=z-p3-scontent.ftrn2-1.fna&oh=00_AfCkkiuVL45cuKww37X3Csdr_XZgjYGz0CdMAyhXMaDaZA&oe=64218EFC

Learath2

Do we do an n-way group key exchange when people join the server, I don't like that either, that's extremely heavy

if we have some source of timestamping, the clients could sign the the server's public key + a timestamp (edited)

There is some magic sauce in there to allow key recovery with proof of phone# ownership and some key rotation magic to allow people to join late and stuff

heinrich5991

if we have some source of timestamping, the clients could sign the the server's public key + a timestamp (edited)

and the server then broadcasts that?

ye, ah, it's still n²

14:14

but wait, telling the names of the other players is also n²

Learath2

There is some magic sauce in there to allow key recovery with proof of phone# ownership and some key rotation magic to allow people to join late and stuff

Also more magic to keep rotating the key so one leak doesn't allow all past messages to be decrypted

I think they use the signal protocol, pretty much

14:15

in whatsapp

14:15

how did we get to encrypted chat btw?

14:15

is that also on the wishlist?

14:15

I think it's okay for the server to be able to read the chat

heinrich5991

is that also on the wishlist?

I think ryozuki wanted it but I think that's a little beyond our scope

14:16

e2e encrypted whispers are just too much, maybe just take your private convos off teeworlds if they are that sensitive, or use OTR over whisper

heinrich5991

ye, ah, it's still n²

Wait why is it O(n^2)?

because you have to send (n-1) keys to n people

Hm, don't you just have to sign something and send it back to the server?

heinrich5991

is that also on the wishlist?

i mentioned it, its something i always wanted if accoutns happened

14:18

but i guess definitly not a priority

Do you want to have the clients know other peoples pubkeys btw? I never asked that one

i want my client to verify someone is the same person i added beforehand, not relying on the server if we go the decentralized way

I was thinking the user can sign a rotating token, which the server can put in the serverinfo and the master can verify that the token was indeed signed by the pubkey associated to the account#discriminator the gameserver is claiming is on the server

Someone know how to include a new directory with inside other dir and files .h and .CPP in the project? Because I have an error and I think that is because I didn't wrote nothing inside CMakeLists.txt (edited)

Ryozuki

i want my client to verify someone is the same person i added beforehand, not relying on the server if we go the decentralized way

Yeah, I think this isn't something that is in the plan atleast for now. But I can see how that would be very very desirable

Ryozuki

i want my client to verify someone is the same person i added beforehand, not relying on the server if we go the decentralized way

Looking at the MAC address of the player or ip or what

But it's also very heavy, each client would have to verify each other client

1

14:23

Actually I don't think it's even an option to keep peoples ips safe and not rely on the server at all :/

14:26

I don't even know how to properly handle people leaving the server, if we have clients sign a piece of data to prove they are who they are, how would we stop the server from using that after the client leaves?

kio

Looking at the MAC address of the player or ip or what

obviously not

Learath2

But it's also very heavy, each client would have to verify each other client

verify on request? xD

Ryozuki

verify on request? xD

eeeh, I guess but then we have the janky unfamiliar UX that I was initially scared of

kio

Looking at the MAC address of the player or ip or what

they don't get the mac address through the internet protocol

14:27

they would have to add code to check for your mac

14:27

and deens point was that you can feed fake information to that server

Learath2

eeeh, I guess but then we have the janky unfamiliar UX that I was initially scared of

Like do you know anyone who actually makes sure whatsapp is e2e by using the provided keys and checking with their friends irl?

the thing is, you could ask the other player to solve a challenge thourgh the server, but the following can happen:

the challenge is solved and u know he is real
the challenge is solved, but the server turns it into garbage and you cant know he is real
the chalenge is not solved, you cant know he is real

my point is, if they solve it you know its them, but if they dont solve it, you dont know its not them, you just havent been able to confirm its them

- the challenge is solved, but the server turns it into garbage and you cant know he is real

14:28

the server can't really turn it into garbage

he can

14:29

by not sending u ever a valid response

14:29

xd

heinrich5991

I mean, even you don't tbf, I changed phones 3 times since I added you on whatsapp, and I used the whatsapp web beta which kept changing your key when you logged in, I think you asked me only once if it was really me and we didn't even compare keys then

my point is, the server can decide to not let u verify another player

Learath2

I mean, even you don't tbf, I changed phones 3 times since I added you on whatsapp, and I used the whatsapp web beta which kept changing your key when you logged in, I think you asked me only once if it was really me and we didn't even compare keys then

trie

Ryozuki

my point is, the server can decide to not let u verify another player

can't really do anything about that. the server is the connection between you

I think verify on request is a no go, if the server is advertising an account name is on the server it should be verified already, how we can do that idk

14:32

If we get a signed piece of data from the client to prove it really is them, how do we expire that piece of data

a signed timestamp?

14:32

with expiry

14:33

xd

Hm, I guess it could be acceptable, it'd let servers fake people for at most x minutes after their departure

or maybe

14:34

we can hook it somehow to the disconnect packet

14:34

idk

Since the server is the conduit it can just refuse to tell other clients and the masterserver about our departure :/

yeah

Yeah, I think youses initial idea with the timestamps is about the best we can get

14:35

without involving a central arbiter that is

14:39

anyway enough accounts brainstorming, I'll go back to learning statistics

pepeW

1

14:39

What on earth is a super reaction???

Ryozuki

obviously not

better

more animation

14:39

you only get 5 per week

14:40

and you're special!

default

and deens point was that you can feed fake information to that server

same idea

did any of you see the 5.2 update of UE ?

14:40

https://www.youtube.com/watch?v=Dj60HHy-Kqk

Unreal Engine 5.2 Tech Demo Full Presentation | State of Unreal GDC...

14:40

amazing af

Seems you can only do it on some servers too

14:41

Okok enough distraction, mean square value awaits me

teeworlds 3d incoming

14:49

full raycast

14:49

15k

@Learath2 can i write to u in private 4s?

for ass

Eh if it’s development related and not private just ask here so everyone can also know

send nudes

ReiTW

https://www.youtube.com/watch?v=Dj60HHy-Kqk

nais

Learath2

Eh if it’s development related and not private just ask here so everyone can also know

look his discord bio

LOL

15:48

Why do we get such colorful individuals all the time?

i think for how big we are its low

@kio please change your discord bio so I don't have to kick you

and get a better hobby of all one quadtriollion possible hobbies

When ddnet on unreal engine

when unreal engine on ddnet

Jupstar ✪

for ass

Mlml

ASS?

Learath2

Eh if it’s development related and not private just ask here so everyone can also know

I don't want desturb all

heinrich5991

@kio please change your discord bio so I don't have to kick you

My bio is history, my bio is life, my bio is love, my bio is in Italian

kio

My bio is history, my bio is life, my bio is love, my bio is in Italian

do you even know who you were talking to

Jupstar ✪

and get a better hobby of all one quadtriollion possible hobbies

as hobbies what do you mean? I code as a hobby, I go to the gym, I do pen spinning, I play the piano, I do Rubik's cubes and calisthenics competitions, I do tricks with the Butterfly knife and that's it I think (edited)

Voxel

do you even know who you were talking to

And what has all this to do with developing

kio

as hobbies what do you mean? I code as a hobby, I go to the gym, I do pen spinning, I play the piano, I do Rubik's cubes and calisthenics competitions, I do tricks with the Butterfly knife and that's it I think (edited)

so you have enough to fill ur bio

You were provided an ultimatum, no need for something else

instead you join the endless spire of useless unbreakable hate all intelligence, all the skill obtained and this is your answer. the best you could force your brain to think of

Jupstar ✪

so you have enough to fill ur bio

Nobody want to read that

kio

Nobody want to read that

i liked that more

Jupstar ✪

i liked that more

I like u more

thanks for changing the discord bio. make sure it doesn't appear again

xd

heinrich5991

thanks for changing the discord bio. make sure it doesn't appear again

I changed it although I think it's my right to put what I want, however I wouldn't want to change it again so it won't reappear

yes, you have the right to put in anything that conforms to discord TOS (which yours probably didn't). ddnet can also ban you if it doesn't like what's in your bio

Learath2

Why do we get such colorful individuals all the time?

I like how his linked reddit user goes to an 18+ account

i think you forgot to close your tabs from yesterday evening

17:19

it doesn't do that for me

17:19

i just see a bunch of numbers and letters

kio: I program for fun, if I had to make cheats inside the client I would do them for sport but it would only be a personal goal, I would not use them and I would not spread them, however my goal now is to make a decent client with nice graphics, so don't worry

Guess that was a lie. His linked Reddit profile showcases a tutorial on how to cheat using aimbot in TW kek

kek

oh is he the guy who made that video?

you could take it down in theory

17:21

the video I mean

good luck

17:21

youtube totally cares

17:21

just like the police cares xd

Jupstar ✪

youtube totally cares

they do

17:25

i would do it myself. but I don't have a ddnet email

yeaaah

so in my case it would be abuse

17:25

and I never abused youtubes dmca claim option troll

troll

default

i would do it myself. but I don't have a ddnet email

mail@ddnet.org

17:26

go ahead

Image attachment

17:27

ah if you insist

17:27

on behalf of a ddnet contributor I go claim this video now

and what was it? child porn?

to prevent further spread of hacking learning material

Jupstar ✪

and what was it? child porn?

hacks

about?

games I played and did hacks myself in

17:28

basically cleaning other hackers

so you were stricked?

nah

games of high interest?

sometimes

17:29

it usually was 3 per channel

17:29

so I could get them terminated without them being able to react

17:30

because it indeed was some kind of abuse. and they can't do poop if their account was deleted.

17:32

if you give me permission his channel is gone.

Image attachment

i dont have access to it xd

17:33

i only own a subdomain

17:34

but u could also kindly ask as a first step i guess

17:34

the channel owner

who

17:34

why would I have to ask him

17:34

you can ask him if you want to get rid of a tutorial on how to hack this game

bcs he is a human and understands human language

and I only know how to burn places down

kek

1

17:35

@kio they don't want your videos to be up. private them or delete them or your channel is gone.

very kind formulated

17:36

that would totally convince me

17:36

and i wouldnt feel pressured and put into a corner

if it doesn't convince them. their channel is gone.

17:36

i warned them beforehand

psychologically 11/10 i'd rate this

wasn't that what you wanted me to do

17:36

ask them to take it down

17:37

gotta have to do precautions in case he just unlists them (edited)

17:37

then you need the links to the videos or you don't see them

Lol

17:42

The big 13 followers channel

17:42

I'm an influencer

yea

I asked for post the video

17:43

Nobody told me nothing

well you see

17:43

now they force me to take your videos down

17:44

you can private it for some time. then they forget about it. and make it public again in a few months.

first I would like to know how would you like to cancel the account, just reporting? then, I can make the video private, but I don't know how you think, the game is open source, what I did was the most basic cheating thing I could have done, there are myriads of videos related to this on other games, think that if someone wanted to reproduce what I did, they wouldn't be capable of it anyway?

default

you can private it for some time. then they forget about it. and make it public again in a few months.

who forgets? Do you have the mafia on your tail?

17:47

however being a human person and understanding human language I will private the videos from my famous 13 subscriber channel before it goes viral and 6 people in total start playing this game

Seems like offtopic, move to #off-topic for non-teeworlds conversations or #general for teeworlds related convs

default

@kio they don't want your videos to be up. private them or delete them or your channel is gone.

dont be weird

18:29

if anyone wants to find out how to do it they can anyways

everyone else would have to figure it out though

18:34

client is open source anyways

interesting, I didn't know there was a way to get rid of yotube videos for cheating

I'm pretty sure we got a yt short of a bot client removed within 30mins of the first report

18:42

By just a few people reporting it

I don't use the report method

18:45

I just DMCA claim the videos

dont abuse dmca claim thats cringe

inb4 heinrich on a report spree

18:48

i wish llvm switched entirely over rust

18:48

the C apis they expose are so barebones

18:48

i dont get the niceties of the c++ api

louis

dont abuse dmca claim thats cringe

releasing cheats is

so?

Ses

among es

19:09

ohbwair shit this is developer

19:10

wtf people are STILL trying to upload bot client vids on yt?

Wtf

Voxel

wtf people are STILL trying to upload bot client vids on yt?

if you talk about me it was not a bot client and it was a personal goal to do so

19:32

anyway it's my right to publish what I want, but ok end of the speech I've archived it, good life to all

Should we remove websockets support? Seems like they work with neither Linux (#2853) nor Windows (#5625).

https://github.com/ddnet/ddnet/issues/2853 https://github.com/ddnet/ddnet/issues/5625

LAN tab crashes with websockets · Issue #2853 · ddnet/ddnet

@QingGo Thread 1 "DDNet" received signal SIGSEGV, Segmentation fault. 0x00007ffff7594b0f in memmove_avx_unaligned_erms () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff7594b0f in mem...

Crash with websockets on client launch · Issue #5625 · ddnet/ddnet

On client launch: DDNet.exe caused an Access Violation at location 00007FF675A02E9A in module DDNet.exe Reading from location 0000000000000040. AddrPC Params 00007FF675A02E9A 00000096B5F4BEF0 00000...

[ddnet/ddnet] Pull request opened: #6455 Fix dummy tee being able to ping main tee in chat

Main and dummy tee cannot ping each other anymore. Other main and dummy tees can still ping your own main and dummy tees. We must ensure to only use m_aLocalIDs[1] when the dummy is connected, as this ID is not updated when no dummy is connected, so it can refer to another client if you disconnect your dummy and another client subsequently takes its client ID. Closes #3699.

Checklist

[X] Tested the change ingame
[ ] Provided screenshots if it is a visual change
[ ] Te...

manually typing out the name:

[ddnet/ddnet] Issue opened: #6456 `sv_sql_bindaddr` is unused

The SQL bindaddr config sv_sql_bindaddr is entirely unused: https://github.com/ddnet/ddnet/blob/dd09c59710cd480bc2c1ddf450c4038997dbfb1b/src/engine/shared/config_variables.h#L260 And the following seems wrong, as the same string is used as input and output for a str_copy: https://github.com/ddnet/ddnet/blob/dd09c59710cd480bc2c1ddf450c4038997dbfb1b/src/engine/server/server.cpp#L3418 Should we always use the configured SQL bindaddr when adding SQL servers, or should we just remo...

@Jupstar ✪ did u know about this https://iquilezles.org/articles/texturerepetition/

Articles on computer graphics, math and art

OH YEA I LOVE THIS

21:41

@Tater

huh

21:41

oh

yeha

https://news.ycombinator.com/item?id=35273707

iamben

Mathematicians discover shape that can tile a wall and never repeat

god ive been neglecting shadertoy since forever (edited)

whih

Ryozuki

https://news.ycombinator.com/item?id=35273707

oO, that's not really new?

21:46

i believe it is known since the 70's with Penrose work

its not the same

21:47

read

21:47

https://archive.is/iqBHP

Mathematicians discover shape that can tile a wall and never repeat...

archived 23 Mar 2023 11:39:11 UTC

21:47

The most famous aperiodic tiles were created by mathematician Roger Penrose, who in the 1970s discovered that two shapes could be combined to create an infinite, never-repeating tiling. Now, Chaim Goodman-Strauss at the University of Arkansas and his colleagues have found a single tile shape – which they have called “the hat” – that does the same job.

21:47

this is

21:47

a single shape

21:48

https://cs.uwaterloo.ca/~csk/hat/

Chairn Goodman

ok, Penrose is 2 shapes, this is single shape

21:50

now i wonder how they found/designed it

21:50

(i know the article says computer, but that doesn't explain how)

i recall myself drawing that same shape in kindergarten actually (edited)

[ddnet:master] 2 new commits

880ced2 Fix dummy tee being able to ping main tee in chat - Robyt3 4c07e76 Merge #6455 - bors[bot]

22:09

[ddnet/ddnet] Issue closed: #3699 Able to ping yourself, but only on dummy, not on main

22:09

[ddnet/ddnet] Pull request closed: #6455 Fix dummy tee being able to ping main tee in chat

[ddnet/ddnet] Pull request opened: #6457 Fix and improve twping tool

Checklist

[X] Tested the change ingame
[ ] Provided screenshots if it is a visual change
[ ] Tested in combination with possibly related configuration options
[ ] Written a unit test (especially base/) or added coverage to integration test
[ ] Considered possible null pointers and out of bounds array indexing
[ ] Changed no physics that affect existing maps
[ ] Tested the change with [ASan+UBSan or valgrind's memcheck](https://github.com/ddnet/ddnet/#using-addres...

Exported 677 message(s)