DDraceNetwork - developer

Ryozuki 2024-05-03 06:19:19Z

morning

@heinrich5991 btw just asking, what's your point of using https for #8210 ? Why not only just a tcp socket?

https://github.com/ddnet/ddnet/issues/8210

TCP handshake before UDP connection · Issue #8210 · ddnet/ddnet

Suggested by Davide, apparently FiveM uses this too. First do a TCP handshake (on the same port number) with the server, then connect over UDP. If you implement the TCP port "punching" an...

For the protection part only the tcp handshake is good enough, I mean I don't think having a layer above (https) is worth it

ReiTW

@heinrich5991 btw just asking, what's your point of using https for #8210 ? Why not only just a tcp socket?

https is well-supported by firewalls

ReiTW

For the protection part only the tcp handshake is good enough, I mean I don't think having a layer above (https) is worth it

but this might mean we shouldn't get data from https, so that you can also use it as a tcp handshake

10:52

so you can just abort it after the tcp handshake. you wouldn't have to care that the client would do a https request

Oh

10:54

Ok ok

10:55

Also u could probably make it work behind cf aswell

heinrich5991

it's kinda hard to disallow them in a performant (or correct) way. the APIs aren't there IIRC

yeah i also assume it's mostly missing API considering that resolving symlinks is always very racy. it kinda has to happen in an instant

heinrich5991

it's kinda hard to disallow them in a performant (or correct) way. the APIs aren't there IIRC

I think we recently got some openat2 has RESOLVE_NO_SYMLINKS

interesting, TIL

13:47

I can see it in the man page

very recent though, it's linux 5.6 according to my man pages

RESOLVE_BENEATH also sounds very interesting

13:48

you can specify a parent path and say that the resulting file (after symlinks) must lie beneath it

Without it though, idk if there is any actual safe way to handle this without TOCTOU issues in any performant way. I guess you'd have to keep doing open(2) with O_NOFOLLOW and slowly open your way through the entire path

heinrich5991

RESOLVE_BENEATH also sounds very interesting

That also sounds great for implementing something like a vfs yeah

Learath2

Without it though, idk if there is any actual safe way to handle this without TOCTOU issues in any performant way. I guess you'd have to keep doing open(2) with O_NOFOLLOW and slowly open your way through the entire path

but someone could replace a part after you checked it, TOCTOU

heinrich5991

but someone could replace a part after you checked it, TOCTOU

But you can open, then openat with nofollow with a relative path

I didn't consider that. that would work

13:50

and it's not even insanely bad, only O(number of path components) (edited)

but you do have to do syscalls, they have a bad constant factor

yep

Learath2

I think we recently got some openat2 has RESOLVE_NO_SYMLINKS

but then no symlinks would work or not

14:04

they'd need to be scoped inside the directory instead

Jupstar ✪

but then no symlinks would work or not

Yeah, no symlinks at all with that method. The flag heinrich mentioned is the one you are looking for

14:04

RESOLVE_BENEATH

great

since there's a fallback, one could even start using that

well the WASI team should resolve this quickly, can't be too hard to decide on such things

Jupstar ✪

well the WASI team should resolve this quickly, can't be too hard to decide on such things

Problem would be compatibility I think. openat2 is very new, and tough/slow to emulate outside the kernel correctly

Learath2

Problem would be compatibility I think. openat2 is very new, and tough/slow to emulate outside the kernel correctly

i'm ok if WASI only works on my computer

true

Learath2

Problem would be compatibility I think. openat2 is very new, and tough/slow to emulate outside the kernel correctly

"slow" just means like 8x slower file opening

14:15

I'd imagine most software isn't opening lots of files

how so

would be bad for stuff like rg or fd

Yeah, so it might be an acceptable compromise for most software

heinrich5991

"slow" just means like 8x slower file opening

but i think reading the file is more expensive

only opening

i guess a WASIX rg is also kinda edge case

RESOLVE_IN_ROOT is also useful. It should make implementing stuff like sandboxing so much easier and safer to implement

https://wasmer.io/liftm/rg

liftm/rg: ripgrep is a line-oriented search tool that recursively s...

ripgrep is a line-oriented search tool that recursively searches your current directory for a regex pattern while respecting your gitignore rules. Run liftm/rg locally or deploy it remotely with Wasmer.

14:22

Learath2

RESOLVE_IN_ROOT is also useful. It should make implementing stuff like sandboxing so much easier and safer to implement

it's opt-in by every program

14:23

not really useful for sandboxing, I think

Jupstar ✪

https://wasmer.io/liftm/rg

not compiling for the target OS already leaves performance on the table. I'd prefer to use native binaries

heinrich5991

not really useful for sandboxing, I think

Maybe the word I'm looking for is not sandboxing. I mean stuff like a webserver getting manipulated to read outside the webroot

heinrich5991

not compiling for the target OS already leaves performance on the table. I'd prefer to use native binaries

hard to say. for something essential like rg maybe. But i'd like to see more programs being sandboxed filesystem wise

Jupstar ✪

hard to say. for something essential like rg maybe. But i'd like to see more programs being sandboxed filesystem wise

hard to say? I think you can't do common vector operations in WASM

heinrich5991

hard to say? I think you can't do common vector operations in WASM

do you mean SIMD?

yes

why should it not work

I think(tm) it works nowadays

https://docs.rs/wasmer/latest/wasmer/sys/struct.Features.html#method.simd

Features in wasmer::sys - Rust

Controls which experimental features will be enabled. Features usually have a corresponding WebAssembly proposal.

because WASM needs to expose each vector operation to its client code

14:26

But i'd like to see more programs being sandboxed filesystem wise

that seems orthogonal to virtualizing the entire CPU

14:27

sandboxed file systems work without replacing the entire CPU architecture

heinrich5991

sandboxed file systems work without replacing the entire CPU architecture

that is true, but wasm defs makes that process easier

Jupstar ✪

https://docs.rs/wasmer/latest/wasmer/sys/struct.Features.html#method.simd

that looks like a common subset of vector operations across CPUs

14:28

I'd guess you won't be able to use most of your x86_64 vector instructions through this

@Jupstar ✪

14:28

bevy

heinrich5991

I'd guess you won't be able to use most of your x86_64 vector instructions through this

sure but i'd still say depends on the program

14:28

a game will probably not run nicely

I was talking about rg above, since you mentioned it

14:29

it's making heavy use of vector instructions

14:29

for faster searching

We should add some simd to ddnet

i shared it, bcs it was already ported

Ryozuki

@Jupstar ✪

wtf

heinrich5991

not compiling for the target OS already leaves performance on the table. I'd prefer to use native binaries

yea. I directly mentioned it in my message

on which GPU would be nice to know xD

rg – I'd prefer to use native binaries. using something like WASM will leave performance on the table

fine

Btw what is this wasmer.io thing? Are we getting a new flatpak kinda thing with builtin virtualization so one binary can be shipped?

Learath2

Btw what is this wasmer.io thing? Are we getting a new flatpak kinda thing with builtin virtualization so one binary can be shipped?

it's an attempt of a vc-backed company to capture the wasm platform

heinrich5991

rg – I'd prefer to use native binaries. using something like WASM will leave performance on the table

i cannot judge on rg performance anyway. is the CPU slower than reading the names from the file system?

heinrich5991

it's an attempt of a vc-backed company to capture the wasm platform

Yeah, I had a feeling from just the look of the website. It doesn't have that community feel to it

Learath2

Yeah, I had a feeling from just the look of the website. It doesn't have that community feel to it

well it's one of the fastest wasm runtimes

14:33

are in rust

Jupstar ✪

well it's one of the fastest wasm runtimes

I remember it being a wasm runtime. I don't remember this wrapping normal apps thing, I was curious about that part

Learath2

I remember it being a wasm runtime. I don't remember this wrapping normal apps thing, I was curious about that part

^^ gotta explore what you can do with it

14:34

it's interesting to see what programs would also work in browser

(I'm not a virtualization enjoyer)

14:34

my bank keeps calling me then hanging up as soon as I say hello

Learath2

my bank keeps calling me then hanging up as soon as I say hello

at least you're not getting phished like that?

true

14:35

I know why btw, the CS agent doesn't want to/can't speak english

14:35

but then they send me a notification on the app saying they called but couldn't reach me

Learath2

(I'm not a virtualization enjoyer)

well virtualization is never something desirable per se. it's a high level solution to handle a variety of tasks that otherwise would require manual care

14:36

i think it's nice where you are certain about untrusted input, while still desiring to have flexibility

Is this more about untrusted input or single binary multi-arch support? Atleast this package stuff seems to be the second to me

Learath2

Is this more about untrusted input or single binary multi-arch support? Atleast this package stuff seems to be the second to me

i honestly think they don't have any goal with it

https://00f.net/2023/01/04/webassembly-benchmark-2023/

I do however like the idea of wasm in general (eventho I'm a lua enjoyer)

wasmer seems to perform quite well

14:39

I guess you'd want wasmer cranelift so you don't have to ship a whole LLVM

yes, that's what i use currently too

14:40

it's ofc still massive

cranelift is very cool, I did want to make something with it but never really found a use for it, maybe one day I'll try a gameboy emulator with JIT

14:41

Absolutely 0 need for JIT with how cheap it is to emulate a gameboy, but it would be fun

cranelift can also compile "kinda" native

heinrich5991

I guess you'd want wasmer cranelift so you don't have to ship a whole LLVM

RPSC3 (ps3 emulator), ships with an entire LLVM, I think it's one of the coolest projects out there

14:43

It lifts powerpc assembly to llvm ir, then compiles to native

heinrich5991

wasmer seems to perform quite well

Wasmtime doesn't look that far behind either, atleast in this set of benches

heinrich5991

it's an attempt of a vc-backed company to capture the wasm platform

why does it sound like it has a bad taste "attempt of a vc-backed company"

vc-backed means they'll eventually try to milk their users

14:45

since that's the entire point of vc-backing

14:46

check e.g. https://sourcehut.org/blog/2019-10-23-srht-puts-users-first/

Our model is customers first, investors never

sourcehut is a network of useful open source tools for software project maintainers and collaborators, including git repos, bug tracking, continuous integration, and mailing lists.

14:46

it's a common pattern. stuff that is vc-backed will eventually become shitty

but wasmer is currently leading, at least on the rust side

(but until it becomes shitty, it's usually good. because they can pour money into stuff that doesn't make money. it's just not sustainable in the long run)

heinrich5991

(but until it becomes shitty, it's usually good. because they can pour money into stuff that doesn't make money. it's just not sustainable in the long run)

even tho i get your argument, e.g. Bytecode Alliance sleeps on their money too

@heinrich5991 do you know anything about MPL2? I was considering contributing something to a project but don't know much about it

they are so slow

Learath2

@heinrich5991 do you know anything about MPL2? I was considering contributing something to a project but don't know much about it

MPL basically weakest copy left you can imagine

14:49

u can static link a MPL lib into a proprietary software (edited)

Learath2

@heinrich5991 do you know anything about MPL2? I was considering contributing something to a project but don't know much about it

it's a normal open-source license, what do you want to know?

I'm curious if it has any quirks like "we can make the software closed source and revoke the old open-source license retroactively" clause

I don't think it can. it's seen as an open-source license

14:51

open-source licenses can't do the "revoke the license retroactively" AFAIK

14:51

(hmmm. except if you violate the license. see GPL)

hm, this project has a CLA that requires my name too, I wonder why they do that

CLA is the thing that lets them take your contribution and relicense it

I do understand they want to avoid a voxel situation where a contributor wants to withdraw contributions, but can't you just have a catchall "any contributions can't be revoked" clause somewhere?

that's implicit already

14:55

a CLA is only there to take away your rights under the license

heinrich5991

that's implicit already

(if it weren't, no open source project would function)

Lately I've been vary of CLAs with the Redis incident

why do all humans think so complicated lmao

14:57

all these annoying setups of licensing xd

all these people writing closed source software, too

well CLAs seem to be so they can go back on their commitments and sell to IBM

Learath2

well CLAs seem to be so they can go back on their commitments and sell to IBM

correct

btw, I've been enjoying golang lately, it's not that bad to use, it's direly missing a Result type and garbage collection isn't desirable either, but it is a comfy language

15:01

One nice thing about gc is that you can just return a pointer to a temporary and it justworks, no magic rules needed, no temporary materialization conversion

Learath2

btw, I've been enjoying golang lately, it's not that bad to use, it's direly missing a Result type and garbage collection isn't desirable either, but it is a comfy language

what kind of things would you use go for?

Learath2

btw, I've been enjoying golang lately, it's not that bad to use, it's direly missing a Result type and garbage collection isn't desirable either, but it is a comfy language

to quote ryo: use rust

heinrich5991

what kind of things would you use go for?

It's very comfy to make web backends with it and concurrency is soo pleasant, with gc you don't have to worry about lifetimes at all, truly fearless concurrency.

15:05

Axiom in Rust isn't that bad either, so depending on my performance requirements, I might do Rust for web backends too

axum?

oh yep, axum, axiom is the other thing

Robyt3

[ddnet/ddnet] Pull request opened: #8294 Fix alignment of vote option heap entries with remove_vote

When using the remove_vote command, the entire heap of vote options is allocated again without the entry being removed. This allocation was not considering the required alignment for CVoteOptionServer objects and potentially wasting space by aligning with alignof(std::max_align_t). When allocating the entries with the add_vote command, the alignment is already specified correctly.

Checklist

[X] Tested the change ingame
[ ] Provided screenshots if it is a visual change

-...

github-merge-queue[bot]

[ddnet:master] 2 new commits

b745d75 Fix alignment of vote option heap entries with remove_vote - Robyt3 cce5514 Merge pull request #8294 from Robyt3/Server-Voteoption-Alignment - def-

17:02

def-

[ddnet/ddnet] Pull request closed: #8294 Fix alignment of vote option heap entries with remove_vote

@Jupstar ✪ do u know about this https://developer.nvidia.com/content/depth-precision-visualized

Depth Precision Visualized

18:16

aka why reverse Z is used

Ryozuki

@Jupstar ✪ do u know about this https://developer.nvidia.com/content/depth-precision-visualized

didn't know about it in such detail, thx

18:28

#[diagnostic::on_unimplemented] will be huge for APIs where the user is supposed to implement a helper trait that then results in blanket implementations of other more fundamental traits. Patterns where the user implements HelperTrait and then then the type is extended like: impl<T> TraitA for T where T: HelperTrait {...} Previously this would result in difficult to reason about errors around TraitA not being implemented, but now the API writer can add detailed error messages pointing the user towards the helper trait.

18:28

cc @heinrich5991 a reason for diagnostic

18:30

Future possibilities Add a versioning scheme For specific attributes via #[diagnostic::attribute(version = 42)] For the namespace via a crate level #[diagnostic::v{version_number}] attribute Based on editions Custom versioning scheme (Each of these variants can be added in a backward compatible way if needed) More attributes like #[diagnostics::on_type_error] Extend the #[diagnostics::on_unimplemented] attribute to incorporate the semantics of #[do_not_recommend] or provide a distinct #[diagnostics::do_not_recommend] attribute Un-RFC #[do_not_recommend]? Apply #[diagnostics::on_unimplemented] to types as well Extend the if() filter syntax to allow more complex filter expressions Allow #[diagnostic::on_unimplemented] to be placed on types instead of traits. This would allow third party crates to customize the error messages emitted for unsatisfied trait bounds with out of crate traits.

Ryozuki

aka why reverse Z is used

I very very recently learned about this in a youtube video that I can't find right now, and it's so sensible too, you just don't think about it until you think about it

art0007i

[ddnet/ddnet] Issue opened: #8295 Add indicators for cl_dummy_resetonswitch and cl_dummy_restore_weapon

I have binds which switch these options and sometimes forget if it's on / off. I think it would be nice to have a visual indication whether they are on or not. I think they could maybe be in the same place as dummy hammer and dummy copy indicators.

?