Guild icon
DDraceNetwork
Development / developer
Development discussion. Logged to https://ddnet.org/irclogs/ Connected with DDNet's IRC channel, Matrix room and GitHub repositories — IRC: #ddnet on Quakenet | Matrix: #ddnet-developer:matrix.org GitHub: https://github.com/ddnet
Between 2024-07-15 00:00 and 2024-07-16 00:00
Avatar
chillerdragon BOT 2024-07-15 00:55
I would recommend some of jxsls discord tools. If using a discord bot is enough gui for you.
Replying to @main character i looked at the external console thing. but i want to manage it with a p…
00:58
https://github.com/jxsl13/TeeworldsEconDiscordModerationBot
GitHub - jxsl13/TeeworldsEconDiscordModerationBot: small tool to mo...
small tool to moderate multiple zCatch servers via econ and discord. - jxsl13/TeeworldsEconDiscordModerationBot
Thumbnail
Avatar
GitHub BOT 2024-07-15 03:13
Author icon
SchrodingerZhu
[ddnet/ddnet] Issue opened: #8592 Report: DDNet on Qualcomm's new X Elite devices
  • x86 emulation is fine except screen tearing from time to time with on vulkan and opengl 3.3. vsync does not make it better
  • Cannot compiler with MSVC.
    • MSVC uses __ARM_ARCH for checking aarch64 targets
    • shipped libs are of wrong architecture
  • Managed to compile native DDNet with MSYS2 clangarm64
    • need to delete ddnet-libs and manually install all dependencies
    • need to nuke the libssp-0 thing. clang toolchain uses libssp.a instead.
    • program crashes on cha...
Avatar
fokkonaut 2024-07-15 04:44
so, i made something
Image attachment
04:44
toggle & value option aswell
Image attachment
04:49
That thing is a class of EXACTLY 1000 lines LOL, took me like the last 2 days xd
04:51
Image attachment
Avatar
Ryozuki 2024-07-15 05:08
gm -# this user is currently on the watchlist for being a rust terrorist (edited)
Avatar
meloƞ 2024-07-15 05:15
Sounds rusty
Avatar
Ewan 2024-07-15 05:57
gm
05:57
what is a rust terrorist
Avatar
MilkeeyCat 2024-07-15 06:14
They force you to write everything in rust
Avatar
Avatar
fokkonaut
That thing is a class of EXACTLY 1000 lines LOL, took me like the last 2 days xd
meloƞ 2024-07-15 06:21
Gerdoe (zhn) who is doing the exact Same Thing at the Moment: pepefight
Avatar
fokkonaut 2024-07-15 06:21
Image attachment
06:21
this ?
Avatar
meloƞ 2024-07-15 06:22
Yurp
Avatar
fokkonaut 2024-07-15 06:22
ah
Avatar
meloƞ 2024-07-15 06:22
Shit yourself is a valid Option for Blockworlds i must say
Avatar
fokkonaut 2024-07-15 06:22
xD
06:22
my arms hurt from coding this
06:22
spent too much time on it
Avatar
meloƞ 2024-07-15 06:23
KEKW
Avatar
fokkonaut 2024-07-15 06:24
It's cool to have those different visions about how a vote menu will look like
Avatar
Ewan 2024-07-15 06:27
nice font
Avatar
fokkonaut 2024-07-15 06:29
I think it's the same one deen used for motd in ddnet
06:29
but not sure
Avatar
Avatar
fokkonaut
so, i made something
Avolicious 2024-07-15 07:18
This looks pretty clean tho
Avatar
fokkonaut 2024-07-15 07:19
thanks a lotheartw
Avatar
TsFreddie 2024-07-15 07:21
vote abuser
f4 2
Avatar
fokkonaut 2024-07-15 07:23
in F-DDrace I abuse every feature of ddnet client
07:24
but mostly it'll turn out to be smooth
Avatar
Ryozuki 2024-07-15 07:45
Image attachment
Avatar
Avatar
fokkonaut
in F-DDrace I abuse every feature of ddnet client
Ryozuki 2024-07-15 07:47
true hackerman
Avatar
Learath2 2024-07-15 08:19
We were having some webhooks timeout because we were replying too slow. 99.7% of the request duration was spent within external api calls. 0.3% of the request was spent in a small internal call.
08:19
Guess which one my very competent coworker decided to move into async
NekoDrink 1
Avatar
Avatar
chillerdragon
So if your client drops all packets for 500ms the server will still have computed the full state 50 times a second using your latest input. And it will keep sending you that new information of the game state as a diff to the state you last acknowledged which was before the jitter.
Pathos 2024-07-15 09:19
So essentially, game state is fully update every tick? There are no partial updates?
Avatar
adagway 2024-07-15 09:35
hey pls help me
09:40
Image attachment
09:40
im getting this prbolem
09:40
whats this
Avatar
Avatar
adagway
whats this
Peakies 2024-07-15 09:42
You can't join that server because they have their own client so you can only join with their client and I don't know why they register their servers in case that it's not possible to join with even ddnet client 😐
Avatar
Avatar
meloƞ
Shit yourself is a valid Option for Blockworlds i must say
zhn 2024-07-15 09:57
ye it broadcasts you shit yourself now
Avatar
chillerdragon BOT 2024-07-15 10:13
i am more and more annoyed how ppl have to solve so many problems in tw multiple times
Replying to @meloƞ Gerdoe (zhn) who is doing the exact Same Thing at the Moment:
10:13
every custom mod has to do everything from scratch :(
Avatar
MilkeeyCat 2024-07-15 10:14
when ui lib for tw 🤨
Avatar
chillerdragon BOT 2024-07-15 10:14
there should be a better ecosystem of reusable components for tw mods
Avatar
TsFreddie 2024-07-15 10:15
there should be a lot of things in tw
Avatar
heinrich5991 2024-07-15 10:17
someone has to do it, chillerdragon
10:17
saying "there should be X" is easy
Avatar
Avatar
chillerdragon
there should be a better ecosystem of reusable components for tw mods
louis 2024-07-15 10:25
think the main thing is some sort of generic hud input
Avatar
Avatar
heinrich5991
even that sounds more complicated than what I would go for. a simple dialog with a number of buttons would be my start
heinrich5991 2024-07-15 10:27
@louis
Avatar
louis 2024-07-15 10:28
or alternatively
10:28
have some way to toggle custom assets in real time in the map
10:28
then you could hack your hud onto the screen too
10:30
hmm robyte message is bugging on mobile i cant read exactly what it is
10:31
but i feel like having some interface where >a list of hud elements is sent to client, client displays it all in a single column< would be best solution?
10:32
input elements and displayed elements, so client could input things and server sends updates which re-displays the HUD
Avatar
Bors Matyas 2024-07-15 10:42
please unban me somebody banned me
Avatar
Avatar
Bors Matyas
please unban me somebody banned me
meloƞ 2024-07-15 10:42
#✉-create-a-ticket
Avatar
ws-client2 BOT 2024-07-15 10:42
<ChillerDragon> @heinrich5991 saying "there should be X" is step one. It doesnt have to be a technically complex thing. But if two people build the same thing like gerdoe and fokko it could also just be one doing it and sharing it with the other.
Avatar
Avatar
ws-client2
<ChillerDragon> @heinrich5991 saying "there should be X" is step one. It doesnt have to be a technically complex thing. But if two people build the same thing like gerdoe and fokko it could also just be one doing it and sharing it with the other.
meloƞ 2024-07-15 10:43
or both working together, but one: blockworlds is currently closed source, and two: they didn't know about each other's impl
Avatar
louis 2024-07-15 10:50
is there any way the ddnet server can run inside the ddnet client? i don't like having two windows sometimes 😄
10:50
or would that be easy to mod in
10:53
err i guess that's equivalent to just hiding the server terminal
Avatar
Avatar
ws-client2
<ChillerDragon> @heinrich5991 saying "there should be X" is step one. It doesnt have to be a technically complex thing. But if two people build the same thing like gerdoe and fokko it could also just be one doing it and sharing it with the other.
zhn 2024-07-15 11:04
i was about to make poc for server side render group sending but after learath posted his idea about small layout language i was like huh ye its better, we should have it and we should make it perfect
11:04
and all about perfect: youll never try to do this if you think it should be perfect :p
Avatar
Avatar
louis
is there any way the ddnet server can run inside the ddnet client? i don't like having two windows sometimes 😄
heinrich5991 2024-07-15 11:25
we could hide the window
Avatar
Avatar
heinrich5991
we could hide the window
Robyt3 2024-07-15 11:28
Then there's no way to obtain the rcon password from the console window unless you manually set one
Avatar
heinrich5991 2024-07-15 11:30
true…
11:30
a local server console would be cool ^^
Avatar
murpi 2024-07-15 11:32
#3282 😗
Avatar
DDNet BOT 2024-07-15 11:32
https://github.com/ddnet/ddnet/issues/3282
Add ingame server configuration · Issue #3282 · ddnet/ddnet
Since we're now able to run the server right from the main menu, I think it would be a good idea to add an ingame menu for general server settings, just to make this a user friendly process. Ma...
Thumbnail
Avatar
Avatar
Robyt3
Then there's no way to obtain the rcon password from the console window unless you manually set one
heinrich5991 2024-07-15 11:33
(on linux (and I'd guess macos), that's already the case)
Avatar
Avatar
DDNet
https://github.com/ddnet/ddnet/issues/3282
Robyt3 2024-07-15 11:34
Has been on my list for a long time, along with econ interface from the client, starting the current editor map on local server etc.
Avatar
zhn 2024-07-15 12:04
i thought deen or heinrich implemented client econ support, it had this fancy blue background, had i dreamt?
12:04
justatest
Avatar
Learath2 2024-07-15 12:05
Probably some other client
Avatar
ws-client2 BOT 2024-07-15 12:10
<ChillerDragon> senpai lerato!
12:10
<ChillerDragon> i used neverssl.com today!!!
Avatar
Avatar
zhn
i thought deen or heinrich implemented client econ support, it had this fancy blue background, had i dreamt?
Robyt3 2024-07-15 12:12
I think deen started with econ and probably also stopped at the annoying part, the econ client backend, same as me. Blue is a good background color though, I also picked that. bluekitty
troll 1
Avatar
ws-client2 BOT 2024-07-15 12:12
<ChillerDragon> yes thats the OP thing about sharing code is that you can work together @meloƞ if bw would be open source fokko could have just yeeted the code and then potentially contribute improvements back
12:12
<ChillerDragon> all the time that is saved by not implementing again from scratch can be used to contribute stuff on top
Avatar
meloƞ 2024-07-15 12:12
i am sadly not the one to decide for Blockworlds to go open source ^^ but i agree
Avatar
Avatar
ws-client2
<ChillerDragon> i used neverssl.com today!!!
Learath2 2024-07-15 12:13
Celebrate
12:13
Misconfigured hotspot?
Avatar
ws-client2 BOT 2024-07-15 12:13
<ChillerDragon> plus bugged device xd
12:17
<ChillerDragon> the fact that this very website neverssl.com does exist is not too exciting. I mean i used this very site but i could get my hands on a http site. But you mentioning the underlying problem helped a lot. I did not expect to use it so soon.
12:19
<ChillerDragon> @meloƞ there is just so many projects that do the same thing and also so many things that have been already done over the years. But realistically i know that just going open source does not magically get rid of all code duplication.
12:19
<ChillerDragon> working with others is time consuming and can cause drama
12:20
<ChillerDragon> everyone wants it down their way and people can get protective about their work and opinionated about certain things
12:21
<ChillerDragon> I used to yoink code snippets from the teeworlds friends forum a few years ago that was nice. They had some dev section with a few posts about how to code XYZ and this was nice to get your code base started.
12:22
<ChillerDragon> yea idk i better be quiet im currently implementing zCatch for the 100th time xd
Avatar
MilkeeyCat 2024-07-15 12:23
sometimes to make something good you have to write it 99 times and throw it away justatest
Avatar
ws-client2 BOT 2024-07-15 12:24
<ChillerDragon> yes for sure
12:24
<ChillerDragon> if you iterate your own ideas in multiple implementations and learn from earlier mistakes
12:25
<ChillerDragon> but that is something else than a different person implementing the same zCatch every 3 years
Avatar
Souly 2024-07-15 12:25
hi chiller im fan
Avatar
ws-client2 BOT 2024-07-15 12:25
<ChillerDragon> hi fan im chiller
Avatar
Souly 2024-07-15 12:26
no way
12:26
:OO
Avatar
meloƞ 2024-07-15 12:26
hi chiller i'm melon
Avatar
ws-client2 BOT 2024-07-15 12:27
<ChillerDragon> its a solved problem for ddrace
12:27
<ChillerDragon> other than a few very inentional trols from the block scene BW and the sorts nobody implements their own freeze from scratch anymore these days
Avatar
Avatar
ws-client2
<ChillerDragon> the fact that this very website neverssl.com does exist is not too exciting. I mean i used this very site but i could get my hands on a http site. But you mentioning the underlying problem helped a lot. I did not expect to use it so soon.
Learath2 2024-07-15 12:29
It's surprisingly hard to find a plain http site off the top of your head stuck at an airport or something
Avatar
ws-client2 BOT 2024-07-15 12:30
<ChillerDragon> my own
Avatar
Learath2 2024-07-15 12:30
Ah, I guess that'd work, yeah I use mine too sometimes
Avatar
ws-client2 BOT 2024-07-15 12:32
<ChillerDragon> also i know another one which i never forget somehow because i was so bamboozled they have no SSL and its up since years and short to type
12:32
<ChillerDragon> sadly i can not reveal it without doxing my self xd
12:33
<ChillerDragon> but i would have NEVER tried going to that site if the hotspot would not work
Avatar
heinrich5991 2024-07-15 12:34
even neverssl.com supports TLS 😄
12:34
http://example.com/ also works btw
Avatar
louis 2024-07-15 12:40
how does that even work?
12:40
the website doesn't really explain how it works technically
Avatar
heinrich5991 2024-07-15 12:40
which? neverssl or example?
Avatar
louis 2024-07-15 12:41
neverssl
Avatar
Learath2 2024-07-15 12:42
There is nothing to explain? It just serves http
Avatar
heinrich5991 2024-07-15 12:42
captive portals in wifis can only intercept http requests, not https ones
Avatar
louis 2024-07-15 12:42
how does that fix facebook
Avatar
Learath2 2024-07-15 12:42
Ah that part
Avatar
heinrich5991 2024-07-15 12:42
because https is secure
12:43
so by navigating to an http site, the captive portal can redirect you to the wifi login page
12:43
(most sites are secure nowadays, so the wifi portal can't redirect you away from them. this is a good thing ^^)
Avatar
Learath2 2024-07-15 12:44
Browsers and OSs have their own version of neverssl normally, like http://captive.apple.com/hotspot-detect.html
Avatar
louis 2024-07-15 12:44
but the login page for facebook/google still uses https no?
Avatar
Avatar
louis
but the login page for facebook/google still uses https no?
heinrich5991 2024-07-15 12:44
yes. the captive portal stops the connection from working, but it can't redirect your browser to the wifi login page
Avatar
louis 2024-07-15 12:44
okay
12:45
i see yeah ig i've never had to use it, i always get the captive apple http
Avatar
Learath2 2024-07-15 12:45
Some combination of configuration options on the hotspot side that I never bothered to debug on the spot can lead to your browser/os not going to their captive portal check url
12:46
Then you get stuck with a dud connection that you can't get to the login page of
Avatar
Avatar
Learath2
Browsers and OSs have their own version of neverssl normally, like http://captive.apple.com/hotspot-detect.html
heinrich5991 2024-07-15 12:46
yea. http://connectivitycheck.gstatic.com/generate_204, http://www.msftconnecttest.com/connecttest.txt, http://detectportal.firefox.com/canonical.html plus a couple more
Avatar
Learath2 2024-07-15 12:47
http://nmcheck.gnome.org/check_network_status.txt
Avatar
louis 2024-07-15 12:47
that seems kinda hacky
12:47
only being able to redirect on http
Avatar
heinrich5991 2024-07-15 12:49
the whole captive portal thing is a giant hack, because we don't have a protocol for that
Avatar
Learath2 2024-07-15 12:49
It's good, you don't want Amsterdam Airport Wifi redirecting you to fake facebook and stealing your credentials for the Dutch Secret Service
Avatar
Avatar
louis
only being able to redirect on http
heinrich5991 2024-07-15 12:50
not being able to hijack https is the same as them not being able to read your https traffic. thankfully, most of the web is https nowadays 🙂
Avatar
Learath2 2024-07-15 12:50
We should perhaps get a protocol for it 😄
Avatar
heinrich5991 2024-07-15 12:50
hard to bootstrap, the current one works good enough™
12:50
but yea, would be nice if the dhcp server could include a response that you need to visit the following https URL before internet access is available
12:51
thinking about it, I guess someone has already written something like this down
Avatar
louis 2024-07-15 12:51
i thought the nsa could read whatever they wanted anyways 😦
Avatar
Learath2 2024-07-15 12:51
idk how extensible the dhcp protocol is, so idk how hard that would be, but it would be nice
Avatar
Avatar
Learath2
idk how extensible the dhcp protocol is, so idk how hard that would be, but it would be nice
heinrich5991 2024-07-15 12:51
it's extensible like that AFAIK
Avatar
Avatar
louis
i thought the nsa could read whatever they wanted anyways 😦
heinrich5991 2024-07-15 12:52
the NSA can read the stuff that is decrypted on USA servers. which is most of the internet. even ddnet uses cloudflare, which decrypts the ddnet traffic on cloudflare servers
Avatar
Avatar
louis
i thought the nsa could read whatever they wanted anyways 😦
Learath2 2024-07-15 12:53
to be fair, we do kinda trust that the trust roots are trustworthy, they could be working with the NSA issuing them MITM certificates, so any site without HPKP is technically unsafe
Avatar
heinrich5991 2024-07-15 12:54
nah, there's certificate transparency
12:54
which makes such certificates publicly viewable
Avatar
louis 2024-07-15 12:54
aint that what web3 is for troll
Avatar
heinrich5991 2024-07-15 12:54
no, web3 is unrelated to that
Avatar
Avatar
heinrich5991
nah, there's certificate transparency
Learath2 2024-07-15 12:55
Isn't that voluntary participation?
12:56
Ah, they do have client side logging and monitoring too
Avatar
Avatar
Learath2
Isn't that voluntary participation?
heinrich5991 2024-07-15 12:56
depending on the CA, the CA must get certificates logged to get them trusted. we're getting there and a greater fraction is getting that requirement
12:56
but chrome/chromium send all certificates not already logged to CT
12:56
so if you MITM'ing someone using chrome, your certificate will end up in CT
Avatar
Avatar
heinrich5991
depending on the CA, the CA must get certificates logged to get them trusted. we're getting there and a greater fraction is getting that requirement
Learath2 2024-07-15 12:57
Would it alert on a non logging CA issuing a certificate for a website that a logging CA issued a certificate for?
Avatar
Avatar
Learath2
Would it alert on a non logging CA issuing a certificate for a website that a logging CA issued a certificate for?
heinrich5991 2024-07-15 12:57
no, it does not alert the user
12:58
but from the fact that the certificates are public, we know that there are no secret large-scale MITM actions going on, at least not via this method
Avatar
Learath2 2024-07-15 12:59
Well that's one downside, so the NSA gets to do an extremely targeted attack on a couple people until someone or some system spots it in the logs
12:59
Then I'm guessing that root gets untrusted?
Avatar
Avatar
Learath2
Well that's one downside, so the NSA gets to do an extremely targeted attack on a couple people until someone or some system spots it in the logs
heinrich5991 2024-07-15 12:59
yes
12:59
unlikely that the NSA would do that to a domestic CA
12:59
because it hurts their economy
13:00
more likely to try to hack a foreign CA, I guess
Avatar
Learath2 2024-07-15 13:00
Just ask a CIA client state to "accidentally" leak their root CA
Avatar
heinrich5991 2024-07-15 13:00
then their CA gets distrusted, not so hard
Avatar
Learath2 2024-07-15 13:01
Then they say, oh we make big mistake, add us back or we ban your browser in our country, we promise, we keep new root very safe
Avatar
heinrich5991 2024-07-15 13:01
you seem to have a wrong impression of how the CA/B forum works
13:01
this CA is not going to get added again
13:02
a CA root certificate is not something that should be able to get leaked
13:02
it should be on an HSM
13:02
(CAs have been permanently removed from root stores for way less than blatant certificate misissuance)
Avatar
Learath2 2024-07-15 13:03
Well don't need to give out the root, just leak an intermediate, those happened before without CA's getting deleted
Avatar
heinrich5991 2024-07-15 13:04
anyway, we don't really see that happening in practice
13:04
there are better methods to attack this system
13:05
this particular issue doesn't seem like a weak point
13:06
e.g. no need to hijack a CA when you can get a legitimate certificate from almost any CA
13:06
because you can hijack the methods used to verify people's ownership of domains
Avatar
Learath2 2024-07-15 13:07
You are probably not getting any CA to issue you a certificate for facebook.com
Avatar
GitHub BOT 2024-07-15 13:08
Author icon
Robyt3
[ddnet/ddnet] Pull request opened: #8593 Fix crashes with dbg_dummies and sv_max_clients, ensure that sv_max_clients can only be set when starting server
Use the real number of maximum clients returned by the MaxClients() function instead of the MAX_CLIENTS constant to calculate the debug dummy client IDs to fix a crash when sv_max_clients is below MAX_CLIENTS. Ensure the dbg_dummies value does not exceed the maximum number of clients. Changing the sv_max_clients config variable while the server is running does not change the maximum number of clients that can connect, as this is determined only once when the CNetServer is ...
Avatar
Avatar
heinrich5991
you seem to have a wrong impression of how the CA/B forum works
Learath2 2024-07-15 13:12
btw, some countries have laws requiring "providers of web-browsers" to ship certain trust roots, I'm unsure what the CA/B forum would be able to do about that
13:13
(iirc even EU had something similar which all the browser vendors made noise about, though idk if it ended up being passed as initially worded)
Avatar
Avatar
Learath2
btw, some countries have laws requiring "providers of web-browsers" to ship certain trust roots, I'm unsure what the CA/B forum would be able to do about that
heinrich5991 2024-07-15 13:17
I haven't heard of such a law having an effect so far. I'd be interested in whether that exists
Avatar
Learath2 2024-07-15 13:18
Well some form of eidas 2 passed, with article 45 still in there, idk if they reworded it differently though
Avatar
fokkonaut 2024-07-15 13:18
morning
Avatar
Avatar
Learath2
Well some form of eidas 2 passed, with article 45 still in there, idk if they reworded it differently though
heinrich5991 2024-07-15 13:21
I'd be interested to know whether these kind of laws have any effect ^^
Avatar
Learath2 2024-07-15 13:22
Probably not, I already don't believe any of these parties would actually have the balls to remove a root certificate that belongs to a western government
Avatar
louis 2024-07-15 13:23
Usa #1 🦅
Avatar
Avatar
Learath2
Well some form of eidas 2 passed, with article 45 still in there, idk if they reworded it differently though
heinrich5991 2024-07-15 13:24
I can't figure out quickly if that is even law yet. do you know?
Avatar
Avatar
heinrich5991
I can't figure out quickly if that is even law yet. do you know?
Learath2 2024-07-15 13:24
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32024R1183
Avatar
heinrich5991 2024-07-15 13:26
oof
Avatar
Learath2 2024-07-15 13:26
Again idk if they changed the wording after the browser vendors raised concerns, but I do also remember a smear document signed by some legislators "disproving" mozillas claim in their open letter
Avatar
heinrich5991 2024-07-15 13:26
that text sounds bad
13:26
Qualified certificates for website authentication issued in accordance with paragraph 1 of this Article shall be recognised by providers of web-browsers. Providers of web-browsers shall ensure that the identity data attested in the certificate and additional attested attributes are displayed in a user-friendly manner. Providers of web-browsers shall ensure support and interoperability with qualified certificates for website authentication referred to in paragraph 1 of this Article, with the exception of microenterprises or small enterprises as defined in Article 2 of the Annex to Recommendation 2003/361/EC during the first five years of operating as providers of web-browsing services.
13:26
article 45, 1a
Avatar
Learath2 2024-07-15 13:27
https://securityriskahead.eu/
larazach
Mozilla | QWACs - #SecurityRiskAhead EU -
eIDAS article 45.2 requires websites to display an unsafe QWAC Qualified certificate to users in the EU.
Thumbnail
13:27
Apparently some changes were approved that makes it fine
13:30
CT does sound nice, but I don't get why it was implemented on the CA and domain owner side
13:31
A similar scheme could be built on the client side, to watch for suspicious certificates without the CAs having to submit logs
Avatar
heinrich5991 2024-07-15 13:32
a global log sounds better than a client-specific one
13:32
because that means we get to analyze all the data
Avatar
Learath2 2024-07-15 13:32
I meant a global log where all clients submit all certificates they encounter
Avatar
heinrich5991 2024-07-15 13:32
even if it was the first time for the client to connect to that website
Avatar
Avatar
Learath2
I meant a global log where all clients submit all certificates they encounter
heinrich5991 2024-07-15 13:33
we do have that ^^ in addition to most, hopefully soon all CAs being required to submit it by themselves
13:33
with the CAs being required to submit them, we don't have to wait for a client to find the certificate
Avatar
Learath2 2024-07-15 13:34
but it doesn't alert the user to a suspicious certificate
13:34
it alerts the CAs and the server owner
Avatar
heinrich5991 2024-07-15 13:34
(for CAs that are required to submit, the certificates include a proof that they're logged to CT)
Avatar
Learath2 2024-07-15 13:34
meanwhile my data has already been stolen
Avatar
heinrich5991 2024-07-15 13:34
idk, let's address that problem once it becomes one?
Avatar
Learath2 2024-07-15 13:35
We'll never know if it becomes one if the entity doing the attacks is careful to target only firefox and old browsers
Avatar
heinrich5991 2024-07-15 13:35
well, firefox is planning to implement CT, too
13:36
you're not showing a weakness of the system, but a weakness of firefox
13:36
because it's not doing the thing that chrome does, here
13:36
https://bugzilla.mozilla.org/show_bug.cgi?id=1281469
1281469 - Implement Certificate Transparency support (RFC 6962)
NEW (nobody) in Core - Security: PSM. Last updated 2024-06-11.
Avatar
Learath2 2024-07-15 13:37
Technically chrome doesn't save you from the attack either, it just is proof that it's not happening (widely enough? I didn't read how the global log is scrutinized) to chrome or safari users
Avatar
heinrich5991 2024-07-15 13:37
hmmm. let's talk about the client-side of things. what do you propose to tackle client-side?
Avatar
Avatar
heinrich5991
hmmm. let's talk about the client-side of things. what do you propose to tackle client-side?
Learath2 2024-07-15 13:38
Check the global log, if for some measure of suspicious, this cert I've been handed is suspicious, alert me
Avatar
heinrich5991 2024-07-15 13:39
hmmm. that sounds like a power user feature
13:39
I guess one could build that in addition to the current system
13:39
(also, this only works for interactive cases)
13:40
also needs a bit of thinking to make it anonymous, so you're not sending your browsing history to the CT log
Avatar
GitHub BOT 2024-07-15 13:45
Author icon
github-merge-queue[bot]
[ddnet:master] 3 new commits
325e22d Fix crashes with dbg_dummies and sv_max_clients - Robyt3 37756aa Ensure that sv_max_clients can only be set when starting server - Robyt3 804e87a Merge pull request #8593 from Robyt3/Server-MaxClients-Fixes - def-
13:45
Author icon
def-
[ddnet/ddnet] Pull request closed: #8593 Fix crashes with dbg_dummies and sv_max_clients, ensure that sv_max_clients can only be set when starting server
Avatar
murpi 2024-07-15 13:46
I was about to create a github issue about downloading maps from maps.ddnet.org whenever a demo is opened without the necessary map file, but a bit hesitant because this is probably not a widespread issue. (edited)
Avatar
Learath2 2024-07-15 13:47
Chrome requires all publicly-trusted TLS certificates issued after April 30, 2018 to support CT in order to be recognized as valid
This is pretty good
Avatar
Avatar
murpi
I was about to create a github issue about downloading maps from maps.ddnet.org whenever a demo is opened without the necessary map file, but a bit hesitant because this is probably not a widespread issue. (edited)
Robyt3 2024-07-15 13:50
I'm pretty sure there is already an issue about that
Avatar
murpi 2024-07-15 13:51
Hmmm. right: #2267
Avatar
DDNet BOT 2024-07-15 13:51
https://github.com/ddnet/ddnet/issues/2267
Handle missing map from server-side demo better · Issue #2267 · ddn...
teehistorian-created demos contain no map file, so they fail to load, but nothing is shown to the user: [2020-06-16 14:38:43][client]: loading map, map=Barren wanted sha256=7f43f924a26a9a25b2c009bb...
Thumbnail
Avatar
Avatar
Learath2
Chrome requires all publicly-trusted TLS certificates issued after April 30, 2018 to support CT in order to be recognized as valid
This is pretty good
heinrich5991 2024-07-15 13:55
ah, didn't know it was this far already
13:55
so when mozilla? ^^
Avatar
Learath2 2024-07-15 13:56
eh, they have always been on the slower side
13:57
understandable, they have many less millions and billions but are expected to implement the exact same set of things chromium browsers implement
Avatar
GitHub BOT 2024-07-15 15:05
Author icon
def-
[ddnet-web:master] 1 new commit
08b16e7 5258 - def-
Avatar
louis 2024-07-15 15:18
@Jupstar ✪ are you able to have the SkinDB bot automatically dilate skins before uploading them to the ddnet db?
Avatar
Bors Matyas 2024-07-15 15:48
please unban me i blocked in multeasymap i got fucked out for a day :(((
pepeW 1
Avatar
Gwendal 2024-07-15 15:48
#✉-create-a-ticket
Avatar
Bors Matyas 2024-07-15 15:52
i dont know my ip
Avatar
Avatar
louis
i thought the nsa could read whatever they wanted anyways 😦
zhn 2024-07-15 15:54
ye they can
15:55
don't worry :p
Avatar
Avatar
Gwendal
#✉-create-a-ticket
Bors Matyas 2024-07-15 15:57
ok i did
15:57
when unban?
15:58
im still banned
Avatar
Avatar
louis
@Jupstar ✪ are you able to have the SkinDB bot automatically dilate skins before uploading them to the ddnet db?
louis 2024-07-15 16:06
alternatively something that also mass-dilates the existing skins in the DB somehow
Avatar
Avatar
Bors Matyas
when unban?
Fussel 2024-07-15 16:10
Ban Expires 2024-07-16 09:00, Tuesday, 16 July 2024 09:00 (2024-07-16 09:00 UTC)
gigachad 1
Avatar
Bors Matyas 2024-07-15 17:12
i know
17:12
whats the point of ban appeal then?
Avatar
Avatar
Bors Matyas
whats the point of ban appeal then?
Learath2 2024-07-15 17:17
It's for moderation mistakes mostly, and some mods do show leniency for people banned for their first time or so
Avatar
Bors Matyas 2024-07-15 17:18
i can play maps. I dont block i promise
17:18
cant*
Avatar
Cellegen 2024-07-15 17:38
Own your mistakes if it's righteous.
Avatar
MilkeeyCat 2024-07-15 17:58
Dear diary, I can't find words to describe the pain and humiliation I experienced during debugging my code, it was generating correct output 50% of the time. I couldn't understand why but after starting at it like an idiot I realized I was interating over a map and because of it the order was wrong sometimes
Avatar
Learath2 2024-07-15 18:00
🙃
Avatar
MilkeeyCat 2024-07-15 18:03
And it was working correctly exactly when I was changing the values in my language source code pepeW
Avatar
Ryozuki 2024-07-15 18:39
rust?
18:39
use btree for guaranteed order
Avatar
MilkeeyCat 2024-07-15 19:02
I don't need anything except vector
Exported 256 message(s)
Timezone: UTC+0