00:56 < ddnet-commits> [ddnet] heinrich5991 opened pull request #160: Make the secure random stuff platform-independent (DDRace64...pr_ddnet_random_windows) http://git.io/xAjT 01:57 <@deen> the token stuff doesn't help against clogging the servers, right? 01:57 <@deen> one block server is full with 64 spoofed ip clients right now 02:32 < eeeee> deen: if we drop vanilla compatibility then it will help :P 02:33 < eeeee> so, no 02:33 < eeeee> didn't you have some other clogging protection with pings 02:34 <@deen> pings? 02:35 <@deen> right, we had something but I removed it recently because it didn't work well with http map download^^ 02:35 <@deen> and it was never enabled on DDNet anyway because of problems 02:37 < eeeee> i guess we'll have to fix that too someday :/ 02:37 <@deen> probably soon 02:38 <@deen> they're still blocking the entire server =/ 06:50 < eeeee> okay i found a bug in tokens 07:35 < ddnet-commits> [ddnet] eeeee opened pull request #161: fix timeout protection with tokens (DDRace64...timeout_protection_token_fix) http://git.io/xpcV 07:39 < eeeee> other than that, seems to work 08:49 < ddnet-commits> [ddnet] eeeee opened pull request #162: fix missing size_t definition on mac (DDRace64...mac_build) http://git.io/xpze 10:40 <@EastByte> deen: that still is the easiest way to dos a server 10:41 <@EastByte> eeeee: no need to drop vanilla support? 10:44 <@EastByte> we could add an additional client array with dynamic size as a pre state for clients connecting 11:46 < ddnet-commits> [ddnet] def- pushed 2 new commits to DDRace64: http://git.io/xhTs 11:46 < ddnet-commits> ddnet/DDRace64 0dc332c eeeee: fix timeout protection with tokens... 11:46 < ddnet-commits> ddnet/DDRace64 6f93d36 Dennis Felsing: Merge pull request #161 from eeeee/timeout_protection_token_fix... 11:49 < ddnet-commits> [ddnet] def- pushed 2 new commits to DDRace64: http://git.io/xhTj 11:49 < ddnet-commits> ddnet/DDRace64 739a83a eeeee: fix missing size_t definition on mac 11:49 < ddnet-commits> ddnet/DDRace64 ec5a24e Dennis Felsing: Merge pull request #162 from eeeee/mac_build... 11:55 <@deen> EastByte: well, they even finish connecting and just stand around ingame 12:18 <@heinrich5991> deen: what's your current vanilla client share? 12:18 <@deen> heinrich5991: on ddnet servers or where? 12:18 <@heinrich5991> yes 12:19 <@deen> i don't have any real statistics 12:19 <@heinrich5991> I could imagine only allowing 1/2, 2/3 or 1/3 vanilla 12:19 <@deen> i just sometimes open f2 and look at "status" 12:19 <@heinrich5991> that would allow people with ddnet client to still connect 12:19 <@deen> heinrich5991: that would probably work on the ddrace servers, but not the block ones 12:19 <@deen> and in some locations people really don't use ddnet client 12:20 <@deen> hm 12:20 <@heinrich5991> deen: I could try to port this to the vanilla client and then you can tell people to either get the modded vanilla client or ddnet client if they can't join the server due to flood 12:21 <@deen> nono, they use some other custom clients 12:21 <@deen> with bots and stuff, not vanilla :P 12:21 <@deen> or with chinese language support 12:21 <@heinrich5991> then tell them to ask the modder to apply the patch 12:21 <@heinrich5991> I'd say 12:22 <@heinrich5991> e.g. reserve 1/3 of the slots for clients that can do token stuff 12:22 <@heinrich5991> that shouldn't hurt too much 12:22 <@deen> yeah, should be totally fine 12:22 <@deen> otherwise just show a message "Only DDNet client can connect" 12:22 <@deen> but people would think it's just a stunt to get more to use ddnet client :P 12:22 <@heinrich5991> also show an explanation, otherwise people will get mad 12:22 <@deen> indeed 12:23 <@deen> but i'm still not sure 12:23 <@heinrich5991> make a forum post with the patch 12:23 <@heinrich5991> additionally 12:23 <@deen> it's still bad if they can fill every one of our servers to 2/3 12:23 <@heinrich5991> so people can apply it to their fancy bot clients 12:23 <@heinrich5991> maybe they'll stop doing it once people can get around it 12:23 <@heinrich5991> because it's no longer effective 12:23 <@deen> they aren't really doing it yet at all 12:24 <@deen> last night seemed like a test run 12:25 <@heinrich5991> eeeee: I guess the token stuff doesn't yet work allocation-less until the client responds? 12:25 <@heinrich5991> that's kind of the pre-condition for reserver 1/n of the slots for clients that can do it 15:00 <@EastByte> deen: yea, before clients get ingame there has to be a check against ip spoofing of course 15:04 <@EastByte> heinrich5991: we don't need to drop vanilla support in any way, there already is an anti ip spoofing protection 15:04 <@EastByte> it just needs some tweaking 15:11 <@heinrich5991> I was just proposing to reserve some slots for clients that support the token protocol 15:11 <@heinrich5991> EastByte: ^ 15:11 < Learath2> heinrich5991: wouldnt your pullrequest for vanilla fix all this ? :D 15:11 <@heinrich5991> yes 15:12 <@heinrich5991> but Oy doesn't like it really if I get it correctly 15:12 <@EastByte> okay 15:14 < Learath2> maybe we should reimplement the spoof protection deen removed 15:15 < Learath2> it was badly written serverside thats why it didnt work well with http download 15:18 <@EastByte> heinrich5991: I doubt such a patch will be applied by many coders :/ 15:19 <@EastByte> for example the unmaintained closed 13x37 client is still one of the most used since 2 years 15:19 <@heinrich5991> EastByte: oh I'm sure someone will do something once they can't connect to ddnet when a spoofing attack is in place 15:19 <@EastByte> and barely anyone will notice the fix since not everyone can run such an attack 15:20 <@EastByte> ah, that way 15:20 <@heinrich5991> anyone who bothers can run that attack 15:20 <@EastByte> ip spoofing? 15:20 <@deen> heinrich5991: really? is it that easy to get a server that can spoof any ip? 15:21 <@heinrich5991> I think so 15:21 <@EastByte> I think windows vps often are vunerable for that 15:21 <@EastByte> openvz won't work at all 15:21 <@heinrich5991> KVM works? 15:21 <@heinrich5991> or why windows VPS? 15:21 <@EastByte> badly configured, yes 15:22 <@EastByte> hmm 15:22 <@EastByte> because some hosters rely on old windows hosting solutions and stuff? 15:22 <@EastByte> it's windows... 15:23 <@EastByte> and pikotee once told me about that 15:24 <@heinrich5991> I know at least one server that can spoof but does not run Windows 15:28 < Learath2> how do you even search for a 15:28 < Learath2> provider that doesnt implement BCP38 15:29 < Learath2> even if the packets leave the physical machine how does it make it out of their network is what boggles my mind 15:30 <@EastByte> ^ 15:30 <@heinrich5991> Learath2: it's a lot cheaper if you don't have to check the source address in routers 15:31 <@heinrich5991> my proof-of-concept implementation of IP that I produced for a course also didn't have spoof protection 15:31 <@EastByte> but ip spoofing attacks e.g. causing reflection attacks are really heavy and should be prevented in any way 15:31 < Learath2> i think profit > cost here 15:34 <@heinrich5991> it's tragedy of the commons 15:34 <@heinrich5991> you don't benefit if you do this, it only costs you 15:34 <@heinrich5991> you only benefit when everyone else does it 16:05 < o_be_one> hi al 18:26 <@deen> hi o_be_one 18:37 < Nimda_5192> Myth by Knight :3 & Saavik just released on Moderate at 2015-03-06 18:34 19:53 < Spyker> deen! maybe i created a multy editor!!!!!!! 19:54 < Spyker> wait.... for the moment it is very buggy! 19:54 < Spyker> but mb i can fix bugs! 19:54 * Spyker slaps deen around a bit with a large fishbot 19:55 < Spyker> but waiting multiplayer map editor, you can have fun with rank 1 in just fly! and mb put it on ddnet start page? 19:56 < Spyker> https://www.youtube.com/watch?v=JW5GYh0vFjw&feature=youtu.be 19:56 < Nimda_5192> [YouTube] Title: Rank 1 Just Fly | Rating: 0.00/5.00 | Views: 1 20:06 < eeeee> yeah wouldn't be terribly hard to be allocation-less before the client replies back with token 20:07 < eeeee> but i hoped we could have spoof protection that also works with vanilla 20:24 < Learath2> eeeee: there was a spoof protection which worked with vanilla 20:26 < fstd> i wrote one too few years back 20:26 < fstd> was kind of a hack though 20:32 <@EastByte> the one that was implemented in ddnet made a handshake by simulating a mapchange 20:32 <@EastByte> I guess by forcing the client to request the right number of chunks... not sure 20:33 <@deen> right 21:01 < Learath2> should test autoupdate with other platforms and actual update data 21:01 < eeeee> i don't see how reserved non-vanilla slots would solve anything 21:02 <@EastByte> encourage people to use a fixed client 21:02 < eeeee> kidz will still fill vanilla slots, flood the chat and funvote 21:03 <@heinrich5991> eeeee: will allow people to play that are using a client which doesn't have that problem 21:04 < eeeee> if you hide chats, leave/join/namechange msgs from vanilla clients and disable voting then maybe 21:06 < Learath2> should re add that spoof protection or some other kind of spoof protection