00:00 <+bridge> [ddnet] if only one parser failed the input, the security vulnerability would likely not exist there 00:00 <+bridge> [ddnet] i see 00:00 <+bridge> [ddnet] but it was already at fault 00:00 <+bridge> [ddnet] the one who wrote that packet 00:00 <+bridge> [ddnet] i guess this is just to have a predictible outcome 00:01 <+bridge> [ddnet] i guess this is just to have a predictable outcome 00:01 <+bridge> [ddnet] yes, predictable is very good for security-related stuff 00:01 <+bridge> [ddnet] fail-fast for unexpected input is also good 00:01 <+bridge> [ddnet] e.g. there have been real-life HTTP request smuggling vulnerabilities due to this first-last thing 00:02 <+bridge> [ddnet] the Content-Length header dictates how many of the bytes following the headers are intended to be the body 00:02 <+bridge> [ddnet] you have a HTTP reverse-proxy in front of your application server 00:03 <+bridge> [ddnet] that maybe sets a "Original-IP-Address" header 00:03 <+bridge> [ddnet] the reverse-proxy interprets the first Content-Length header and the application server the last one 00:04 <+bridge> [ddnet] hm 00:04 <+bridge> [ddnet] i think content-length doesnt include headers right? 00:04 <+bridge> [ddnet] then you send a request like this: 00:04 <+bridge> [ddnet] ``` 00:04 <+bridge> [ddnet] POST / HTTP/1.0 00:04 <+bridge> [ddnet] Content-Length: 128 00:04 <+bridge> [ddnet] Content-Length: 0 00:04 <+bridge> [ddnet] 00:04 <+bridge> [ddnet] GET /secret/path/that/only/localhost/is/allowed/to/access 00:04 <+bridge> [ddnet] Original-IP-Address: 127.0.0.1 00:04 <+bridge> [ddnet] 00:05 <+bridge> [ddnet] ``` 00:05 <+bridge> [ddnet] but i get what u mean 00:05 <+bridge> [ddnet] ah 00:05 <+bridge> [ddnet] i see 00:06 <+bridge> [ddnet] http://pn./ 00:06 <+bridge> [ddnet] look this website 00:06 <+bridge> [ddnet] xD 00:06 <+bridge> [ddnet] https://jameswillia.ms/posts/shortest-urls.html 00:06 <+bridge> [ddnet] http://pn/ 00:06 <+bridge> [ddnet] https://en.wikipedia.org/wiki/.pn 00:07 <+bridge> [ddnet] it needs the dot 00:07 <+bridge> [ddnet] not for me 00:07 <+bridge> [ddnet] for me yes :o 00:07 <+bridge> [ddnet] you can also do https://www.google.com./ if you want 😉 00:07 <+bridge> [ddnet] the final dot only says that you want to have the global domain IIRC 00:07 <+bridge> [ddnet] doesnt: http://pn/ 00:07 <+bridge> [ddnet] does: http://pn./ 00:08 <+bridge> [ddnet] :thonk: should I visit the website 00:08 <+bridge> [ddnet] Probably depends on the web browser 00:08 <+bridge> [ddnet] https://www.icann.org/en/announcements/details/new-gtld-dotless-domain-names-prohibited-30-8-2013-en 00:08 <+bridge> [ddnet] yea, wanted to say that as well ^^ 00:08 <+bridge> [ddnet] the link you posted 00:08 <+bridge> [ddnet] No 00:09 <+bridge> [ddnet] it's harmless 00:09 <+bridge> [ddnet] Random websites can't hurt you 00:09 <+bridge> [ddnet] :thonk: so no? 00:09 <+bridge> [ddnet] they theoretically can, but this one doesn't 00:10 <+bridge> [ddnet] Not worth it tho 00:10 <+bridge> [ddnet] @Cellegen | RiH saved you a click 00:10 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/1018644678213632040/unknown.png 00:10 <+bridge> [ddnet] :feelsamazingman: who 00:10 <+bridge> [ddnet] :feelsamazingman: whooo 00:11 <+bridge> [ddnet] Very interesting, isn't it? 00:11 <+bridge> [ddnet] meh, ddnet.tw still better :gigachad: 00:11 <+bridge> [ddnet] ddnet.org* 00:12 <+bridge> [ddnet] it seems we're still on ddnet.tw 00:12 <+bridge> [ddnet] ye xD 00:12 <+bridge> [ddnet] good 00:12 <+bridge> [ddnet] wiki.ddnet.org 00:12 <+bridge> [ddnet] keep it that way pls 00:12 <+bridge> [ddnet] Org is only for non profits i think 00:12 <+bridge> [ddnet] nah 00:12 <+bridge> [ddnet] @pilonpl org is for open source projects 00:12 <+bridge> [ddnet] don't change it nooo :nooooo: 00:12 <+bridge> [ddnet] https://en.wikipedia.org/wiki/.org 00:12 <+bridge> [ddnet] > . The domain was originally "intended as the miscellaneous TLD for organizations that didn't fit anywhere else."[1] It is commonly used by non-profit organizations, open-source projects, and communities, but is an open domain that can be used by anyone. 00:13 <+bridge> [ddnet] > The domain was originally "intended as the miscellaneous TLD for organizations that didn't fit anywhere else."[1] It is commonly used by non-profit organizations, open-source projects, and communities, but is an open domain that **can be used by anyone**. 00:13 <+bridge> [ddnet] thanks 00:13 <+bridge> [ddnet] :bluekitty: 00:13 <+bridge> [ddnet] So it's for everyone 00:13 <+bridge> [ddnet] the argument against .tw is that we're dependent on taiwan being stable 00:13 <+bridge> [ddnet] .tw is for taiwan 00:13 <+bridge> [ddnet] hm, teeworlds data will use .net domains in the future, we'll leave .tw for good 00:14 <+bridge> [ddnet] Tw is for TeeWorlds obviously 00:14 <+bridge> [ddnet] and as you mention it, this was the reason 00:14 <+bridge> [ddnet] it's not always stable 00:15 <+bridge> [ddnet] or should we just go to org domains too? 00:16 <+bridge> [ddnet] https://github.com/ddnet/ddnet/pull/5312 00:16 <+bridge> [ddnet] I'll ask nexus about it, he's the one deciding on that 00:16 <+bridge> [ddnet] we're already in the process of moving ^^ 00:16 <+bridge> [ddnet] yeah 00:16 <+bridge> [ddnet] its decided 00:17 <+bridge> [ddnet] 00:17 <+bridge> [ddnet] 00:17 <+bridge> [ddnet] just missing the main one 00:17 <+bridge> [ddnet] hm 00:18 <+bridge> [ddnet] @NeXus whenever you read this ~ 00:18 <+bridge> [ddnet] @NeXus whenever you read this ^ 00:19 <+bridge> [ddnet] Why not use both 00:20 <+bridge> [ddnet] https://chadnauseam.com/coding/gamedev/automated-testing-in-bevy/ 00:24 <+bridge> [ddnet] next ddnet release will be ddnet.org and then we will switch the website etc too 00:25 <+bridge> [ddnet] :nooooo: 00:25 <+bridge> [ddnet] bye bye ddnet.tw 00:25 <+bridge> [ddnet] it will just redirect to ddnet.org 00:25 <+bridge> [ddnet] so all old links keep working 00:27 <+bridge> [ddnet] oh, then all good 00:27 <+bridge> [ddnet] :feelsamazingman: 00:27 <+bridge> [ddnet] :feelsamazingman: 07:37 <+bridge> [ddnet] Was actually searching a good game engine Yesterday and found bevy 09:20 <+bridge> [ddnet] :BASED: 09:22 <+bridge> [ddnet] there was another one, forgot the name 09:22 <+bridge> [ddnet] I think it started by Fox.... smth 09:22 <+bridge> [ddnet] it has an editor 09:25 <+bridge> [ddnet] Fyrox 11:13 <+bridge> [ddnet] I can't seem to settle on how to make the new global bans thing. I want to make something generic enough that we stop having to bolt on different ways of interacting with the outside from the gameserver 11:13 <+bridge> [ddnet] Inter server comms 11:14 <+bridge> [ddnet] I was originally thinking a new protocol, but it made me feel like I was re-inventing the wheel 11:14 <+bridge> [ddnet] Imagine a server sharing the entire team state to another 11:14 <+bridge> [ddnet] And switching 11:14 <+bridge> [ddnet] When a ddos happens 11:14 <+bridge> [ddnet] I'm currently considering HTTP + SSE. With HTTP/2 persistent connections it wouldn't be too bad when I eventually want to hook the other direction up allowing servers to communicate with the hub 11:15 <+bridge> [ddnet] this makes another kind of DoS possible. You could hog the entire inter-server bus by just ddosing the servers as teams are switched one to the other 11:15 <+bridge> [ddnet] Why not ipv 11:15 <+bridge> [ddnet] Why not ipc 11:15 <+bridge> [ddnet] Sadly the state is large enough that this isn't feasible 11:15 <+bridge> [ddnet] Or grpc 11:16 <+bridge> [ddnet] I considered ipc too even directly shared memory, but with tiny amount of traffic on that bus I really didn't think it'd be worth it 11:17 <+bridge> [ddnet] Maybe just make the servers so a http request 11:17 <+bridge> [ddnet] On a json file 11:17 <+bridge> [ddnet] Every x mins 11:18 <+bridge> [ddnet] Most simple solution imho 11:18 <+bridge> [ddnet] On the leaf servers I'm thinking http over unix domain sockets, the spoke proxies and the hubs would communicate over http over tcp like normally 11:18 <+bridge> [ddnet] And then a post request to add a ban 11:19 <+bridge> [ddnet] Most simple but it's too slow, bans should go through immediately. And it also suffers from waste as the file is usually unchanged 11:19 <+bridge> [ddnet] I'm mostly unsure about the http part honestly 11:19 <+bridge> [ddnet] Http bloat 11:19 <+bridge> [ddnet] :BASED: 11:19 <+bridge> [ddnet] Should I bother with devising a proper protocol or is http good enough with the relatively small amount of traffic? 11:20 <+bridge> [ddnet] If it wasn't for http/2 persistent connections I think it'd be very wasteful given the server will want to communicate backwards too, but with persistent connections I think it's feasible enough 11:20 <+bridge> [ddnet] If you ask me whats most fun, a protocol, if you want to just get things done then http 11:20 <+bridge> [ddnet] I would go with fun 11:22 <+bridge> [ddnet] What is grpc btw? 11:22 <+bridge> [ddnet] I'm guessing it's rpc over some exotic protocol well suited for it? 11:22 <+bridge> [ddnet] gRPC is a modern open source high performance Remote Procedure Call (RPC) framework that can run in any environment. 11:23 <+bridge> [ddnet] it uses http2 11:23 <+bridge> [ddnet] and doesnt work on browsers 11:23 <+bridge> [ddnet] its for apps 11:23 <+bridge> [ddnet] also uses protobuf 11:23 <+bridge> [ddnet] https://grpc.io/ 11:23 <+bridge> [ddnet] ah they decided abusing http2 persistent connections were good enough for them 11:23 <+bridge> [ddnet] who am I to challange that 😄 11:23 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/1018814207359201340/unknown.png 11:24 <+bridge> [ddnet] yeah 11:24 <+bridge> [ddnet] Funnily enough this really looks like the final design I'm considering. So maybe I'm not that far off from a good solution 11:24 <+bridge> [ddnet] They just used protobuf instead of the json I'm thinking about 11:24 <+bridge> [ddnet] https://github.com/hyperium/tonic 11:24 <+bridge> [ddnet] for rust 11:25 <+bridge> [ddnet] protobuf is probs more perf 11:25 <+bridge> [ddnet] And I guess they do the streaming data better than the sse I'm thinking of 11:28 <+bridge> [ddnet] Seems they support json too. I might just use grpc instead of making it from scratch. Thanks, I was sure someone else solved this problem before 11:33 <+bridge> [ddnet] Would be cool to do this as a rust module @Learath2 11:33 <+bridge> [ddnet] :BASED: 11:33 <+bridge> [ddnet] And you have the lib i sent 11:33 <+bridge> [ddnet] Im sure in c++ u need to pull a big lib 11:33 <+bridge> [ddnet] :greenthing: 11:34 <+bridge> [ddnet] I think we need this quicker than @heinrich5991's rust stuff can be added to the client 11:35 <+bridge> [ddnet] I'm considering just using grpc-json though. With that I think I hope I can just use curl on gameservers 11:36 <+bridge> [ddnet] :Sadge: 11:39 <+bridge> [ddnet] I'm still in general pretty skeptical about generic async programming. It just feels so wrong to let some scheduler handle my threading 😄 11:49 <+bridge> [ddnet] Just make ur async runtime 4head 11:57 <+bridge> [ddnet] The problem isnt that the runtimes arent good enough. The problem is that when it gets to the runtime a lot of information is already lost 11:58 <+bridge> [ddnet] Maybe a runtime with task tagging could be nice. E.g. tasks with same tags run on the same thread pinned on one core e.g. 12:53 <+bridge> [ddnet] Hmm 12:54 <+bridge> [ddnet] Why you want such fine grained control? 12:54 <+bridge> [ddnet] Maybe then dont use a async runtime 12:54 <+bridge> [ddnet] But an actor system 12:55 <+bridge> [ddnet] I think runtimes are p good at managing tasks 12:57 <+bridge> [ddnet] Well idk if an actor system can give more control 13:00 <+bridge> [ddnet] https://github.com/bastion-rs/bastion 13:02 <+bridge> [ddnet] Idk, sometimes you just know better than the runtime. The runtime can only know what is happening right now, you can also make predictions about the whole running duration of the program. Say you do a calculation that'll be necessary in a couple ms. If the result of that calculation and the task it's necessary for happens on different cores now you've lost locality which'll be slower 13:04 <+bridge> [ddnet] https://docs.rs/tokio/latest/tokio/task/fn.spawn_local.html 13:04 <+bridge> [ddnet] Maybe this helps? 13:11 <+bridge> [ddnet] I guess at some point runtimes have to so tradeoffs 13:11 <+bridge> [ddnet] The reality is that often you dont need such control imho 13:11 <+bridge> [ddnet] And i think tokio is rly perfomant rn 13:12 <+bridge> [ddnet] I guess at some point runtimes have to do tradeoffs 13:12 <+bridge> [ddnet] I guess the idea with runtimes is that you usually don't care for that much optimization 13:13 <+bridge> [ddnet] Which is true, unless you are doing some highly computational stuff you'll be bound by other things before you are bound by how efficiently you are using your cpu 13:13 <+bridge> [ddnet] I mean, im sure the tokio devs care 13:13 <+bridge> [ddnet] But i guess its more "general optimization" than a specific usecase one 13:13 <+bridge> [ddnet] Yeah, but they can only optimize for the generic case, it's hard to do general optimizations for a specific usecase 13:13 <+bridge> [ddnet] Yea 13:14 <+bridge> [ddnet] Especially when it can be insanely architecture dependent. Like the fact that on some architectures some cores have more FPUs and some cores share some amount of cache 13:14 <+bridge> [ddnet] If you use a modern linux, for example there is tokio-uring 13:16 <+bridge> [ddnet] ye 14:38 <+bridge> [ddnet] @Learath2 there is also this 14:38 <+bridge> [ddnet] https://docs.rs/tokio/latest/tokio/task/index.html#unconstrained 14:38 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/1018863287464636437/unknown.png 16:03 <+bridge> [ddnet] @deen could you try https://github.com/ddnet/ddnet/pull/5599#issuecomment-1242691646 again? 🙂 16:18 <+bridge> [ddnet] blurb 17:26 <+bridge> [ddnet] done 18:03 <+bridge> [ddnet] https://aeon.co/essays/ten-questions-about-the-hard-limits-of-human-intelligence 18:03 <+bridge> [ddnet] https://www.sdfo.org/gj/stories/flowersforalgernon.pdf 18:03 <+bridge> [ddnet] good reads 21:29 <+bridge> [ddnet] @noby found smth better than your obfuscation 21:29 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/1018966710818193468/unknown.png 21:30 <+bridge> [ddnet] left-to-right arabic smh xd 21:31 <+bridge> [ddnet] pmcrts 21:49 <+ChillerDragon> xd 22:30 <+bridge> [ddnet] when arabic binary 22:32 <+bridge> [ddnet] I need help with this 22:32 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/1018982367710433360/WeChat_Image_20220912223019.jpg 22:34 <+bridge> [ddnet] read pinned message in #bugs 22:55 <+bridge> [ddnet] 3D Tee Clones still long way to go. I just thought it was cool (in active development with godot) 22:55 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/1018988220836483153/2022-09-12_23-47-53.m4v 22:59 <+bridge> [ddnet] 3D Tee Clones still long way to go. I just thought it was cool (in active development with godot) 22:59 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/1018989274500190288/new2discTeeClone.mp4 23:00 <+bridge> [ddnet] Easter Egg Guess the map ;D 23:01 <+bridge> [ddnet] godot dev pog 23:01 <+bridge> [ddnet] do you use premade assets (classes and such) to make the movement like this? 23:02 <+bridge> [ddnet] Nope xD 23:02 <+bridge> [ddnet] all manual, damn 23:02 <+bridge> [ddnet] anywhere to see the code if you allow? 23:03 <+bridge> [ddnet] sure lemme upload it to github in 10-15mins 23:13 <+bridge> [ddnet] here you go! https://github.com/osnesone/TeeClones 23:13 <+bridge> [ddnet] I tried to do something similar, but it turned out that the control of the camera in 3d is too complicated to do basic movements like hammer hit or drag 23:13 <+bridge> [ddnet] I'll clean up the code tommor 23:17 <+bridge> [ddnet] Yes I remember you. It was pretty cool ngl but I am going in another direction. Not so much ddnet/ddrace style as fng/ctf style