00:09 <+bridge> not sure, seems like someone is running a weird bot 07:57 <+bridge> someone doing automated tests on gentoo guru found this 07:57 <+bridge> https://bugs.gentoo.org/888875 07:57 <+bridge> idk how much of a problem it is 07:57 <+bridge> but i think its an issue with cmake itself not the ebuild 07:58 <+bridge> `Bug 888875 - [guru] games-action/ddnet-16.6 overwrites CFLAGS/CXXFLAGS or adds uncommon ones ` 07:58 <+bridge> here is the ebuild if ur curious https://gitweb.gentoo.org/repo/proj/guru.git/tree/games-action/ddnet/ddnet-16.6.ebuild 07:59 <+bridge> their build log https://888875.bugs.gentoo.org/attachment.cgi?id=845660 07:59 <+bridge> ``` 07:59 <+bridge> * Tinderbox QA Notice: This package seems to overwrite CFLAGS/CXXFLAGS or add uncommon ones: 07:59 <+bridge> * The following flags (probably added by the build system) should be stripped out 08:00 <+bridge> * 08:00 <+bridge> * 1) -D_FORTIFY_SOURCE=2 08:00 <+bridge> * 2) -fstack-protector-all 08:00 <+bridge> * 08:00 <+bridge> * Final size of build directory: 175416 KiB (171.3 MiB) 08:00 <+bridge> * Final size of installed tree: 66044 KiB ( 64.4 MiB) 08:00 <+bridge> ``` 08:01 <+bridge> @heinrich5991 what do u think? 09:53 <+bridge> Yes, we do that, for security 09:53 <+bridge> I didn't know it's bad style to add security related flags 09:54 <+bridge> It's a bit like complaining our source code has runtime check for array out of bounds access because they are too expensive 10:16 <+bridge> I think the gentoo stance is to make all security flags optional if they impact perf 10:31 <+bridge> they are probable controlled by portage 10:31 <+bridge> probably 10:31 <+bridge> its more that the package forces this and the user cant choose with their portage flags or smth 10:36 <+bridge> this is a QA by a random user btw 10:37 <+bridge> i did run pkgcheck on the ebuild when making it and it didnt throw any warnings 11:00 <+bridge> Who does out of bounds check? Ubsan? Where is that active? 11:00 <+bridge> (@deen) 11:01 <+bridge> Oh wait or do you mean actual handwritten code that checks stuff like if (ClientID \> MAX\_CLIENTS) return 11:04 <+bridge> ye 14:39 <+bridge> Alright, added an option for them @Ryozuki ^ 14:59 <+bridge> tyty 14:59 <+bridge> not just any random user, its a gentoo dev lol 16:32 <+bridge> https://blog.cloudflare.com/opaque-oblivious-passwords/ 16:35 <+bridge> I thought there were such protocols before OPAQUE 16:46 <+bridge> Kerberos, ms chap? 16:50 <+bridge> ad 16:53 <+bridge> Tl;dr whats the alternative ? 16:54 <+bridge> https://github.com/jbangert/trapcc 16:54 <+bridge> lol 16:54 <+bridge> its zero proof password auth iirc 16:54 <+bridge> you can prove that you have the password without sending it to the server 16:54 <+bridge> u send a proof u know the password 16:54 <+bridge> so the password is never sent 16:55 <+bridge> Ok but u still save ur pw in a key manager which u host online in case ur house burns. Does it solve this too 16:55 <+bridge> dont host it online 16:55 <+bridge> just replicate it 3 times locally 16:55 <+bridge> invent a fire proof usb 16:55 <+bridge> kek 16:55 <+bridge> Well when you host it online you usually host it completely encrypted 16:56 <+bridge> So your plaintext pw never makes it anywhere of your computer, theoretically 16:57 <+bridge> Yes. So the blog is about the pw being plain text on the server? 16:57 <+bridge> http://mainisusuallyafunction.blogspot.com/2014/02/x86-is-turing-complete-with-no-registers.html 16:58 <+bridge> I didn't read the entire thing yet, but yes, that's the idea 16:58 <+bridge> yes, basically about preventing that 16:59 <+bridge> I see thanks for saving me time xd 17:00 <+bridge> so u dont read everything i post 17:00 <+bridge> noted 17:00 <+bridge> :feelsbadman: 17:01 <+bridge> @Learath2 @Jupeyy_Keks https://startafuckingblog.com/ 17:01 <+bridge> :justatest: 17:02 <+bridge> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027108 17:02 <+bridge> its happening 17:03 <+bridge> (removing python 2 from debian) 17:03 <+bridge> ddnet-scripts needs fixing 17:03 <+bridge> it uses python2 xD 17:03 <+bridge> Rip python2, you won't be missed 17:03 <+bridge> I tried updating it once 17:04 <+bridge> not sure what problems I encountered 17:04 <+bridge> Veery big problem with ddnet-scripts is the disk caches we use 17:05 <+bridge> The upgrade needs to be instant and recalculate everything from scratch. Python3 version of diskcache chokes hard on the python2 saved caches 17:05 <+bridge> @Jupeyy_Keks hm, do we really want to have translations for the 50 or so error messages for graphics? 😄 17:05 <+bridge> How about we use materialized views for the entire website and cache nothing? I might be motivated to do that 17:06 <+bridge> what does "materialized views" mean? 17:06 <+bridge> Now this is a group of words idk. Materialized views? 17:06 <+bridge> Ah sql ones 17:06 <+bridge> Yeah, I had something similar in mind 17:06 <+bridge> Yes, SQL, a view stores the query to access a table, then you can easily select from it and the more complex query is executed 17:07 <+bridge> A materialized view doesn'T just store the query but also the result, so you can actually get it faster 17:07 <+bridge> fokkonaut 17:07 <+bridge> fokkonaut you nice server 17:07 <+bridge> is that always up-to-date? or can you tell it to lag behind to save processing? 17:07 <+bridge> Roolpo on me 17:07 <+bridge> is that always up-to-date? or can you tell it to lag behind to save processing time? 17:07 <+bridge> 😄 17:07 <+bridge> 🙂 17:07 <+bridge> @HahahoupasGR use DMs 17:07 <+bridge> It lags behind in the current implementation in all common databases (mysql, postgres) 17:07 <+bridge> nice 17:08 <+bridge> oh thats nice 17:08 <+bridge> There is work in postgres to auto-update it 17:08 <+bridge> I like that 17:08 <+bridge> so this is like a on-db cache? 17:08 <+bridge> sounds like a good use case for a db ^^ 17:08 <+bridge> ^ ^ 17:08 <+bridge> a 17:08 <+bridge> stop spamming 17:08 <+bridge> 🙂 17:08 <+bridge> ur annoying 17:08 <+bridge> ❤️ 17:08 <+bridge> And I'm going to start working on a product that does these materialized views for an existing database: https://materialize.com/ 17:08 <+bridge> So I might start implementing something, it would be a postgres backend though 17:09 <+bridge> postgres best 17:09 <+bridge> (auto-updating instantly) 17:09 <+bridge> as long as what we use is open source 17:09 <+bridge> i dont mmind 17:09 <+bridge> I never checked how these work. When does it get updated? 17:09 <+bridge> Manually? 17:09 <+bridge> Yes, you run a `refresh` command 17:09 <+bridge> And does refresh lock? 17:09 <+bridge> then it drops everything and the DB lags for 10 minutes? 17:10 <+bridge> https://github.com/sraoss/pg_ivm is the repo for the in-progress work for incremental mat views 17:10 <+bridge> ohh incremental too 17:10 <+bridge> I dunno. Better than answering the question in question every time 17:10 <+bridge> Oh and yes that, is refresh incremental currently? 17:10 <+bridge> It shouldn't when you use `concurrently`: https://www.postgresql.org/docs/current/sql-refreshmaterializedview.html 17:11 <+bridge> Right now every refresh in mysql/postres is a full recalculation, thus expensive 17:12 <+bridge> I can imagine that being a pretty hard problem to solve for dbms ppl 17:12 <+bridge> Yes, that's the hope with Materialize, that it's too complex and better solved in an on-top-solution where your changes are streamed (via Change Data Capture) 17:13 <+bridge> This blog post on the topic is a nice motivation: https://lironshapira.medium.com/data-denormalization-is-broken-7b697352f405 17:14 <+bridge> medium meh 17:14 <+bridge> it always looks so uggly 17:16 <+bridge> But when we get the error message in Russian it will be harder for us to understand 😄 Can the user do anything with `Submitting to graphics queue failed.` or `No vulkan queue family properties found.`? 17:17 <+bridge> The ones with an action like `Failed during initialization. Try to change gfx_backend to OpenGL or Vulkan from settings_ddnet.cfg in the config directory and try again.` seem helpful 17:18 <+bridge> Mh hard part is just to distinguish between both 17:18 <+bridge> Then I've to extend the error strings by a is translatable string 17:19 <+bridge> Open am issue and tag me then i do it soon: tm: 17:23 <+bridge> alternatively, include an error code 17:23 <+bridge> rustc does it 17:23 <+bridge> V-0001 17:23 <+bridge> to V-0015 17:27 <+bridge> did you notice it's just a couple of numbers short of 888888? 17:27 <+bridge> newest bug rn is https://bugs.gentoo.org/888885 17:40 <+bridge> true lol 17:46 <+bridge> Yeah could do that too^^ 17:47 <+bridge> Let's create some ddnet issue xdd 17:48 <+bridge> You are too late, some issues are not visible because they might have been deleted or are security relevant 17:48 <+bridge> I've got a sample of a failed map download, anyone interested in debugging this? 17:48 <+bridge> They are higher already @heinrich5991 https://bugs.gentoo.org/888890 17:49 <+bridge> Got full logs? You could put them in an issue 17:50 <+bridge> https://bugs.gentoo.org/888888 ? 17:50 <+bridge> 404 for me 17:50 <+bridge> I just got the map and the temp file, that's it 17:50 <+bridge> Yes, because the issue is deleted or you don't have permissions to see it 17:50 <+bridge> got it 17:50 <+bridge> thanks xd 17:51 <+bridge> They might have a policy where a crash report is always marked as possibly security relevant initially, and only unmarked when a dev took a look 18:13 <+bridge> a 18:13 <+bridge> hey 18:13 <+bridge> hi 18:14 <+bridge> @heinrich5991 this guy has only been spamming now 18:14 <+bridge> maybe do smth 18:14 <+bridge> sry it was my littlbe brother 18:15 <+bridge> I'm gonna remove his disc 😄 18:19 <+bridge> @heinrich5991 Can you ban him, it's ok if not? It's my little brother. He won't let me remove his disc rn. I forgot to uninstall it from his windows partition. I have done so from his linux one. The above messages are the proof you need tbh. 18:21 <+bridge> @heinrich5991 Can you ban him, it's ok if not? It's my little brother. He won't let me remove his disc rn. I forgot to uninstall it from his windows partition. I have done so from his linux one. The above messages are the proof you need tbh (to know his my lil bro). 18:28 <+bridge> i can start spreading misinformation to troll but the situation is already too funny xd 18:29 <+bridge> D: I could take his hardrive or his whole pc but banning him should appear to him as it should. He did smth wrong and was punished for it by a 3rd party. 19:30 <+ChillerDragon> @Mr.Gh0s7 omg is that roolpo? is that ur lil brota? can you please unbind his chat key or teach him some english bruu none of his sentences make any sense 19:31 <+bridge> lol sry. Ok will do. Idk if he knows how to binds keys tho 21:21 <+bridge> Should we update this list of releases: https://github.com/ddnet/ddnet/blob/6d3af742dd1aec107cffcd2fe49d80eaea973e19/other/ddnet.appdata.xml#L40-L83 ? Or should we just get rid of the list so we don't have to maintain it? 22:15 <+bridge> not sure, what is it good for? 22:20 <+bridge> It would show a list of releases with their release dates in package managers that use this type of file 22:21 <+bridge> Not really useful to maintain this separately IMO. We can just link to the downloads page that contains all releases.