00:12 < bridge> xoshiro/pcg seem so much better 00:13 < bridge> ah, and mersenne twister also generates bad random numbers, apparently 00:16 < bridge> > One likely reason for adopting such a system is that ISPs in China often implement DNS hijacking to insert ads and redirect web traffic to perform ad fraud. The problem was so serious that six Chinese internet giants issued a joint statement in 2015 urging ISPs to improve. According to the news article, about 1–2% of traffic to Meituan (an online shopping site) suffers from DNS hijacking. Ad fraud by Chinese ISPs seems to remain a widespre 00:16 < bridge> https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/ 00:21 < bridge> Xoshiro256StarStar is the best 00:22 < bridge> Bcs of the name 00:25 < bridge> ///this/// 00:25 < bridge> //this// 00:25 < bridge> //this 00:38 < bridge> xoshiro is newer than mt19937 00:39 < bridge> Hm, I don't remember but are older xorshift generators strictly better than mersenne twister? The earliest xorshift ones do predate the standard random header but idk if modern "good" ones are old enough 00:43 < bridge> every rng implementation has to just pick one of the algorithms on the pareto front, but there's not many people online who will tell you what those are. 00:43 < bridge> > David Blackman and Sebastiano Vigna. Scrambled linear pseudorandom number generators. ACM Trans. Math. Softw., 47:1−32, 2021. 00:43 < bridge> This is the paper that `xoshiro256++/xoshiro256**` seems to be first referenced in 00:44 < bridge> Actually the initial revision of its is from 2018, but still not quite old enough to be in C++11 00:47 < bridge> Though it seems the idea of scrambling the output of a xorshift generator has existed since 2005, so idk maybe they were around and just no one bothered 00:47 < bridge> it looks like there's many generations of xorshiro algorithms 00:48 < bridge> xoshiro, xoroshiro, xoroshiro+, xoroshiro star 00:50 < bridge> `XOr` `ROtate` `SHift`and iirc the `+` `++` `*` `**` signify the output scramblers 00:50 < bridge> `+` and `++` have less random lower bits, `**` has better randomness but is trivially reversible 00:55 < bridge> lol the PCG people and the xorshift people have drama 00:55 < bridge> 00:55 < bridge> 01:10 < bridge> they argue a lot it seems 01:10 < bridge> but the difference is probably marginal unless you have very specific criteria 01:13 < bridge> I think it's pretty safe to assume the cpp rand() is literally never a good choice 01:13 < bridge> I think it's pretty safe to assume the cpp std::rand() is literally never a good choice 01:20 < bridge> 01:26 < bridge> it's impressive how little consensus there is 01:28 < bridge> everyone runs their own separate and unique prng test suites that do not agree with each other, idk why there isn't just some standard authority that lets you submit your generator and it runs against every benchmark conceivable. 01:31 < bridge> I would say it's completely reasonable that cpp standard chose mt19937 in 2011 it would have been extremely unclear that pcg or xorshiro were better at that time 01:32 < bridge> some people are still claiming that the default xorshiro in V8 is bad 03:39 < bridge> :suizid: use nix they said 03:39 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1296286457551519875/image.png?ex=6711bc57&is=67106ad7&hm=1126f0c420793b1f48c20eea4fe462490fccdabf162bc4215eefa2dc7c47eea8& 08:42 < bridge> https://mobeigi.com/blog/gaming/how-we-outsmarted-csgo-cheaters-with-identitylogger/ 08:59 < bridge> seems a little naive compared to how complex this game is now. 09:01 < bridge> Probably the only reason it was undetected is because the cheat authors made their cheats to evade official VAC servers. Had they ever tested on this community server they might have figured it out instantly. Of course the script kiddies wouldn't figure it out themselves. 10:26 < bridge> So wait, can you link Git for *current* working version of a vanilla server? 10:35 < ws-client1> @pathos3005 https://github.com/ddnet-insta/ddnet-insta 10:35 < ws-client1> ``sv_gametype ctf`` 11:07 < bridge> ’’’k’’’ 11:08 < bridge> ´´´ 11:08 < bridge> 11:08 < bridge> E´´´ 11:08 < bridge> ´´´ 11:08 < bridge> 11:08 < bridge> E 11:08 < bridge> ´´´ 11:08 < bridge> 11:09 < bridge> E 11:09 < bridge> ´´´ 11:09 < bridge> ´´´ doesnt work ´´´ 11:21 < bridge> \`\`\` 11:21 < bridge> code 11:21 < bridge> \`\`\` 11:21 < bridge> @baslcaly 11:21 < bridge> ``` 11:21 < bridge> code 11:21 < bridge> ``` 11:22 < bridge> ok 11:22 < bridge> gradle 11:22 < bridge> sucks 11:28 < bridge> hello chillerdragon 11:44 < bridge> hello chillerdragon 11:46 < bridge> https://daniel.haxx.se/blog/2024/10/17/undefinedbehaviorsanitizers-unexpected-behavior/ 12:55 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1296426330769854536/image.png?ex=67123e9b&is=6710ed1b&hm=d861b5f8c044e21db6a998ca4726c112b9653ed6dddb95b6bac173c821c2377e& 12:55 < bridge> I think we might be better off purchasing @patiga's map recognition bot, it seems to have more traction than accounts 12:56 < bridge> (the accounts post is 3 months old, the map recognition one 8 days) 13:12 < bridge> Patiga ftw! 13:12 < bridge> Patiga for DDNet president 13:39 < bridge> @learath2 checkout this new useless proc macro 😏 13:39 < bridge> ```rust 13:39 < bridge> fn main() -> u8 { 13:39 < bridge> let a: u8 = rev_bin_ops!(10 / 20); 13:39 < bridge> 13:39 < bridge> printf("%d\n", a); 13:39 < bridge> 13:40 < bridge> return 0; 13:40 < bridge> } 13:40 < bridge> ``` 13:40 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1296437526021800006/image.png?ex=67124908&is=6710f788&hm=5d02f59d7b362604b1dc855fb1359ffad0b4c9a2eb6b75de96de340a4d071991& 13:46 < bridge> bot msgs count too tho 😄 13:51 < bridge> Show macro code 13:52 < bridge> ```C 13:52 < bridge> Slice RevBinOps(Slice slice) { 13:52 < bridge> TokenTree *tokenTree = slice.ptr; 13:52 < bridge> 13:52 < bridge> TokenTree tmp = tokenTree[0]; 13:52 < bridge> tokenTree[0] = tokenTree[2]; 13:52 < bridge> tokenTree[2] = tmp; 13:52 < bridge> 13:52 < bridge> return slice; 13:52 < bridge> } 13:52 < bridge> ``` :justatest: 13:52 < bridge> Cool 13:52 < bridge> is that in the target language? 13:53 < bridge> it's in C 13:53 < bridge> my language doesn't have unions yet 13:53 < bridge> Proc macros in C is something I never even thought I'd see 13:53 < bridge> why not rust? ^^ 13:53 < bridge> it's possible to do in rust as well xd 13:53 < bridge> ah, did you also write your lang in C? then it makes sense 13:54 < bridge> my language is in rust :lol: 13:54 < bridge> hmmmmmm 13:54 < bridge> He could not say no to the allure of the supreme language C 13:54 < bridge> So when ddnet cookie support 😄 13:55 < bridge> never, we're still hoping for the accounts support 13:55 < bridge> hwid, cookies, tracking pixel... we need all of it 13:55 < bridge> pls no 13:56 < bridge> The good part, why this CS thingy worked out so well... its not open source, so people cant run their own clients 😄 13:57 < bridge> ```rs 13:57 < bridge> #[no_mangle] 13:57 < bridge> pub extern "C" fn RevBinOps(slice: Slice) -> Slice { 13:57 < bridge> unsafe { 13:57 < bridge> mem::swap(&mut *slice.ptr.offset(0), &mut slice.ptr.offset(2); 13:57 < bridge> } 13:57 < bridge> slice 13:57 < bridge> } 13:57 < bridge> ``` 13:57 < bridge> But I really enjoyed reading it, thanks heinrich 13:57 < bridge> On a more serious note. How do you feel about hwid? I think it might work against people that block or spam. But I'm worried it'd push those people into the world of cheat clients that spoof hwid 13:58 < bridge> Is `no_mangle` required if there's `extern "C"` ? 0_o 13:58 < bridge> I'd prefer to not send more personal data. what good is it that cannot be captured by a randomly generated private key? 13:59 < bridge> I *think* so 13:59 < bridge> Well it'd technically not be very personal, it'd involve a hash 13:59 < bridge> then what good is it beyond a randomly generated private key? 14:00 < bridge> The randomly generated private key we'd probably have a button to refresh. Making that button the "unban" button 14:00 < bridge> Or just create a new account 😄 14:00 < bridge> A hwid is annoying to spoof or change 14:00 < bridge> Depends, how will you verify the HWID? 14:00 < bridge> ok, so let's add a randomly generated thing that doesn't have a button 14:01 < bridge> but that's still meh 14:01 < bridge> We'd store it in config. You can change it 14:01 < bridge> we can store it anywhere ^^ 14:01 < bridge> Heinrich is getting evil now 😄 14:01 < bridge> not more evil than using hardware data 14:03 < bridge> you could e.g. store it in the registry 14:04 < bridge> what is wrong with that anyway, the serial number of the harddrives and a mac address hashed together is hardly identifying 14:05 < bridge> it needs to have an upside to be considered, I think 14:05 < bridge> it's derived from the serial number of the hard drive and a mac address, e.g. so you could verify that someone is playing from a certain computer if you knew those two pieces of data 14:13 < bridge> A hidden random private key also provides this info no? 14:13 < bridge> not across programs 16:23 < bridge> Is it possible to call `free` on pointer which was gotten after leaking a vector? 16:39 < bridge> Wym 16:40 < bridge> ```rust 16:40 < bridge> fn main() { 16:40 < bridge> let foo: Vec = Vec::new(); 16:40 < bridge> let r = foo.leak(); 16:40 < bridge> let ptr = r.as_ptr(); // Will it segfault if I call `free` on this ptr? 16:40 < bridge> } 16:40 < bridge> ``` 16:41 < bridge> and now it's possible to return multiple statements from "proc macro" :greenthing: 16:47 < bridge> you're not allowed to call `free` on this pointer, no 16:48 < bridge> heinrich, i need you for a rust bootcamp 16:50 < bridge> it'll probably not segfault if you're talking about x86_64 linux with a current rust compiler 16:50 < bridge> what's the question? 🙂 16:50 < bridge> i found a bug which was causing segfault xd 16:51 < bridge> i was freeing it when pointer was null :pepeW: 16:51 < bridge> `free(nullptr)` is safe 16:51 < bridge> it's a noop 16:51 < bridge> that will never crash. your crash is elsewhere 16:52 < bridge> oh ye, I also moved a few lines around 16:52 < bridge> and I don't even need an if statements 16:52 < bridge> cool 16:52 < bridge> and I don't even need an if statement 16:54 < bridge> you can create a `Box<[u8]>` and leak that 16:54 < bridge> you can then later free it by re-assembling the `Box<[u8]>` 16:54 < bridge> I free it from C side 17:10 < bridge> @0xdeen i vaguely remember you were into Lisp? 17:10 < bridge> https://gitlab.com/lockie/cl-fast-ecs/-/wikis/tutorial-1 17:20 < bridge> TIL about functors in ocaml https://ocaml.org/docs/functors 17:20 < bridge> they are functions that instead of values, take entire ocaml modules 17:20 < bridge> and return another module 17:23 < bridge> nothing specific, i need a full introduction 17:26 < bridge> We getting category-theoretical in here?! 18:57 < bridge> <0xdeen> Haskell 19:39 < bridge> @ryozuki https://blog.rust-lang.org/2024/10/17/Rust-1.82.0.html 19:39 < bridge> 19:39 < bridge> update 19:39 < bridge> to the best stable Rust yet 19:44 < bridge> `error: component download failed for rust-std-x86_64-linux-android` 19:44 < bridge> here we go again xd 21:26 < bridge> Does anyone have ideas for enums syntax which doesn't require pattern matching? :feelsbadman: 21:31 < bridge> How complex should your enums be? 21:31 < bridge> simple ints? 21:31 < bridge> i want something like C unions but with a tag 21:34 < bridge> did you see my proc macros btw? 😏 21:34 < bridge> I've seen that you planned them, but never in action 21:35 < bridge> @jupeyy_keks 21:36 < bridge> 1337 21:36 < bridge> next step derive macros, which are basically just proc macros 21:37 < bridge> next step is tagged unions 😬 21:37 < bridge> and then... imports :pepeW: 21:57 < bridge> `thiserror` crate is goated