00:06 < bridge> @learath2 sorry 00:06 < bridge> https://www.reddit.com/r/linux/comments/1lvlxy9/systemd_has_been_a_complete_utter_unmitigated/ 06:10 < WHO> where can I write to the moderators so that they ban people on the server? 06:21 < bridge> #✉-create-a-ticket 06:34 < bridge> Oh, I don't think IRC can interact with it 06:34 < bridge> ChillerDragon: can you check if IRC/matrix can interact with anything in #✉-create-a-ticket for me please 07:13 < bridge> anyone has experience running perf inside docker 07:47 < bridge> ~~time to move to a web based report app~~ 08:37 < bridge> @blaiszephyr: we only have developer on irc and a few other channels on matrix 08:41 < bridge> No town hall, no tickets and no map testing 08:43 < bridge> No equal representation 09:15 < bridge> gumo 09:24 < bridge> do namespaces get a letter like classes as well? Like `N` 09:25 < bridge> seems like a no, comparing to other namespaces 09:32 < bridge> i cant think of a single namespace in ddnet 09:32 < bridge> that stuff organically sorts itself out 11:07 < bridge> does anyone know how t oconfigure the terminal used 11:07 < bridge> when for example i click on a text file on firefox 11:08 < bridge> it opens xterm with its horrible visuals 11:08 < bridge> i want alacritty 11:14 < bridge> Only on kde xd 11:14 < bridge> Ask your llm of choice 11:16 < bridge> uninstalling xterm is also an option xd 11:16 < bridge> I’m the proud creator of the only namespace in ddnet, `protocol7` 11:17 < bridge> then it has no choice 11:17 < bridge> did u make the translation layer? 11:18 < bridge> i just wonder who and why 11:18 < bridge> Seems some programs respect the `TERMINAL` environment var 11:19 < bridge> Technically timakro made the initial version of it. Then I made an ugly-ish generated protocol thing so we didn’t have to translate every netmsg and netobj by hand 12:04 < bridge> awesome 12:41 < ws-client> who even needs ``sv_hide_score`` ? It still exposes the score to the master server anyways 12:46 < bridge> It's just the chat announcement anyway iirc? 12:46 < bridge> 12:46 < bridge> To prevent spam I guess 12:46 < bridge> did u know to run perf inside docker 12:46 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1392819337173139596/wcu2j70vfdi81.png?ex=6870eb97&is=686f9a17&hm=3df3a667cb0535a3aca2c787fbf2268aa528103ecabce2b11560f320e83c2a6a& 12:46 < bridge> u need to build perf in it cuz custom kernel shenanigans 12:47 < bridge> any dev available? 12:47 < bridge> i have a problem 12:47 < bridge> i need help 12:49 < bridge> @ryozuki can you help me? 12:52 < bridge> bruh 12:52 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1392820890328367126/image.png?ex=6870ed09&is=686f9b89&hm=3a7059db9eafa44e1b78de3c2742bb0fb865292d9200249582f3af5a614e32c4& 12:53 < bridge> oh sry 13:20 < bridge> dont ask 13:20 < bridge> show ur problem 13:20 < bridge> if someone wants to answer will do 13:20 < bridge> if someone wants to answer they will do 13:20 < bridge> https://dontasktoask.com/ 13:21 < bridge> https://nohello.net/en/ 13:30 < bridge> why does the real hookline not go thru tele 13:30 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1392830249972269076/real_hookline.mp4?ex=6870f5c1&is=686fa441&hm=d2ccbaddf840509f4fee543cb1b1d395c9d10d06aff4c45a44187b2e410d3858& 13:30 < bridge> why does the real hookline not start at tele 13:30 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1392830249972269076/real_hookline.mp4?ex=6870f5c1&is=686fa441&hm=d2ccbaddf840509f4fee543cb1b1d395c9d10d06aff4c45a44187b2e410d3858& 13:30 < bridge> ddnet code :tear: 14:02 < bridge> Keith is beatiful, like my C++ code ❤️ 15:08 < bridge> No it affects scoreboard and iirc there were complaints about competitive players or some shit xd 15:09 < bridge> It’s not like official servers use the setting anyways. No I doubt any custom servers use it either. 15:09 < bridge> It’s not like official servers use the setting anyways. And I doubt any custom servers use it either. 17:05 < bridge> I am currently trying to integrate render layers into the editor :3 I guess the textures are wrong, but this looks already promising. But man is the code ugly 17:05 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1392884431848603738/screenshot_2025-07-10_17-04-19.png?ex=68712837&is=686fd6b7&hm=9b8bb36adb1cb0aa451932235df9881ef04efd0ebef136b98e1f0390afaeb222& 17:33 < bridge> It's truly fascinating how complex the initial boot of a modern processor is. Stuff like BootGuard that is mostly completely undocumented makes it very hard to actually research 17:37 < bridge> @learath2: security by obscurity? Guarding us from ppl hacking the cpu? Xd 17:44 < bridge> ```rust 17:44 < bridge> pub fn measure_time() -> (u32, u64) { 17:44 < bridge> let edx: u32; 17:44 < bridge> let eax: u32; 17:44 < bridge> let ecx: u32; 17:44 < bridge> 17:44 < bridge> unsafe { 17:44 < bridge> asm!( 17:45 < bridge> "mfence", 17:45 < bridge> "rdtscp", 17:45 < bridge> "lfence", 17:45 < bridge> out("edx") edx, 17:45 < bridge> out("eax") eax, 17:45 < bridge> out("ecx") ecx, 17:45 < bridge> ); 17:45 < bridge> } 17:45 < bridge> 17:45 < bridge> (ecx, (edx as u64) << 32 | (eax as u64)) 17:45 < bridge> } 17:45 < bridge> ``` 17:45 < bridge> asm ftw 17:56 < bridge> security by obfuscation is a classic in corporate world, but it never works and they never realize that... 18:05 < bridge> This is currently my mental model of it, this is just for an Intel processor 18:05 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1392899548426539018/image.png?ex=6871364b&is=686fe4cb&hm=13ff62fb975306f07711812542bf240f5dd0a6acd4bee66a4608609ce0a0ccfa& 18:05 < bridge> excalidraw enjoyer 18:08 < bridge> I'm writing a small summary paper on the blue part to the right. I was curious about the "Core Root of Trust for Measurement". Turns out it is fairly complicated. But if your cpu has support for it the CRTM is extended all the way to the start of the boot. If not it's actually the OEM UEFI firmware, so lots of random vendors writing code for what could be the true root of trust 18:09 < bridge> I love your funny words magic man 18:09 < bridge> It works if you're intel and hire Christopher Domas to prevent him from leaking your secrets. 18:09 < bridge> I learned quite a lot about TPMs and stuff, it's actually quite interesting, the attack surface seems huge, especially in that blue part 18:11 < bridge> Notice the black arrow from SEC to PEI? A lot of vendors early on apparently did not quite understand that it's only safe if the entire PEI fits into the IBB. Some vendors had the part that loads and verifies the DXE outside, allowing unsigned code execution breaking the chain of trust 18:13 < bridge> and all of this happens before the part I'm actually interested in. I wanted to explore Secure Boot originally, but was curious how the chain even got to Secure Boot 18:15 < bridge> Also lots of keys all over the place, one leak and all of this chain goes to trash because there is no revoking these keys burnt into the silicone 18:15 < bridge> too many 3 letter acronyms 18:16 < bridge> eh, it's only for me anyway, just using it as a tool to help me think 18:19 < bridge> Is that so? I would expect they can be updated with the same process as micro code updates 18:20 < bridge> interesting 18:21 < bridge> The two red boxes have keys burnt directly in the silicone they use for verification. There is no changing those. The OEM IBB key is in a field programmable fuse, once burnt there is no revoking it 18:22 < bridge> There is no real way to recover from those 3 getting leaked as far as I understand (though this is all documented horribly, very hard to know for sure) 18:22 < bridge> The two red boxes have keys burnt directly in the silicone they use for verification. There is no changing those. The OEM IBB key is in a field programmable fuse, once burnt there is no changing it 18:24 < bridge> Do you need all the keys to circumvent the chain of trust or just 1? 18:25 < bridge> @milkeeycat https://flix.dev/ 18:30 < bridge> Just a single one is enough to run any code, but the intel keys are required if you want to dodge remote attestation 18:31 < bridge> Because if you get the oem key that allows you to run any code and lie to the OS, so the computer is fully compromised, but a remote attester can still query the real boot chain hashes recorded by the TPM (the ACM handles this, so to stop it you'd need one of the red intel keys) 18:33 < bridge> (the CSME (or with its old name Intel Management Engine) has direct access to the network, so a remote attester will interact directly with it, so it's not influenced by anything that happens outside) 18:34 < bridge> I still think they should just document this all properly, like I understand the security concern but when has security by obsecurity really worked? 18:36 < bridge> I still think they should just document this all properly, like I understand the security concern but when has security by obscurity really worked? 18:36 < bridge> Do they gain anything by documentating it publicy? Im sure its well documented for the people who need to know about it 18:36 < bridge> The more people that see it the more likely people are to spot an issue 18:37 < bridge> Even the OEM vendors with all their access were initially very confused on how to properly secure this, resulting in very real exploits 18:37 < bridge> Idk 18:38 < bridge> Maybe its a liability thing somehow? 18:40 < bridge> If I had to guess they have deployed this far and wide and now if there is any issue with it there is no real way to fix it 18:41 < bridge> Yeah thats what I was thinking about 18:43 < bridge> At the same time I think security by obscurity gets an upper hand when you control the hardware. The last generation of xbox consoles is still unhacked, theres still no cheaters in those games. 18:45 < bridge> Their security model gaurds against even you soldering wires to the pins on the pcb 18:45 < bridge> when finish your language? :santatrollet: 18:46 < bridge> Huh, how did they do that? 18:47 < bridge> There's a conference talk about it where they mentioned that briefly. If you search for xbox security talks you might find it, let me try 18:48 < bridge> Nvm its the whole talk 18:48 < bridge> https://youtu.be/U7VwtOrwceo 18:52 < bridge> (apparently they did fix this issue in newer intel processors, you can apparently put the processor in a special execution mode and verify any executable before jumping to it (Intel TXT)) 18:52 < bridge> Looks like a fun watch, I'll have some food and watch this 19:17 < bridge> LOL, trust nothing but a special SoC. Yeah I guess that's that for any attack except keys being leaked 19:18 < bridge> Time to invest in an electron microscope to try extract the key 19:40 < bridge> @learath2: you went full hobby state hacker or what? 19:41 < bridge> I wanted to apply for a masters program but they want an academic writing sample. I don't have any, so I decided I might aswell write something about secureboot. 19:42 < bridge> A so more semi professional 19:42 < bridge> doing masters? Xd 19:42 < bridge> Aren’t you in uni since 0.4 release? 19:53 < bridge> Seems no one wants me at their company. Might aswell study a bit more 19:54 < bridge> At least that's my thinking 19:55 < bridge> You not finding a job is crazy 19:55 < bridge> I'm not AI friendly, AI decides who gets a job nowadays 19:56 < bridge> Just prompt inject your CV ez 19:57 < bridge> Also it’s still networking 19:57 < bridge> xd 19:57 < bridge> You gotta know someone. I get a shit load of job offers and I don’t even have linked in 19:57 < bridge> Also depends on how picky you are 19:58 < bridge> I'm not very picky except for the fact that I'd rather not be a webdev 19:58 < bridge> Xd 19:59 < bridge> I'll study a bit more, then AI will completely replace all computer people, then I'll have to do retail 20:01 < bridge> chillerdragon: #10489 are you satisfied with the answers Robyt3 gave to your review comments 20:01 < bridge> https://github.com/ddnet/ddnet/pull/10489 20:13 < bridge> I've decided they are satisfying 20:15 < bridge> To my comments yes. But I didn’t do a full review yet. If you merge this you can not hold me accountable!!! 20:19 < bridge> @learath2: how about you review some 2 week old pr without comments :p 20:19 < bridge> I have a headache from reading too much about proprietary secure boot mess 20:20 < bridge> and I'm really not in the mood 20:20 < bridge> When give llama maintainer? 20:21 < bridge> Time to replace ddnet staff with AI 20:22 < bridge> chiller are u still 0.7 supremacist 20:23 < bridge> https://cdn.discordapp.com/attachments/293493549758939136/1392934290911662090/IMG_8459.jpg?ex=687156a6&is=68700526&hm=b7bb1c2a1825cd80a90aceabbffb97925ab584498832e0db900eb9dfb5795bf1& 20:23 < bridge> ⬛ 20:30 < bridge> it's his middle name 20:30 < bridge> Chiller 0.7supremacist Dragon 20:32 < bridge> why would csme need network access? 20:32 < bridge> silly question but i have to ask it anyway 20:33 < bridge> So you can attest it remotely 😄 20:34 < bridge> e.g. you are at a datacenter, you boot up your server, the central server can then query the CSME to get the hashes measured by the TPM to make sure everything in the boot chain is things you expect 20:35 < bridge> (if there were anything between the network and the CSME, the thing could intercept the packets and give you fake values) 20:38 < bridge> fancy 20:38 < bridge> if i marry chiller do i get his middle name then 20:38 < bridge> i love 0.7 20:39 < bridge> well at least the protocol 20:39 < bridge> No, you get his surname, you'll be Koll Dragon 20:39 < bridge> well 20:39 < bridge> still nice 21:33 < bridge> what's csme ? 21:34 < bridge> It's kinda the new name for the thing that contains the management engine 21:47 < bridge> proposed ddnet acc system allows for external servers to authenticate users right? 22:15 < bridge> yes, but iirc avo didn't like how it was designed at all 22:51 < bridge> wooo 22:52 < bridge> my first pr 23:03 < bridge> 🎉