09:15 <+bridge> [ddnet] 09:15 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/500567195093303296/unknown.png 09:15 <+bridge> [ddnet] i ahve it 09:15 <+bridge> [ddnet] nobos 09:15 <+bridge> [ddnet] refresh page cahce 09:15 <+bridge> [ddnet] refresh page cache 09:15 <+bridge> [ddnet] i have it 09:16 <+bridge> [ddnet] ye 09:16 <+bridge> [ddnet] 09:16 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/500567530759258113/unknown.png 09:41 <+bridge> [ddnet] doesn't working, but restarting the pages has 0.6.4 dude 09:41 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/500573699859152896/unknown.png 09:51 <+bridge> [ddnet] maybe it's random 10:15 <+bridge> [ddnet] (200iq) how the heck would it be random... also there is some problem with the releasing? im worried a bit 10:24 <+bridge> [ddnet] http://prntscr.com/l5kjrc 10:24 <+bridge> [ddnet] why is that there anyways 10:27 <+bridge> [ddnet] because bam still exists 10:34 <+bridge> [ddnet] i downloaded it and uploaded it to mediafire 10:34 <+bridge> [ddnet] here's the link 10:34 <+bridge> [ddnet] https://bit.ly/18blKjN 10:37 <+bridge> [ddnet] not funny 10:37 <+bridge> [ddnet] bit.ly/18blKjN 10:38 <+bridge> [ddnet] it's all discord fault 10:38 <+bridge> [ddnet] :) 11:16 <+bridge> [ddnet] if its virus, i would pin gladly to jao for banning ya xd 11:16 <+bridge> [ddnet] HMMMM :thonkery: :feelsamazingman: 11:34 <+bridge> [ddnet] does any1 know how to savley use cookies to keep people logged in on a webpage 11:35 <+bridge> [ddnet] i guess simply saving the username and pass in cookies would be pretty insecure 11:52 <+bridge> [ddnet] yes 11:52 <+bridge> [ddnet] what technologies do you use to display the website? 11:52 <+bridge> [ddnet] php? python? which libraries? 11:55 <+breton> ChillerDragon: invent a token 11:57 <+bridge> [ddnet] yes, but probably whatever tech stack he uses already has such a token 11:59 <+breton> ChillerDragon: store uuid4 value as a token in cookies and store user <--> token association in the database 12:01 <+breton> ChillerDragon: another idea: store username and password in cookies, but encrypted with a key stored on the server 12:04 <+bridge> [ddnet] does somebody have small amount of servers? 12:05 <+bridge> [ddnet] and big amount of players 12:17 <+bridge> [ddnet] @heinrich5991 chillerdragon.ddnss.de 12:18 <+bridge> [ddnet] @heinrich5991 http://chillerdragon.ddnss.de/DDNetPP-web/ 12:26 <+bridge> [ddnet] dyndns o: 12:34 <+bridge> [ddnet] ? 12:37 <+breton> Arseniy Zarche: yes, i do 13:48 <+breton> who is axblk on github? 13:48 <+breton> how does https://github.com/axblk/teeworlds/commit/63a2f779112b377ad2ec666aa0db3bb8d92cd1ac help against ddos? 14:00 <+bridge> [ddnet] @heinrich5991 i use php no libraries. 14:00 <+bridge> [ddnet] breton: i also had the idea with encrypting with key on the server.. but 14:00 <+bridge> [ddnet] 1. i dont know how to do that 14:00 <+bridge> [ddnet] 2. secret keys suck because i love to store everything on github and i dont want to hide all the secret stuff becuase i will forget it if i switch server or something 14:00 <+bridge> [ddnet] 3. i wasnt sure if its save an a good way to do.. but since you say its ok i guess its ok 14:00 <+bridge> [ddnet] 14:00 <+bridge> [ddnet] 14:00 <+bridge> [ddnet] Also the token thing was an idea i had but i didn't find any good ressource that explained it how to do it safely. And i have no idea what uuid4 is. I guess just create a random (hopefully unique) string on login and store it in the database with the account and also as cookie clientside. 14:00 <+bridge> [ddnet] 14:00 <+bridge> [ddnet] But when somebody gets that cookie he can login to the account? Isnt that unsave? 14:00 <+bridge> [ddnet] yes, when someon gets the token, they can use the account 14:01 <+bridge> [ddnet] but that's the best you can get 14:01 <+bridge> [ddnet] how hard is it to get cookies as an attacker? 14:01 <+bridge> [ddnet] i guess they are stored in plaintext somewhere on the computer 14:01 <+bridge> [ddnet] yes 14:01 <+bridge> [ddnet] sounds unsafe 14:01 <+bridge> [ddnet] how would you improve on that? ^^ 14:01 <+bridge> [ddnet] idk 14:02 <+bridge> [ddnet] if the attacker has access to the computer, they can obviously copy all authentication data to their own computer and do it from there 14:02 <+bridge> [ddnet] hm ye 14:03 <+bridge> [ddnet] do big companys the same? 14:03 <+bridge> [ddnet] so if i am at a friends computer i can simply grab the token from the browser and sign in to his gmail account? 14:03 <+bridge> [ddnet] ah i guess they also have country and ip checks and so on 14:03 <+bridge> [ddnet] maybe i should implement that aswell 14:04 <+bridge> [ddnet] so cookies are highly sensitive data i guess. 14:06 <+bridge> [ddnet] @ChillerDragon >> base64 :v) 14:09 <+bridge> [ddnet] hm? 14:10 <+bridge> [ddnet] what should i use bas64 for? 14:11 <+bridge> [ddnet] @ChillerDragon run on your linux srv: $(echo "aWQK" | base64 -d) 14:11 <+bridge> [ddnet] i know what base64 is 14:12 <+bridge> [ddnet] well i think i know what it is 14:12 <+bridge> [ddnet] xd 14:12 <+bridge> [ddnet] ye but I was too lazy so I learned some commands in base64 14:12 <+bridge> [ddnet] aWQK is the id command πŸ˜„ 14:12 <+bridge> [ddnet] but why would i need it for 14:12 <+bridge> [ddnet] ye but I was too bored so I learned some commands in base64 14:12 <+bridge> [ddnet] for me it looks like you just base64 the string "aWQK" 14:13 <+bridge> [ddnet] base64 -d 14:13 <+bridge> [ddnet] --decode 14:13 <+bridge> [ddnet] then you exec it: $() 14:50 < ddnet-commits> [ddnet] bors[bot] merged staging into master: https://git.io/fxBF3 14:50 <+bridge> [ddnet] I usually go for storing a token in an encrypted cookie with an expiry date 14:50 <+bridge> [ddnet] If I'm implementing OAuth I go for a refresh token 16:34 <+bridge> [ddnet] What is OAuth? @Learath2 17:58 <+breton> we have a server with infclass. When we launch it, it appears in master servers for some time, then disappears, and to make it appear again (for a few minutes) we have to change the port. Any idea why it could be happening? 18:00 <+bridge> [ddnet] πŸ‘ 18:01 <+bridge> [ddnet] please solve it, we have some work to do and we cant do that until it will be solved 18:03 <+breton> so we are not the only ones having the issue? 18:06 <+bridge> [ddnet] only on infclass server (Oi2 exlusive) 18:06 <+breton> oh ok :3 18:17 <+bridge> [ddnet] Oauth is a standard/framework for authorization 18:36 <+bridge> [ddnet] @ChillerDragon big companies don't do IP address checks, otherwise mobile or roaming between wifi networks would be horrible 18:36 <+bridge> [ddnet] they might do country checks 19:54 <+bridge> [ddnet] ye country/city checks would be better 19:55 <+bridge> [ddnet] but vpns and vacation you know... 19:55 <+bridge> [ddnet] i guess retyping the password would be ok when using a vpn or vacation i dunno 19:56 <+bridge> [ddnet] oh wait i just realized you could use an vpn to bypass the country check ^^ 20:40 <+bridge> [ddnet] 0.7 when? 20:41 <+bridge> [ddnet] 0.6.5 now! 21:10 <+bridge> [ddnet] @heinrich5991 you could fix mem_alloc and free for vanilla too πŸ˜„ 21:15 <+bridge> [ddnet] yes… laters 21:38 <+bridge> [ddnet] @heinrich5991 when ddnet 0.6.5, 11.4.5 21:39 <+bridge> [ddnet] doesnt ddnet already have the security fixes 21:39 <+bridge> [ddnet] please stand by, PRs will follow 21:40 <+bridge> [ddnet] oke 21:40 <+bridge> [ddnet] ddnet has some different kind of security fixes 21:40 <+bridge> [ddnet] @heinrich5991 would you also have a look at my pr while creating yours? πŸ˜ƒ 21:40 <+bridge> [ddnet] I can do that, I guess 21:41 <+bridge> [ddnet] would be cool^^ 21:48 <+bridge> [ddnet] Do we really want to upgrade ddnet to 0.7? I mean who cares about tw at this point? 21:49 <+bridge> [ddnet] this was about 0.6.5 21:50 <+bridge> [ddnet] Oh you did a 0.6.5? 21:50 <+bridge> [ddnet] y 21:50 <+bridge> [ddnet] yes 21:51 <+bridge> [ddnet] nobo 21:51 <+bridge> [ddnet] fake 0.7 hype 21:51 <+bridge> [ddnet] btw, could it be that the siz2 packet from the master server is currently unreliable? 21:51 <+bridge> [ddnet] https://i.imgur.com/wGWqmhZ.png 21:51 <+bridge> [ddnet] it's returning me 0 as num_servers while I still get all servers 21:52 <+bridge> [ddnet] it's returning me 0 as server amount while I still get all servers 21:52 <+bridge> [ddnet] hmmm 21:53 <+bridge> [ddnet] so we wont have 0.7 for now :feelsbadman: 22:07 <@heinrich5991> deen: I'm sure you answered a lot of times already, but: have we tried hetzner before? 22:07 <+bridge> [ddnet] btw in case someone else has this problem: 22:07 <+bridge> [ddnet] previously the master servers returned the game servers already on the SERVERBROWSE_GETLIST packet, now they only return it on the SERVERBROWSE_GETINFO packet 22:24 <+bridge> [ddnet] does visual studio c++ 2018 will be problem for default method of compilation teeworlds by mvc++ 2010? (or 2008, cant remember) 22:42 <+Learath2> heinrich5991: I ran GER2 on hetzner for a month and a half 22:43 <+Learath2> It worked pretty well imho 22:45 <@heinrich5991> did you see that hetzner has truly unlimited traffic for dedis now? 22:46 <@heinrich5991> also, interesting. ty 22:47 <+bridge> [ddnet] hetzner is at least not rated very good 22:47 <+bridge> [ddnet] ```Worst service provider I've been working with. A lot of network outages. More, they shutted down a server without even an email alert in advance. When we fixed things, access to Cloud services still not available for our account. 22:47 <+bridge> [ddnet] 22:47 <+bridge> [ddnet] Luckily it was not blocking for our production workload, but what if it was? 22:47 <+bridge> [ddnet] 22:48 <+bridge> [ddnet] Unprofessional.``` 22:48 <+bridge> [ddnet] multiple of the reviews are complaining about network outages or them shutting down servers without any kind of notice 22:50 <+bridge> [ddnet] null routing ❀ 22:51 <+Learath2> Yep, unlimited traffic and a gbit line 22:53 <+Learath2> When did that happen? I've had pretty decent interaction with their support 22:56 <+bridge> [ddnet] I've read ~30-40 of the reviews and every 4th/5th is complaining about it 22:57 <+bridge> [ddnet] have you read reviews of other hosting providers as well? 22:57 <+bridge> [ddnet] maybe that's normal 23:00 <+bridge> [ddnet] hm, well just read some reviews, got no experience with it myself 23:11 <+bridge> [ddnet] O: best host ever 23:11 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/500777580341755904/Sans_titre.png 23:11 <+bridge> [ddnet] juniper? 23:11 <+bridge> [ddnet] yup, some good stuff πŸ˜„ 23:12 <+bridge> [ddnet] It's basically how ddos protection is done nearly anywhere 23:12 <+bridge> [ddnet] not at ovh 23:13 <+bridge> [ddnet] they do not use juniper stuff 23:13 <+bridge> [ddnet] Juniper is just a manufacturer 23:13 <+bridge> [ddnet] sure like cisco, like extreme networks... 23:14 <+bridge> [ddnet] but you can have some shitty products & some good 23:14 <+bridge> [ddnet] as I saw, juniper is providing some good products 23:14 <+bridge> [ddnet] OVH used to use Arbor + their own VACs 23:15 <+bridge> [ddnet] ik 23:15 <+bridge> [ddnet] home made VAC + arbor 23:15 <+bridge> [ddnet] nowadays they use a custom solution in place of Arbor aswell 23:17 <+bridge> [ddnet] at my university we got a lot of Juniper routers, SRX & QFX models