00:23 < bridge_> [teeworlds] <Assa> what do you think about svgs in teeworlds maps?
00:28 < bridge_> [teeworlds] <heinrich5991> my pessimism says: attack surface
00:49 < bridge_> [teeworlds] <Assa> ?
00:57 < bridge_> [teeworlds] <heinrich5991> that's just my pessimism I guess
00:57 < bridge_> [teeworlds] <heinrich5991> https://en.wikipedia.org/wiki/Attack_surface
01:07 < bridge_> [teeworlds] <Assa> does svg really has an attack surface oO
01:07 < bridge_> [teeworlds] <Assa> when will you fix emote 16 btw?
01:08 < bridge_> [teeworlds] <heinrich5991> every piece of code interacting with the network has an attack surface
01:10 < bridge_> [teeworlds] <Assa> prob. true
01:10 < bridge_> [teeworlds] <Assa> the svg would be embedded into the map
01:11 < bridge_> [teeworlds] <Assa> so the channel is already "secure" if you want
01:11 < bridge_> [teeworlds] <Assa> how is the map transportet over the network?
01:11 < bridge_> [teeworlds] <Assa> I imagine as complete blob
01:12 < bridge_> [teeworlds] <heinrich5991> no, it's not secure. the server can send arbitrary data over the network. bug in the svg library, bug in teeworlds
01:14 < bridge_> [teeworlds] <Assa> don't you think you are highly pessimistic talking about attack surface in something as simple as svg support?
01:15 < bridge_> [teeworlds] <heinrich5991> I think I'm pessimistic that I'm talking about attack surface (see above). by no means however, is svg simple
01:16 < bridge_> [teeworlds] <heinrich5991> it's a complex format based on xml. the good news is that the lib reading it is nowadays written in rust, so there's some hope against exploits
01:17 < bridge_> [teeworlds] <heinrich5991> it does seem to have a fairly good track record as well, but I'm not sure whether that's just because it's not popular enough: https://www.cvedetails.com/product/23082/Gnome-Librsvg.html?vendor_id=283
01:19 < bridge_> [teeworlds] <heinrich5991> (the same applies to putting stuff like pngs into maps. even map files itself are an attack surface; they even have unpatched security vulnerabilities)
01:20 < bridge_> [teeworlds] <Assa> i am surprised how many bugs that are
01:20 < bridge_> [teeworlds] <Assa> but i just entered sdl2 for comparison ...
01:20 < bridge_> [teeworlds] <heinrich5991> welcome to the happy state of software security
01:21 < bridge_> [teeworlds] <Assa> time to dropper
01:21 < bridge_> [teeworlds] <heinrich5991> hm?
01:22 < bridge_> [teeworlds] <Assa> *docker
01:23 < bridge_> [teeworlds] <Assa> https://www.cvedetails.com/product/28125/Docker-Docker.html?vendor_id=13534
01:25 < bridge_> [teeworlds] <Assa> @heinrich5991 want some fun? Enter Excel
01:26 < bridge_> [teeworlds] <heinrich5991> note that people try harder to find vulnerablities in more popular software
01:26 < bridge_> [teeworlds] <heinrich5991> so just because there are more reported security vulnerabilities, it might not mean that it's buggier, it might even mean the opposite thing if the authors are more prudent in requesting cves
01:27 < bridge_> [teeworlds] <Assa> i just entered firefox and see what you mean
01:28 < bridge_> [teeworlds] <heinrich5991> or try chrome
01:28 < bridge_> [teeworlds] <heinrich5991> etc.
01:29 < bridge_> [teeworlds] <Assa> I wonder if you can still hack people with the now known vulnerabilities
01:32 < bridge_> [teeworlds] <heinrich5991> software vendors usually patch security vulnerabilities when they become aware of them
01:32 < bridge_> [teeworlds] <heinrich5991> however there are always people running outdated software
01:32 < bridge_> [teeworlds] <heinrich5991> so yes
01:32 < bridge_> [teeworlds] <heinrich5991> there are even pre-written exploits IIRC
01:59 < bridge_> [teeworlds] <Assa> @heinrich5991 we need the latest client versions, clanmembers just found a bug in the latest version where your tee gets invisible (client side)
02:01 < bridge_> [teeworlds] <heinrich5991> @Assa I don't understand
02:02 < bridge_> [teeworlds] <Assa> Current official version: 0.7.3.1, latest version: pre-0.7.4
02:02 < bridge_> [teeworlds] <Assa> latest version may have a bug where your tee gets invisible
02:02 < bridge_> [teeworlds] <heinrich5991> oh
02:02 < bridge_> [teeworlds] <Assa> and i can't confirm because i can't compile <.<
03:20 < redix_> invisible tees should by fixed by this: https://github.com/teeworlds/teeworlds/pull/2216
10:07 < bridge_> [teeworlds] <Assa> thumbsup ❤
10:14 < bridge_> [teeworlds] <ChillerDragon> @Assa what do you mean by emote 16 fixes? You mean that doubled emote thingy? Thats fixed already
10:51 < bridge_> [teeworlds] <Assa> @ChillerDragon exactly and nice 😄
12:08 < bridge_> [teeworlds] <Assa> I think the teeworlds mapper should have blueprints 🤔
12:18 < bridge_> [teeworlds] <Dune> mapper?
13:19 < bridge_> [teeworlds] <Assa> editor
14:36 < bridge_> [teeworlds] <fokkonaut> @Dune my server is running now for more than 10.000 minutes, without any master server warning - because i havent logged into rcon since the start.
14:37 < bridge_> [teeworlds] <fokkonaut> if i would login now, it would fail again
14:37 < bridge_> [teeworlds] <fokkonaut> what could have gone wrong here?
14:37 < bridge_> [teeworlds] <fokkonaut> i didnt edit the source in any way that should cause this
14:40 < bridge_> [teeworlds] <Dune> If it happens on your mod and not on vanilla, it's a bug from something you changed
14:40 < bridge_> [teeworlds] <fokkonaut> Yes, sure
14:41 < bridge_> [teeworlds] <fokkonaut> But I still cant find why
14:41 < bridge_> [teeworlds] <Dune> Try econ, if it triggers the issue
14:41 < bridge_> [teeworlds] <fokkonaut> no idea how it works
15:03 < bridge_> [teeworlds] <ChillerDragon> You need that in your config
15:03 < bridge_> [teeworlds] <ChillerDragon> ```
15:03 < bridge_> [teeworlds] <ChillerDragon> ec_port "port"
15:04 < bridge_> [teeworlds] <ChillerDragon> ec_password "password"
15:04 < bridge_> [teeworlds] <ChillerDragon> ```
15:04 < bridge_> [teeworlds] <ChillerDragon> so server has to restarted :/
15:05 < bridge_> [teeworlds] <ChillerDragon> The you can connect to it using telnet or netcat. If you are logged in on the vps ``nc localhost port`` should do the thing. Btw is econ documented anywhere?
15:07 < bridge_> [teeworlds] <Dune> @fokkonaut there is a good tutorial on the foruls
15:44 < rand> you may overflow and overwrite wrong bits at some point
15:44 < rand> I did this once, valgrind helped
18:49 < bridge_> [teeworlds] <jxsl13> @Dune :'( would you mind spending some of your free time to take a look at the forum. I think spam escalated a little bit there.
18:50 < bridge_> [teeworlds] <Dune> This spam literally happened 1min ago, do you have a subscription or something
18:50 < bridge_> [teeworlds] <jxsl13> xD no
18:51 < bridge_> [teeworlds] <jxsl13> I'm lucky to have taken a look at the right time.
18:53 < bridge_> [teeworlds] <jxsl13> I mean the 209 new topics about weight watchers. Some are from some hours ago ._.
18:53 < bridge_> [teeworlds] <jxsl13> ty very much
19:01 < minus> just move the forum to reddit
19:30 < bridge_> [teeworlds] <Dune> Can't bump old posts with updates and releases and what not there
19:32 < bridge_> [teeworlds] <Dune> Manual registration approval is possible but meh