IRC logs for #openttd on OFTC at 2020-11-23
            
00:09:02 *** HerzogDeXtEr has quit IRC
00:52:15 *** Progman has quit IRC
00:57:57 *** Wolf01 has quit IRC
01:58:31 *** Flygon has joined #openttd
02:31:04 *** rptr_ has quit IRC
03:17:39 *** Tirili has joined #openttd
04:13:37 *** Wormnest has quit IRC
04:18:07 *** Tirili has quit IRC
04:30:07 *** D-HUND has joined #openttd
04:33:30 *** debdog has quit IRC
05:09:58 *** glx has quit IRC
07:21:01 *** nielsm has joined #openttd
07:59:04 *** nielsm has quit IRC
08:04:29 *** sla_ro|master has joined #openttd
08:15:58 *** longtomjr has joined #openttd
08:55:31 *** andythenorth has joined #openttd
08:55:52 <andythenorth> oof, google slow crawling is annoying
09:18:59 <Eddi|zuHause> best joke i read today: in a newspaper column about online government surveillance and encryption backdoors: "Keyword: DuckDuckGo, try googling that yourself for better effect"
09:19:07 <andythenorth> it's Eddi|zuHause!
09:19:08 <andythenorth> hi
09:19:33 <Eddi|zuHause> might be a fata morgana
09:37:26 <andythenorth> are you floating?
09:39:32 <TrueBrain> I agree andythenorth , google is annoying :P Uploaded the sitemap, it did NOTHING with that so far ..
09:42:03 <TrueBrain> lol ... I google site:wiki.openttd.org, first URL, I enter that in the search console
09:42:05 <TrueBrain> it tells me: URL is not on Google
09:42:09 <TrueBrain> wellllllllllllllllll
09:42:30 * andythenorth waiting for a page update and a validation fix :(
09:44:11 <Eddi|zuHause> i'm sure it goes faster if you sit there and hit F5 every 3 seconds
09:45:10 <TrueBrain> in general information is completely out of sync .. even within the search console
09:45:25 <TrueBrain> it tells me a link is valid but not indexed, I look up the link individually, and it tells me: indexed!
09:45:31 <TrueBrain> like ..... make up your bloody mind or what-ever
09:47:17 <TrueBrain> if I would guess, it seems Google is not spending all that much time anymore on their search engine :P
09:47:50 <Eddi|zuHause> it's not like that's what brings in the money. google might be going the apple way over the next 10 years
09:50:40 <TrueBrain> damn, embedding the duckduckgo search thingy is HUGE :P
09:50:53 <TrueBrain> it kinda stands out in a not-so-nice-way :P
09:52:45 <andythenorth> afaik, the major Google revenue remains lifting money out of the pockets of people like me
09:52:49 <andythenorth> for adsense on SERPS
09:53:15 <andythenorth> sometimes, using Google tools, it's almost like they have some incentive to drive you towards buying ads
09:53:33 <andythenorth> but it's ok, the poacher can also be the gamekeeper, right?
09:53:52 <Eddi|zuHause> "nice online business you have there. would be a shame if nobody would find it"? :p
09:54:37 <andythenorth> pretty much
09:54:52 <andythenorth> I _believe_ it's all chinese walled internally, to prevent these conflicts
09:54:54 <andythenorth> but then again...
09:55:06 <Eddi|zuHause> it's fairly obvious in youtube, that neither the uploaders nor the viewers are the core audience of... features
09:55:45 <andythenorth> youtube is the plague
09:56:06 <andythenorth> if I didn't enjoy the content so much...I'd boycott it :p
09:56:06 <andythenorth> oof
10:24:12 <TrueBrain> so .. what UTF-8 char to use for a search image?
10:26:03 <LordAro> i don't think you've looked hard enough into why the images aren't working
10:26:04 <LordAro> :p
10:26:16 <TrueBrain> what are you talking about?
10:26:46 <LordAro> isn't that why you're looking at unicode characters at all, rather than actual images?
10:27:00 <TrueBrain> assumptions, my dear Watson ... be careful with those ;)
10:27:07 <TrueBrain> as you made 0 sense just there :D
10:27:22 <TrueBrain> I am looking at UTF-8 chars as they are 10000x easier for me to use, and I am very lazy
10:27:36 <TrueBrain> I am still waiting for one of the 5 (by now) people who said they were going to look into styling things
10:27:42 <TrueBrain> till then ... I am going UTF-8
10:28:01 <TrueBrain> so UTF-8 has TONS and TONS of icons ... but nothing that is useful for many cases I have ... which is a bit .. odd
10:28:13 * andythenorth awaits drive-by CSS contributors
10:28:27 <andythenorth> it's only CSS, right?
10:28:33 <andythenorth> web translator, but for CSS!
10:28:35 <LordAro> anyway, U+1F50E
10:28:55 <TrueBrain> but 1F50D/E cannot be colored .. they are those pre-rendered versions
10:29:15 <LordAro> why is that a problem?
10:29:32 <TrueBrain> hard to make look pretty
10:29:36 <TrueBrain> like .. really hard
10:29:39 <TrueBrain> as every OS renders them different
10:29:53 <TrueBrain> even their heights is not fixed
10:29:56 <LordAro> U+2315 ?
10:30:12 <TrueBrain> it just surprises me .. I expected more out of UTF-8 honestly
10:30:14 <TrueBrain> (never really used it)
10:30:27 <LordAro> you should stop calling it UTF-8 :p
10:30:37 <LordAro> UTF-8 is the encoding scheme, unicode is ...what it is
10:30:41 <TrueBrain> I KNOW :D
10:31:02 <TrueBrain> but here is the thing .... 90% of the websites call it UTF-8
10:31:07 <TrueBrain> so calling it unicode, confuses many people
10:31:12 <TrueBrain> except those who understand wtf it is
10:31:25 <TrueBrain> so there is a dilemma :)
10:31:36 <TrueBrain> being inclusive in this world is very difficult
10:31:36 <LordAro> that's not been my experience
10:31:47 <LordAro> https://stackoverflow.com/a/18367765/995325 i like this one
10:32:05 <TrueBrain> your experience is most likely heavily biased because of the people you hangout with
10:32:19 <TrueBrain> but to proof a point, one of the more popular sites to look up these graphs, is called utf8icons.com :)
10:33:03 <LordAro> literally never heard of that before
10:34:37 <TrueBrain> which ironically says more about you than the website :P
10:34:59 <TrueBrain> local bias is one of the more annoying things in IT, honestly
10:35:19 <LordAro> i mean, if you're googling "utf8 symbols" and i'm googling "unicode symbols", different results are not unexpected
10:35:35 <TrueBrain> I would never use the word symbols :)
10:35:43 <LordAro> OR WHATEVER
10:35:49 <TrueBrain> chillpill! :P
10:36:44 <TrueBrain> in general to me it is always amusing how much bias IT has, and how much 2 worlds can collide .. at any work there is always this one person that insists on calling things different from the rest of the group (which might or might not be me from time to time, to be clear) ..
10:36:59 <TrueBrain> I learnt it is better to comply with the group, as the arguments are a complete waste of time and energy :P
10:37:19 <TrueBrain> it is like how the Dutch language evolves ... you fucking understand each other, so move on :P
10:37:32 <TrueBrain> (nothing against you personally btw LordAro , to be perfectly clear .. it is just a fun fact I noticed over the last 10 years)
10:39:21 <andythenorth> semantic battle!
10:39:23 <andythenorth> please
10:39:37 <andythenorth> NOTHING CAN HAPPEN UNTIL WE'VE ALL LEARNT THE LEXICON
10:39:38 <andythenorth> etc
10:40:05 <TrueBrain> I still consider it a human trait, to be pedantic on things you know a lot about
10:41:19 <andythenorth> I think I am inhuman
10:41:36 <andythenorth> the more I know about a thing, the less I care about the terms other people use
10:42:25 <TrueBrain> I notice myself more and more often in real-life conversations mentioning: a difference without a difference, lets get to the point
10:42:53 <TrueBrain> I have had people battling that NoSQL is not a database
10:43:11 <TrueBrain> which was .... rather pointless :P
10:44:02 <LordAro> i am often disappointed by how much i know about unicode and its encodings
10:44:07 <LordAro> and indeed non-unicode encodings
10:46:07 <TrueBrain> 5 years ago there was nearly no-one I knew that knew anything about unicode .. it has changed a lot ... where it used to be that "you had to support UTF-8", it is now "you are not supporting UTF-8?"
10:46:15 <TrueBrain> that at least makes me happy :)
10:47:41 <TrueBrain> hmm, you cannot rotate an ::after
10:47:42 <TrueBrain> that is sad
10:59:10 <TrueBrain> LordAro: that 45-degree solution gave the best result
11:01:48 <TrueBrain> https://pasteboard.co/JBFOgQM.png
11:01:52 <TrueBrain> best I am willing to do :P
11:08:15 <DorpsGek_III> [OpenTTD/wiki-data-staging] TrueBrain opened pull request #3: Add: CSS to style the new search bar in TrueWiki https://git.io/Jk6UX
11:08:32 <DorpsGek_III> [OpenTTD/wiki-data] TrueBrain opened pull request #5: Add: CSS to style the new search bar in TrueWiki https://git.io/Jk6Uy
11:10:50 <DorpsGek_III> [OpenTTD/wiki-data-staging] TrueBrain merged pull request #3: Add: CSS to style the new search bar in TrueWiki https://git.io/Jk6UX
11:11:58 <TrueBrain> found a bug in CodeQL :)
11:12:01 <TrueBrain> https://github.com/TrueBrain/TrueWiki/security/code-scanning/49?query=ref%3Arefs%2Fheads%2Fmaster
11:12:03 <TrueBrain> that is a lie :)
11:12:08 <TrueBrain> that statement has a lot of effect :D
11:12:32 <TrueBrain> owh, I guess it is not visible ...
11:12:55 <TrueBrain> https://github.com/TrueBrain/TrueWiki/blob/e0a6b70f2eb1f29bbe4eccd1df0aabebad4a03ca/truewiki/metadata.py#L182-L182 <- it says that statement doesn't do anything
11:16:18 <DorpsGek_III> [OpenTTD/wiki-data] TrueBrain merged pull request #5: Add: CSS to style the new search bar in TrueWiki https://git.io/Jk6Uy
11:16:47 <TrueBrain> right, looks good enough on staging, lets push it to production :D
11:17:18 <LordAro> TrueBrain: oh god really? i was joking
11:17:24 <LordAro> what's wrong with U+2315 ?
11:18:17 <TrueBrain> https://www.utf8icons.com/character/8981/telephone-recorder <- renders as shit on some devices
11:18:41 <TrueBrain> this is a lot more consistent, it seems
11:22:31 <TrueBrain> LordAro: what is the status of the 2 VPSes?
11:24:16 <LordAro> unchanged from when you added ipv6, i think
11:24:43 <TrueBrain> any ETA?
11:25:01 <LordAro> ...what are you waiting on?
11:25:16 <TrueBrain> didn't we had open topics?
11:25:42 <LordAro> the only thing i was aware of was firewall, and i wasn't sure if we actually wanted to bother proceeding with that
11:26:24 <TrueBrain> important to be verbal about that, as I am waiting on you to finish these things :D (assuming I cannot take them in production)
11:26:43 <TrueBrain> in your last comment, you strongly suggested that you wanted to add the firewall, but didn't know which (after which I assume you would figure out what you wanted to use)
11:26:48 <TrueBrain> and you were going to remove the cache headers
11:27:26 <LordAro> oh yes, cache headers too
11:27:50 <LordAro> neither particularly block actually using the servers, afaik
11:28:17 <LordAro> and i didn't "want" to add the firewall - that was your suggestion
11:28:21 <TrueBrain> I rather have things finished before taking them in production, as otherwise they are very likely to never be applied :P
11:28:27 <LordAro> i was merely unsure what form the firewall should take
11:28:58 <TrueBrain> if it is not much effort, and people always tell me in Ansible things are easy and great, adding a firewall goes a long way in not having to deal with shit on the server
11:29:40 <LordAro> tbh, if things progress to the point of the firewall actually being useful, things have gone very wrong
11:29:52 <TrueBrain> that is a silly reasoning :)
11:30:08 <LordAro> well at that point we'd be wiping the server and starting again anyway
11:30:11 <TrueBrain> you want to reduce your attack surface as much as possible, always :)
11:30:37 <LordAro> sure, and not opening the ports in the first place works just as well
11:30:58 <LordAro> 22 & 80 & 443 - there's nothing else running?
11:31:09 <TrueBrain> not that I am aware; you know better :D
11:31:18 <LordAro> quite
11:31:23 <LordAro> so what benefit is a firewall?
11:31:46 <TrueBrain> security is build up in layers; security-in-depth
11:31:55 <TrueBrain> never assume one layer is doing its job, always apply multiple
11:32:00 <TrueBrain> especially if they are trivial to add
11:32:18 <TrueBrain> so ideally, you want a network firewall .. that is not going to happen with OVH I am sure
11:32:20 <TrueBrain> next is OS-based firewall
11:32:25 <TrueBrain> after that is application security
11:32:38 <TrueBrain> we did application security, as good as we could, especially with the SSH guard running
11:32:43 <TrueBrain> nginx is configured to a minimum
11:32:58 <TrueBrain> but we do not have network security, so having OS-based firewall is a good compromise between the two
11:33:11 *** iSoSyS has joined #openttd
11:33:29 <TrueBrain> (the AWS setup for example has 3 layers of defense before you reach the application)
11:34:18 <LordAro> maybe your threat model is different to mine, i tend to operate under "if an attacker can make a connection to something other than what's supposed to be running, the world has bigger problems than OTTD's content cache being compromised"
11:34:55 <LordAro> s/something other than what's supposed to be running/a port that's not actually running an application/
11:35:17 <TrueBrain> and it is one of the reasons there are so many bot-nets running free, honestly :)
11:35:58 <LordAro> that's because they have unsecured applications
11:36:00 <LordAro> we do not
11:36:10 <TrueBrain> and that is a statement that cannot be true :)
11:37:50 <LordAro> you're conflating "this would be considered bad practice 20 years ago" with "this *might* be considered bad practice in 20 years time"
11:38:07 <LordAro> the former is where most of the botnets have come from
11:39:14 <LordAro> if we were running services that had authentication, or allowed file upload in some form, i'd absolutely agree that a firewall would be a good idea
11:39:31 <LordAro> but we're not (except for ssh, which is locked down hard)
11:41:04 * andythenorth would just run a firewall and be done with it
11:41:16 <TrueBrain> you should join one of my trainings some day :) I promise you you will be a bit more paranoid, but it will also help in understanding that any layer of defense makes it that much more difficult for an attacker
11:41:38 <TrueBrain> there are so many things that can go wrong, and possibly will
11:42:05 <TrueBrain> that adding something as simple as a firewall is a very small effort for denying possible attackers to do bad stuff
11:42:43 <LordAro> i'm quite happy to be wrong :)
11:43:17 <LordAro> there's also the argument that running more stuff has more potential for something to go wrong / be misconfigured
11:43:25 <LordAro> no firewall -> no firewall to go wrong
11:43:30 <TrueBrain> what is difficult for me, in these kind of conversations, are two things: 1) normally I get paid explaining why you are wrong :P 2) I worked for 5+ years for a cyber security company .. I have seen so much shit ... which could easily be prevented by stuff like: firewalls, AVs .. and often the argument went: but we didn't see how it was useful!
11:43:58 <TrueBrain> it takes a lot out of me to just not get mad :P And I understand you simply don't see the world like that, which I hope I can one day return to .. but it is difficult :)
11:44:30 <TrueBrain> hahaha, I like that argument LordAro :) It is flawed, but it is an awesome way of reasoning :)
11:44:34 <andythenorth> the complexity argument is valid
11:44:36 <TrueBrain> in the same argument: don't auto-upgrade :P
11:44:39 <andythenorth> but risk is balanced
11:44:50 <andythenorth> having locks on doors runs the risk of losing the keys
11:44:55 <andythenorth> but we still lock the doors
11:45:00 <andythenorth> if there's a fire, and you can't get the keys
11:45:02 <andythenorth> you die
11:45:08 <andythenorth> but we lock the doors
11:45:35 <andythenorth> I actually lost all UK customer sites for 4 hours one day, because the telco engineer had lost the keys to replace a failed switch
11:45:47 *** tokai|noir has joined #openttd
11:45:48 *** ChanServ sets mode: +v tokai|noir
11:46:01 <TrueBrain> lol .. that is an interesting problem andythenorth :)
11:46:13 <andythenorth> it's a triangle, right?
11:46:19 <LordAro> haha
11:46:49 <TrueBrain> anyway, LordAro , mainly where your argument fails there is how much complexity an inbound firewall really adds. The firewall is already running (as ssh-guard), so it is just a configurating thing :)
11:47:07 <TrueBrain> but even without .. not installing security-tools because it is complex, is a road you don't want to follow :)
11:47:19 <TrueBrain> anyway, in our case, why is a firewall useful .. several things come to mind
11:47:32 <TrueBrain> mostly, as it is provisioned by ansible, we can make mistakes and we could open up other ports or software
11:47:42 <TrueBrain> or, because we auto-upgrade, some software could be dragged in without our knowledge
11:47:46 <TrueBrain> having another application open
11:47:48 <andythenorth> the argument "don't _rely_ for security on services configured by people who don't know how to do it" is valid
11:47:49 <TrueBrain> likely? We can debate that
11:47:53 <TrueBrain> easily preventable? Fuck yes
11:48:05 <TrueBrain> a firewall ensures you only allow traffic on what you THINK is running on the host
11:48:11 <TrueBrain> basically, it double-checks you did the right thing
11:48:36 <TrueBrain> so especially a host-based firewall, is just essential for any production server, even in this day and age
11:49:23 <TrueBrain> in the cyber security we often refer to the CIS Top 20, where CIS is the Center for Internet Security, they give amazing good advise in how to protect the world here and now
11:49:31 <TrueBrain> https://www.cisecurity.org/controls/cis-controls-list/ in case you don't know it
11:49:43 <TrueBrain> (if you manage production servers or build production software, you REALLY should know CIS)
11:50:06 <TrueBrain> you see the first 6 .. not having those is .. well .. go fuck yourself, is my opinion about that :)
11:50:12 <TrueBrain> you did most of that with ansible
11:50:29 <TrueBrain> we know the hosts, we know the software, we run auto-updates, limited amount of people with access (well, we violate the named-user-accounts)
11:50:40 <TrueBrain> we do not do 6, but .. security is a balance
11:50:54 <TrueBrain> in AWS I don't do 6 really too ... it collects, best we can do for the size we are
11:51:25 <TrueBrain> so where firewalls, as example, kick in, is 9 and 12
11:52:06 <TrueBrain> so important to realise, it is not only to make it more difficult for attackers, but also avoid issues coming from misconfiguration and fuck-ups
11:52:29 <LordAro> yeah, you're not wrong
11:52:33 <TrueBrain> but I kinda like the idea that if someone manages access to the VPS, they cannot host a Minecraft server
11:52:34 <LordAro> you'll be surprised to hear
11:52:41 *** tokai has quit IRC
11:52:44 <TrueBrain> :P I appreciate you saying it, honestly :)
11:53:02 <TrueBrain> who now can I send the bill of 200 euro? :P
11:53:30 <LordAro> :P
11:53:54 <TrueBrain> it is also why I really liked the idea of having the VPS cache-only, besides easier to do
11:54:00 <TrueBrain> it means data integrity is a lot easier
11:55:07 <TrueBrain> that all said, if it takes 200 lines of Ansible to setup the firewall, it is not worth it
11:55:12 <TrueBrain> if it is 5 lines, it is
11:55:24 <TrueBrain> (as with 200 lines, the complexity argument really starts to win)
11:55:30 <LordAro> mm
11:55:45 <LordAro> so we'd want to block all incoming except 22, 80 & 443
11:55:55 <LordAro> and presumably all outgoing except for 443?
11:56:29 <TrueBrain> I would love to block all outgoing if you can, but I can never really predict if that works
11:56:43 <TrueBrain> apt-get might need 80 still?
11:56:44 <LordAro> well we need to connect to S3 at some point...
11:56:51 <LordAro> i installed https support
11:56:55 <LordAro> for apt
11:56:56 <TrueBrain> sweet
11:57:18 <LordAro> i think it might be default these days, but can't harm to have it explicitly
11:57:19 <TrueBrain> for AWS I allow all outgoing still (and incoming based on established)
11:57:36 <TrueBrain> but that is mainly because I haven't looked into that ..
11:57:52 <TrueBrain> (so incoming is the defined ports + established rule)
11:58:51 <TrueBrain> now I think some more about it, yeah, I cannot image what would need to use outgoing besides 443
12:00:25 <TrueBrain> https://wiki.openttd.org/en/ <- the search uses the language of the page you are on when searching; it is pretty nice :)
12:01:22 <TrueBrain> LordAro: just don't forget the "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" or what-ever the equivalent is for what firewall you use
12:01:29 <TrueBrain> but again, I assume there is an ansible role doing this shit :P
12:02:32 <LordAro> presumably that is for logging accepted connections?
12:02:57 <TrueBrain> no; if you allow traffic going out on 443, the local port is not 443
12:03:08 <TrueBrain> so the firewall needs to let back in the local port traffic
12:03:23 <TrueBrain> something something two-way-connections
12:03:37 <LordAro> ah right
12:07:21 <TrueBrain> owh, and the reverse of course too LordAro : "-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT"
12:07:36 <TrueBrain> https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands <- wow, that is a pretty decent write-up
12:08:00 <LordAro> digitalocean's docs are pretty good
12:08:10 <LordAro> i used them often when i worked for another hosting provider :p
12:09:00 <TrueBrain> haha :D
12:09:11 <TrueBrain> I am always surprised in the clear way of wording they manage to use
12:09:30 <TrueBrain> often these documents are like: this could mean two things, which one do they mean
12:09:33 <TrueBrain> in DOs ... not so much
12:11:55 <LordAro> https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables aha, this is helpful :0
12:11:58 <LordAro> :)*
12:12:19 <TrueBrain> there is no ansible role doing this default stuff?
12:12:26 <LordAro> not sure
12:12:38 <LordAro> haven't got that far yet
12:12:48 <TrueBrain> I just shut down the old wiki server ...
12:12:52 <TrueBrain> w00p :D
12:13:02 <LordAro> the one i found automates configuration, it doesn't do any configuration for you as far as i'm aware
12:22:05 <TrueBrain> I still love that creating a backup from S3 goes at my line-speed ... 500 mbit/s :D
12:24:09 *** longtomjr has quit IRC
12:24:39 <TrueBrain> LordAro: https://github.com/ipr-cnrs/nftables has some example configuration which might also help
12:26:40 <LordAro> yeah, that's what i was looking at
12:29:02 <LordAro> i'll try to have a look at finishing up the configuration this evening
12:29:07 <LordAro> to answer your original question :D
12:30:43 <TrueBrain> \o/
12:30:47 <TrueBrain> cheers :)
12:30:54 <TrueBrain> and seriously appreciated you are doing this :)
12:49:07 *** longtomjr has joined #openttd
12:49:24 <TrueBrain> boy, an S3 sync takes for-ever with many files :P
12:49:52 <andythenorth> how many files?
12:50:10 <TrueBrain> I asked myself that same question, but it is taking a bit of time to answer that :D
12:50:17 <TrueBrain> (doing a `find . | wc -l` as we speak)
12:50:29 <TrueBrain> 109k
12:50:30 <andythenorth> currently I am manually syncing, because I don't want to learn about whether it's a problem on S3 :P
12:50:53 <TrueBrain> well, "sync" is a bit weird, in that it retrieves the full object list, compares file sizes, and transmits file that are missing
12:50:57 <andythenorth> I only have 21k files so far
12:51:07 <andythenorth> but I need a similar solution
12:51:17 <TrueBrain> so sync for large amount of files is just slow
12:51:32 <TrueBrain> (and a bit costly on S3, as you need a lot of GET operations :P)
12:51:37 <andythenorth> I could just upload everything every time, and invalidate all of cloudfront distribution
12:51:46 <TrueBrain> "a bit" being the right word, I believe it is 0.01 cent every time I do this :D
12:52:24 * andythenorth wonders how bad 'replace everything' is :P
12:52:31 <TrueBrain> I would love to look into it for you, but I am first finishing this dreadful migration :P
12:52:41 <andythenorth> ultimately I wanted to do this on a git pipeline, publishing whenever tagged
12:52:46 <TrueBrain> still need to replace supybot ....
12:53:05 <TrueBrain> now first lunch
12:54:57 <andythenorth> lunch!
12:54:57 <andythenorth> yes
13:13:25 *** sla_ro|master has quit IRC
13:53:44 <DorpsGek_III> [OpenTTD/team] buzzCraft opened issue #93: [nb_NO] Translator access request https://git.io/Jk6Vf
14:21:17 <LordAro> TrueBrain: looked a bit more, and seems like firewalld might be The Future(tm) ? afaict it's only a wrapper around iptables/nftables, but may well be easier to configure
14:30:17 <andythenorth> is it lunch?
14:46:04 <FLHerne> yes
14:46:23 <andythenorth> noted
14:46:26 <andythenorth> thanks
14:50:04 <TrueBrain> LordAro: I don't know it, but it is all fine by me :)
14:50:10 <DorpsGek_III> [OpenTTD/OpenTTD] WhitePassRanger opened issue #8343: Out of memory. Cannot allocate https://git.io/Jk61M
14:50:29 <TrueBrain> LordAro: I really only use iptables, as I cannot keep up with all the new shit like ufw, nftables, ....
14:50:35 <TrueBrain> I am getting too old for this shit :P
14:52:31 <TrueBrain> funny, seems that that dude is legit out of memory :P
14:52:42 <andythenorth> over the age of 35, all technology is just a jumble
14:52:45 <andythenorth> or something
14:52:54 <andythenorth> I just hear 'thing thing thing purpose problems thing'
14:54:04 <DorpsGek_III> [OpenTTD/OpenTTD] James103 commented on issue #8343: Out of memory. Cannot allocate https://git.io/Jk61M
14:55:16 <andythenorth> so child #1 is getting an M1 mac for christmas
14:55:23 <andythenorth> should I open it before and check it works?
14:55:27 <LordAro> are you child #1?
14:55:32 <andythenorth> or shall I let him unbox it on christmas day?
14:55:47 <andythenorth> the main issue being...will openttd compile native to M1
14:55:56 <andythenorth> 'check it works' = that
14:56:09 <LordAro> as per mr rudge, the issue is the homebrew packages
14:56:11 <planetmaker> I see the main issue: child #1 will get your old mac, should you unbox it before ;)
14:56:20 <andythenorth> planetmaker a valid suggestion
14:56:26 <planetmaker> hi also :)
14:56:31 * LordAro waves
14:56:42 <andythenorth> so who is on OpenTTD customer support on 25th December?
14:56:46 <andythenorth> I might need a PR :P
14:56:55 <FLHerne> Hah, that was always how I got better computers as a child
14:57:25 <andythenorth> same person as rest of year?
14:57:33 <FLHerne> Whenever Dad got some new shiny, I got whatever the previous machine was
14:58:12 <LordAro> andythenorth: teach child to fix problems themself
14:58:54 <FLHerne> Also that :p
14:59:37 <andythenorth> possibly
14:59:49 <andythenorth> although I have not taught myself to fix problems yet
14:59:52 <FLHerne> I must have been...14 or something when I was trying to compile OTTD for my weird Powerbook
14:59:54 <andythenorth> so there is a priming problem
15:00:13 <FLHerne> Apple having strange non-standard CPU archs is not a new thing
15:00:24 <andythenorth> it's very circular
15:00:52 <planetmaker> does history repeat itself?
15:01:01 <andythenorth> it's also circular to 1995 and the argument that eventually Acorn and RISC would out-perform Intel / CISC
15:01:09 <andythenorth> which kinda didn't happen
15:01:18 <andythenorth> but temporarily is the case now
15:01:19 <FLHerne> For a given value of 'eventually', they might be right :p
15:01:29 <planetmaker> forecasts are difficult. Especially concerning the future ;)
15:02:11 <FLHerne> Nah, you just predict every conceivable outcome and point to the ones you got right
15:02:15 <andythenorth> it's really unclear how they're getting the performance out of the M1 :P
15:02:41 <FLHerne> Isn't it just an up-clocked A14 through better cooling?
15:02:47 <FLHerne> Architecturally at least
15:02:56 <andythenorth> yes and no
15:03:09 <planetmaker> architecturally yes. But the core/cpu design is custom
15:03:12 <andythenorth> is the performance because of the UMA?
15:03:19 <andythenorth> is the performance because they can optimise for mac workloads?
15:03:26 <andythenorth> is it because of fundamental architecture?
15:03:30 <andythenorth> do they just have better fab?
15:03:36 <andythenorth> it's all a bit smoke and mirrors
15:04:03 <planetmaker> I've read that the M1 outperforms the intel one even when running things in the rosetta2 layer
15:04:10 <andythenorth> I've seen the videos of it
15:04:20 <planetmaker> they do have better fab than intel with 5nm
15:04:37 <LordAro> intel haven't been able to go lower than 14nm, have they?
15:04:41 <andythenorth> the £999 M1 macbook air benchmarks better or equivalent to my £2500 i9 with discrete graphics
15:04:41 <planetmaker> where intel struggles to get even 7nm running for production
15:04:49 <planetmaker> or was it struggling for 10?
15:04:57 <andythenorth> mac intel perfomance is appalling though
15:05:00 <FLHerne> andythenorth: Bizarrely high memory bandwidth per core might have something to do with it
15:05:14 <FLHerne> *each core* can pretty much saturate the memory bus on its own
15:05:25 <andythenorth> someone should benchmark against a £2500 Dell i9
15:05:39 <FLHerne> Of course that's not great for multi-thread scaling, but good for OTTD and web browsers
15:05:41 <LordAro> planetmaker: it's part of the reason AMD have been able to overtake intel
15:05:55 <michi_cc_> To be fair to Intel, the various XXnm processes don't measure the same thing, e.g. Intel 14nm is similar to TSMC 10nm.
15:06:06 <LordAro> ofc
15:06:06 <FLHerne> LordAro: They have 10nm in reasonable volume for laptops now
15:06:27 *** michi_cc_ is now known as michi_cc
15:06:59 <planetmaker> quite right @LordAro :)
15:07:41 <FLHerne> must walk dog
15:07:57 <andythenorth> don't dogs walk the owner mostly?
15:08:10 <andythenorth> dog walkers get an extra year of lifespan or something, on average
15:08:19 <andythenorth> more if they're christian and married
15:09:08 <andythenorth> oh https://www.psychologytoday.com/gb/blog/animals-and-us/201702/study-finds-dog-walkers-have-more-bad-mental-health-days
15:10:41 <FLHerne> Well, really this one just walks, and I go with him so people don't think he's lost
15:10:56 <FLHerne> He's not very fussed
15:11:48 <DorpsGek_III> [OpenTTD/OpenTTD] WhitePassRanger commented on issue #8343: Out of memory. Cannot allocate https://git.io/Jk61M
15:23:40 <DorpsGek_III> [OpenTTD/OpenTTD] LordAro commented on issue #8343: Out of memory. Cannot allocate https://git.io/Jk61M
15:23:40 <DorpsGek_III> [OpenTTD/OpenTTD] LordAro closed issue #8343: Out of memory. Cannot allocate https://git.io/Jk61M
15:28:41 <DorpsGek_III> [OpenTTD/OpenTTD] WhitePassRanger commented on issue #8343: Out of memory. Cannot allocate https://git.io/Jk61M
15:31:09 *** iSoSyS has quit IRC
15:41:43 *** nielsm has joined #openttd
16:10:54 *** WormnestAndroid has quit IRC
16:11:07 *** WormnestAndroid has joined #openttd
16:31:11 *** Flygon has quit IRC
16:36:19 *** rptr_ has joined #openttd
17:10:09 *** rptr_ has quit IRC
17:15:19 <Eddi|zuHause> random coincidence: i was just reading the issue talking about "committed memory", and on another tab i randomly had open a wiki page talking about "escalating committment" (aka 'sunk cost fallacy')
17:36:22 *** Progman has joined #openttd
17:49:47 <DorpsGek_III> [OpenTTD/OpenTTD] James103 commented on issue #8339: [Question] Rate limit password entry for multiplayer https://git.io/JkTYo
17:50:06 <andythenorth> Timberwolf player using both Horse and your trains :o
17:50:11 <andythenorth> that's a boatload of trains
17:50:34 *** frosch123 has joined #openttd
17:57:33 *** otetede has joined #openttd
18:00:15 <frosch123> meh, i hope the duckduck results improve over time
18:00:59 <Eddi|zuHause> the few instances i actually bothered to use duckduckgo instead of google, i was very quickly annoyed about the poor quality of the search results
18:01:18 <frosch123> they are better for python apis :)
18:01:40 <frosch123> google always links to python 2.x stuff
18:02:01 <Eddi|zuHause> yeah, i did notice that. 3.x stuff is further down usually
18:02:31 <frosch123> i think duckduck hardcoded python. they have a speical widget, like for wikipedia
18:05:03 *** rptr_ has joined #openttd
18:07:22 <Timberwolf> andythenorth: I've seen at least one bug report save with multiple train sets, including mine. Most people I know have a hard time getting over the different pixel densities, let alone "these trains are twice the length of the others" problem.
18:07:25 <FLHerne> frosch123: They've got worse over time
18:07:54 <FLHerne> "exact" doesn't work anymore, wolframalpha results don't exist anymore
18:07:58 <Timberwolf> So it's good people are out there not caring in the slightest, happily mixing and (not) matching.
18:24:07 <LordAro> google has gotten better at python api results in the last few months
18:24:12 <LordAro> i mostly see 3.x first now
18:25:14 *** HerzogDeXtEr has joined #openttd
18:33:08 *** Wormnest has joined #openttd
18:33:24 *** glx has joined #openttd
18:33:24 *** ChanServ sets mode: +v glx
18:33:49 <Eddi|zuHause> i haven't done a lot of python lately
18:36:22 <TrueBrain> frosch123: at least you can search now :P
18:37:25 <frosch123> nice work :)
18:37:55 <frosch123> Eddi|zuHause: maybe you want to write a lot of css instead?
18:38:13 <Eddi|zuHause> that doesn't sound like me at all :p
18:53:50 * orudge should bave his M1 Mac Mini arriving tomorrow
18:54:18 <orudge> Will be interesting to see how OpenTTD compares performance-wise when emulated vs native
18:54:19 <frosch123> i thought that was a tank
18:55:23 <TrueBrain> I have to give it to Apple, they did create a nice buzz around their new CPU :)
18:55:42 <frosch123> isn't that all that apple is? :p
18:56:20 <TrueBrain> when they launched their new CPU for the mobile, it didn't create this much fuzz :P
18:57:31 <frosch123> well, as long as it is little endian
18:57:38 <TrueBrain> haha, yes :D
18:58:06 <TrueBrain> I am really looking forward to the new ESP .. first time I would do anything with RISC-V .. could be fun :)
19:07:24 *** iSoSyS has joined #openttd
19:07:33 *** iSoSyS has quit IRC
19:09:07 <frosch123> are you going to use assembly? or why do you care?
19:11:03 <andythenorth> orudge \o/
19:11:52 <andythenorth> frosch123 the buzz is 'this mac is actually fast, instead of Apple just saying it's fast' :P
19:12:06 <andythenorth> 10 years of being told they're fast when they're not :P
19:12:35 <frosch123> i though noone has it yet?
19:12:54 <andythenorth> nah they've shipped, it's real
19:13:13 <andythenorth> if anything, Apple have under-hyped by their own standards
19:15:53 <TrueBrain> frosch123: it has a much lower deep sleep power state, and from the looks a more efficien operating usage .. so longer battery life. And yes, you can program for it in more than weird buggy compilers and only in C or MicroPython (lol). So many possibilities :)
19:16:37 <TrueBrain> And it would somewhat complete my experience with embedded devices :D
19:18:30 *** Wolf01 has joined #openttd
19:25:13 *** tokai has joined #openttd
19:25:13 *** ChanServ sets mode: +v tokai
19:29:42 *** otetede has quit IRC
19:30:18 *** gelignite has joined #openttd
19:32:09 *** tokai|noir has quit IRC
19:41:31 *** sla_ro|master has joined #openttd
20:13:41 *** longtomjr has quit IRC
20:32:38 *** otetede has joined #openttd
20:37:47 *** debdog has joined #openttd
20:41:15 *** D-HUND has quit IRC
20:51:13 * andythenorth embeds some chips
20:51:15 <andythenorth> by eating them
20:51:16 <andythenorth> with mayo
20:53:36 *** Samu has joined #openttd
21:07:07 *** otetede has quit IRC
21:24:55 *** jottyfan has joined #openttd
21:27:55 *** jottyfan has quit IRC
21:53:19 *** frosch123 has quit IRC
21:55:43 *** jottyfan has joined #openttd
21:55:59 *** nielsm has quit IRC
21:56:17 *** jottyfan has quit IRC
22:06:30 <andythenorth> I did a reply https://www.tt-forums.net/viewtopic.php?f=31&t=87901&p=1238401#p1238401
22:11:52 <LordAro> :+1:
22:14:08 <andythenorth> also those links in first post work for me
22:14:23 <andythenorth> do they not work for unauthed or something?
22:14:36 * andythenorth tests
22:14:38 <andythenorth> nope they work
22:14:45 <andythenorth> puzzling
22:15:33 <LordAro> i think TB did something earlier today?
22:15:44 <LordAro> or recently
22:15:48 <LordAro> i've not been paying attention
22:30:44 *** argoneus has quit IRC
22:30:57 *** argoneus has joined #openttd
22:35:24 <milek7> search box probably doesn't look as intended
22:35:36 <milek7> https://i.imgur.com/COJBGjV.png
22:37:08 <LordAro> tis a bit squashed
22:39:35 <Wolf01> I see it fine, some browser cache to clear?
22:41:17 <LordAro> that's how it looks to me, with hard refresh
22:41:20 <LordAro> how are you seeing it?
22:41:57 <milek7> that is on firefox
22:42:01 <milek7> it looks better on chrome
22:46:27 *** D-HUND has joined #openttd
22:49:32 <milek7> any MacOS magicians here?
22:49:48 *** debdog has quit IRC
22:49:51 <orudge> Define "magician"
22:50:02 <milek7> brew install libpng
22:50:04 <milek7> Warning: libpng 1.6.37 is already installed and up-to-date
22:50:15 <milek7> in cmake: find_package(PNG 1.6 REQUIRED)
22:50:30 <milek7> result: Could NOT find PNG: Found unsuitable version "1.4.12", but required is at least "1.6" (found /usr/local/lib/libpng.dylib)
22:50:33 <milek7> wtf?
22:51:21 <orudge> Hmm, Homebrew is one of those things I never tried, I prefer MacPorts. vcpkg can also be handy for open source libraries (which then integrate easily with cmake).
22:51:38 <orudge> I assume homebrew installs to /usr/local/lib, but I don't know
22:54:07 *** Samu has quit IRC
22:56:23 <DorpsGek_III> [OpenTTD/team] glx22 commented on issue #93: [nb_NO] Translator access request https://git.io/Jk6Vf
22:58:24 <LordAro> TrueBrain: briefly completely locked myself out of bananas-1 and wasn't able to make outgoing connections either, just had my existing ssh session
23:01:37 <glx> milek7: same happens in CI it seems
23:02:06 <glx> I'd blame brew
23:03:56 <milek7> stackoverflow says that cmake is selecting outdated png.h from some other directory
23:04:18 <LordAro> you know where pull requests go :)
23:06:14 <milek7> ah, this is not ottd thing
23:06:26 <milek7> ottd probably doesn't care about old libpng?
23:07:10 <LordAro> not hugely, no
23:07:51 <glx> we don't enforce a minimum version
23:16:38 *** debdog has joined #openttd
23:17:07 <milek7> whatever it does, `set (CMAKE_FIND_FRAMEWORK LAST)` solves this
23:20:03 *** D-HUND has quit IRC
23:28:12 *** HerzogDeXtEr has quit IRC
23:31:56 *** sla_ro|master has quit IRC
23:33:58 *** Progman has quit IRC
23:38:47 <DorpsGek_III> [OpenTTD/aws-infra] LordAro updated pull request #4: Add: ansible playbook for configuring new caching content servers https://git.io/JkCEU
23:38:55 <DorpsGek_III> [OpenTTD/aws-infra] LordAro commented on pull request #4: Add: ansible playbook for configuring new caching content servers https://git.io/JkPUM