IRC logs for #openttd on OFTC at 2021-12-13
⏴ go to previous day
00:18:39 *** WormnestAndroid has joined #openttd
00:50:00 *** Tirili has quit IRC (Quit: Leaving)
02:14:59 <DorpsGek> [OpenTTD/OpenTTD] glx22 opened pull request #9745: Fix #9720: Delay start of GS/AI to after loading of savegame https://git.io/JDlYm
02:22:05 *** WormnestAndroid has quit IRC (Remote host closed the connection)
02:22:18 *** WormnestAndroid has joined #openttd
02:36:00 *** roadt__ has quit IRC (Ping timeout: 480 seconds)
02:53:51 <DorpsGek> [OpenTTD/OpenTTD] glx22 updated pull request #9745: Fix #9720: Delay start of GS/AI to after loading of savegame https://git.io/JDlYm
03:25:39 *** Wormnest has quit IRC (Quit: Leaving)
03:25:41 *** debdog has quit IRC (Ping timeout: 480 seconds)
03:34:40 *** D-HUND is now known as debdog
04:58:54 *** _aD has quit IRC (Quit: leaving)
05:40:45 <DorpsGek> [OpenTTD/OpenTTD] 2TallTyler commented on pull request #9739: Copy server invite code to the clipboard automatically https://git.io/JDlyW
06:59:21 *** nielsm has quit IRC (Ping timeout: 480 seconds)
07:25:42 *** sla_ro|master has joined #openttd
07:48:23 *** ChanServ sets mode: +v tokai
07:55:22 *** tokai|noir has quit IRC (Ping timeout: 480 seconds)
07:57:45 <DorpsGek> [OpenTTD/OpenTTD] pelya commented on pull request #9739: Copy server invite code to the clipboard automatically https://git.io/JD8UA
08:12:34 <DorpsGek> [OpenTTD/OpenTTD] nielsmh commented on pull request #9739: Copy server invite code to the clipboard automatically https://git.io/JD8IN
09:00:34 *** WormnestAndroid has quit IRC (Remote host closed the connection)
09:52:18 <dP> what's the right way to do calculations in grf that require more than just previous result? with temporary registers?
10:10:24 <dP> though I guess it's the same in nfo
10:15:11 <Eddi|zuHause> well, using temp storage would be the obvious solution
10:20:38 <Eddi|zuHause> so, to calculate a*b+c*d you'd do something like: A \2* B \2sto 1 \2rst C \2* D \2+ var7D[1]
10:21:49 <Eddi|zuHause> where things like "A" are standin for "<variable> <varadjust>"
10:42:56 *** Etua has quit IRC (Ping timeout: 480 seconds)
11:22:01 <FLHerne> I guess in some contexts you'd need to use actionD vars instead
11:31:26 *** andythenorth has joined #openttd
11:31:37 <andythenorth> so apparently the fastest way to patch log4j is to deliver an exploit payload with the patch
11:31:48 <andythenorth> this is both lolz, and beautiful
11:47:21 <Eddi|zuHause> that's the usual modus operandi for exploit payloads, once you entered, the first step is to fix the known exploits so you're not interrupted by anyone else also trying the exploit
11:49:14 <andythenorth> I hadn't come across it in the ethical hacking / fixing broken in prod. arena before
11:49:21 <andythenorth> although in retrospect it's completely obvious
11:52:51 <Eddi|zuHause> you just leave out the part where you install your own backdoor
11:53:14 *** Etua has quit IRC (Quit: Etua)
11:57:24 <Eddi|zuHause> also, most things in life are completely obvious in retrospect
12:17:46 *** Etua has quit IRC (Ping timeout: 480 seconds)
12:22:31 <andythenorth> in retrospect, that's obvious
12:27:26 <Eddi|zuHause> that's why, when someone tells you a pattern, you start seeing it everywhere, even in places you're very familiar with
12:56:49 *** WormnestAndroid has joined #openttd
13:26:32 *** andythenorth has quit IRC (Quit: andythenorth)
13:35:57 *** virtualrandomnumber has joined #openttd
13:36:33 *** virtualrandomnumber has quit IRC (Remote host closed the connection)
13:56:12 *** andythenorth has joined #openttd
14:46:40 *** Smedles has quit IRC (Quit: No Ping reply in 180 seconds.)
14:50:53 *** Smedles has joined #openttd
15:32:02 <DorpsGek> [OpenTTD/OpenTTD] LC-Zorg commented on pull request #9739: Copy server invite code to the clipboard automatically https://git.io/JD4uf
15:46:19 *** blathijs has quit IRC (Quit: reboot)
15:46:43 <DorpsGek> [OpenTTD/OpenTTD] LC-Zorg opened issue #9746: [Issue]: Finding the server with the invite code is tricky and requires knowledge of the "ritual" https://git.io/JD42v
15:51:46 <LordAro> well that's a fundamental misunderstanding of how it works
15:52:37 <DorpsGek> [OpenTTD/OpenTTD] LC-Zorg opened issue #9747: [Issue]: The visibility of the invitation code in the GAME INFO section is redundant and confusing. https://git.io/JD4aO
15:53:04 *** blathijs has joined #openttd
15:53:04 *** ChanServ sets mode: +o blathijs
15:55:00 <DorpsGek> [OpenTTD/OpenTTD] nielsmh commented on issue #9746: [Issue]: Finding the server with the invite code is tricky and requires knowledge of the "ritual" https://git.io/JD42v
15:55:29 <LordAro> though i'm not saying the UI couldn't be improved
15:58:33 <DorpsGek> [OpenTTD/OpenTTD] LC-Zorg commented on issue #9746: [Issue]: Finding the server with the invite code is tricky and requires knowledge of the "ritual" https://git.io/JD42v
15:58:39 <DorpsGek> [OpenTTD/OpenTTD] nielsmh commented on issue #9747: [Issue]: The visibility of the invitation code in the GAME INFO section is redundant and confusing. https://git.io/JD4aO
16:00:02 <DorpsGek> [OpenTTD/OpenTTD] nielsmh commented on issue #9746: The function of the Add Server button is not clear https://git.io/JD42v
16:06:07 *** Wormnest has joined #openttd
16:07:25 *** blathijs has quit IRC (Remote host closed the connection)
16:07:43 *** blathijs has joined #openttd
16:07:43 *** ChanServ sets mode: +o blathijs
16:24:09 <DorpsGek> [OpenTTD/OpenTTD] 2TallTyler commented on issue #9747: [Issue]: The visibility of the invitation code in the GAME INFO section is redundant and confusing. https://git.io/JD4aO
16:36:42 <dP> yeah, ui of network lobby is very confusing sometimes
16:36:49 <DorpsGek> [OpenTTD/OpenTTD] LC-Zorg commented on issue #9747: [Issue]: The visibility of the invitation code in the GAME INFO section is redundant and confusing. https://git.io/JD4aO
16:51:16 <DorpsGek> [OpenTTD/OpenTTD] LC-Zorg commented on issue #9746: The function of the Add Server button is not clear https://git.io/JD42v
16:56:07 <DorpsGek> [OpenTTD/OpenTTD] nielsmh commented on issue #9746: The function of the Add Server button is not clear https://git.io/JD42v
17:03:00 <DorpsGek> [OpenTTD/OpenTTD] 2TallTyler commented on issue #9747: [Issue]: The visibility of the invitation code in the GAME INFO section is redundant and confusing. https://git.io/JD4aO
17:08:33 *** Flygon has quit IRC (Quit: A toaster's basically a soldering iron designed to toast bread)
18:04:58 <peter1138> Polish translation is wrong therefore... update the translation?
18:06:08 <DorpsGek> [OpenTTD/OpenTTD] LordAro commented on issue #9747: [Issue]: The visibility of the invitation code in the GAME INFO section is redundant and confusing. https://git.io/JD4aO
18:06:11 <DorpsGek> [OpenTTD/OpenTTD] LordAro closed issue #9747: [Issue]: The visibility of the invitation code in the GAME INFO section is redundant and confusing. https://git.io/JD4aO
18:36:59 *** gelignite has joined #openttd
19:13:58 *** Montana has joined #openttd
19:30:45 <DorpsGek> [OpenTTD/OpenTTD] absay started discussion #9749: Clarification about a specific commit (lang strings related) https://git.io/JDBk9
19:34:20 <andythenorth> anyone use FIRS?
19:34:25 <andythenorth> seems to be broken
19:36:28 <andythenorth> hmm also S3 is not fully log4j patched yet
20:16:33 <andythenorth> this is like 3 person days so far here, and we don't even have any log4j
20:18:22 <peter1138> Guys, just grow up and be paid!
20:21:15 <andythenorth> that tweet reads weird, I saw it earlier
20:21:32 <andythenorth> is the point actually that log4j is under the ASF umbrella?
20:26:26 <peter1138> The point is that people don't seem to realise that open source is generally not massively funded...
21:02:52 <DorpsGek> [OpenTTD/OpenTTD] codetwice commented on issue #9743: [Crash]: OpenTTD crashes on startup (MacBook Pro 2020, M1) https://git.io/JDCuI
21:26:22 <glx> I guess MemSetT was unknown for touchbar implementator
21:27:36 <DorpsGek> [OpenTTD/OpenTTD] nielsmh commented on issue #9743: [Crash]: OpenTTD crashes on startup (MacBook Pro 2020, M1) https://git.io/JDCuI
21:27:54 <nielsm> looks seriously weird to me
21:36:33 <andythenorth> hmm log4j is basically the SaaS industry equivalent of covid
21:36:38 <andythenorth> everyone is potentially owned
21:39:45 <Rubidium> not quite I guess; it's quite easy to react and prevent problems (if/when) you got things in your own hands
21:40:53 <Rubidium> I've updated everything developed in-house to the latest log4j, which is essentially like our monthly python library update thing
21:42:19 <Rubidium> and for the few external tools I just removed JndiLookup.class from the jars. Done in a few hours. Ofcourse I rather did not have to do it, but everyone makes mistakes
21:43:32 <glx> nielsm: could it be a broken sprite ?
21:44:31 <nielsm> glx that's my best idea too, I wonder if a broken baseset file is possible... except that would have to pass an md5 sum
21:44:45 <nielsm> or if there's a static newgrf involved somehow
21:45:13 <nielsm> there's checks for "sprite exists" before trying to draw it though
21:45:22 <nielsm> I'd think that fails with no baseset, or not?
21:47:07 <glx> but then it fallbacks to SPR_IMG_QUERY
21:47:35 <glx> which will inexistant too in no baseset case
21:48:27 <glx> but I don't know how touch bar code is plugged
21:48:48 <andythenorth> if you depend on external vendors that handle any sensitive data for you log4j is a PITA much more so than e.g. heartbleed was
21:49:16 <andythenorth> and the dependency stacks are so deep between vendors
21:49:34 <andythenorth> if S3 is owned for example (unlikely) that's probably another 20 of my vendors compromised
21:49:42 <glx> hmm baseset should be present anyway if 1.11.2 works
21:51:27 <andythenorth> the ELK stack was vulnerable, so a lot of people might now be reviewing their SIEM, wondering if they can trust it
21:53:14 <andythenorth> probably doors were closed before exploits were exploited, but eh
21:53:23 <andythenorth> if the logs are poisoned...who knows
22:00:15 *** gelignite has quit IRC (Quit: Stay safe!)
22:14:23 <andythenorth> it's like getting eaten by your own guard dog
22:14:30 <andythenorth> 'when the SIEM is the attack vector'
22:15:19 <andythenorth> well 50% of my vendors are claiming 'no impact', most of the rest are 'investigating, check back for updates'
22:15:32 <andythenorth> a minority seem to be pretending the whole thing doesn't exist at all
22:17:35 <SpComb> AFAIK there's two situations where you are not vulnerable: log4j 1.2.x (without special non-default configuration), or using log4j-to-slf4j with only log4j-api-*.jar and not log4j-core-*.jar
22:17:42 *** Montana has quit IRC (Quit: Leaving)
22:18:25 <andythenorth> at some point, print media and paper forms starts looking attractive again
22:19:13 <SpComb> lots of people were probably mislead by the early reporting on certain newer JE versions not being vulnerable to the JNDI LDAP RCE exploit - that may be the case, but they are certainly vulnerable to info leaks via DNS at least
22:19:29 <andythenorth> it didn't help that the initial framing was about consumer use of minecraft
22:19:38 <andythenorth> I didn't pay attention for the first 24 hours
22:19:59 <andythenorth> it was framed in mainstream media as a bug in an obscure piece of software
22:20:16 *** nielsm has quit IRC (Ping timeout: 480 seconds)
22:34:23 <andythenorth> nobody tried to nick my Ford Transit until the Daily Mirror produced an expose video showing how easy it was :P
22:34:49 <andythenorth> which did get the issue addressed by Ford retrospectively but eh
22:35:04 <andythenorth> can break a transit lock with a teaspoon it seems
22:35:31 <andythenorth> ok today was long enough, and enough paperwork
22:35:43 *** andythenorth has quit IRC (Quit: andythenorth)
22:50:15 *** Tirili has quit IRC (Ping timeout: 480 seconds)
23:01:42 *** Wolf01 has quit IRC (Quit: Once again the world is quick to bury me.)
23:07:27 *** sla_ro|master has quit IRC ()
23:45:32 *** Etua has quit IRC (Quit: Etua)
23:47:05 <DorpsGek> [OpenTTD/OpenTTD] LC-Zorg commented on issue #9746: The function of the Add Server button is not clear https://git.io/JD42v
continue to next day ⏵