IRC logs for #openttd on OFTC at 2024-12-09
⏴ go to previous day
00:47:43 <johnfranklin> Why can’t I play loop in Spotify now? What happened?
00:50:17 <wensimehrp> use Spotube then 😛
03:03:05 *** Wormnest has joined #openttd
03:13:15 *** gnu_jj_ has joined #openttd
03:16:54 *** gnu_jj has quit IRC (Ping timeout: 480 seconds)
03:49:13 *** Zathras has joined #openttd
03:52:16 *** D-HUND has quit IRC (Ping timeout: 480 seconds)
03:52:36 *** debdog has quit IRC (Ping timeout: 480 seconds)
04:16:28 *** Zathras is now known as debdog
04:46:25 <DorpsGek> - Update: Translations from eints (by translators)
06:25:04 *** keikoz has quit IRC (Ping timeout: 480 seconds)
07:18:09 <DorpsGek> - Add: summary for week 49 of 2024 (by OpenTTD Survey)
07:31:34 <andythenorth> translations are quite labour intensive
07:44:34 <wensimehrp> andythenorth: sure I won't do cocks 😄
07:47:01 <peter1138> Eints doesn't validate either.
07:56:00 <peter1138> Oof, a codefix that.
08:16:05 <peter1138> Hmm, why is the NewGRF debug window not translatable?
08:20:37 <andythenorth> hmm wonder if something could validate translation files 😛
08:23:31 *** tokai|noir has joined #openttd
08:23:31 *** ChanServ sets mode: +v tokai|noir
08:27:56 *** tokai has quit IRC (Ping timeout: 480 seconds)
08:35:42 <andythenorth> peter1138: I get all these github dependabot alerts nagging me about vulnerable jquery in ancient tags
08:35:56 <andythenorth> can't that validate for `eval(malware)`
09:14:28 <LordAro> why's it bothering to notify about existing tags?
09:17:35 <andythenorth> because they have vulns
09:17:48 <andythenorth> I have live code deployed on the web with vulnerable jquery in it
09:18:04 <LordAro> sure, but they're tags
09:18:08 <LordAro> tags don't get changed
09:18:10 <andythenorth> addressing that means either rewriting the tag, or pulling the version
09:18:42 <LordAro> seems silly to suggest that by default
09:20:04 <andythenorth> might be a dependabot setting I need to tune
09:20:27 <andythenorth> vulns in tags is a bit 'rock', 'hard place'
09:20:42 <andythenorth> but I suspect security wins
09:20:48 <LordAro> nice to know about perhaps
09:20:57 <LordAro> but repeated messages... eh
09:21:23 <andythenorth> it's weird to pull a tag for a grf because the html docs for the grf include a vulnerable jquery, for stuff I don't think I execute any code paths for
09:21:35 <andythenorth> with xss vulns on a static website served on S3
09:21:50 <andythenorth> not sure this internet thing is going to be sustainable
09:28:53 <LordAro> if nothing else there should be a way of dismissing the warning as not relevant
09:57:38 <andythenorth> It can be closed manually
09:58:37 <andythenorth> Some of this is just “maybe running software projects is no longer wise as a hobby” 🙂
09:58:50 <andythenorth> Or at least for non-programmers
10:02:38 <andythenorth> we don't allow people to install their own gas boilers at home any more 🙂
10:09:23 *** kuhnovic has joined #openttd
10:51:42 <johnfranklin> is gibraltar worth visiting at winter?
10:57:12 <andythenorth> Tenerife is worth visiting in winter 😛
11:01:58 <johnfranklin> no schengen visa 😦
11:44:09 <reldred> Colleague of mine is from St Helena, sounds like a nice enough place to visit.
11:44:34 <reldred> Gibraltar would be interesting too.
11:45:59 <andythenorth> Hmm GS could use potable class for town growth triggering
11:46:13 <andythenorth> Although we town effect cargo thing also
11:46:46 <peter1138> Can GS manually place houses yet?
11:47:08 <andythenorth> GS is under-loved
11:47:32 <andythenorth> Port it from crappy Squirrel to something normal maybe? 🙂
11:48:41 <xarick> windows graphic calculator is stupid! regional settings such as comma separator is ruining it
11:49:16 <xarick> we use 0,3 to represent 0.3
11:49:58 <xarick> this expression wont work { x <= 100 ? x : 100 + 0.1 * ((x - 100) ^ 0.5) }
11:50:20 <xarick> { x <= 100 : x ; x > 100 : 100 + 0,1 * ( ( x - 100 ) ^ 0,5 ) }
11:50:20 <xarick> this won't work either
11:50:32 <xarick> now it divides 100 / x
11:51:26 <xarick> neither this { x <= 100 : x , x > 100 : 100 + 0,1 * ( ( x - 100 ) ^ 0,5 ) }
11:51:26 <xarick> now it's telling me it's missing decimal points...
11:53:14 <xarick> it's an english based calculator trying to apply regionalism in it, of course that's disasterous
11:54:06 <xarick> I better give up before I get mad
12:11:36 <kuhnovic> A poor craftsman blames his tools
13:03:22 <merni> xarick: What's the ? doing there
13:04:10 <merni> none of your expressions really make much sense as a single thing to graph, honestly :p
13:04:46 <merni> maybe they do in whatever arcane notation windows calculator uses idk
13:13:55 <LordAro> which isn't something i would expect to be localised
13:39:56 *** nielsm has quit IRC (Ping timeout: 480 seconds)
13:53:43 <FLHerne> johnfranklin: It is, yes
13:54:39 <FLHerne> my dad lives in Estepona just up the coast, I went out there for Christmas one year. When I left it was -7°C and my boat was frozen into three inches of ice, went out there and it was shirtsleeves weather, came back and my boat was still stuck in the ice :-/
14:51:05 *** kuka_lie has joined #openttd
15:21:18 *** gelignite has joined #openttd
15:25:10 <merni> LordAro: a ternary in a calculator?
15:25:28 <LordAro> in a graphing calculator, sure
15:41:40 <Rubidium> FLHerne: though if johnfranklin does not have a Schengen visa, going 'just up the coast' isn't going to work. Not that I can say anything useful about Gibraltar itself, except that it seems quite tiny
16:05:53 <FLHerne> Rubidium: I mean, the climate in winter doesn't change dramatically at the border :p
16:06:47 <FLHerne> there's quite a lot to see in Gibraltar, great big rock mountain covered in historical fortifications and things
17:09:34 *** gnu_jj_ has quit IRC (Ping timeout: 480 seconds)
17:23:07 *** Wormnest has joined #openttd
17:28:04 <johnfranklin> The most important thing is… sunbath. I would not stay for long, it is expensive
18:08:04 <xarick> red is bad, green is good
18:13:38 <xarick> where do i find openttd weekly statistic? need to get the most used map gen settings 🙂
18:37:54 <andythenorth> what are the TOML attack vectors?
18:39:32 <peter1138> A linter would perhaps help with syntax checking?
18:41:13 <andythenorth> there's a couple of TOML linters
18:41:22 <andythenorth> GPT suggests I use pydantic for schema verification
18:41:33 <_jgr_> The most obvious vector for "malicious content" would be deliberately incorrect translation, at some you have to just take it on faith it isn't
18:41:37 <andythenorth> and reddit suggests Bandit
18:41:42 <peter1138> if (this->map_type != SMT_OWNER || tbl->company != INVALID_COMPANY) {
18:41:42 <peter1138> if (this->map_type == SMT_OWNER) SetDParam(0, tbl->company);
18:41:52 <peter1138> This code block is breaking my head.
18:42:23 <andythenorth> TBH, I'd be happier not accepting translations from users
18:42:30 <andythenorth> there's something particularly weird about it
18:42:47 <andythenorth> at least with an nml or python PR I can kind of read it
18:43:25 <andythenorth> and I know that usually, the person providing the PR is socially motivated to not attack me
18:44:01 <andythenorth> pulling down untrusted, unknown 3rd party code locally just for lang changes seems like needless risk
18:45:23 <_jgr_> Surely for any PR you need to read the whole diff before merging
18:45:40 <andythenorth> generally I do, to the extent my eyes and brain work 😛
18:45:41 <johnfranklin> Are those who cannot read English considered vulnerabilities?
18:45:53 <_jgr_> Even for translation PRs that means skimming it to check there's no obivous formatting issue
18:46:32 <andythenorth> it's a basic hygiene issue, on a web app we don't take user content and then exec with it
18:46:37 <peter1138> See, that's an advantage of regular langauge files. They're just text.
18:46:42 <andythenorth> I'm doing the same, but with full local privileges
18:46:51 <andythenorth> they're not text once I start parsing them
18:47:31 <andythenorth> but yes, maybe TOML was a mistake, it's a relatively niche untrusted format
18:47:47 <johnfranklin> The problem is, we cannot stop consuming food just because it has potential to make us choke.
18:48:02 <andythenorth> yes but we don't willingly eat broken glass
18:48:17 <andythenorth> accepting 3rd party code and running it through the compile is mad
18:48:29 <_jgr_> That is the whole point of what a PR is?
18:48:37 <johnfranklin> We cannot stop those who cannot read English from playing the game and FIRS.
18:48:49 <andythenorth> I don't understand?
18:49:10 <andythenorth> am I now socially obliged to willingly get my environment owned?
18:49:20 <andythenorth> just for translations on pixel trains?
18:49:55 <johnfranklin> I don’t understand.
18:51:39 <johnfranklin> English brain is generally privilaeged.
18:51:48 <peter1138> If the syntax is valid, what's the problem?
18:55:16 <mnhebi> you assume boldly that there is syntax.
18:55:45 <mnhebi> reality is someone gives it to chaptgpt :3
18:56:03 <peter1138> TOML looks a bit like .ini
18:56:21 <wensimehrp> problem is that the diff (in the FIRS case) is only one single toml file
18:56:38 <wensimehrp> I can't think of any vulnerabilities issues
18:58:44 <wensimehrp> ultimately even if the translator actually made every single line "cocks" - it's doesn't matter. Translation mistakes are very common, and not all players will be upset because of that.
19:05:23 <wensimehrp> > Translation pull requests (PRs) are not generally considered vulnerabilities issues. They typically involve changes to the text or localization of an application and do not inherently introduce security risks. However, it's always important to review any PR for potential security concerns, regardless of its nature.
19:14:26 <peter1138> If I have language files in .lng format, what do I need to enable user-submitted translations?
19:16:15 <peter1138> (In a github repository)
19:16:40 *** Wormnest_ has joined #openttd
19:17:24 *** Wormnest has quit IRC (Read error: Connection reset by peer)
19:17:45 <andythenorth> you give people commit rights on the repo?
19:24:37 <andythenorth> hmm how do I find all the vulns in python's tomllib and also 3rd party tomlkit that I use?
19:25:13 <andythenorth> it's meaningless to read the lang diffs because I don't know what the risks that I have to identify are
19:25:30 <andythenorth> really, I'm way out my depth here, and I think it's just a bad idea
19:28:38 <peter1138> I recommend disabling PRs in github if you don't want to accept PRs.
19:31:20 <peter1138> You could also remove existing translations if you don't want to support up to date translation iles.
19:32:18 <peter1138> This is not what I would do, mind you.
19:32:32 <andythenorth> I am considering removing translations entirely
19:34:04 <peter1138> I guess there be another fork of FIRS.
19:34:53 <andythenorth> the ideal would be a translations fork
19:35:00 <andythenorth> that just syncs to upstream, but takes in the translations
19:35:11 <peter1138> If it was me, I would just lint the toml file, ensure there's no syntax errors, and job done.
19:35:18 <LordAro> andy's in one of those moods, huh
19:35:24 <peter1138> This is really bizarre, yes.
19:35:44 <LordAro> run it through google translate if you're really concerned
19:35:58 <peter1138> Is it the validity of the translations that's at issue?
19:36:06 <andythenorth> I don't care about that at all
19:36:17 <andythenorth> I'm running untrusted code locally with full privileges
19:36:37 <LordAro> nor are you (hopefully) running it with full privileges?
19:36:52 <andythenorth> it's macOS, the security environment is 'faceted'
19:37:02 <andythenorth> I'm not running it like a Windows Admin
19:37:19 <andythenorth> but it has full local filesystem access
19:37:30 <andythenorth> kind of how things work 😛
19:37:45 <LordAro> access? maybe. writable? no
19:37:55 <andythenorth> it's a python app, it writes a grf and docs
19:38:03 <andythenorth> and runs make and shell
19:38:10 <LordAro> shellcode exploits are really obvious to anyone with eyes
19:38:11 <andythenorth> it's pretty much 'come own me' I think me
19:38:41 <peter1138> If a toml file manages to break your own custom toml library, that's quite bad.
19:38:46 <andythenorth> I have no idea how to analyse unicode for e.g. buffer overflow exploits in tomllib or tomlkit, or the html templating library
19:38:59 <andythenorth> I am not a programmer, I can't do this kind of analysis
19:39:00 <peter1138> If it manages to break a standard implement, that's... going to be fixed before you knew about it.
19:39:24 <LordAro> there is zero chance you could fit any sort of buffer overflow, shellcode or any other exploit in a single character set
19:42:17 <peter1138> Hmm, this is fishy.
19:42:49 <peter1138> for (const auto *t : towns) {
19:42:49 <peter1138> ArrayStringParametersWriter<2> params;
19:42:49 <peter1138> params.SetParam(0, t->index);
19:42:49 <peter1138> params.SetParam(1, t->cache.population);
19:42:51 <peter1138> ViewportAddString(dpi, ZOOM_LVL_OUT_4X, &t->cache.sign,
19:42:51 <peter1138> _settings_client.gui.population_in_label ? STR_VIEWPORT_TOWN_POP : STR_VIEWPORT_TOWN,
19:42:53 <peter1138> STR_VIEWPORT_TOWN_TINY_WHITE, STR_VIEWPORT_TOWN_TINY_BLACK, INVALID_COLOUR, params);
19:43:23 <peter1138> If I move the `params` array just outside of the loop, then my parameters get clobbered.
19:43:45 <peter1138> "Don't do that then" ... but I'm confused why.
19:48:25 <peter1138> (I wanted it to be static, so that it sort of works like global parameters, except not global...)
19:49:34 <andythenorth> Hmm so the main risk I think is if I’ve done something like `eval()` on the toml contents
19:50:23 <LordAro> main risk is doing a lot of heavy lifting there
19:50:29 <LordAro> but theoretically? sure
19:50:33 <andythenorth> I’m less bothered about the javascript risks in string handling in the docs, the browser should cover enough of that
19:50:40 <LordAro> and i do mean *theoretically*
19:50:58 <LordAro> like, theoretically the atoms in my hand will align such that it passes through my desk sort of theoretically
19:51:49 <andythenorth> Usually the antidote to tinfoil is compliance…
19:51:57 <peter1138> Hmm, oh, this other thing is wrong 😦
19:51:58 <LordAro> but then you also have an active connection to the internet, so i'm not sure what your threat model is here
19:53:08 <peter1138> This might be a performance killer after all :S
19:59:10 <andythenorth> ok so, assuming pure python, if I'm not calling `eval()` on the parsed toml contents....
19:59:28 <andythenorth> ...then any attack vector has to assume vulns in python standard libs?
20:01:03 <andythenorth> or my text editor, if I open them
20:02:39 <LordAro> like i say, i'm not sure your threat model qualifies for this level of paranoia
20:02:58 <LordAro> you're not being chased by Mossad, are you?
20:04:52 <andythenorth> it's more about quantifying the risk, and whether it's acceptable or not
20:05:33 <andythenorth> but I think the most benefit might come from e.g. CodeQL on the actual compile code
20:07:07 <andythenorth> CodeQL is running in github, for the limited benefit it provides
20:07:32 <andythenorth> nice clipart in the MS page
20:13:15 <andythenorth> hmm CodeQL hasn't raised alerts for the `eval()` instances in FIRS code
20:15:08 <andythenorth> `eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");`
20:15:22 <andythenorth> copy-paste code from Stack Overflow I think
20:16:13 <peter1138> Where is your threat model when you are copying untrusted code from StackOverflow?
20:16:20 <LordAro> probably because it's embedded in a string
20:16:36 <LordAro> oh no, i've misread your quotes
20:16:39 <andythenorth> peter1138: isn't it
20:16:59 <andythenorth> GPT says that code is naughty
20:18:25 <andythenorth> yeah the example there is pretty similar to my case
20:18:40 <LordAro> i assume codeql is configured to scan js?
20:18:52 <andythenorth> default GH settings
20:20:08 <andythenorth> hmm the JS is inline in html files
20:20:16 <andythenorth> CodeQL isn't scanning those
20:21:14 <andythenorth> there's no option to enable it
20:21:40 <peter1138> If it's javascript inside html files then it's not really running on your untrusted machine.
20:22:03 <peter1138> It's not really running as a privileged user on your machine.
20:22:07 *** Flygon has quit IRC (Quit: A toaster's basically a soldering iron designed to toast bread)
20:22:27 <LordAro> peter1138: but what if there's a bug in the browser?!
20:22:38 <andythenorth> no we're not playing total tinfoil 😛
20:22:47 <andythenorth> I spent too many years on that
20:23:10 <andythenorth> 'now we have to inspect our Dell servers all the way back to the point of manufacture'
20:24:05 <andythenorth> this is all silly
20:24:21 <andythenorth> why do grfs have to compile the translations and make a release?
20:25:06 <peter1138> How would you like to distribute translations?
20:25:29 <peter1138> "Community effort that I have no involvement with"?
20:25:40 <andythenorth> you put it better than I ever could have 😛
20:27:15 <LordAro> Someone(tm) should finish that new eints replacement
20:27:28 <LordAro> then Someone(tm) could write it into a GH action
20:30:04 <peter1138> It can't commit to the NewGRF's repository.
20:31:02 <andythenorth> could decompile and recompile the grf 😛
20:31:06 <Rubidium> so languages become DLC of the DLC's?
20:31:50 <LordAro> peter1138: could if you gave it permission
20:32:20 *** squirejames has joined #openttd
20:32:20 <squirejames> I was going to say, forgive my neophyte understanding of OpenTTD and NewGRFs, but is it not possible to have the language file be an external, uncompressed file? That way users could make their own translation (including making every string "cock" if they wish) and not touch the GRF itself?
20:32:41 <peter1138> But then it would need to be compiled and a release made, and he doesn't want that. That's the same untrusted 'code' being commited, but automatically instead of a reviewable PR.
20:32:43 <wensimehrp> squirejames: Hard. Strings is a part of the Graf
20:33:40 <andythenorth> we used to have eints commiting to grf repos
20:33:49 <andythenorth> I was glad when it stopped
20:34:02 <andythenorth> eints was a 2 person project, I was one of the 2
20:34:17 <andythenorth> there was no real security model and no fuzz testing or anything else
20:35:34 <_jgr_> Is any part of the OpenTTD ecosystem fuzz=tested?
20:36:06 <andythenorth> no, but the main repo does have a set of gates
20:36:20 <andythenorth> it's very trust based still
20:37:03 <peter1138> Okay, so we create user-editable... what SquireJames said.
20:37:20 <peter1138> Users can then translate to whatever they like.
20:37:27 <andythenorth> I wonder how much it would cost me in OpenAI or AWS Translate credits
20:37:32 <peter1138> This not shared, but it's not possible to trust user content.
20:37:34 <andythenorth> to just translate to n major languages
20:37:49 <peter1138> So each user will need to make their own translation files.
20:38:18 <peter1138> Benefit: No need to make NewGRF releases.
20:38:37 <peter1138> Downside: Users will have a terrible experience and hate it.
20:38:55 <andythenorth> why can't translations just be DLC on bananaramas?
20:39:20 <wensimehrp> andythenorth: GPT translated content looks like English and doesn't follow Chinese writing rules
20:39:34 <andythenorth> I am sad but unsurprised 😐
20:39:43 <andythenorth> LLM translations are good for what they're good for
20:40:09 <andythenorth> they outperform human translators for some cases
20:40:33 <_jgr_> If translations are uploaded to bananas, who can authorise translations to be added to an existing GRF?
20:41:43 <_jgr_> If it's the original author, it's not significantly different from the status quo
20:42:09 <Rubidium> _jgr_: they wouldn't be added to the existing GRF, but could be downloaded alongside the existing GRF
20:42:33 <_jgr_> From the point of the users the result if the same either way
20:42:43 <andythenorth> eints didn't involve an auth step for the grf author
20:42:45 <peter1138> For "added to" read as "add alongside"
20:42:51 <andythenorth> it was just...boom..here's commits
20:43:06 <Rubidium> though the authorisation thing kinda stands, but I guess that's 'being authorized to use the translator' and the GRF/GS owner allowing it to be translated
20:44:02 <peter1138> Are we doing OpenTTD translations incorrectly?
20:45:08 <Rubidium> well, I guess it would be nice if translation updates wouldn't necessarily require a release (for those strings where that's possible)
20:45:57 <Rubidium> but... that sounds like a lot of work that someone needs to do
20:48:08 <peter1138> How do you identify a NewGRF string?
20:48:23 <peter1138> Hmm, perhap it could be done literal style.
20:49:02 <peter1138> Instead of mapping by some numeric code to translated string, map the NewGRF's native string to the translated string.
20:49:06 <peter1138> Whatever the "native string" is.
20:49:18 <_jgr_> Strings which are the same in English are not necessarily the same in other languages
20:49:46 <_glx_> you can always run github actions to validate anything from a PR before even thinking of accepting it
20:51:01 <peter1138> andythenorth: Yeah, that's probably not the best example.
20:51:24 <_glx_> wrong dependabot config ?
20:52:11 <peter1138> Doesn't really matter, if you can configure that incorrectly, you can configure your github actions incorrectly.
20:52:22 <peter1138> And that stills needs releases.
20:54:13 <xarick> experimenting with lower values of j
20:54:30 <xarick> j = 50, faster, less trees, j = 100, slower, more trees
20:54:58 <xarick> and then master, with an uncontrolled j
20:55:40 <andythenorth> _glx_: I just used the default GH config initially
20:56:28 <andythenorth> my experience of any automated validators is that they're not really useful until they're configured to only emit useful alerts
20:56:49 <andythenorth> but depdendabot is for risks I don't understand so 🙂
21:00:53 <andythenorth> kind of curious about running grfcodec in a lambda 😛
21:01:12 <andythenorth> decompile, add lng files, recompile 😛
21:01:25 <andythenorth> hmm lambdas on AWS might be python and node only
21:02:17 <andythenorth> oh custom runtimes can be created
21:08:02 <andythenorth> DLC grf badges? 😛
21:10:06 <wensimehrp> So what is the problem we are discussing now
21:12:58 <andythenorth> I no longer know 🙂
21:14:17 <wensimehrp> So translation PRs?
21:21:25 *** gelignite has quit IRC (Quit: Stay safe!)
21:24:38 <johnfranklin> Do you want only those who speak English to play your GRFs?
21:24:49 <andythenorth> I still don't understand your perspective
21:25:16 <andythenorth> why am I obliged to accept vulnerable to my local devices without validating it?
21:25:23 <johnfranklin> The population base of those who cannot speak English is HUGE.
21:25:39 <andythenorth> the population base of people who would like to own stranger's devices is also huge
21:25:55 <peter1138> This is a pretty weird hill to die on.
21:27:10 <_glx_> it should not be too hard to have an action to build the PR
21:27:35 <_glx_> but I still don't see how a text file would be a problem
21:28:01 <_glx_> it's static, and not executed
21:28:25 <LordAro> andythenorth: i'm not sure i'd describe it as huge
21:29:04 <LordAro> but even so, the number of people that wish to do so via a completely custom exploit via a translation service to an extension to a (let's face it) relatively minorly used video game?
21:29:08 <johnfranklin> Will you be willing to exclude non-English speakers? Like in the past, America excluding some minor ethnicities?
21:30:23 <LordAro> if you're genuinely concerned about your local devices... stop using them? docker/VMs are perfectly viable options, as are just connecting to some remote server
21:30:48 <wensimehrp> johnfranklin: Hey, you’re going a bit extreme
21:31:36 <andythenorth> why doesn't someone do a translations fork?
21:31:51 <LordAro> that's what a PR is andy
21:31:53 <andythenorth> I don't mind being the upstream
21:31:57 <johnfranklin> This is Anglosphere Imperialism.
21:32:06 <LordAro> johnfranklin: you need to stop
21:32:10 <andythenorth> he's just doing lolz
21:32:18 <LordAro> andythenorth: you also need to stop
21:32:57 <andythenorth> well my current policy is not to merge translation PRs
21:33:02 <andythenorth> which stopped the issue
21:33:25 <LordAro> that existing translation got there somehow, i'm pretty sure you didn't write it
21:33:59 <squirejames> johnfranklin: I mean, we just did it better than the French, Spanish, Portuguese, Dutch, Belgians etc
21:35:31 <squirejames> johnfranklin: To be serious, I make mods for other games. They're written in the language I speak natively, that being British English. I am not good enough at others to translate them. It's never come up as a problem in 20 years of modding.
21:36:07 <johnfranklin> It is different in case of refusal of translation
21:36:28 <squirejames> Has anyone asked Andy for a non-English version of FIRS?
21:36:55 <peter1138> It has non-English.
21:37:16 <andythenorth> I don't refuse translation
21:37:27 <andythenorth> I refuse to take in untrusted 3rd party code from people who I don't know
21:37:43 <andythenorth> directly to my own project
21:37:44 <_glx_> but translations are not code
21:37:54 <andythenorth> they're TOML files, which are parsed to python data structures
21:37:55 <squirejames> I ask as, if no-one has asked him, its pretty much a non-issue
21:38:17 <LordAro> squirejames: a pull request as such is essentially someone asking for it
21:38:31 <_glx_> ah yes you added a layer to make your life harder 🙂
21:38:38 <squirejames> Okeedokes, but, as creator of the newGRF, it's entirely his decision is it not?
21:38:45 <squirejames> Same as myself and the mods I make
21:38:52 <LordAro> andy is ultimately free to do whatever he wants
21:39:06 <LordAro> everyone else is just saying that his reasoning is fuckin weird
21:39:39 <squirejames> "I don't feel comfortable doing a translation myself, as I am not fluent enough in the requested language to do so, and I do not feel comfortable opening up my code to third party edits that may be unsafe" seems reasonable to me, but, that's just my opinion
21:40:59 <squirejames> Also, is FIRS considered GPL or whathaveyou? Nothing to stop a concerned party making their own fork in whatever language they like?
21:41:23 <wensimehrp> Ok franklin you're going too extreme
21:41:39 <andythenorth> it's also continuing to be weird
21:41:48 <andythenorth> asking me to self-own my main device
21:41:55 <andythenorth> in the name of resisting cultural imperialism
21:42:02 <andythenorth> then equating that to sexual assault
21:42:23 <LordAro> johnfranklin: please google "logical fallacies", and don't come back until you've read them
21:42:23 <squirejames> It does seem a very hard line
21:42:27 <andythenorth> how many times have you been sexually assaulted?
21:42:42 <squirejames> Also, lets not use Communist China as a baseline for being morally correct
21:43:08 <squirejames> Especially in terms of respecting people's rights for self determination and self expression
21:43:13 <andythenorth> I mean...can toml be linted?
21:43:16 <andythenorth> was where I'd got to
21:43:22 <peter1138> Sorry but let's not bring serious subjects into something that doesn't warrant it.
21:43:22 <LordAro> _glx_: can you just start banning people?
21:43:24 <LordAro> this is getting silly
21:43:40 <squirejames> Yes I find the "its sexual assault" thing to be distasteful
21:44:29 <andythenorth> can't someone just be the grf translation manager?
21:44:45 <peter1138> There is no such thing.
21:45:06 <andythenorth> I thought we had a volunteer above 😛
21:45:10 <LordAro> andythenorth: schema validation seems like the only thing that would be viable
21:45:11 <peter1138> Until there is, there isn't.
21:45:26 <peter1138> I recommend you close the PR, and close the ability to make PRs.
21:45:55 <andythenorth> I can't find the setting to stop PRs whilst keeping the repo public / forkable
21:46:40 <peter1138> That makes sense, it's meant for collaboration.
21:47:15 <peter1138> I believe you can pay to have more options.
21:50:21 <johnfranklin> Andy has done more logical fallacies
21:50:41 <LordAro> it's not a competition
21:53:07 <squirejames> As I understand it, what with Michael Blunck back in the day, and the, was it CanSet or AuzSet? CanSet I think, where the maker reserved an unfeasibly large amount of IDs and made their NewGRF disable itself if any got trod on, yes, individual GRF makers might have reasoning you disagree with, but it seems that the community accepts their right to control their own work. You don't have to agree
21:53:07 <squirejames> with their reasoning, just accept their rights
21:53:35 <squirejames> Otherwise it descends into "who has the right to say what someone else can or should do" and ugh
21:53:43 <johnfranklin> So I also have rights to make tons of forks?
21:54:00 <squirejames> I believe so? Depending on licensing. I brought this up above
21:54:22 <johnfranklin> FIRS-International
21:54:36 <johnfranklin> Iron-Horse-CargoDecay
21:54:37 <squirejames> or perhaps, Internationale
21:55:32 <_glx_> yes you can fork FIRS, there are many forks already
21:56:13 <johnfranklin> But I will be disregarded by Andy as “children who don’t know what they are doing”
21:56:43 <andythenorth> I think you're confusing my opinion of the CZIS team with something else 🙂
21:57:12 <_jgr_> You can upload your own GRFs to bananas, based on FIRS or whatever else (subject to licenses, etc)
21:57:52 <squirejames> johnfranklin: And? even if that were true, and it seems a leap, what does it matter if that's what he thinks?
21:58:24 <johnfranklin> He is de facto “big person”
21:58:45 <squirejames> I believe Chris Sawyer thinks we're all weird for "tinkering with perfection" in his eyes. We still do what we do
21:59:12 <squirejames> Modding is not a popularity contest
21:59:53 <andythenorth> there's no reason FIRS distribution couldn't be changed
22:00:06 <andythenorth> so I'm the upstream, and someone else takes the translations in downstream
22:00:11 <andythenorth> then releases from there
22:00:39 <andythenorth> there's a few ways to set up git to do that
22:00:50 <peter1138> Isn't running NML, and OpenTTD, too much of a risk?
22:01:09 <andythenorth> only the same as running `pip`
22:01:22 <andythenorth> it's just different paperwork
22:01:46 <LordAro> why are those fine when text strings in a text file are not?
22:02:06 <peter1138> Now we need to stop too 😉
22:02:19 <peter1138> It's stupid. It's dumb. But it is.
22:03:09 <johnfranklin> I want Andy to expose with his heart to express why he doesn’t currently want translation… I am sorry for any confusion, or unfriendly behavior, all I want is to let more people, regardless of their capability of English, to know and play these great NewGRFs
22:04:00 *** kuka_lie has quit IRC (Quit: leaving)
22:04:44 <andythenorth> it's not a heart thing, it's a device policy
22:05:06 <andythenorth> I'm not competent to accept 3rd party code
22:05:16 <LordAro> a file containing "rm -rf /*" is not dangerous just because it exists on your computer
22:05:18 <squirejames> I was going to say, is there a reason to doubt Andy's sincerity? He's given his reasoning. You might not agree, you might not like it, but I see no reason to doubt it
22:05:26 <_glx_> looking at how the toml are read I can't see any potential problem, the file content is temporary in a dict then you pick only some stuff from it
22:05:28 <andythenorth> it's not my decision
22:05:38 <johnfranklin> I can concur there is no threat in WenSim’s translation files.
22:05:51 <_jgr_> There is an easy technical solution to just fork and upload a new GRF to bananas
22:05:52 <peter1138> An external translation system that doesn't require updates to the NewGRF to be translated is not a terrible idea.
22:06:12 <peter1138> It needs to be designed.
22:06:17 <squirejames> Like I asked about, with external Lang files?
22:06:32 <peter1138> It needs someone will to host such a system.
22:06:44 <_glx_> something similar to grf modifying other grf
22:06:47 <johnfranklin> I would also not risk to fork that “big celebrity grf”
22:07:18 <johnfranklin> It takes 1 of the 4 billion slots
22:07:25 <peter1138> _glx_: plain text would make more sense, to be honest.
22:07:47 <peter1138> In-game string editor?
22:08:39 <johnfranklin> squirejames: I don’t know, but I found Andy likes to use some “light” words to describe serious question. Maybe that is my problem.
22:08:50 <squirejames> That's how the games i've modded work. Strings and such are separate files and editable independently of the code, and usually shipped separately. (so that patches to the game are separate to any language translations and updates, and vice versa
22:09:29 <peter1138> Yeah, but NFO is quite badly designed there.
22:10:06 <squirejames> Oh I am not underestimating the limitations of what we have. I am sure it was never intended to do what we do with it either. Modding pushes boundaries like that
22:10:40 <peter1138> One of the issues is there's no stable identifier for a string.
22:11:49 <xarick> I'm satisfied with these results
22:11:49 <peter1138> Also all the special control codes.
22:11:49 <_glx_> yeah it's handled at compile time based on first seen
22:12:31 <_glx_> though in NFO you can set the ID directly, but NML can do anything
22:13:42 <peter1138> Okay. viewport signs are fucking weird.
22:13:56 <peter1138> And a lot of it is my fault 😄
22:16:33 <andythenorth> global string UUIDs? 😛
22:17:08 <peter1138> Which range will you reserve?
22:17:40 <squirejames> *screams internally* 😄
22:17:52 <_glx_> ID depends on where it's used 🙂
22:18:40 <peter1138> Original action 4 was simple enough.
22:18:46 <_glx_> the same string can be defined more than once in the final grf
22:18:47 <peter1138> feature + id, nice.
22:19:06 <johnfranklin> I think we should have some actual meeting… “only keyboard debate” may cause problems….
22:19:59 <_jgr_> I don't think there's much budget for an international standards body type meeting
22:21:03 <johnfranklin> And I don’t know, if “real meeting” fits open source spirit
22:21:59 <andythenorth> peter1138: I have a weird approach to UUIDs
22:22:04 <andythenorth> I start at 0 and count up
22:22:23 <andythenorth> what's the upper limit?
22:22:56 <andythenorth> countable infinity?
22:23:16 <johnfranklin> Aleph_Aleph_Aleph_…
22:27:18 <xarick> I'll ask copilot for commit messages tomorrow 🙂
22:27:33 <_jgr_> The commit message is not really the issue
22:28:23 <johnfranklin> Wish Andy a good dream 🙂
22:28:27 <_jgr_> It's fine to have two different strategies, but the selection criteria does not really make sense
22:30:49 <talltyler> johnfranklin: We had an OpenTTD meetup in 2023 in Brussels. It was primarily a social event, not a place to discuss development or anything serious. 🙂
22:34:03 <wensimehrp> andythenorth: Am I a trusted person? 😇
22:35:11 *** keikoz has quit IRC (Ping timeout: 480 seconds)
22:38:05 <_glx_> object has `additional_text: return string(STR_NAME_COMPANY_LAND);` converted to `4 * 19 04 00 FF 01 \wxD002 "Company land" 00`
22:38:43 <_jgr_> String ID D001 is also "Company land" and uses feature F
22:39:19 <_glx_> yeah dor `name: string(STR_NAME_COMPANY_LAND);`
22:41:45 <_glx_> "The text ID for this class (word value). This textid should be either a TTD textid or a D4xx textid (set via D0xx in action4). "
22:47:29 <_jgr_> The language byte is FF, so a feature byte of 0 is ignored in that case
22:47:42 <_jgr_> It just goes into the normal AddGRFString path
22:49:55 <andythenorth> wensimehrp: the diff looks fine, I am confused why FIRS is declaring STR_COLOUR_GOLD etc
22:50:03 <andythenorth> but that's not really related to the PR
22:50:12 <andythenorth> but you don't need to translate those
22:51:35 <andythenorth> I can't see those strings used anywhere, they might be legacy stuff
22:51:42 <FLHerne> I've just finished reading and being puzzled at the argument above :p
22:53:38 <andythenorth> this is definitely weitd
22:53:39 <LordAro> FLHerne: best leave it at that
22:53:47 <FLHerne> anything capable of producing malicious code execution in a reasonably well-tested parser library of a well-defined format is not going to look like real text
22:54:37 <andythenorth> it's a policy issue that limits me
22:54:38 <FLHerne> so as long as you're making a cursory check that it looks like a genuine translation and not a string of obscenities I don't really see the concern
22:54:55 <FLHerne> but ultimately it's your project and your computer :p
22:55:13 <andythenorth> the devices are governed by policy
22:55:24 <andythenorth> unless I want to airgap and isolate them
22:55:49 <andythenorth> it relates to competence
22:56:14 <andythenorth> if I, or someone else trusted, is competent to assess the risk of the PR, then the policy covers it
22:56:50 <LordAro> that's a perfectly reasonable way of doing things
22:57:20 <LordAro> what's not perfectly reasonable is ignoring the many people who are explaining why it's fine
22:57:41 <andythenorth> well I was reading the PR again and considering a validator...then things got...weird
22:57:51 <andythenorth> which reminded my why I hate newgrf translations full stop 🙂
22:58:40 <andythenorth> anyway, I don't know why FIRS is declaring strings for string codes
22:58:44 <andythenorth> that seems bizarre
22:59:51 <peter1138> Another biscuit gone 😦
23:00:02 <LordAro> peter1138: i've run out :(
23:00:31 <LordAro> andythenorth: does seem a bit odd, but many of OTTD's strings do that too
23:00:34 <peter1138> That seems careless.
23:01:01 <andythenorth> but these strings don't seem to be used
23:01:36 <andythenorth> they're not referenced in firs.nml
23:02:04 <andythenorth> and firs.gs has its own lang
23:02:50 <peter1138> You can't even trust your own code now 😄
23:03:33 <_glx_> but it seems to not really check if a string is used or not
23:04:25 <andythenorth> I just removed them and ran make
23:05:22 <_glx_> maybe you need a script reading the toml, then search for each string in source
23:05:56 <andythenorth> does nml report unused strings?
23:06:07 <andythenorth> I might have suppressed an existing warning
23:06:19 <andythenorth> it does check string use for lang translations
23:07:17 <_glx_> nml doesn't list unused strings, it just doesn't put them in the grf
23:08:23 <andythenorth> wensimehrp: the toml has changed 😛
23:09:03 <andythenorth> remind me about the grf name another day also 😛
23:15:50 <_glx_> I think it should be possible to report unused strings
23:16:44 <_glx_> I'll probably add it behind a flag
23:29:22 *** Wolf01 has quit IRC (Quit: Once again the world is quick to bury me.)
23:36:04 <peter1138> Hmm, slightly better.
23:42:59 <peter1138> The things I find when refactoring something else...
23:54:48 <peter1138> Audio stuff, weird.
23:58:43 *** jlx__ has quit IRC (Read error: No route to host)
continue to next day ⏵
