Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 02:02
    lokka30 commented #619
  • Apr 09 19:07
    Rakete175 labeled #619
  • Apr 09 19:07
    Rakete175 opened #619
  • Apr 09 19:07
    Rakete175 labeled #619
  • Apr 04 22:59
    lokka30 edited #618
  • Apr 04 22:59
    lokka30 edited #618
  • Apr 04 22:59
    lokka30 opened #618
  • Apr 04 22:59
    lokka30 labeled #618
  • Mar 28 21:18
    NotAFile unpinned #559
  • Mar 28 18:47
    Haxk20 commented #613
  • Mar 28 18:23
    NotAFile closed #559
  • Mar 28 18:23
    NotAFile commented #559
  • Mar 28 18:22
    NotAFile closed #608
  • Mar 28 18:22

    NotAFile on master

    fix variable collision with day… (compare)

  • Mar 28 18:13
    NotAFile closed #584
  • Mar 28 18:13
    NotAFile commented #584
  • Mar 28 18:13
    NotAFile commented #594
  • Mar 28 18:09

    dependabot-preview[bot] on pip

    (compare)

  • Mar 28 18:08

    NotAFile on master

    Update pillow requirement from … Merge branch 'master' into depe… Merge pull request #603 from pi… (compare)

  • Mar 28 18:08
    NotAFile closed #603
Testador de Laticínios#8027
@_discord_608761698857517097:t2bot.io
[m]
execute and see what happens lol
if got an error isnt correct
lokka30#6659
@_discord_652374854003064842:t2bot.io
[m]
Second time today that, from what I can see, python throwing in random arguments just for fun
2021-04-06T18:04:12+0200 [stderr#error]   File "config/scripts/THProxyDetector.py", line 86, in on_login
2021-04-06T18:04:12+0200 [stderr#error]     loop.create_task(Detectors.check_player(self, username, "IP_TEOH_IO"))
2021-04-06T18:04:12+0200 [stderr#error] TypeError: check_player() takes 3 positional arguments but 4 were given
Testador de Laticínios#8027
@_discord_608761698857517097:t2bot.io
[m]
you dont need to pass the "self"
lokka30#6659
@_discord_652374854003064842:t2bot.io
[m]
self is used to kick the player
Testador de Laticínios#8027
@_discord_608761698857517097:t2bot.io
[m]
ok lets try one thing
remove the selfs from check_player calls in on_login
and in class Detectors try to do: class Detectors(ProxyDetectorConnection)
btw i think have better ways to do it 🤔
Testador de Laticínios#8027
@_discord_608761698857517097:t2bot.io
[m]
lol
notafile
@notafile:matrix.org
[m]
but a general rate limit on commands or chat messages in general might be a good idea
or generally packets per second
Testador de Laticínios#8027
@_discord_608761698857517097:t2bot.io
[m]
packets per second not will make some problems?
notafile
@notafile:matrix.org
[m]
If you put the limit high enough, it shouldn't.
it's also good to know about the "hard bans" functionality, which stops a player's input from being processed very early
lokka30#6659
@_discord_652374854003064842:t2bot.io
[m]

Back again 🙂

1️⃣
Question: are there any implications with broadcasting our server's bans? security, performance, etc?

2️⃣
Another thing - progress with the Proxy Detection script - currently at a halt because I have no idea what I'm doing.
If I should stop posting about the script here, please let me know. 😉

Latest revision of the script: https://github.com/lokka30/TheHallwayScripts/blob/dev/THProxyDetector.py

Currently, on login, the script is broken as Python doesn't know what ensureDeferred is. I have imported it from twisted.internet so I am unsure what is next. Google does not show any results for the 'not defined' error I am receiving.

2[stderr#error]     self.on_login(self.name)
[stderr#error]   File "config/scripts/THProxyDetector.py", line 86, in on_login
[stderr#error]     ensureDeferred(as_deferred(Detectors.check_player(self, username, "IP_TEOH_IO")))
[stderr#error] NameError: name 'ensureDeferred' is not defined
lokka30#6659
@_discord_652374854003064842:t2bot.io
[m]
:point_up: Edit: Back again 🙂
Question: are there any implications with broadcasting our server's bans? security, performance, etc?
notafile
@notafile:matrix.org
[m]
very theoretically. But it hasn't ever been a problem.
DarkNeutrino#8118
@_discord_526824419247521793:t2bot.io
[m]
I mean just that you are quite literally putting someones IP to the public internet without the IP owner knowing.
1 reply
Which could be considered illegal
Rakete#3398
@_discord_658071465609920532:t2bot.io
[m]
In case someone wants it we could do it with hashed IPs. But then it’s the next question of trust. If someone is banned because of a shitty script on some server, it would be sad if he cannot play the game anymore. So we would need to find a solution for that. What is this Pique-centralbans? Does it work?
1 reply
DarkNeutrino#8118
@_discord_526824419247521793:t2bot.io
[m]
Technically IP adress is personal info and you are not allowed to share personal info of any person online without their permission
But thats theoretical
But could be considered as such
notafile
@notafile:matrix.org
[m]
There's no law that says anything like that
DarkNeutrino#8118
@_discord_526824419247521793:t2bot.io
[m]
Uhmmmm there are multiple
Heck GDPR is one of the biggest and most popular
notafile
@notafile:matrix.org
[m]
If you're thinking about GDPR, you are right that IP addresses can in certain contexts be considered personal information. That means you may need a legal basis for storing it. One of many possible legal bases is consent.
DarkNeutrino#8118
@_discord_526824419247521793:t2bot.io
[m]
Yep
Thus you would need to ask user to guve you permission ti share IP of their PC with others before or after you ban them :itskoloLaugh:
notafile
@notafile:matrix.org
[m]
no. People keep misunderstanding this.
DarkNeutrino#8118
@_discord_526824419247521793:t2bot.io
[m]
Well for storing it
notafile
@notafile:matrix.org
[m]
No. Please just research this stuff before you start making claims.
notafile
@notafile:matrix.org
[m]
Firstly, IP addresses are not automatically personal data.
Secondly, you only need consent if you can't justify storing or processing the data for any other reason. But we have other reasons, such as how the banlist is required in order to operate the service, which is in the interest of the users.

for example, you can read from the UK's regulator:

Many of the lawful bases for processing depend on the processing being “necessary”. This does not mean that processing has to be absolutely essential. However, it must be more than just useful, and more than just standard practice. It must be a targeted and proportionate way of achieving a specific purpose. The lawful basis will not apply if you can reasonably achieve the purpose by some other less intrusive means, or by processing less data.

notafile
@notafile:matrix.org
[m]
The addresses are being stored in order to achieve the specific purpose of banning them from the server. And it is not possible to achieve that without storing their IP addresses.
Rakete#3398
@_discord_658071465609920532:t2bot.io
[m]
I thought about that too. For range bans I‘d either only hash for example with /16 the first two numbers, or give up about the hashing for it completely. If there are for example 65k possible IP addresses, I cannot call it private with common sense. With slightly IP ranges which only ban a few ones we can iterate and hash each of them
notafile
@notafile:matrix.org
[m]
Yeah, that's the general problem with hashing. With only 32 bits, it's not that hard to just brute force it anyway.
or, well, if you know what country someone lives in it's even less.
Rakete#3398
@_discord_658071465609920532:t2bot.io
[m]
How long would it take with a powerful computer to break a hash which bans one IPv4? And how long would it take for IPv6?
notafile
@notafile:matrix.org
[m]
depends on how slow the hash is and how much information you have. It would be a bit less feasible for IPv6, but not as much as you might think.
assuming you know the first /8 (which is not unreasonable if you know the country) and you can do 10000 guesses per second (which is not a lot) it would take 13 minutes on average
notafile
@notafile:matrix.org
[m]
of course, that's not trivial, but it's hardly a huge obstacle
Rakete#3398
@_discord_658071465609920532:t2bot.io
[m]
Okay thats not much. My idea -> 🗑
notafile
@notafile:matrix.org
[m]
my crusty old i5 can do 5 million sha256 guesses per second. My crusty old GPU can do 500 million per second.
of course, you can choose a more difficult hashing algorithm. But then you run into problems when you try to run it on a raspberry pi etc.
Rakete#3398
@_discord_658071465609920532:t2bot.io
[m]
Yeah. As soon as my piqueserver would have to compete with good GPUs or CPUs it will lose:/