Config
Log for #openttd on 27th January 2020:
Times are UTC Toggle Colours
00:30:21  *** WormnestAndroid has joined #openttd
00:38:22  *** WormnestAndroid has quit IRC
00:39:11  *** WormnestAndroid has joined #openttd
02:39:11  *** dwfreed has quit IRC
02:39:14  *** dwfreed has joined #openttd
03:56:36  *** D-HUND has joined #openttd
04:00:02  *** debdog has quit IRC
04:10:34  *** Compu has joined #openttd
04:46:10  *** glx has quit IRC
05:11:07  *** snail_UES_ has quit IRC
07:27:25  *** Eddi|zuHause2 has joined #openttd
07:32:57  *** Eddi|zuHause has quit IRC
07:47:03  *** andythenorth has joined #openttd
07:56:35  *** sla_ro|master has joined #openttd
08:06:06  *** Xaroth has quit IRC
08:07:22  *** supermop_Home has quit IRC
08:13:29  *** el3ktr4 has joined #openttd
08:24:57  *** el3ktr4 has quit IRC
08:24:57  *** D-HUND has quit IRC
08:24:57  *** lpx has quit IRC
08:24:57  *** seatsea04192116 has quit IRC
08:24:57  *** crem has quit IRC
08:24:57  *** ZirconiumX has quit IRC
08:24:57  *** tneo has quit IRC
08:24:57  *** Ammler has quit IRC
08:24:57  *** XeryusTC has quit IRC
08:24:57  *** planetmaker has quit IRC
08:25:48  *** el3ktr4 has joined #openttd
08:25:48  *** D-HUND has joined #openttd
08:25:48  *** crem has joined #openttd
08:25:48  *** ZirconiumX has joined #openttd
08:25:48  *** Ammler has joined #openttd
08:25:48  *** tneo has joined #openttd
08:25:48  *** planetmaker has joined #openttd
08:25:48  *** XeryusTC has joined #openttd
08:25:48  *** seatsea04192116 has joined #openttd
08:25:48  *** lpx has joined #openttd
08:25:48  *** liquid.oftc.net sets mode: +ov planetmaker planetmaker
08:27:39  *** Pikka has joined #openttd
08:35:28  *** lpx has quit IRC
08:35:28  *** seatsea04192116 has quit IRC
08:35:28  *** crem has quit IRC
08:35:28  *** ZirconiumX has quit IRC
08:35:28  *** tneo has quit IRC
08:35:28  *** Ammler has quit IRC
08:35:28  *** D-HUND has quit IRC
08:35:28  *** XeryusTC has quit IRC
08:35:28  *** planetmaker has quit IRC
08:35:28  *** el3ktr4 has quit IRC
08:37:19  <andythenorth> pikka o/
08:37:34  <Pikka> o/
08:37:43  <Pikka> 200% horse?
08:37:51  <andythenorth> 101%
08:37:53  <andythenorth> torps https://www.tt-forums.net/viewtopic.php?p=1228875#p1228875
08:39:05  *** cHawk has joined #openttd
08:39:28  <Pikka> excellent
08:39:36  *** lpx has joined #openttd
08:39:36  *** el3ktr4 has joined #openttd
08:39:36  *** D-HUND has joined #openttd
08:39:36  *** crem has joined #openttd
08:39:36  *** ZirconiumX has joined #openttd
08:39:36  *** Ammler has joined #openttd
08:39:36  *** tneo has joined #openttd
08:39:36  *** planetmaker has joined #openttd
08:39:36  *** XeryusTC has joined #openttd
08:39:36  *** seatsea04192116 has joined #openttd
08:39:36  *** liquid.oftc.net sets mode: +ov planetmaker planetmaker
08:39:53  *** Eddi|zuHause2 is now known as Eddi|zuHause
08:41:41  *** planetmaker has quit IRC
08:42:06  *** planetmaker has joined #openttd
08:42:06  *** ChanServ sets mode: +o planetmaker
09:03:48  *** andythenorth has left #openttd
09:13:43  <peter1138> Larks
09:14:09  <peter1138> So those browser shots... mostly ancient browsers on ancient OSes... so...
09:14:22  <peter1138> "Expected"
09:16:40  <Eddi|zuHause> ... is that really much different from our target audience, though?
09:18:05  <peter1138> Heh
09:18:23  <peter1138> Hmm, I wonder how my padding patch looks if I increase padding but not line thickness.
09:55:06  *** DecapitatedO has quit IRC
09:55:31  *** el3ktr4 has quit IRC
09:57:03  *** el3ktr4 has joined #openttd
10:03:07  *** Samu has joined #openttd
10:04:37  *** DecapitatedO has joined #openttd
10:13:49  *** gnu_jj has quit IRC
10:37:30  *** gelignite has joined #openttd
10:38:45  <peter1138> Damn, vanilla beta server is quite popular.
10:39:01  <peter1138> Also, buoys everywhere.
10:39:34  *** gnu_jj has joined #openttd
10:39:59  <LordAro> peter1138: 25 year old habits are hard to break :p
10:40:19  <peter1138> Yar
11:05:59  *** el3ktr4 has quit IRC
11:06:31  *** el3ktr4 has joined #openttd
11:22:32  *** sla_ro|master has quit IRC
11:31:19  *** el3ktr4 has quit IRC
11:42:26  *** WormnestAndroid has quit IRC
11:42:40  *** WormnestAndroid has joined #openttd
12:03:59  *** el3ktr4 has joined #openttd
12:11:06  *** el3ktr4 has quit IRC
12:18:23  *** snail_UES_ has joined #openttd
12:31:15  *** snail_UES_ has quit IRC
12:48:07  <Pikka> wait, ships don't need lots of buoys any more? :)
12:52:53  <Eddi|zuHause> we don't even have patch notes. and even if we did, nobody would read them
12:53:26  <planetmaker> Pikka, yeah :)
12:54:38  <Pikka> I guess I can get rid of all civilai's buoys then :)
12:59:18  <Eddi|zuHause> Pikka: if you want to make it unavailable for people who run the current stable version of the game
13:00:23  <peter1138> I think we removed some limit since we cache the path now.
13:00:32  <Pikka> wasn't necessarily going to do it promptly :P just something to remember for the future
13:00:36  <peter1138> But yeah, 1.10-beta.
13:00:57  <peter1138> You can still use buoys to save CPU time though, just nowhere near as much effect.
13:01:03  <peter1138> And getting an AI to do that may cost more, heh.
13:02:25  <Eddi|zuHause> that might depend on how often the AI creates new routes, or checks whether existing routes were cut off
13:02:50  <peter1138> Mmm
13:03:09  <peter1138> 2046, game is gonna end soon.
13:03:25  <peter1138> I'm just sat on there as a spectator, so no progressing time just by myself :p
13:04:58  <peter1138> Hmm, is there a setting to autosave as a game ends? Not that it's very useful...
13:05:25  *** tokai|noir has joined #openttd
13:05:26  *** ChanServ sets mode: +v tokai|noir
13:12:17  *** tokai has quit IRC
13:22:43  <planetmaker> Pikka, don't get rid of all buoys. They are still very helpful in laying out paths, and definitely speed-up the process if paths do change in case of landscaping activities
13:23:07  <Pikka> ok
13:31:17  <peter1138> Yeah, true.
13:31:29  <peter1138> You can get away with less though.
13:56:13  *** gelignite has quit IRC
14:03:55  *** Flygon has quit IRC
14:09:20  <peter1138> I should probably know this... is there support for colour codes via the "say" command?
14:18:57  *** el3ktr4 has joined #openttd
14:21:59  *** el3ktr4 has quit IRC
14:22:55  *** el3ktr4 has joined #openttd
14:29:25  <_dp_> don't think there is a support for color codes in chat at all
14:29:36  <_dp_> otherwise I would've used it long ago xD
14:30:28  <_dp_> and yeah, would be nice to have it ;)
14:37:00  <peter1138> Yeah, built in scripting is a bit limited :p
14:37:12  <peter1138> I guess it was always "use an external tool"
14:43:57  *** nielsm has joined #openttd
14:57:46  <peter1138> Hello
14:59:19  *** supermop_work has joined #openttd
14:59:23  <supermop_work> hi
14:59:52  *** Pikka has quit IRC
15:47:54  *** Arveen2 has quit IRC
15:56:47  *** Wormnest has joined #openttd
16:02:23  *** syr has quit IRC
16:02:53  *** syr has joined #openttd
16:30:22  *** cHawk has quit IRC
16:52:23  *** Progman has joined #openttd
17:02:14  *** glx has joined #openttd
17:02:14  *** ChanServ sets mode: +v glx
17:05:39  *** hythlodaeus has joined #openttd
17:05:51  <hythlodaeus> https://www.rockpapershotgun.com/2020/01/27/best-management-games-pc/2/
17:06:17  <hythlodaeus> congrats folks, we made it to #15 ^^
17:13:42  <hythlodaeus> I thik it's notorious that, for example, RCT2 and Theme Hospital were respectively knocked out by their spiritual successors Planet Coaster and Two-Point Hospital, whereas OpenTTD trumped Transport Fever
17:14:27  *** sla_ro|master has joined #openttd
17:18:23  <LordAro> lol, dwarf fortress at #3
17:18:56  <Eddi|zuHause> doesn't make much sense, their  "we kicked out" list contains 5 entries and "we included" contains 6?!?
17:19:01  <nielsm> dwarf fortress is a good sim and a good story generator&inspirator, but a bad game :P
17:28:10  *** Arveen has joined #openttd
17:32:55  <FLHerne> It has all of OTTD's problems but even worse, really?
17:33:42  <FLHerne> Fundamentally CPU-bound and single-threaded, complex and inscrutable UI that makes some common actions very hard
17:34:02  *** cHawk has joined #openttd
17:34:48  <FLHerne> Lots of game mechanics, supporting open-ended self-directed gameplay, but no [meaningful] win condition
17:35:12  <FLHerne> Steep learning curve
17:35:45  <FLHerne> Same issues with people modding in nonsense, too :P
17:36:19  <FLHerne> "Is it possible to create a creature that exhales live bees? I know that it's probably not possible, but I really want to see if it can be done. If it is possible, how would I do it?"
17:37:42  <LordAro> :D
17:39:02  <FLHerne> (you can try, but the game crashes because of implementation details :P)
17:39:58  <hythlodaeus> DF is a mess yeah
17:40:09  <hythlodaeus> doesn't help the whole thing is closed source either
17:46:30  <nielsm> hm this is silly, trf2 is using a full cpu core on the main menu
17:46:37  <nielsm> it's a static image with music over
17:51:43  <milek7_> no vsync?
18:27:06  *** cHawk has quit IRC
18:29:41  *** andythenorth has joined #openttd
18:31:15  <andythenorth> o/
18:35:28  *** frosch123 has joined #openttd
18:37:21  <andythenorth> quak
18:38:07  <frosch123> hoi
18:38:30  *** tokai has joined #openttd
18:38:30  *** ChanServ sets mode: +v tokai
18:39:04  *** gelignite has joined #openttd
18:39:14  <frosch123> TrueBrain: apparently we shall praise aws on twitter to keep on getting credits, or something
18:40:03  <frosch123> (this is just a hint that info@ got a mail with little content, that you may know already anyway)
18:42:48  <LordAro> frosch123: well that seems awful
18:44:42  <andythenorth> unrelated
18:45:08  * andythenorth thinks there's probably a better way to publish to S3 than drag-drop in the browser UI
18:45:17  *** tokai|noir has quit IRC
18:48:30  *** el3ktr4 has quit IRC
18:54:25  *** cHawk has joined #openttd
18:59:59  <TrueBrain> frosch123: tnx, so we finally got an email :P
19:00:14  <TrueBrain> it is clear from the email that they know we never received any other email :P (the credits were just there all of a sudden)
19:00:25  <TrueBrain> and I agree with them that a blog-post of some kind at some point in time would be the least we can do
19:00:52  <TrueBrain> most likely people will even be interested to read what we are doing with this AWS migration :P
19:01:16  <TrueBrain> on unrelated news: I am missing the nightlies we produced between 2018-04 and 2019-01 .. unacceptable
19:02:36  <frosch123> it's eddi's job to make statements about the empty set
19:02:37  <TrueBrain> hmm, did we produce binaries during that time ... that is another question ofc
19:02:57  <TrueBrain> I think we migrated to GitHub on 2018-04?
19:03:40  <frosch123> https://www.openttd.org/news/2018/04/15/openttd-is-now-migrated-to-github.html
19:03:43  <TrueBrain> 2019-01 was the month I added Azure Pipelines to OpenTTD
19:03:52  <TrueBrain> so I guess we simply didn't put out binaries between those two dates? :D
19:03:58  <frosch123> https://www.openttd.org/news/2019/01/26/new-website-and-nightlies-are-back.html
19:04:17  <TrueBrain> you got to love a news archive :)
19:04:22  <frosch123> there are also no other news between those two
19:04:40  <TrueBrain> says enough about the state of OpenTTD in 2018 :)
19:04:41  *** Wolf01 has joined #openttd
19:06:39  <TrueBrain> right, time to upload 10 year of archive in that case :)
19:07:13  *** el3ktr4 has joined #openttd
19:10:56  <andythenorth> monthly dev post? o_O
19:11:02  <andythenorth> when was the last one?
19:16:14  <peter1138> Hi
19:16:31  <peter1138> Hmm, that roasted chilli pepper was hot :p
19:16:31  <LordAro> andythenorth: sounds like you're volunteering
19:16:32  <Wolf01> There were dev posts?
19:16:54  <andythenorth> I tried doing a dev post
19:17:00  <andythenorth> that's not something to repeat
19:17:00  <peter1138> I wonder if it's possible for me to go a day without commenting on food. Hmm.
19:17:16  <TrueBrain> I feel a challenge coming up
19:21:11  <andythenorth> it's a bit meta
19:21:17  <andythenorth> is commenting about commenting a comment?
19:21:42  <andythenorth> o/t Youtube comments have allowed some idiots to self-identify again
19:21:45  <andythenorth> useful how that works
19:24:56  <frosch123> andythenorth: you started with daylength, and now months are suddenly too long?
19:25:15  <andythenorth> how long are they right now?
19:25:30  <andythenorth> about 80 days?
19:25:38  <andythenorth> 2019-10-26
19:25:46  <andythenorth> ~90 days
19:27:11  <peter1138> Self-identify again?
19:28:29  <andythenorth> 'we should bring back coal power stations in the UK so my favourite train runs again'
19:28:33  <andythenorth> also brexit stuff
19:28:41  * peter1138 ponders some oil-rig action.
19:29:24  <andythenorth> of all the weird narratives around brexit, 'we have been shutting down our railways because the EU made us' is one of the weirdest
19:30:14  <DorpsGek_III_> [OpenTTD/OpenTTD] JMcKiern commented on issue #7735: Protocol handler to join network games https://git.io/Jemi1
19:30:43  <andythenorth> hmm
19:30:50  <andythenorth> I should probably stop reading the internet
19:31:00  <peter1138> Yes
19:31:45  <TrueBrain> https://openttd-cdn.org/openttd-nightlies/
19:31:48  <TrueBrain> SO MANY NIGHTLIES
19:31:57  <andythenorth> I'll read the nightlies instead
19:32:06  <peter1138> Nice.
19:32:39  <peter1138> Ah, we still don't build Linux nightlies.
19:33:27  <peter1138> (Not a complaint, just an observation.)
19:33:32  <TrueBrain> peter1138: nope, nobody seems to be fixing the issue :(
19:33:52  <TrueBrain> I personally really have no clue, but there are people who would like it
19:34:58  <andythenorth> so...in-game display of backstory / extended info for vehicles then? o_O
19:35:10  <andythenorth> little window, opened from buy menu, or vehicle window
19:35:12  * andythenorth biab
19:37:42  <frosch123> TrueBrain: i know "osie", but what is "osi". also "osie" is 404
19:38:03  <TrueBrain> good question
19:39:08  <frosch123> is "strgen-nightlies" a good idea? i expect people to download the "latest" and complain that it does not work. better delete it?
19:39:32  <TrueBrain> sure
19:39:43  <TrueBrain> if there is anything else I can clean up, please let me know :)
19:40:48  <frosch123> well, i intentionally did not migrate pngcodec to github
19:41:06  *** gelignite has quit IRC
19:41:07  *** gelignite has joined #openttd
19:41:10  <TrueBrain> so remove it?
19:41:27  <frosch123> but i think you were the author, so if you feel nostalgic
19:41:33  *** Smedles has quit IRC
19:42:58  <TrueBrain> there was never a stable release, so it is noise to me :)
19:43:05  *** Smedles has joined #openttd
19:43:51  <TrueBrain> the grfcodec-nightlies annoy me :P
19:44:08  <TrueBrain> but I guess that needs fixing by producing new ones :D
19:44:59  <TrueBrain> okay, when ever the cache expires, fixed "osi/osie", removed "pngcodec" and "strgen"
19:45:49  <frosch123> "listing.yaml" is also a cache relict?
19:45:58  <TrueBrain> no
19:45:59  <TrueBrain> open it :)
19:46:05  <TrueBrain> hmm
19:46:07  <TrueBrain> wrong value in there
19:46:08  <TrueBrain> oops
19:46:09  <TrueBrain> let me fix that
19:46:34  <frosch123> it looked like an unfinished version of folders.yaml
19:47:18  <TrueBrain> reload it now (might be locally cached, so hit that F5)
19:47:38  <TrueBrain> basically, it is the configuration
19:47:43  <TrueBrain> so maybe I should call it config.yaml :D
19:49:42  <TrueBrain> https://openttd-cdn.org/config.yaml <- there we go
19:50:03  <TrueBrain> it tells the cdn-generator what folders exist, and how they are configured .. releases, nightlies, per-year, etc
19:56:02  <frosch123> do you care when the changelog is empty in non-openttd folders?
19:56:18  <TrueBrain> I tried to fix those I could; not sure which ones are still empty?
19:56:21  <TrueBrain> (some I couldn't fix)
19:56:39  <frosch123> i randomly checked grfcodec 6.0.5 and 6.0.6
19:57:15  <TrueBrain> let me get an exact list which ones are empty
19:57:21  <frosch123> oh, for releases they are not autogenerated, so possibly noone wrote one :)
19:57:28  <TrueBrain> ah
19:57:33  <TrueBrain> that sounds like a bad thing :)
19:57:58  <frosch123> https://github.com/OpenTTD/grfcodec/blob/master/changelog.txt
19:58:02  <TrueBrain> there are 8 nightlies with an empty changelog, nothing that I can do about that ... release 0.1.0 and 0.2.0 are empty .. and those 2 grfcodecs
19:58:04  <TrueBrain> funny
19:58:30  <TrueBrain> that content and the one in changelog.txt are widely different :D
19:58:38  <TrueBrain> shall I replace it with what is in that file for all releases?
19:59:20  <frosch123> hmm, so they were autogerated for grfcodec...
19:59:48  <TrueBrain> last 5 commits, by the looks of it
19:59:52  <TrueBrain> it looks absolutely bonkers :D
20:00:11  *** andythenorth has quit IRC
20:00:14  <frosch123> yeah, the hand-crafted one looks better
20:01:06  <frosch123> well, nforenum and grfcodec version numbers are bonkers anyway :)
20:02:29  <TrueBrain> I have no changelog for 1.0.0-RC1 :(
20:03:51  <TrueBrain> ah, found it in the source tarball :D
20:04:24  <frosch123> https://openttd-cdn.org/grfcodec-releases/1.0.0/changelog.txt <- that still contains the changes between rc1 and stable
20:06:42  <TrueBrain> reload :D
20:07:32  <frosch123> yay, so much effort :)
20:08:52  *** andythenorth has joined #openttd
20:09:09  <TrueBrain> I like getting these things right :)
20:09:10  <TrueBrain> small effort :)
20:09:15  <TrueBrain> high reward :D
20:09:18  <TrueBrain> (I am crazy :P)
20:19:33  <DorpsGek_III_> [OpenTTD/workflows] TrueBrain updated pull request #4: Add: [CDN] code and config to generate required files for CDN https://git.io/Jvmvo
20:21:47  <TrueBrain> pretty happy all files are in a single place again :) Now I just need to automate it, but .. that is the easy part now :)
20:21:56  <TrueBrain> if you find anything else odd frosch123, lemme know!
20:22:44  <TrueBrain> hmm .. am I going to redirect finger.openttd.org to here, or am I just closing it down ... tools using it for automation can go batshit crazy if I redirect
20:22:56  <TrueBrain> possibly better to just expire the DNS entry
20:25:10  <frosch123> all good, thanks :)
20:25:30  <TrueBrain> https://openttd-cdn.org/README.md w00p :D
20:26:12  <DorpsGek_III_> [OpenTTD/workflows] TrueBrain updated pull request #4: Add: [CDN] code and config to generate required files for CDN https://git.io/Jvmvo
20:29:01  <planetmaker> hi, is there a reason to use a new domain openttd-cdn.org instead of cdn.openttd.org?
20:31:06  <TrueBrain> yes!
20:31:40  <frosch123> it's the new name of the project, openttd-jgr and openttd-cdn
20:31:50  <TrueBrain> ha :D I like that :P
20:31:52  <TrueBrain> but no :)
20:32:05  <TrueBrain> planetmaker: do you really want to know? Or can I just summarize it: technical reasons? :D
20:32:30  <TrueBrain> (don't get me wrong, I don't mind sharing, but I wonder why you ask :D)
20:32:51  <frosch123> maybe he wants a openttdcoop-cdn :)
20:33:06  <TrueBrain> he should go for it :)
20:33:26  <planetmaker> I'm curious as to why... it doesn't *look* optimal
20:33:29  <TrueBrain> honestly, if openttdcoop pays for the bandwidth, that would be easy enough :)
20:33:37  <planetmaker> (for the inaugurated)
20:33:52  <frosch123> TrueBrain: most of coop bandwidth is for factorio servers these days, or so :)
20:34:41  <planetmaker> but sure I don't need a cdn for anything
20:34:57  <planetmaker> for coop
20:35:20  <TrueBrain> okay, you asked: in the backend we run AWS S3, which doesn't support "index.html" for HTTPS. So in front of it there is AWS CloudFront, which is, relatively speaking, expensive in terms of bandwidth. OpenTTD pushes 4TB of bandwidth per month, and this would cost us 4000 * 0.08 eurocent per month. Expensive. So in front of that is CloudFlare, which
20:35:20  <TrueBrain> is "free" and caches most of the files sufficiently to drop that 4TB to a few GB. But the Free account of CloudFlare doesn't allow running on a subdomain, so it needs a full domain. Hence: openttd-cdn.org :)
20:35:55  <TrueBrain> and yes, this took several days to figure out and build :P
20:36:04  <LordAro> how much would Cloudflare cost, ooi?
20:36:09  <TrueBrain> 0 euro
20:36:12  <planetmaker> sounds more like money reasons than technical :)
20:36:12  <DorpsGek_III_> [OpenTTD/OpenTTD] nielsmh commented on issue #7735: Protocol handler to join network games https://git.io/Jemi1
20:36:27  <andythenorth> no CDN maybe
20:36:33  <andythenorth> but artefact publishing would be useful
20:36:41  <LordAro> TrueBrain: how much would it cost for the tier that allows subdomains? :p
20:36:46  <TrueBrain> planetmaker: well, part is technical (S3 not supporting index.html for HTTPS), part is financial ;)
20:36:54  <TrueBrain> LordAro: euuuhhhhh
20:37:08  <TrueBrain> LordAro: 200 euro a month
20:37:19  <andythenorth> this URL is not very compelling, but I can't be arsed to think about buying a domain name :P  https://firs-test-1.s3.eu-west-2.amazonaws.com/iron-horse/docs/html/tech_tree_table_red.html
20:37:43  <andythenorth> I did try reading the docs for S3, I could do like grf.andythenorth.co.uk or something
20:37:45  <LordAro> @calc 4000*0.08/100
20:37:45  <DorpsGek> LordAro: 3.2
20:37:52  <LordAro> TrueBrain: quite a bit more
20:38:06  <andythenorth> but I painted trains instead of reading about DNS and CNAMES and stuff
20:38:23  <LordAro> hang on though, 3.2 euro/month was "Expensive" ?
20:38:25  <TrueBrain> LordAro: what is that division by 100 doing?
20:38:35  <LordAro> 0.08 eurocent, you said
20:38:38  <TrueBrain> euh
20:38:40  <TrueBrain> 0.08 euro
20:38:41  <TrueBrain> oops
20:38:42  <TrueBrain> 8 eurocent
20:38:45  <LordAro> aha
20:38:45  <TrueBrain> that is a nasty typo :D
20:38:50  <LordAro> @calc 4000*0.08
20:38:51  <DorpsGek> LordAro: 320
20:39:03  <LordAro> :)
20:39:05  <TrueBrain> you ... really had to calculate that?
20:39:07  <LordAro> i did not
20:39:10  <TrueBrain> really? You .. had to?
20:39:11  <TrueBrain> :P
20:39:28  <TrueBrain> but yeah, I found 320 euro per month too expensive, and 200 euro per month too
20:39:31  <TrueBrain> openttd-cdn.org is cheaper
20:39:46  <andythenorth> openttd-cdn.org/firs? :P
20:39:59  <TrueBrain> bonus: CloudFlare CDN is better than AWS CloudFront (as CDN), in my opinion
20:40:02  <TrueBrain> better edge-locations
20:40:18  <LordAro> TrueBrain: i'm guessing just having a cdn.openttd.org/* redirect to the other isn't an option either?
20:40:24  <TrueBrain> andythenorth: personally, I am fine with things like that, but the administration can be a bit annoying
20:40:53  <TrueBrain> what would that redirect help? did any of you notice the current CDN urls? :)
20:41:02  <TrueBrain> https://openttd.ams3.cdn.digitaloceanspaces.com/openttd-releases/1.10.0-beta2/changelog.txt
20:41:03  <TrueBrain> I mean
20:41:05  <LordAro> well, true
20:41:23  <andythenorth> who signs it? :P
20:41:44  <TrueBrain> in the backend, cdn.openttd.org btw exists, and it is where AWS CloudFront listens. This because I wanted a full HTTPS (strict-validation) from end-user to AWS S3
20:42:16  <LordAro> in which case, why bother with CloudFront at all? is it needed for the full https?
20:42:37  <TrueBrain> yes. An S3 bucket cannot listen on HTTPS and do index.html
20:42:44  <TrueBrain> you need AWS CloudFront for that
20:42:59  <TrueBrain> and I refuse to serve the files over HTTP
20:43:15  <LordAro> right, and you wouldn't want to do CloudFlare -> S3 over HTTP
20:43:16  <TrueBrain> so there is now a AWS Lambda@Edge on the AWS CloudFront doing the index.html
20:43:23  <TrueBrain> no, I do not :)
20:43:28  <TrueBrain> integrity is important for some silly reason :D
20:43:55  <TrueBrain> this really turned out to be some complicated shit :P
20:45:48  <milek7_> and I still don't understand what's benefit of all this cloud complications compared to serving from single dedicated server ;P
20:46:19  <TrueBrain> run an Open Source project which has 50+ request per second, do that for 10 years, and we talk again :)
20:46:53  <TrueBrain> but yeah, managed vs unmanaged :)
20:47:06  <andythenorth> what's a dedicated server?
20:48:04  <milek7_> leased computer sitting somewhere in datacenter
20:48:42  <TrueBrain> pretty sure he was trolling :D
20:48:49  <andythenorth> pretty sure
20:49:10  <TrueBrain> owh, CloudFlare Pro has something I would like to enable .. and it is free for Open Source projects .. possibly worth getting it ..
20:49:13  <andythenorth> I hope to never ever be anywhere near a dedicated server
20:49:31  <andythenorth> although we owned ours, because we couldn't afford not to
20:49:43  <andythenorth> owning servers is the absolute worst, leased is at least better than that
20:50:49  <TrueBrain> anyway, I hope that cleared up the question: why openttd-cdn.org :D
20:51:38  <andythenorth> off-topic: do we have any clue what to do with the newgrf translator?
20:52:05  <TrueBrain> I love how you consider that off-topic :D
20:52:24  <andythenorth> it was always a coop thing, but that channel died :P
20:53:50  <LordAro> andythenorth: i mean, eints is also use for ottd
20:54:03  <TrueBrain> hmmmm ... there is one tiny mistake in my master-plan ... OpenTTD client still talks only HTTP
20:54:10  <andythenorth> different eints though
20:54:15  <TrueBrain> I totally forgot :(
20:54:33  <andythenorth> pff small details
20:54:43  <TrueBrain> well, 90% of the traffic is via OpenTTD client :P
20:54:55  *** el3ktr4 has quit IRC
20:55:12  <milek7_> it can talk through tcp content server too
20:55:37  <TrueBrain> it returns HTTP addresses to fetch the binaries, for any modern version of OpenTTD
20:55:52  <TrueBrain> (and it can still fallback to TCP only, but that is rare)
20:56:06  <TrueBrain> 3% is only like that
20:56:14  <frosch123> i thought it does that for every content that is not "latest"
20:56:20  <TrueBrain> (those are BaNaNaS files that are not available via http)
20:56:21  <LordAro> andythenorth: they're only very slightly different
20:56:25  <TrueBrain> frosch123: ^^ :)
20:56:38  <TrueBrain> well, minus LordAro's line :D
20:57:07  <frosch123> so it is not dependent on the ottd version
20:57:27  <TrueBrain> old versions of OpenTTD couldn't handle the HTTP redirect :P
20:57:35  <TrueBrain> and we still support all versions :D
20:57:56  <frosch123> yes, but those 3% are from current versions loading old savegames
20:58:10  <frosch123> or joining weird servers
20:58:11  <TrueBrain> yeah, fair, nobody plays those old versions :D
20:58:24  <TrueBrain> but when are we going to add HTTPS to OpenTTD again?
20:58:34  <milek7_> libcurl?
20:58:48  <TrueBrain> we wanted SSL for other operations as well
20:59:07  <LordAro> libcurl can build against winssl
20:59:26  <LordAro> so that could work (using openssl for other platforms)
20:59:41  <TrueBrain> but okay, I haven't gotten to porting BaNaNaS yet, so I am ignoring this HTTP-only thing for now :P
20:59:42  <LordAro> clearly the correct answer is to roll our own crypto
21:00:38  <frosch123> the "crypto" part is the easier part. the harder part is "certificates"
21:01:08  <TrueBrain> the still-not-solved issue .. indeed
21:01:16  <TrueBrain> which store to trust .. ugh
21:01:36  <LordAro> is relying on the OS not enough?
21:01:39  <milek7_> TLS is complicated, i'm not sure if this is right solution for other operations than HTTPS
21:01:42  <frosch123> but sure, we can compile a x509 certificate into ottd
21:01:43  <TrueBrain> I guess the easiest approach is to have our own (self-signed?) cert, and ship that with OpenTTD
21:01:47  <milek7_> and it doesn't solve UDP connections
21:02:17  <TrueBrain> LordAro: for example OpenSSL doesn't have a cross-OS solution for "OS trust store"
21:03:11  <TrueBrain> (neither does WolfSSL, PolarSSL, or gnuTLS)
21:03:41  <LordAro> is winssl for windows & openssl for everything else not enough?
21:03:50  <TrueBrain> sorry, PolarSSL is mbedTLS these days
21:04:03  <frosch123> milek7_: all modern tls runs via the https port for obfuscation, see quic
21:04:04  <TrueBrain> if my memory serves me correct, OpenSSL cannot read a linux trust store
21:04:07  <TrueBrain> so no, it is not
21:04:36  <TrueBrain> I guess it is the reason why browsers ship their own or something :P
21:04:43  <TrueBrain> anyway, we don't really need certificates as such
21:04:52  <TrueBrain> you only want TLS to setup trust
21:04:54  <LordAro> how do other games do it?
21:05:54  <TrueBrain> the ones I have seen, in a complicated matter. They have a built-in certificate, which of course expires. On startup it is used to fetch the latest with their cert, which is allowed to be expired
21:06:09  <TrueBrain> so older versions can get their latest
21:06:13  <TrueBrain> it feels a bit icky tbh
21:06:20  <TrueBrain> haven't read  into how others do it
21:06:24  <milek7_> yes, but QUIC doesn't have to do anything with openttd udp protocol anyway
21:07:04  *** el3ktr4 has joined #openttd
21:08:32  <TrueBrain> LordAro: I guess it comes down to: download a cert over an untrusted connection, ask the user if the fingerprint is what he expected, and continue :D
21:09:01  <LordAro> sounds very user friendly :)
21:09:11  <TrueBrain> like anyone will ever check :P
21:09:23  <LordAro> hence, no point even asking :p
21:09:27  <milek7_> previously discussed replacement for company password would also need some crypto library
21:09:31  <TrueBrain> but okay, in the end you have to wonder what you want to solve .. having a 100% integrity might not be the goal here
21:09:35  <milek7_> libsodium maybe
21:10:03  <LordAro> milek7_: i'd rather having to link against more than one crypto library
21:10:12  <TrueBrain> so a call to http://castore.openttd.org, and blindly trusting that, might just be enough
21:11:01  <TrueBrain> and for servers we could have our own CA (self-signed), and a server can sign his cert with it, and that way clients trust it :)
21:11:28  <frosch123> i have used boost::beast with https before, but always with custom CA
21:11:31  <TrueBrain> I always wanted to build an Authority Server for OpenTTD ...... :)
21:11:47  <TrueBrain> solves so many things ....
21:12:08  <TrueBrain> (in the MP world, that is)
21:12:19  <frosch123> i have no idea how to get the os certificates in a platform-independent way
21:12:20  <TrueBrain> and I still would love to have cloud-saves, but that really needs HTTPS :)
21:12:30  <TrueBrain> frosch123: as far as I know, that is not possible even
21:12:41  <milek7_> LordAro: where's more than one? i proposed libcurl (for bananas) and libsodium (for other networking)
21:13:26  <LordAro> libcurl would presumably pull in something else
21:13:51  <frosch123> TrueBrain: someone has to read /etc/ssl/certs
21:14:20  <TrueBrain> frosch123: I guess stuff like libcurl solved it too, but I know of no independent lib that does this.
21:14:22  <frosch123> but yeah, maybe libcurl solves all of that already
21:14:49  <TrueBrain> anyway, now knowing that I cannot host BaNaNaS on the CDN as I am currently planning .. I can do without CloudFlare for now I guess :P
21:16:34  <frosch123> https://curl.haxx.se/docs/sslcerts.html <- "schannel" and "secure transport"
21:17:27  <TrueBrain> btw, remember that on many machines their OS-cert-store can be heavily out-of-date
21:18:55  <frosch123> sounds like: bundle a new cert with every ottd release, and trust everything after it expires :p
21:19:39  <TrueBrain> but before we do any, lets first make clear what issues we are trying to solve exactly :)
21:20:24  <TrueBrain> (as it is easy to think SSL solves something, while in fact it might not)
21:20:58  <TrueBrain> HTTPS of course would help, as it is getting more and more difficult to get things to not auto-redirect on HTTP :P And, rightfully, it feels wrong to serve stuff over HTTP :D
21:22:05  <milek7_> it is possible to just ignore CA and pin server public key
21:22:11  <milek7_> but that complicates certificate generation slightly (and is less future-proof)
21:23:38  <frosch123> i guess the original issue was how to authenticate translators via github in a way that does not involve coding a lot
21:24:01  <frosch123> or rather, how to authorize them
21:24:29  <TrueBrain> authorize them for what, sorry?
21:24:47  <frosch123> user x is allowed to translate language y
21:24:51  <TrueBrain> in eints?
21:25:08  <frosch123> assumption a: we do not want to maintain user accounts
21:25:20  <TrueBrain> as I thought we were talking about the OpenTTD client :D
21:25:25  <TrueBrain> so I am a tiny bit confused ;)
21:25:31  <frosch123> assumptions b: translators shall rahter register to github and login to eints with their gh account
21:25:50  <frosch123> assumption c: we do not want to allow every random gh user to translate everything
21:27:06  <nielsm> hmm, broken lot: https://0x0.st/irCw.jpg
21:27:11  <nielsm> (still playing the wrong game)
21:27:15  <TrueBrain> okay, so that had nothing to do with the talk we had a second before that :D Context switching ... ;)
21:27:16  <frosch123> is it ok to have a file in a public gh repository with user names and roles, and approve translators via prs?
21:27:38  <TrueBrain> frosch123: public or private repo, I guess
21:27:46  <frosch123> TrueBrain: yes, i rewinded to the "original problem" before we got to auth servers and https
21:28:07  <nielsm> frosch123, GDPR might dislike it, not sure
21:28:11  <frosch123> we have no private repos, right?
21:28:29  <andythenorth> I wondered if we can have a grf compile farm which sets up author repos as remotes :P
21:28:37  <andythenorth> and keeps the translations in a separate repo
21:28:48  <TrueBrain> nielsm: GDPR only asks us to have a process in place, basically
21:28:49  <frosch123> nielsm: it's only nicknames, and they are persistent in the commit log, while only for-life-time in the role-file
21:28:52  <andythenorth> I don't really like pulling in untrusted commits :P
21:29:19  <frosch123> so, if someone disagrees they just retire from being translator
21:29:51  <frosch123> except: if it somehow makes harassing inactive translators easier or something
21:29:55  <TrueBrain> I guess another approach might be to have a small bot which handles this
21:30:17  <TrueBrain> so you go to a site, that redirects you to GitHub, it asks if your username can be shared with the bot
21:30:31  <LordAro> no particular reason why it needs to be a private repo
21:30:35  <TrueBrain> if you login to eints, with GitHub credentials, we check if you the bot can read your username
21:30:49  <TrueBrain> hmm .. needs a small database to link the language to the user, I guess
21:31:04  <frosch123> yes, and i want to avoid that database :)
21:31:16  <TrueBrain> LordAro: the reasoning would be what frosch123 mentioned, if it is public, it is easy to stalk people etc
21:31:20  <frosch123> because i tried that, and it involved a lot of work
21:32:25  <LordAro> TrueBrain: would've thought most people would be happy to be credited with translation
21:32:25  <TrueBrain> and creating a GitHub App per language might be a bit too much
21:32:27  <frosch123> can we put the translators on the website? saves another repository :p
21:32:31  <planetmaker> it's visible anyway whe's translator, no? In form of commit messages
21:32:39  <LordAro> obviously there'll be a few who won't, but...
21:33:00  <frosch123> planetmaker: yes, but those are translators of the past
21:33:20  <frosch123> i am talking about: there are 20 german translators signed up, why are there 50 strings out of date for a year?
21:33:35  <frosch123> (i did not check, just random numbers)
21:33:47  <planetmaker> well, the translators of the past are all still 'active' by ldapadmin standards
21:33:58  <DorpsGek_III_> [OpenTTD/OpenTTD] JMcKiern commented on issue #7735: Protocol handler to join network games https://git.io/Jemi1
21:34:04  <planetmaker> at least I cannot remember processing translator role removal ever
21:34:07  <planetmaker> on any person
21:34:16  <TrueBrain> I did one or two, upon request
21:34:19  <frosch123> yes, but noone can see those from the outside
21:34:20  <TrueBrain> but normally indeed, removing is rare
21:34:36  <TrueBrain> emails are hidden from the outside
21:34:39  <TrueBrain> only usernames are given
21:34:50  <TrueBrain> we used to have translator-<language>@openttd.org aliases
21:34:56  <TrueBrain> but we stopped doing that a LONG LONG time ago :D
21:34:59  <planetmaker> but yes, true... it's somewhat invisible. which is comfortable
21:36:06  <planetmaker> not being public is nice in that you can contribute, vanish. And contribute again much later without just that: pressure potential from anyone
21:36:21  <TrueBrain> so a repository with a single file per language, with in there the GitHub username ... the PR is done by the username itself, which might or might not have an email (depending on GitHub settings)
21:36:27  <TrueBrain> and GitHub otherwise protects users from spam
21:37:02  <TrueBrain> I mean, try sending a user anything on GitHub
21:37:05  <planetmaker> honestly, I'm pretty much convinced that most translators don't do git
21:37:13  <planetmaker> so forcing them to use git and PRs... not sure
21:37:13  <TrueBrain> they don't have to
21:37:15  <frosch123> i would rather have a single json file for all languages, but potato/potato
21:37:16  <TrueBrain> they only need to do Github
21:37:22  <frosch123> i should dig up my oauth patch
21:38:01  <TrueBrain> frosch123: potato potato indeed; reasoning for me was that we have so many languages :D
21:38:06  *** heffer has quit IRC
21:38:11  <TrueBrain> it becomes a bit more difficult to add your name in such a list :P
21:38:32  <TrueBrain> and if we do flatfiles, so just .txt files, nobody can screw up any parsing either
21:38:58  <TrueBrain> that means, they go to GitHub, they press "edit" on their language, their add their name to the list, and hit: make PR out of this
21:38:58  <frosch123> well, it is not required for translators to add themself. it's also fine if anyone with commit access can add people, who open issues
21:39:24  <frosch123> judging from old coop-eints, there are some translators who do not even know what language they speak
21:39:49  <TrueBrain> you have your default workflow, and ofc the exceptions ;)
21:40:06  <TrueBrain> I would say, by default let people add theirself to the list, but of course we can do it for them too :)
21:40:15  <TrueBrain> we just need to validate their GitHub username
21:41:32  <TrueBrain> I think that is the method to implement this with the least amount of effort
21:42:04  <frosch123> in theory we could also add teams for every language and make all translators external contributors or so, but githubs permissions/roles are way too intransparent to me
21:42:09  <TrueBrain> the other solution I see is with a GitHub Apps, like DorpsGek_III_. You go to a page, you login via GitHub, you get a dropdown to select your language, DorpsGek makes a PR in a repo to request access for that user
21:42:36  <TrueBrain> and DorpsGek_III_ in that case can keep those teams up-to-date with the content of the repository
21:42:51  <TrueBrain> that does, however, consume a bit of effort on the DorpsGek_III_ side of things :)
21:43:37  <frosch123> i prefer the less-effort way for a start
21:43:42  <TrueBrain> can we use GitHub for BaNaNaS and wiki too, as authentication/authorization?
21:43:47  *** Wormnest has quit IRC
21:44:21  <frosch123> mediawiki has an oauth plugin
21:44:29  <TrueBrain> technically it is not an issue
21:44:30  <frosch123> but you have the same problem that you cannot define admins
21:44:33  <TrueBrain> I was wondering from a user perspective :D
21:45:23  *** funnel has joined #openttd
21:45:28  <TrueBrain> forcing every GRF author to also have a GitHub account .. are we okay with that?
21:45:29  <frosch123> what is the alternative? keeping custom accounts? using facebook instead? i don't have facebook
21:45:34  *** WormnestAndroid has quit IRC
21:45:35  <TrueBrain> I agree
21:45:43  <TrueBrain> just asking the question to challenge my own agreement :D
21:45:44  <andythenorth> I'd rather we didn't run auth
21:45:52  <andythenorth> we could always use linkedin auth?
21:45:53  *** WormnestAndroid has joined #openttd
21:46:07  <frosch123> i asked or*dge 2(?) years ago, tt-forums accounts is no option
21:46:23  <andythenorth> nobody fed my troll :(
21:46:24  <TrueBrain> I like the GitHub Teams idea tbh .. that is easy to read from a eints perspective?
21:46:50  <frosch123> likely
21:47:05  <frosch123> but i have no idea what the team membership implies to other gh permissions
21:47:16  <frosch123> like reviewing/merging/...
21:47:18  <TrueBrain> nothing that cannot be solved :)
21:47:44  <TrueBrain> lowest rank is "Read"
21:47:46  <TrueBrain> which is fine
21:48:13  <frosch123> as said, i don't understand gh permissions :)
21:48:19  <LordAro> sounds like a spec should be drawn up first
21:48:29  <frosch123> they looked like a contradicting mess to me
21:48:42  <TrueBrain> frosch123: if you can check that with oauth you can read the group, without doing anything else (like reading a file etc)
21:48:48  <TrueBrain> I think I can help you with the rest
21:48:59  <frosch123> LordAro: i have wips on oauth support for eints
21:50:15  <TrueBrain> where is their documentation about oauth for authorization?
21:50:20  <TrueBrain> keep finding unrelated bla :P
21:50:48  <frosch123> https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
21:51:04  <frosch123> "read:org" scope
21:51:36  <frosch123> when people login to eints the first time, gh will ask them whether eints may query their membership status
21:52:33  <TrueBrain> https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/
21:52:40  <TrueBrain> I guess that is the flow :)
21:54:16  <milek7_> there should be some puzzle manual in 'the witness'
21:54:26  <milek7_> or maybe i'm just too dumb for these type of game
21:54:44  <frosch123> oh right, eints did not even have login-cookies
21:54:56  *** el3ktr4 has quit IRC
21:55:13  <TrueBrain> frosch123: ah, so we need no scope for the user to login; we just need a valid token in eints which he can use to make requests to https://developer.github.com/v3/teams/members/
21:55:18  *** cHawk has quit IRC
21:55:21  <LordAro> milek7_: hehehe
21:55:29  <TrueBrain> that is slightly more work on your end, but I guess that is doable
21:55:41  *** cHawk has joined #openttd
21:56:03  <frosch123> TrueBrain: you mean it is enough to authorize eints to query openttd instead of the suer?
21:56:30  <TrueBrain> I think so
21:56:37  <TrueBrain> I need to fiddle a bit with this to be sure
21:56:59  <frosch123> hmm, in that case we can also hack the mediawiki plugin
21:57:32  <TrueBrain> https://developer.github.com/v3/teams/members/#get-team-membership
21:57:44  <TrueBrain> that API endpoint is very useful, as in: it is very binary
21:57:48  <frosch123> it's php so you may not eat anything for 8 hours, but it is possible
21:57:55  <TrueBrain> the only downside of using teams for this, is that the user has to accept the team invite
21:58:16  <frosch123> why wouldn't they?
21:58:29  <frosch123> they can choose whether they are listed publically
21:58:39  <TrueBrain> I remember Epic having an issue here, where someone emailed everyone in a team .. but I am sure that is no longer possible :D
21:58:41  *** el3ktr4 has joined #openttd
21:59:24  *** sla_ro|master has quit IRC
22:00:54  <TrueBrain> in order for someone to be in a team, they have to be invited to the organization, it seems
22:02:38  <TrueBrain> I guess for something like mediawiki, you want people to be able to self-signup, right?
22:02:43  <TrueBrain> no need for anyone to validate that
22:02:47  <TrueBrain> but for eints I guess you want validation first?
22:03:08  <TrueBrain> in other words: do we need to approve people?
22:04:21  <TrueBrain> currently, the barrier to signup is sufficiently high, that the chances of someone wanting to be "funny" is very low. I guess without validation, that barrier might just be too low? Not sure.
22:04:27  <frosch123> yes, you need teams for translators and for wiki admins
22:04:42  <frosch123> you do not need a team for regular wiki users
22:04:51  <TrueBrain> well, we do
22:04:55  <TrueBrain> you want to be able to ban people :D
22:05:06  <frosch123> that has not worked in years :)
22:05:21  <TrueBrain> via GitHub that is a bit different, as creating random new accounts is more difficult
22:05:27  <TrueBrain> they have pretty good protection there
22:05:52  <TrueBrain> but okay, so you do want to approve translators?
22:06:04  <frosch123> the last spammers on the wiki were humans and they stopped when i setup a bot to revert their changes
22:06:17  <TrueBrain> lol
22:06:18  <TrueBrain> silly
22:06:39  <frosch123> yes, there is enough beef between translators that requires to approve them
22:07:02  <TrueBrain> okay, so how about this: you want to signup to translators, you are asked to visit https://????.openttd.org
22:07:09  <TrueBrain> there you are asked to login to GitHub
22:07:15  <frosch123> like when the mexican spanish translator thought starting a new language was to much work, and just adjusted the european spanish :p
22:07:15  <TrueBrain> after login, you get asked what language
22:07:29  <TrueBrain> after that, the bot makes an Issue on a repository
22:07:33  <TrueBrain> you answer with /approve
22:07:37  <TrueBrain> the bot adds the user to the right team
22:08:13  <LordAro> should probably notify info@ (and probably here) too
22:08:20  <TrueBrain> here comes free
22:08:27  <TrueBrain> (as .. DorpsGek_III_ :D)
22:08:29  <LordAro> oh, issue on repo
22:08:32  <LordAro> yes, good
22:08:35  <TrueBrain> info@ .. hmm .. we disabled notifications :P
22:08:45  <TrueBrain> lets see how that works for now without emailing
22:09:06  <TrueBrain> we can make a daily reminder like: "there are still N pending approvals"
22:09:09  <TrueBrain> on IRC
22:09:22  <LordAro> ha
22:09:48  <frosch123> don't add more spam to info@
22:09:55  <TrueBrain> ^^ :)
22:10:07  <frosch123> info@ is a very sad place
22:10:17  <TrueBrain> yeah ... we should cleanup some of the spam tbh
22:10:26  <TrueBrain> anyway, to continue:
22:10:28  <frosch123> mostly newsletters, a bit of spam, and some douchbag users
22:10:32  <TrueBrain> in eints you do oauth login
22:10:38  <TrueBrain> after a valid token, you know the username
22:10:42  *** Wormnest has joined #openttd
22:10:43  <frosch123> this week someone complained about people not playing nice on nice.org :)
22:10:48  <TrueBrain> you do a call to the above mentioned API, with a DorpsGek API token
22:11:14  <TrueBrain> I love the emails we get about ingame sponsorship .. they are ... persistent in their request
22:11:49  <TrueBrain> would that work for you frosch123? Does it validate the expected user-flow?
22:12:27  <TrueBrain> most of these things we already have in place; the "/approve" is a very simple GitHub Actions
22:12:31  <frosch123> TrueBrain: yes, that is just fine. eints would cache the stuff for 24 hours or so
22:12:35  <TrueBrain> the only "new" thing would be to ask for the language
22:12:52  <TrueBrain> I assume the cache is only for positive results
22:13:00  <TrueBrain> ?
22:13:25  <frosch123> hmm, ok, let's say, eints queires it once per login
22:13:35  <frosch123> and login cookie expires after 24 hours
22:14:02  <frosch123> so we get the classic "you may need to logout and relogin"
22:14:32  <TrueBrain> please make that 23 hours :P Nothing more annoying than something that kicks you out every 23 :P
22:14:39  <TrueBrain> euh, 24, the last one
22:14:43  <TrueBrain> yeah, that works
22:14:50  <TrueBrain> you can do 5000 API calls per hour to GitHub
22:14:59  <TrueBrain> so ... if we get more than 5000 active translators, there might be an issue :D
22:15:09  <frosch123> TrueBrain: i did not quite follow how you want to make translators sign up, but i think that does not affect me
22:15:35  <TrueBrain> they go to website, they signin with GitHub, they select language, they wait for GitHub Teams invite
22:15:55  <TrueBrain> we get new issue, we do "/approve" in comment of that issue
22:16:51  <TrueBrain> okay, we do need a new organization for this .. OpenTTD-users ?
22:16:53  <TrueBrain> or something
22:16:59  <TrueBrain> as they become part of the organization itself
22:17:17  <LordAro> why would we need a new org?
22:17:18  <TrueBrain> github.com/OpenTTD-users/ , I mean, to be clear :D
22:17:36  <TrueBrain> https://github.com/orgs/OpenTTD/people
22:17:39  <TrueBrain> because of pages like that
22:17:48  <frosch123> does it hurt listing translators there?
22:18:04  <LordAro> i don't see that as a particular issue
22:18:23  <TrueBrain> hmm .. 2 things: I am not sure what it does permission-wise, we will have to check
22:18:34  <TrueBrain> but also: it makes it look like you contributed to OpenTTD, as in, the game
22:18:37  <TrueBrain> while you might only just have signed up
22:18:49  <TrueBrain> so it gives a false idea of "look at me, I am awesome"
22:18:54  <frosch123> lol, that's exactly what i worried about an hour ago :) gh permissions are intransparent
22:19:02  <TrueBrain> anyway, I like separating things :D
22:19:05  <LordAro> does that matter? :p
22:19:19  <TrueBrain> frosch123: yeah, I know :) I know how Teams work in a Repository
22:19:20  <LordAro> https://github.com/orgs/rust-lang/people here's an example of an org with lots of people
22:19:23  <TrueBrain> just not how a Member works in an Organization :D
22:19:33  *** Wormnest has quit IRC
22:19:39  <frosch123> TrueBrain: andy is listed on that page
22:19:49  <frosch123> is there any more danger?
22:19:56  <TrueBrain> fair point :D
22:20:01  <LordAro> there certainly aren't 112 active maintainers of rust
22:20:20  <TrueBrain> I guess you are right
22:20:24  <TrueBrain> so we just need to validate permissions
22:20:38  <TrueBrain> this is why I like separating things .. avoids me having to lookup stuff :P
22:20:46  <andythenorth> also I am first ha ha
22:20:53  <andythenorth> A is a winning initial
22:21:16  *** cHawk has quit IRC
22:21:29  <frosch123> https://github.com/rust-lang/team <- what is that?
22:21:51  <TrueBrain> https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/verifying-your-organizations-domain <- can I do that?
22:22:50  <LordAro> i think you're the only one who can :p
22:23:01  <andythenorth> oof I should go to bed :|
22:23:10  <TrueBrain> frosch123: looks very similar :D Theirs is only manually, from what I can tell
22:24:05  <frosch123> i think team memberships are not visible unless you are part of the organisation
22:24:56  <frosch123> hmm, so rust have all their team-members emails in their repository
22:25:03  <LordAro> https://github.com/rust-lang/team/pull/201 not necessarily manual
22:25:59  <TrueBrain> LordAro: yeah, okay, but that workflow is too complex for poor translators :D
22:26:34  <TrueBrain> one benefit of having a file per GitHub user, is that you can see what they have access too .. in case people request access to multiple translations :)
22:27:59  <TrueBrain> "Require two-factor authentication for everyone in the OpenTTD organization."
22:28:10  <TrueBrain> the only downside I noticed when looking at organizational permissions
22:28:17  <TrueBrain> I would really like all devs to have 2FA enabled
22:28:26  <TrueBrain> I cannot enforce it if we add translators too
22:28:48  <frosch123> it already sends a verification email every time
22:29:10  <frosch123> possibly because i use the private browsing defaults
22:29:58  <TrueBrain> cool, you can have discussions with Teams in GitHub
22:29:59  <TrueBrain> that is nice
22:30:21  <frosch123> translators kind of always wanted that
22:30:58  *** WormnestAndroid has quit IRC
22:30:58  *** nielsm has quit IRC
22:30:58  *** tokai has quit IRC
22:30:58  *** supermop_work has quit IRC
22:31:09  *** supermop_work has joined #openttd
22:31:18  <TrueBrain> yeah, this is the only thing I can find that is of interest in regards to adding translators to OpenTTD organization
22:31:26  <TrueBrain> enforcing 2FA on the developers yes/no
22:31:33  *** WormnestAndroid has joined #openttd
22:31:44  *** tokai has joined #openttd
22:31:44  *** ChanServ sets mode: +v tokai
22:32:36  *** nielsm has joined #openttd
22:32:51  <frosch123> https://github.com/orgs/OpenTTD/outside-collaborators <- does that only work for repositories, or also for teams?
22:33:07  *** dwfreed has quit IRC
22:33:14  *** dwfreed has joined #openttd
22:33:24  <TrueBrain> not sure how that list is created
22:34:40  <TrueBrain> owh, ofc, I gave them access on "website" to write
22:34:47  <LordAro> that's a 404 for me
22:34:48  <TrueBrain> no, they cannot be in teams
22:34:52  <LordAro> do you have to be an owner?
22:34:56  <TrueBrain> I guess
22:34:58  *** Progman has quit IRC
22:35:02  <andythenorth> hmm, I have played current OpenTTD game for 120 calendar years
22:35:05  <TrueBrain> so many more things show up if you are an owner, not always clear who can see what
22:35:09  <andythenorth> and about 20 years of using date cheat :P
22:35:12  <andythenorth> long game :P
22:35:45  <TrueBrain> okay, I am going to get some sleep .. I think we can do this with relative low effort and maintenance, by mostly having GitHub do the heavy lifting :D
22:35:58  <planetmaker> TrueBrain, looking at who uses 2FA from the list of OpenTTD people on github... it's 50:50. Not sure enforcement would help anything currently
22:35:58  <andythenorth> \o/
22:36:22  <TrueBrain> planetmaker: yes ... it would force those 50% to also enable it
22:36:33  <TrueBrain> what am I missing?
22:37:00  <planetmaker> the 'meh' effect
22:37:10  <TrueBrain> the what effect?
22:37:19  <planetmaker> meh. whatever.
22:37:21  <planetmaker> :)
22:37:27  <TrueBrain> I really have no clue what you are trying to say
22:38:17  <TrueBrain> but let me be pretty clear on my stance on 2FA: not having it enabled for a project like OpenTTD is not something that is a valid stance in 2020 :) Too many projects have accounts that get hijacked .. it is a big risk we are taking by not enforcing it.
22:38:21  <TrueBrain> it can do some nasty damage
22:38:23  <planetmaker> tmwftlb for this case for those who don't yet?
22:38:54  <TrueBrain> too little benefit? Euhmz .. guess you missed some news :D
22:39:13  <planetmaker> nope, indeed I did not
22:39:23  <planetmaker> But I don't like someone trying to force me
22:39:40  <TrueBrain> and I don't like OpenTTD being taken away from us because your password got leaked because of some hack to some random website :)
22:39:51  <TrueBrain> (I hope you are not password sharing, but sadly this is often still the case :P)
22:40:21  <TrueBrain> but okay, I think this is a fair thing to say: you cannot be owner if 2FA is not enabled; that fair? :)
22:40:59  <LordAro> i think that's fair
22:41:17  <frosch123> ok, i'll enable it then :)
22:41:21  <TrueBrain> anyway, lets approach this first in another way: LordAro, planetmaker, frosch123, orudge, andythenorth: please pretty please enable 2FA on GitHub :)
22:41:45  <TrueBrain> owh, and nielsm :)
22:41:48  <planetmaker> that's the way you should *start* such issue instead of how you did, yes.
22:42:05  <TrueBrain> planetmaker: I did nothing; you did :) But that is okay ;)
22:42:20  <TrueBrain> you started with the argument 50:50 is "fine" ;)
22:42:33  <TrueBrain> I just mentioned adding translators to OpenTTD org means I can never enforce 2FA to the devs :)
22:42:34  <planetmaker> you started with "should we enforce" :)
22:42:36  <TrueBrain> that was just a statement :)
22:43:28  <LordAro> "should we enforce" and "we should enforce" are very different sentences :p
22:44:25  <TrueBrain> 23:28 <TrueBrain> I would really like all devs to have 2FA enabled
22:44:34  <TrueBrain> just to be clear ;)
22:44:40  <planetmaker> <TrueBrain> enforcing 2FA on the developers yes/no
22:44:56  <TrueBrain> out of context
22:44:57  <TrueBrain> 23:31 <TrueBrain> yeah, this is the only thing I can find that is of interest in regards to adding translators to OpenTTD organization
22:44:57  <TrueBrain> 23:31 <TrueBrain> enforcing 2FA on the developers yes/no
22:45:08  <frosch123> can i use a less secure password after i enabled 2fa? :p
22:45:12  <hythlodaeus> what is 2FA?
22:45:24  *** andythenorth is now known as Guest14759
22:45:25  *** andythenorth has joined #openttd
22:45:25  <frosch123> @base 16 10 2fa
22:45:25  <DorpsGek> frosch123: 762
22:45:39  <frosch123> sorry :)
22:45:39  <planetmaker> your new PW? :P
22:45:45  <frosch123> hythlodaeus: two factor authentication
22:45:58  <hythlodaeus> ah
22:46:46  <TrueBrain> planetmaker: please take more time in assuming I mean well, instead of trying to pick a fight. You really took my words out of context, and than blamed me for how I "should have started" .. this is not nice of you
22:47:33  <nielsm> I'm set up now
22:47:40  <TrueBrain> Thank you very much :)
22:48:04  <nielsm> I'm slightly surprised github doesn't support the microsoft authenticator app for 2fa
22:48:07  *** Guest14759 has quit IRC
22:48:25  <TrueBrain> nielsm: but their Security Key support is a lot better than most other sites :D
22:48:53  <TrueBrain> (it surprised me too, given they are MS etc)
22:49:06  <LordAro> i imagine they'll get there eventually
22:52:50  <nielsm> wow, almost a hundred downloads of Eternal Love already, summed from forum and bananas
22:53:10  <TrueBrain> it is loved
22:53:30  <TrueBrain> hmm .. DorpsGek itself is owner ... why is he owner ... can I make him non-owner .. that will be my job for this weekend :)
22:53:49  <TrueBrain> still one of the more annoying things about shared accounts .. how to do 2FA
22:53:52  <nielsm> also, if anyone is able to/think they should do something about it, the most downloaded GS on bananas has its url point to a parked domain
22:54:06  <TrueBrain> wuth? Lol
22:54:28  <nielsm> someone let their community forum lapse or such
22:54:50  <TrueBrain> hmm .. I can remove the URL, but is that a nice thing to do?
22:54:53  <TrueBrain> maybe the URL comes back?
22:55:14  <nielsm> yeah I suppose it would be better to contact the submitter first
22:55:16  <planetmaker> right. 2FA enabled
22:55:18  <LordAro> probably change it and let them know
22:55:21  <TrueBrain> <3 planetmaker
22:55:31  <LordAro> they can't change it themselves, i think?
22:55:37  <planetmaker> time to attach the yubikey to my keys...
22:55:38  <TrueBrain> only with a new version, I think
22:57:02  *** frosch has joined #openttd
22:57:24  <frosch> TrueBrain: iirc dorpsgek is owner to have push access to repositories
22:57:24  <planetmaker> TrueBrain, sorry, indeed I did not see the lines you quoted
22:57:37  <planetmaker> I appologize
22:57:53  <TrueBrain> planetmaker: all good :) I mistook your initial reply too, sorry about that :)
22:58:06  <LordAro> now kiss
22:58:12  <TrueBrain> only if you join!
22:58:17  <frosch> which app do you recommend?
22:58:30  <TrueBrain> Google Authenticator + Yubikey
22:59:12  <TrueBrain> frosch: I think push rights can also be given per repository, but I guess I was lazy, and didn't want to do that
22:59:54  <TrueBrain> I guess I can enable 2FA on my phone, and put recovery keys next to the password in the password store ..
23:01:36  *** frosch123 has quit IRC
23:02:38  *** andythenorth has left #openttd
23:03:19  <TrueBrain> "Make sure it's at least 15 characters OR at least 8 characters including a number and a lowercase letter" <- that is pretty nice tbh
23:04:18  *** Wolf01 has quit IRC
23:06:54  <planetmaker> I saw that I can use my phone's fingerprint scanner as 2fa
23:07:06  <planetmaker> somewhere. Just haven't figured out how so far
23:08:20  <TrueBrain> Let us know when you figured that out .. sounds interesting ..
23:08:33  <TrueBrain> I love 1password for it
23:09:22  <planetmaker> https://help.github.com/en/github/authenticating-to-github/about-two-factor-authentication#two-factor-authentication-recovery-codes <-- here actually
23:10:04  <planetmaker> After you configure 2FA using a mobile app or via text message, you can add a security key, like a fingerprint reader or Windows Hello
23:10:08  <planetmaker> do I misread that?
23:10:45  <TrueBrain> Owh, as security key
23:10:54  <TrueBrain> Like a yubikey
23:11:20  <TrueBrain> I think I read about those, a fingerprint reader like a yubikey
23:11:48  <TrueBrain> https://www.yubico.com/blog/yubico-reveals-first-biometric-yubikey-at-microsoft-ignite/
23:15:44  <frosch> isn't that 3fa then?
23:15:59  <frosch> you need your fingerprint/key to get to your 2fa-code?
23:16:42  <TrueBrain> Security keys don't give you a code in this mode
23:17:00  <TrueBrain> Browsers can directly communicate with them, which is nice :)
23:17:08  *** el3ktr4 has quit IRC
23:17:31  <planetmaker> frosch, no, they rather dissiminate they secret when presented with the right fingerprint
23:17:44  <planetmaker> (or rather expose that they know the secret)
23:17:58  <TrueBrain> Funny enough, 3FA is used more often than you think .. behavior is a huge part of authentication these days
23:18:22  <TrueBrain> Reason it is now often called MFA (MultiFactorAuthentication)
23:19:32  <TrueBrain> I love how we are slowly moving away from passwords .. very slowwwwlllyyyy
23:19:52  <milek7_> passwords are fine
23:20:01  <nielsm> passwords are hell
23:20:21  <TrueBrain> They were fine till they leaked
23:20:27  <nielsm> they can work if the user has a physical keyboard and is fast at typing
23:20:43  <frosch> in the hitchhiker guide you just need the identocard from someone
23:20:44  <nielsm> (because then 20+ character passwords are realistic)
23:21:31  <milek7_> they are pasted anyway, nobody (should) type them
23:21:56  <TrueBrain> MFA works with: something you know, have, are, or do. The 'know' part is horrible. Let's start using the other 3 more often.
23:22:22  <planetmaker> Just got today an e-mail from my university: change your password till 30 January or your account then will then be locked.
23:22:33  <nielsm> vampire auth when?
23:22:41  <glx> "security questions" are worse
23:22:43  <planetmaker> seems they lost hashed passwords or might have :)
23:22:58  <nielsm> I should seriously get to sleep, this is bad
23:23:00  <nielsm> gn
23:23:05  <planetmaker> yeah. good night :)
23:23:08  <frosch> planetmaker: nice, how many are on vacation?
23:23:28  <planetmaker> dunno? certainly some from 26k people
23:23:28  <glx> I think it's easier to find answers to security questions than to find the actual password
23:23:52  <frosch> do you know the name of my first dog?
23:23:58  <planetmaker> better than my sister's university... they were locked-out nearly whole of December till early January... university hacked and trojaned
23:24:17  <TrueBrain> Maastricht? :p
23:24:19  <planetmaker> and they shut down everything before it actually could do work... but meh... no work for all people, too
23:24:22  <planetmaker> Gießen
23:24:27  <Eddi|zuHause> i think a study has shown that the people themselves have more problems to remember the exact answers to those "security questions" and they're rather easy to find out through social engineering
23:24:48  <TrueBrain> Ransomware is the worst
23:24:59  <Eddi|zuHause> planetmaker: i heard about that...
23:26:14  <planetmaker> yeah, it was in the news
23:26:17  *** el3ktr4 has joined #openttd
23:26:41  <TrueBrain> Happens a lot lately ... no fun .. good for security companies :p
23:27:42  <TrueBrain> Owh, yes, this sleep thing .. I should try it
23:28:07  <frosch> night
23:28:10  *** frosch has quit IRC
23:31:01  *** nielsm has quit IRC
23:33:34  <Eddi|zuHause> sleep is overrated
23:39:07  *** WormnestAndroid has quit IRC
23:39:30  *** WormnestAndroid has joined #openttd
23:42:17  *** Samu has quit IRC
23:47:47  *** Wormnest has joined #openttd
23:50:51  *** Arveen2 has joined #openttd
23:57:32  *** Arveen has quit IRC

Powered by YARRSTE version: svn-trunk