--- Log opened Wed Apr 03 00:00:06 2013
--- Day changed Wed Apr 03 2013
20130403 00:00:06< anonymissimus> git reset also works I think
20130403 00:00:29< anonymissimus> or --abort if it happened during a rebase, a merge, a cherry-pick,...
20130403 00:02:25-!- Blueblaze [~Blueblaze@adsl-99-148-244-197.dsl.hstntx.sbcglobal.net] has joined #wesnoth-dev
20130403 00:03:17-!- LordNasty [~NaSTy@93-43-168-243.ip92.fastwebnet.it] has quit [Ping timeout: 248 seconds]
20130403 00:04:04-!- LordNasty [~NaSTy@93-43-168-243.ip92.fastwebnet.it] has joined #wesnoth-dev
20130403 00:13:23-!- boucman [~rosen@wesnoth/developer/boucman] has joined #wesnoth-dev
20130403 00:15:36-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has joined #wesnoth-dev
20130403 00:16:59< lipkab> mordante: Yes, it's only present on trunk/master/whatever.
20130403 00:20:26< AI0867> 23:50 < fabi> Espreon: Add is for adding file under version control. How can it be used to solve conflicts? <-- add is for adding it to the index. This can be used for adding it the first time, for committing selectively (not commit -a) and for marking a conflict as resolved
20130403 00:20:48< AI0867> the third makes more sense if you realize that a merge tries to generate a commit
20130403 00:21:11< AI0867> if it fails due to conflicts, the stuff that was successfully merged is in the index. The stuff that has conflicts is not.
20130403 00:21:24< AI0867> once you've resolved the conflicts, you add the files to the index, and commit
20130403 00:21:36< fabi> hmmm, I need to read more about git. I am lacking the vocabulary to fully understand what you try to tell me.
20130403 00:21:58< AI0867> svn has two 'trees': the working copy and the 'BASE'
20130403 00:22:06< AI0867> svn diff shows you the difference between the two
20130403 00:22:09< AI0867> git has 3
20130403 00:22:31< AI0867> the index sits between the two you have in SVN
20130403 00:24:58< fabi> okay, working copy --commit--> index --push--> repository
20130403 00:25:13< AI0867> no
20130403 00:25:47< AI0867> working tree --add--> index --commit--> repository --push--> external repositories
20130403 00:26:03< fabi> i see
20130403 00:27:54 * anonymissimus doesn't see :P
20130403 00:28:28< Espreon> anonymissimus: How wonderful!
20130403 00:28:30< shadowm> 10:53:48 <fabi__> shadowm: Yes, I am aware of the read only connection.
20130403 00:28:44< shadowm> Then it wasn't a good idea to suggest it in the first place.
20130403 00:28:54< irker342> anonymissimus wesnoth:master * 1.11.2-92-g834680d / projectfiles/CodeBlocks/wesnoth.cbp: cb project update
20130403 00:28:55< irker342> anonymissimus wesnoth:master * 1.11.2-93-gb369ade / projectfiles/VC9/wesnoth.vcproj: vc project update
20130403 00:29:34< shadowm> fabi: I don't see any use in making the zoom buttons turbo buttons.
20130403 00:29:43< shadowm> But okay.
20130403 00:30:20-!- boucman [~rosen@wesnoth/developer/boucman] has quit [Remote host closed the connection]
20130403 00:30:52< fabi> shadowm: It is really a relief with the palette scrolling. (It was a click orgy). The scrolling does not profit that much but is in line with the keyboard behavior now.
20130403 00:31:09< fabi> s/scrolling/zooming 
20130403 00:31:43< shadowm> Yes, all scrollbar buttons are supposed to be turbo buttons in Wesnoth and the editor palette was inconsistent in that regard.
20130403 00:33:55-!- stikonas [~gentoo@wesnoth/translator/stikonas] has quit [Quit: Konversation terminated!]
20130403 00:34:56< fabi> shadowm: local user registration is to be disabled at the forum, the wiki and the redstone tool. A nice little web frontend provides registration/password change and maybe some other or administrator features.
20130403 00:35:27< shadowm> Oh no.
20130403 00:35:29< shadowm> Please no.
20130403 00:35:38< shadowm> I am not willing to reinvent wheels like that.
20130403 00:35:58< shadowm> The forums' registration form was made secure against automated form-fillers through cycholka's and my own efforts.
20130403 00:36:25< shadowm> Also, the name is redmine.
20130403 00:36:46< fabi> Ah yes, redstone is an early american carrier rocket.
20130403 00:39:18 * shadowm kicks timotei for sending an HTML message to the ML.
20130403 00:39:21< anonymissimus> mordante: btw, I can confirm that the textbox cursor position is fixed. I think I never was bugged enough by this bug to report it. :)
20130403 00:39:42< shadowm> timtoei: Whatever client you are using didn't even provide a plain text fallback.
20130403 00:39:45< shadowm> timotei
20130403 00:39:50< shadowm> timotei_
20130403 00:40:14< fabi> shadowm: That is what I already told on #wesnoth-de. It's a major improvement to share all credentials but it won't be easy to get the change through because of project politics.
20130403 00:42:05< shadowm> fabi: The fact that you people are discriminating against me by discussing stuff in a language that is not English irks me. A lot.
20130403 00:42:26< shadowm> *passively discriminating
20130403 00:43:03< shadowm> How about you figure out how to get Redmine to use phpBB's users table alone instead?
20130403 00:43:36< shadowm> I know that doing it the other way around (either the forums or the wiki) would take a potentially painful and/or destructive conversion job (especially in MW's case).
20130403 00:44:14< fabi> MW?
20130403 00:44:17< AI0867> mediawiki
20130403 00:44:47< shadowm> Yes, if you are going to discuss site architecture changes you'd better know the names and acronyms of the software we use atm. :(
20130403 00:45:06< Gambit> Well that's a bit unfair.
20130403 00:45:40< shadowm> If someone can tell me about Redmine and whether it has some kind of auth plugin system like phpBB does I may even do it myself.
20130403 00:46:10< shadowm> But apparently the discussion is taking place in a channel using a language I don't understand?
20130403 00:46:13< fabi> shadowm: redmine, phpbb and mediwiki all have ldap auth plugins available.
20130403 00:46:39< shadowm> Gambit: Please provide your opinion now.
20130403 00:46:44< fabi> shadowm: That is why I discuss it here with you in english. You have not missed anything. 
20130403 00:46:50< shadowm> The opinion you just provided me in my channel.
20130403 00:48:31< Gambit> Rolling your own security system is a cardinal sin. Creating some new global Wesnoth login system is dangerous.
20130403 00:48:38< Gambit> Integrating with other systems is awesome though.
20130403 00:49:52< Gambit> (Existing systems that have presumably been thoroughly thought out and tested by people who know more about that than any of us because it's their speciality.)
20130403 00:50:03< shadowm> The thing with MW is that to my knowledge it's designed to make operations as simple as _renaming a user account_ impossible.
20130403 00:50:32< fabi> shadowm: Well, you are uptodate now. We discussed that sharing credentials would be nice and that it is doable with ldap (the defacto standard nowadays on such stuff). And I ended the discussion with the statement that it won't happen because someone won't like changes.
20130403 00:50:33< shadowm> So I assume with that little bit of information I know that MW would have to be destructively converted at the expense of edit history.
20130403 00:51:11< shadowm> fabi: I'd prefer if everyone registered using the forums' facilities.
20130403 00:51:27< shadowm> That is subject to all our intricate anti-spammer verification systems.
20130403 00:51:43< shadowm> And yes, they are intricate, this is not hyperbole.
20130403 00:51:43< fabi> shadowm: That is no surprise to me. I would have asked if you are ill if you told me that you liked the idea.
20130403 00:51:55< shadowm> What?
20130403 00:52:11< fabi> I was sure that you deny any change to the current system.
20130403 00:52:22< shadowm> My English parser broke around 'ill'.
20130403 00:52:46< Gambit> This is looking much closer to a fight than a discussion right now.
20130403 00:52:46< fabi> ill == sick
20130403 00:52:59< shadowm> 'sick' doesn't make any semantic sense in context to me either.
20130403 00:53:25< shadowm> I don't know what you are trying to say. My physical health has been very poor since 2005, but I'm not terminal or anything.
20130403 00:53:42< fabi> Maybe the statement was too German specific. We ask someone if he got a disease if he is doing something unexpected.
20130403 00:53:54< shadowm> Oh.
20130403 00:54:34< shadowm> So you asked me knowing that I would refuse?
20130403 00:54:53< shadowm> But seriously, 19:45:38 <shadowm> If someone can tell me about Redmine and whether it has some kind of auth plugin system like phpBB does I may even do it myself.
20130403 00:55:20< fabi> Well, all our tools do have ldap plugins.
20130403 00:55:32< shadowm> That is, I'd be okay with redmine<-phpBB instead of redmine<-LDAP->phpBB.
20130403 00:57:12< fabi> Well, that is reinventing the wheel, I doubt that there is a plugin for getting auth through the phpbb database (sql?) backend.
20130403 00:57:42< shadowm> Hopefully their auth plugin architecture is generic enough.
20130403 00:58:23< shadowm> That'd mean I'd only need to read phpBB's own native auth system and translate it to redmine's arch.
20130403 00:58:30< fabi> This would mean we have to write a plugin for redmine and one for wikimedia. 
20130403 00:58:37< shadowm> MediaWiki.
20130403 00:58:48< Gambit> fabi: So basically, the forum registration process is already secure and hardened against spammers, but switching to LDAP would require us to recreate all of that and we would almost certainly do it wrong.
20130403 00:58:50< shadowm> MediaWiki is the software, Wikimedia is the foundation.
20130403 00:59:04< anonymissimus> is there some git wiki page we have ? other than this one http://wiki.wesnoth.org/GIT-SVN
20130403 00:59:17< shadowm> But I won't invest any time on MW for the aforementioned reasons (I did do the research back in the day when I wanted to rename ShikadiLord to Shadowmaster).
20130403 00:59:23< anonymissimus> that seems to no longer fit (but parts of it still do)
20130403 00:59:40< Gambit> (Switching to LDAP would also require wesnothd changes)
20130403 00:59:50-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has quit [Quit: And once again, in an explosion of smoke, the ninja disappeared into the night]
20130403 00:59:57< shadowm> Gambit: Ah yeah, I completely forgot about wesnothd.
20130403 01:00:00< Gambit> Don't know if either of you mentioned that yet.
20130403 01:00:05< fabi> Gambit: There are ready to use ldap frontends out there, I suspect one will fit our needs.
20130403 01:00:10< shadowm> It's wired directly into phpBB's database bypassing the auth arch system.
20130403 01:00:24< Gambit> The front end is a very small portion of the problem.
20130403 01:00:43< fabi> Please tell me more.
20130403 01:02:02-!- exciton [chuck-the-@89.208.169.104] has quit [Read error: Connection reset by peer]
20130403 01:02:16-!- exciton [chuck-the-@89.208.169.104] has joined #wesnoth-dev
20130403 01:02:20-!- Blueblaze [~Blueblaze@adsl-99-148-244-197.dsl.hstntx.sbcglobal.net] has quit [Quit: Blueblaze]
20130403 01:06:10< Octalot> Git history rewrites: I was wrong yesterday when I said that Git was intelligent about downloading after rewriting history.  Changing a commit message from 2007 forces all existing clones to do a 1.3 gig download, even if nothing else changes.
20130403 01:07:08< fabi> Gambit: Please tell me more.
20130403 01:07:32< Gambit> fabi: About what?
20130403 01:07:49< fabi> "The front end is a very small portion of the problem"
20130403 01:08:07< Gambit> As compared to the backend...
20130403 01:08:16< fabi> The backend would be?
20130403 01:08:23< Gambit> The prettyness of the login form isn't really a big deal.
20130403 01:08:34< fabi> indeed
20130403 01:08:41< Gambit> fabi: The LDAP server itself and all the code that gets phpBB and wesnothd to communicate with it
20130403 01:09:06< fabi> But we don't talk about login forms. That won't change. Only registering/password change is an ldap issue.
20130403 01:09:28< Gambit> I dunno. You brought up frontends.
20130403 01:09:29< fabi> Gambit: I can setup ldap, done it more than once at work.
20130403 01:09:50< fabi> phpbb will be ready after installing the plugin. 
20130403 01:09:56-!- _8680_ [~8680@2002:44e1:f952:0:e56b:9a5e:4955:e35d] has quit [Ping timeout: 240 seconds]
20130403 01:10:09< fabi> wesnothd needs to call the ldap credentials, that is a one liner.
20130403 01:10:14-!- _8680_ [~8680@2002:44e1:f952:0:76de:2bff:fed4:2766] has joined #wesnoth-dev
20130403 01:10:28< Gambit> fabi: Does ldap replace the entire users table, or just usernames, hashed passwords, and salts?
20130403 01:10:52< Gambit> And does it manage the hashing as well?
20130403 01:11:15< fabi> Yes, ldap supports all sorts of passwords.
20130403 01:12:04< shadowm> 20:10:07 <fabi> wesnothd needs to call the ldap credentials, that is a one liner.
20130403 01:12:08< shadowm> False.
20130403 01:12:20< shadowm> Have you even read the FUH class implementation?
20130403 01:12:54< fabi> I never heard about FUH.
20130403 01:13:00< shadowm> forum_user_handler
20130403 01:13:21< fabi> Well, it would be ldapUH and I am sure that I can code it.
20130403 01:14:00< shadowm> It's always nice to see that kind of thing happen before making a drastic decision like switching the live forums to LDAP and losing the ability to register users through phpBB in the process.
20130403 01:14:47< shadowm> (And by 'switching' I mean "importing the users table into LDAP and switching the phpBB auth plugin to LDAP".)
20130403 01:15:17< fabi> Well, nobody wants to work on the running system. I would do a copy of the forum for setup and testing. If the result is fine we can think about doing the stuff to the real forum.
20130403 01:15:20< Gambit> According to RFC 4519, LDAP servers are to store passwords in plaintext for interoperability.
20130403 01:15:30< Gambit> Which means phpbb would still be responsible for hashing.
20130403 01:15:37< Gambit> And redmine would then need to be modified as well.
20130403 01:17:27< fabi> Those plugins claim to work out of the box without any coding involved.
20130403 01:17:56< Gambit> Given that wesnoth.org has been pwned on at least one occasion in recent memory, plaintext password storage is absolutely not an option.
20130403 01:18:18< Gambit> Not sure if I'm allowed to get into the specifics of that incident here though.
20130403 01:19:47< Gambit> fabi: Right, so you install the phpBB LDAP plugin, and it stores passwords in LDAP in the hashed and salted format that phpBB expects.
20130403 01:19:57< Gambit> fabi: However, Redmine is not expecting that particular format.
20130403 01:20:00< Gambit> And still has to be modified.
20130403 01:20:21< Gambit> You can't get out of this without rewriting large portions of one of the platforms' password management schemes.
20130403 01:20:33< Gambit> One of them will have to be patched by us.
20130403 01:21:10< Gambit> The question is: is it Redmine or phpBB?
20130403 01:21:29< Gambit> And when presented with that question, the answer is "Ditch LDAP all together, and teach Redmine to talk to MySQL instead."
20130403 01:21:47< Gambit> Why introduce a third chef into the kitchen as it were?
20130403 01:22:39< fabi> Because there are ready to use plugins for all tools. We do not have to patch any of them. ldap can serve them all at once without code changes.
20130403 01:22:51< AI0867> with plain text passwords?
20130403 01:22:59< fabi> no
20130403 01:23:01< Gambit> Yeah it can if we give up all security.
20130403 01:23:14< Gambit> And that is not an option.
20130403 01:23:32< fabi> AI0867: Gambit claimed that it will only work with plain text passwords. I don't share that opinion.
20130403 01:24:45< Gambit> I just explained the entire process. It's not an opinion. phpBB expects passwords to be salted and hashed in a particular manner. The LDAP plugin you refer to doesn't change that.
20130403 01:24:52< Gambit> It just stores the salts and hashes in LDAP instead of MySQL
20130403 01:25:10< Gambit> Actually just the usernames and hashes. I bet the salts are still in MySQL
20130403 01:25:33< Gambit> Or it stores the passwords in plaintext. A massive nono.
20130403 01:26:41< Gambit> There's only two possible answers. It either encrypts the passwords or it doesn't.
20130403 01:27:18< Gambit> If it doesn't, we can't use it.
20130403 01:27:32< Gambit> If it does, you still have to teach Redmine to use the encrypted passwords.
20130403 01:28:16< Gambit> And so if you have to screw with Redmine regardless, it's optimal to just cut LDAP out of the equation.
20130403 01:29:55< Gambit> I dunno how familiar you are with password storage principles, but "evil" is a legitimately suitable adjective for anyone who opts for plaintext storage of their users' passwords.
20130403 01:29:55-!- anonymissimus [~chatzilla@HSI-KBW-078-042-163-136.hsi3.kabel-badenwuerttemberg.de] has quit [Quit: ChatZilla 0.9.90 [Firefox 11.0/20120312181643]]
20130403 01:30:14< Gambit> And please do not think that wesnoth.org will not be broken into some time again in the future.
20130403 01:30:17< Gambit> Sony thought that.
20130403 01:30:19< Gambit> Yahoo thought that.
20130403 01:30:21< Gambit> Myspace thought that.
20130403 01:30:26< Gambit> LinkedIn thought that.
20130403 01:30:38< Gambit> And they were all wrong.
20130403 01:30:40< fabi> Gambit: Please stop to claim that I ever proposed to store passwords in plain text. You came up with this thing.
20130403 01:31:12< Gambit> fabi: Right. Okay. BUT, who is handling the encryption?
20130403 01:31:17< Gambit> phpBB or redmine?
20130403 01:31:38< Gambit> or do plan to modify LDAP?
20130403 01:31:50< AI0867> Gambit: hashing, not encryption
20130403 01:32:09< Gambit> That, yes.
20130403 01:32:43< Gambit> fabi: Because whoever's scheme you go with, you still have to teach all the others to use.
20130403 01:33:54< Gambit> I believe phpbb's protection against cross-site request forgery is also reliant on the user's password salt.
20130403 01:34:11< Gambit> It uses the salt to generate the anti-CSRF tokens.
20130403 01:34:50< fabi> Gambit: We use mysql as database backend?
20130403 01:35:06< Gambit> Yes.
20130403 01:35:27-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has quit [Quit: Konversation terminated!]
20130403 01:36:29-!- Octalot [~noct@host86-148-68-117.range86-148.btcentralplus.com] has quit []
20130403 01:37:49< fabi> Gambit: I am right now setting up a phpbb with ldap and later redmine. That will solve all questions.
20130403 01:43:06< Gambit> fabi: Okay. Can I get a link to the LDAP phpbb plugin you are considering?
20130403 01:43:23< fabi> Gambit: Is there more than one?
20130403 01:43:40< fabi> Gambit: http://sourceforge.net/projects/ldapauthmod/?source=dlp
20130403 01:44:08< fabi> Gambit: Okay, phpbb is already working.
20130403 01:44:17< shadowm> phpBB has a built-in LDAP auth plugin.
20130403 01:45:39< shadowm> The thing you linked isn't for phpBB 3.0.x.
20130403 01:45:58< fabi> shadowm: Right, "/usr/share/phpbb3/www/includes/auth/auth_ldap.php" it is already installed.
20130403 01:46:12< shadowm> That's the built-in LDAP auth plugin.
20130403 01:46:37< Gambit> okay let me find the source for it then
20130403 01:46:58< Gambit> fabi's link was the one I just looked at and they do indeed only perform stripslashes() on the password before comparing it to the stored value
20130403 01:47:12< Gambit> hopefully the official one is better :P
20130403 01:48:18< shadowm> Gambit: https://github.com/shikadilord/weldyn/
20130403 01:48:28< shadowm> Add includes/auth/auth_ldap.php to that URL.
20130403 01:49:32< Gambit> the official plugin does phpBB's usual hashing on the password
20130403 01:49:40< Gambit> https://github.com/phpbb/phpbb3/blob/develop/phpBB/includes/auth/auth_ldap.php#L232
20130403 01:50:12< shadowm> Be careful about using phpbb/phhpbb3.
20130403 01:50:14< shadowm> You might be on the 3.1 dev branch.
20130403 01:50:46< shadowm> IIRC develop-olympus is the 3.0 dev branch.
20130403 01:50:50< Gambit> er, wait a second
20130403 01:51:13< shadowm> Really, why don't you use my repository instead of peering into the future?
20130403 01:51:27< shadowm> https://github.com/shikadilord/weldyn/blob/phpBB-3.0.11/includes/auth/auth_ldap.php
20130403 01:52:12-!- mattsc [~mattsc@BeaverNet-166.caltech.edu] has quit [Quit: bye]
20130403 01:52:27< Gambit> Okay so... the phpbb LDAP plugin gives the password to LDAP in plaintext.
20130403 01:52:56< Gambit> But after the user logs in, the plugin hashes the password for the sake of the rest of phpBB which is expecting it to be hashed.
20130403 01:53:12< Gambit> The passwords are still being stored and passed around in plaintext.
20130403 01:53:14< Gambit> Eww.
20130403 01:56:07< Gambit> No.
20130403 01:56:19< Gambit> I shouldn't be narrating my deciphering of this file in real time :P
20130403 01:56:28< fabi> :-)
20130403 01:56:28< Gambit> I'll be back when I've audited the whole thing.
20130403 01:56:57< fabi> Gambit: Thank you for doing this. You have surely more knowledge about this kind of stuff.
20130403 01:58:16< fabi> Gambit: It is just that I never had problems to put hashed passwords in ldap for any kind of client I used. Thus I just assumed that nowadays there is no one going to still store plain text passwords in ldap.
20130403 01:59:03< AI0867> sure, but everyone needs to agree in which way they do the hashing
20130403 01:59:08< Gambit> ^
20130403 01:59:27< AI0867> phpbb salts its hashes, and stores the salt separately from the hashed password
20130403 02:00:19< AI0867> if you pass just the hashed password to LDAP, nobody else can use it without getting the salt out of the database first
20130403 02:02:37< fabi> AI0867: you just store the same password hashed differently and use the one that fits the client.
20130403 02:02:57< AI0867> um
20130403 02:03:11< AI0867> do you mean LDAP gets to store 3 different hashes for each user?
20130403 02:03:32< AI0867> and has to know the specifics of the salting and hashing for each connected application?
20130403 02:03:32< fabi> depends on which hash types are supported by each client.
20130403 02:04:23-!- ancestral [~ancestral@mobile-198-228-235-003.mycingular.net] has joined #wesnoth-dev
20130403 02:04:35-!- ancestral [~ancestral@mobile-198-228-235-003.mycingular.net] has quit [Client Quit]
20130403 02:05:42< fabi> AI0867: Yes, is that a problem?
20130403 02:11:58-!- ancestral [~ancestral@75-168-48-55.mpls.qwest.net] has joined #wesnoth-dev
20130403 02:13:08< AI0867> well, as has been pointed out, if we have to do interoperability code for everything anyway, we might as well make it all interoperate with phpBB
20130403 02:13:20< shadowm> fabi: The radio buttons you committed are LordBob's?
20130403 02:13:29< shadowm> You haven't replied to the thread yet.
20130403 02:13:31< AI0867> I'm not familiar with any of the them though
20130403 02:13:39< fabi> shadowm: Yes, I will do so soon.
20130403 02:15:37< shadowm> fabi: Okay, one problem with the palette turbobuttons is that the palette is not refreshed while they are active.
20130403 02:15:59< fabi> shadowm: Oh, then I forgot to push my commits :-)
20130403 02:16:16< shadowm> If I hold the 'down' button down, it only takes about a second for the palette to refresh, already scrolled all the way to the last row.
20130403 02:16:23< shadowm> Okay.
20130403 02:16:55< fabi> Ah yes, I couldn't resolve that merge conflict. Still a git novice.
20130403 02:16:59< shadowm> In fact, it looks like the button is way too sensitive compared to real GUI1 scrollbars.
20130403 02:17:29< fabi> What does that mean?
20130403 02:17:55< shadowm> Never mind, real GUI1 scrollbars also have hyper-sensitive turbobuttons.
20130403 02:18:25< shadowm> They are basically useless compared to dragging the scroll marker around or using a mouse with a scrollwheel.
20130403 02:18:48< shadowm> GUI2 scrollbars are on the opposite side of the spectrum.
20130403 02:18:50< fabi> Please tell me. I can do some magic to them to make them more useful.
20130403 02:18:56< fabi> They scroll to fast, right?
20130403 02:19:03< shadowm> Yes.
20130403 02:19:30< shadowm> This is evident both with the editor palette, and the Add-ons Manager dialog.
20130403 02:20:20< shadowm> Incidentally, since Oxygen lets me do this, I have disabled scrollbar buttons here on Qt 4 and Gtk+ applications to save space.
20130403 02:20:40< shadowm> But yeah, not all of us have a mouse with scrollwheel apparently?
20130403 02:20:57-!- {V} [~V@139-79-ftth.on.nl] has quit [Read error: Connection reset by peer]
20130403 02:21:13< shadowm> I remember being told that a certain GUI2 person is one of those people stuck with a non-functional mouse from the past century.
20130403 02:21:33-!- {V} [~V@139-79-ftth.on.nl] has joined #wesnoth-dev
20130403 02:22:23< Gambit> Okay so I have discovered something amusing.
20130403 02:22:24< shadowm> Looking at the behavior on Windows, it seems like GUI1 scrollbar buttons should scroll about 50% slower, and GUI2 scrollbar buttons about 50% faster.
20130403 02:22:36< Gambit> phpbb salts are derived from the password itself
20130403 02:22:43< Gambit> they are then appended to the password
20130403 02:22:48< Gambit> The resulting string is hashed
20130403 02:22:54< Gambit> The salt is not stored anywhere
20130403 02:23:25< Gambit> The CSRF stuff I was remembering is a separate value entirely known as user_form_salt
20130403 02:25:52-!- shadowm_desktop [ignacio@wesnoth/developer/shadowmaster] has joined #wesnoth-dev
20130403 02:25:58< Gambit> Also if the usual salting and hashing fails, phpbb_hash() just returns md5($password) hahahaha
20130403 02:27:52< AI0867> derived from the password?
20130403 02:27:58< AI0867> then it's just a more complicated hash
20130403 02:28:08< AI0867> which would allow you to still build rainbow tables
20130403 02:28:08< Gambit> ikr?
20130403 02:29:20< Gambit> Yeah I'm actually pretty disappointed now that I've gone through this.
20130403 02:31:01-!- shadowm_desktop2 [ignacio@wesnoth/developer/shadowmaster] has joined #wesnoth-dev
20130403 02:31:33-!- shadowm_desktop [ignacio@wesnoth/developer/shadowmaster] has quit [Ping timeout: 248 seconds]
20130403 02:33:04< Gambit> AI0867: Their hope is that the salt pads the password length enough that rainbow tables are not economical I guess.
20130403 02:33:13< Gambit> But that's a terrible thing to rely on.
20130403 02:33:22< AI0867> um
20130403 02:33:30< AI0867> rainbow tables care about *input*
20130403 02:33:47< AI0867> so you do that on the password itself, not the intermediate
20130403 02:33:53< AI0867> this is not going to help at all
20130403 02:34:09< AI0867> except perhaps increase the computation time of the hash
20130403 02:34:35< Gambit> Oh. I was thinking of generic md5 rainbow tables.
20130403 02:35:05< AI0867> if this is universal, you can be sure someone has phpbb-specific rainbow tables lying around
20130403 02:35:20< AI0867> it's not like they'd be hard to generate, just somewhat time-consuming
20130403 02:38:54-!- shadowm_desktop2 [ignacio@wesnoth/developer/shadowmaster] has quit [Read error: Connection reset by peer]
20130403 02:39:09-!- shadowm_desktop [ignacio@wesnoth/developer/shadowmaster] has joined #wesnoth-dev
20130403 02:41:21< Gambit> Actually... I'm a little bit confused now.
20130403 02:41:42< Gambit> I think once again I should stop narrating in real time.
20130403 02:44:21-!- shadowm_desktop [ignacio@wesnoth/developer/shadowmaster] has quit [Ping timeout: 248 seconds]
20130403 02:44:28< shadowm> And Gambit gives us the play-by-play.
20130403 02:44:42< Gambit> When will I learn to stop doing that? :P
20130403 02:45:19-!- shadowm_desktop [ignacio@wesnoth/developer/shadowmaster] has joined #wesnoth-dev
20130403 02:47:12< Gambit> Okay I have it.
20130403 02:47:19< Gambit> The salt is random.
20130403 02:47:33< Gambit> The salt and the password are combined and md5()ed.
20130403 02:47:43< Gambit> Then the salt and hash are combined and stored.
20130403 02:47:58< Gambit> As one string.
20130403 02:48:09< Gambit> So it is immune to rainbow tables.
20130403 02:48:24< shadowm> The Grickit has the ball!
20130403 02:48:48< shadowm> He's now running audience-wards with it!
20130403 02:50:03< AI0867> okay, so it's a sane system
20130403 02:50:04< AI0867> yay
20130403 02:50:16< AI0867> it's even all stuck together, so you might store it in LDAP
20130403 02:50:25< AI0867> though not with the default plugin
20130403 02:53:15< Gambit> And now for the unfortunate news, auth_ldap.php does not use that system
20130403 02:54:11< Gambit> I followed the stack up from login_ldap($username,$password) and confirmed that $password reaches it as plaintext
20130403 02:54:31< Gambit> auth_db.php's login method uses phpbb_check_hash()
20130403 02:57:33< fabi> Gambit: Thus the password is stored hashed in ldap but the request is plain text?
20130403 02:57:50< Gambit> login_db($username,$password) gets a row from the database for $username and then calls phpbb_check_hash($password,$row['hashed_password'])
20130403 02:57:52< AI0867> other way around
20130403 02:58:04< AI0867> phpbb uses ldap to store a plaintext password
20130403 02:58:14< AI0867> and then hashes whatever it gets from ldap for internal use
20130403 02:58:31< Gambit> login_ldap($username,$password) gets a row from ldap matching $username and then checks that $password matches $row['password']
20130403 02:58:52< Gambit> (some of that was pseudocode)
20130403 02:59:05< Gambit> AI0867: yes
20130403 02:59:36< Gambit> the only place login_ldap() uses phpbb's hashing system is right before one of the possible return values
20130403 02:59:59< Gambit> which is then sent to a more generic part of phpbb's auth code
20130403 03:00:11< Gambit> user_add() to be specific
20130403 03:02:05< fabi> I think it is like this: The password is stored hashed in ldap. The ldap request sends a plain text password to the client. Then it gets encrypted again by the plugin, right?
20130403 03:02:13-!- Upthorn [~ogmar@108-85-91-228.lightspeed.frokca.sbcglobal.net] has quit [Ping timeout: 245 seconds]
20130403 03:02:56-!- naeg [~naeg@170-18-182-46.NbIServ.com] has quit [Read error: Operation timed out]
20130403 03:03:02< Gambit> Not unless some hashing is done by the ldap server.
20130403 03:03:05-!- exciton [chuck-the-@89.208.169.104] has quit [Ping timeout: 252 seconds]
20130403 03:03:10< Gambit> There is no phpbb code here that does that.
20130403 03:03:29< Gambit> And *if* the ldap server is doing something, it is reversable.
20130403 03:03:59< Gambit> login_ldap() gets a plaintext password in and compares it to the value it gets from the ldap server.
20130403 03:04:29-!- naeg [~naeg@170-18-182-46.NbIServ.com] has joined #wesnoth-dev
20130403 03:04:36< Gambit> login_ldap() is here: https://github.com/shikadilord/weldyn/blob/eb04f161147aac8729350f4e2baab1213a1b0fc7/includes/auth/auth_ldap.php#L101
20130403 03:04:51-!- exciton [chuck-the-@89.208.169.104] has joined #wesnoth-dev
20130403 03:04:58< Gambit> called from here: https://github.com/shikadilord/weldyn/blob/eb04f161147aac8729350f4e2baab1213a1b0fc7/includes/auth.php#L916
20130403 03:05:54< Gambit> and note that the equivilent login_db compares a hash of the password it receives here: https://github.com/shikadilord/weldyn/blob/eb04f161147aac8729350f4e2baab1213a1b0fc7/includes/auth/auth_db.php#L213
20130403 03:08:09< Gambit> s/phpbb code here/php code here/
20130403 03:10:41< Gambit> fabi: do you have an ldap client?
20130403 03:11:06< Gambit> The simplest test would have been to log in to your ldap server and see whether or not you can get out your forum password.
20130403 03:12:21< fabi> Gambit: phpldapadmin
20130403 03:13:35< Gambit> So you have your forum all set up and created yourself an account?
20130403 03:15:15< fabi> Gambit: Note that the forum can't create ldap accounts.
20130403 03:15:36-!- ToBeFree [~tobefree@unaffiliated/tobefree] has quit [Read error: Operation timed out]
20130403 03:23:42< Gambit> ...
20130403 03:23:51< Gambit> Then what are we even doing discussing this?
20130403 03:24:05< shadowm> Is this the part where I should say "I told you so"?
20130403 03:25:34< Gambit> Okay so that's why you brought up front ends.
20130403 03:25:48< AI0867> from what I gather, half of the module needs to be thrown out/rewritten anyway, so this is hardly a big obstacle ;)
20130403 03:26:01< Gambit> We would need a global Wesnoth Account™ registration page.
20130403 03:26:30< Gambit> And then after that
20130403 03:26:35< Gambit> People have to go to phpbb's registration page
20130403 03:26:58< Gambit> And be really confused as to why they have to fill all that out when they just registered
20130403 03:27:11< Gambit> But also they have to make sure to use the exact same username and password.
20130403 03:27:19< Gambit> And then when they go to Redmine they have to register for it
20130403 03:27:24< Gambit> And once again make sure to use the same credentials.
20130403 03:28:07< Gambit> Oh.
20130403 03:28:19< Gambit> Actually the pass to user_add inside of login_ldap() makes perfect sense now.
20130403 03:28:24< Gambit> Wow. What a mess.
20130403 03:28:40< Gambit> s/inside of/directly after/
20130403 03:28:57< Gambit> shadowm: If you're the kind of person that does that :P
20130403 03:29:19< Gambit> All we really need to know about LDAP is that it stores passwords in the clear. End of story.
20130403 03:29:48< shadowm> Yeah, no, we have enough with campaignd passphrases being stored in plain-text.
20130403 03:30:00< shadowm> Written wink.
20130403 03:31:03-!- ToBeFree [~tobefree@unaffiliated/tobefree] has joined #wesnoth-dev
20130403 03:39:49-!- Blueblaze [~Blueblaze@adsl-99-148-244-197.dsl.hstntx.sbcglobal.net] has joined #wesnoth-dev
20130403 03:41:52-!- davidwan [~chatzilla@60.8.123.21] has joined #wesnoth-dev
20130403 03:44:00< Gambit> So I have now spent 10 of the last 14 hours reading, writing, or thinking about php.
20130403 03:44:18< Gambit> And in a short 10 hours I will be back at work for another 8 hour stretch of reading, writing, or thinking about php.
20130403 03:44:23< Gambit> So I'm done with this conversation now.
20130403 03:44:37< Gambit> shadowm and fabi: You can go back to being at each other's throats over this
20130403 03:44:44< Gambit> But uh... now you have some facts.
20130403 03:45:24< Gambit> Also: php sucks. I hate it. :(
20130403 03:45:41< Gambit> I hear it clubs baby seals over the head.
20130403 03:46:26< shadowm> I... can go back to what now?
20130403 03:48:31< AI0867> whatever you were doing before you got Gambit to jump in and produce facts
20130403 03:48:51< shadowm> shurg
20130403 03:50:00< AI0867> 00:46 < shadowm> Gambit: Please provide your opinion now.
20130403 03:54:30-!- Guest62848 [~eli@dhip-029.rrw.residences.colby.edu] has quit [Ping timeout: 256 seconds]
20130403 04:01:10-!- ancestral [~ancestral@75-168-48-55.mpls.qwest.net] has quit [Quit: And that’s the end of THAT chapter.]
20130403 04:04:27-!- ancestral [~ancestral@67-6-53-117.mpls.qwest.net] has joined #wesnoth-dev
20130403 04:32:38-!- noy [~Noy@wesnoth/developer/noy] has quit [Quit: noy]
20130403 04:34:42-!- Ivanovic_ [~ivanovic@dtmd-4db2ad2a.pool.mediaWays.net] has joined #wesnoth-dev
20130403 04:36:49-!- Ivanovic [~ivanovic@wesnoth/developer/ivanovic] has quit [Ping timeout: 248 seconds]
20130403 04:38:09-!- Alarantalara [~Adium@CPEc0c1c09e8055-CM00252eac6d62.cpe.net.cable.rogers.com] has quit [Read error: Operation timed out]
20130403 04:38:36-!- Ivanovic_ is now known as Ivanovic
20130403 04:41:31-!- loonybot [~loonybot@wesnoth/bot/loonybot] has quit [Remote host closed the connection]
20130403 04:53:34-!- ancestral [~ancestral@67-6-53-117.mpls.qwest.net] has quit [Quit: i go nstuf kthxbai]
20130403 05:11:44-!- Gambit [~gambit@wesnoth/developer/grickit] has quit [Remote host closed the connection]
20130403 05:14:29-!- vultraz [~chatzilla@wesnoth/developer/vultraz] has joined #wesnoth-dev
20130403 05:27:20-!- vultraz [~chatzilla@wesnoth/developer/vultraz] has quit [Ping timeout: 246 seconds]
20130403 05:35:46-!- Upthorn [~ogmar@108-85-91-228.lightspeed.frokca.sbcglobal.net] has joined #wesnoth-dev
20130403 05:47:45-!- vultraz [~chatzilla@wesnoth/developer/vultraz] has joined #wesnoth-dev
20130403 06:05:55-!- ancestral [~ancestral@67-6-53-117.mpls.qwest.net] has joined #wesnoth-dev
20130403 06:24:18-!- irker342 [~irker@ai0867.net] has quit [Quit: transmission timeout]
20130403 06:25:04-!- vultraz [~chatzilla@wesnoth/developer/vultraz] has quit [Read error: Connection reset by peer]
20130403 06:25:53-!- vultraz [~chatzilla@wesnoth/developer/vultraz] has joined #wesnoth-dev
20130403 06:37:15-!- ancestral [~ancestral@67-6-53-117.mpls.qwest.net] has quit [Quit: i go nstuf kthxbai]
20130403 06:56:54-!- noy [~Noy@wesnoth/developer/noy] has joined #wesnoth-dev
20130403 07:18:34-!- Blueblaze [~Blueblaze@adsl-99-148-244-197.dsl.hstntx.sbcglobal.net] has quit [Quit: Blueblaze]
20130403 07:30:27-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has joined #wesnoth-dev
20130403 07:41:30-!- Ivanovic [~ivanovic@dtmd-4db2ad2a.pool.mediaWays.net] has quit [Changing host]
20130403 07:41:30-!- Ivanovic [~ivanovic@wesnoth/developer/ivanovic] has joined #wesnoth-dev
20130403 07:42:48-!- davidwan [~chatzilla@60.8.123.21] has quit [Ping timeout: 264 seconds]
20130403 08:00:44-!- _Coffee [~david@ppp118-210-51-209.lns20.adl2.internode.on.net] has joined #wesnoth-dev
20130403 08:03:25< timotei_> shadowm: Well, I use thunderbird. And I set it to HTML specifically.
20130403 08:04:49-!- stikonas [~gentoo@wesnoth/translator/stikonas] has joined #wesnoth-dev
20130403 08:04:53-!- shadowm_desktop [ignacio@wesnoth/developer/shadowmaster] has quit [Ping timeout: 248 seconds]
20130403 08:14:39-!- [Relic] [~relic@99-58-54-211.lightspeed.milwwi.sbcglobal.net] has quit [Quit: Leaving]
20130403 08:14:50< shadowm> timotei_: That's awful.
20130403 08:15:52-!- timotei_ is now known as timotei
20130403 08:15:59-!- timotei [~pi@79.119.97.34] has quit [Changing host]
20130403 08:15:59-!- timotei [~pi@wesnoth/developer/timotei] has joined #wesnoth-dev
20130403 08:16:03< timotei> shadowm: Why?
20130403 08:16:12< timotei> HTML is so much better than plain-text
20130403 08:16:15< shadowm> Because it's HTML and there is no plain text fallback.
20130403 08:17:23< shadowm> https://dl.dropbox.com/u/21371130/screenshots/crappy-html-email.png
20130403 08:17:27< timotei> So, does it make sense to make it send both in HTML and Text?
20130403 08:17:41< timotei> Ah
20130403 08:17:44< shadowm> The plain text fallback portion of the message is literally empty.
20130403 08:18:07< _Coffee> <html><body><div align="center" style="font:large">What's so hard to&nbsp read about HTML.&nbsp</div></body></html>
20130403 08:18:17< shadowm> Grr.
20130403 08:18:34 * shadowm spills _Coffee on the floor for the terrible joke.
20130403 08:19:00< timotei> shadowm: I've sent you an email with _both_ HTML & Test. Let me know if you can view it ok.
20130403 08:19:10< _Coffee> np, I'll be here all week tipping my hat ;)
20130403 08:19:11< timotei> The fact is, I always used HTML for my emails...
20130403 08:19:42< shadowm> timotei: Where did you send it?
20130403 08:22:44-!- davidwan [~chatzilla@61.48.184.202] has joined #wesnoth-dev
20130403 08:24:33< shadowm> Okay, the answer is: no, I cannot view it "ok" because I have no idea where you sent it and it's certainly not in my inbox.
20130403 08:24:37< shadowm> Bye.
20130403 08:26:14< timotei> shadowm: shadowm@wesnoth.org :P
20130403 08:35:55-!- davidwan [~chatzilla@61.48.184.202] has quit [Ping timeout: 240 seconds]
20130403 08:50:55-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has joined #wesnoth-dev
20130403 08:51:25-!- boucman_work [~rosen@wesnoth/developer/boucman] has joined #wesnoth-dev
20130403 08:54:57-!- davidwan [~chatzilla@61.48.184.202] has joined #wesnoth-dev
20130403 09:19:16< AI0867> timotei: there are plenty of mailinglists that automatically reject emails that contain HTML, even if they do have a plain-text fallback
20130403 09:45:32-!- thunderstruck [~thunderst@cpc5-sgyl29-2-0-cust174.sgyl.cable.virginmedia.com] has joined #wesnoth-dev
20130403 09:45:33-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has left #wesnoth-dev []
20130403 09:49:30-!- irker552 [~irker@ai0867.net] has joined #wesnoth-dev
20130403 09:49:30< irker552> Alexander van Gessel wesnoth:master * 1.11.2-94-ga53fe30 / images/buttons/checkbox-touched.png images/buttons/editor/brush-1-active.png images/buttons/editor/brush-1-pressed.png images/buttons/editor/brush-1.png images/buttons/editor/brush-2-active.png images/buttons/editor/brush-2-pressed.png images/buttons/editor/brush-2.png images/buttons/editor/brush-3-active.png images/buttons/editor/brush-3-pressed.png images/buttons/editor/brush-3.png i
20130403 09:49:31< irker552> Alexander van Gessel wesnoth:master * 1.11.2-96-g399ce6a / images/buttons/editor/units_button_editor-pressed.png images/buttons/editor/units_button_editor.png: Give two editor images an alpha channel
20130403 09:49:31< irker552> Alexander van Gessel wesnoth:master * 1.11.2-95-g83fee1d / utils/indexed2rgb.sh: Use grep's -q option rather than &>/dev/null
20130403 10:08:24-!- happygrue_ [~happygrue@c-76-119-97-171.hsd1.ma.comcast.net] has joined #wesnoth-dev
20130403 10:08:24-!- happygrue_ [~happygrue@c-76-119-97-171.hsd1.ma.comcast.net] has quit [Changing host]
20130403 10:08:24-!- happygrue_ [~happygrue@wesnoth/developer/wintermute] has joined #wesnoth-dev
20130403 10:09:14-!- mjs-de [~mjs-de@g224183085.adsl.alicedsl.de] has joined #wesnoth-dev
20130403 10:12:12-!- happygrue [~happygrue@wesnoth/developer/wintermute] has quit [Ping timeout: 256 seconds]
20130403 10:19:55< AI0867> shadowm: I can't get #20385 to crash for me, on 1.11.0 or HEAD
20130403 10:28:55-!- Dragos [~chatzilla@5-15-193-87.residential.rdsnet.ro] has quit [Ping timeout: 256 seconds]
20130403 10:39:29-!- siddharth [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 10:42:51-!- siddharth [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 10:43:02< shadowm> wesbot: bug 20385
20130403 10:43:03< wesbot> Bug #20385  Assigned to: Jody Northup <upthorn>  Status: None  Priority: 5 - Normal
20130403 10:43:06< wesbot> Summary: Using subnamespaces with [set_global_variable] causes invalid memory access
20130403 10:43:09< wesbot> Original submission: Using subnamespaces like "Namespace.Subnamespace" with th
20130403 10:43:12< wesbot> e [set_global_variable] WML action ( http://wiki.wesnoth.org/PersistenceWML ) ca
20130403 10:43:15< wesbot> URL: https://gna.org/bugs/?20385
20130403 10:43:18< wesbot> Attached file (1st): https://gna.org/bugs/download.php?file_id=16870
20130403 10:43:22-!- siddharth [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 10:43:34< shadowm> AI0867: If you use valgrind you'll still see a bunch of invalid memory accesses that may or may not bite you in the rear later.
20130403 10:43:45< AI0867> right
20130403 10:43:51< shadowm> I originally didn't have an instant crash either, only a delayed crash.
20130403 10:43:55< AI0867> =/
20130403 10:48:05< AI0867> valgrind spits out plenty of errors just by starting wesnoth...
20130403 10:48:50< shadowm> Yeah, ignore anything that has to do with strtod() calls.
20130403 10:53:31-!- siddharth [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 10:53:57-!- siddharth [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 10:54:23< siddharth> I'm new to wesmoth-dev, can someone guide me as to how to go about for solving the EasyCoding problems?
20130403 10:54:41-!- davidwan [~chatzilla@61.48.184.202] has quit [Read error: Connection reset by peer]
20130403 10:57:26-!- siddharth [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 10:57:56-!- siddharth [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 10:58:30-!- siddharth [~siddharth@115.248.130.148] has left #wesnoth-dev []
20130403 10:59:01< thunderstruck> siddharth, have you found an interesting problem in that page yet?
20130403 11:00:18-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 11:00:39< siddharth950> Hi, I'm new to wesmoth-dev, can someone guide me as to how to go about for solving the EasyCoding problems?
20130403 11:04:00< _Coffee> siddharth950: some of the problems are out of date
20130403 11:05:24< thunderstruck> Indeed. For up-to-date bugs and feature requests go to bugs.wesnoth.org
20130403 11:05:38< _Coffee> I'm also newish here as a dev, but it looks like each person has there area of expertise
20130403 11:05:54< _Coffee> *their
20130403 11:06:11< siddharth950> _Coffee: Where should I start then? I have no idea of what to do, but I know C++ and AI
20130403 11:06:50< _Coffee> siddharth950: you might want to ask mattsc, who is developing new AI or crab who is a long time devloper with AI
20130403 11:07:36< _Coffee> neither are here at the moment though
20130403 11:07:47< siddharth950> okay, at what time are they generally online?
20130403 11:08:41< _Coffee> siddharth950: you could go on the forums under coders corner and get an idea of some of the new AI stuff and LUA to see if it is along what you might be able to contribute to
20130403 11:09:22< siddharth950> _Coffee: thanks a lot, I'll try that
20130403 11:10:03-!- noy [~Noy@wesnoth/developer/noy] has quit [Quit: noy]
20130403 11:10:58-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 11:11:25-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 11:11:52< AI0867> now that I'm looking in the right places, I see really evil config magic being done
20130403 11:12:55-!- davidwan [~chatzilla@111.199.94.27] has joined #wesnoth-dev
20130403 11:15:09-!- siddharth950 [~siddharth@115.248.130.148] has quit [Client Quit]
20130403 11:24:27-!- Octalot [~noct@host86-148-68-117.range86-148.btcentralplus.com] has joined #wesnoth-dev
20130403 11:31:09-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has joined #wesnoth-dev
20130403 11:32:09-!- stikonas [~gentoo@wesnoth/translator/stikonas] has quit [Quit: Konversation terminated!]
20130403 11:48:40-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has quit []
20130403 11:55:49-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has quit [Ping timeout: 248 seconds]
20130403 11:56:57-!- EdB [~edb@89-93-184-215.hfc.dyn.abo.bbox.fr] has joined #wesnoth-dev
20130403 11:58:08-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has joined #wesnoth-dev
20130403 12:03:57-!- stikonas [~gentoo@wesnoth/translator/stikonas] has joined #wesnoth-dev
20130403 12:45:33-!- davidwan [~chatzilla@111.199.94.27] has quit [Ping timeout: 252 seconds]
20130403 12:53:44-!- irker552 [~irker@ai0867.net] has quit [Quit: transmission timeout]
20130403 13:05:03-!- loonybot [~loonybot@wesnoth/bot/loonybot] has joined #wesnoth-dev
20130403 13:15:00-!- Wesbane [~Wesbane@sub227-213.elpos.net] has joined #wesnoth-dev
20130403 13:18:19-!- Wesbane [~Wesbane@sub227-213.elpos.net] has quit [Client Quit]
20130403 13:19:04-!- exciton [chuck-the-@89.208.169.104] has quit [Read error: Connection reset by peer]
20130403 13:19:24-!- exciton [chuck-the-@89.208.169.104] has joined #wesnoth-dev
20130403 13:20:37-!- happygrue_ is now known as happygrue
20130403 13:22:57-!- Octalot [~noct@host86-148-68-117.range86-148.btcentralplus.com] has quit [Remote host closed the connection]
20130403 13:26:04-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has joined #wesnoth-dev
20130403 13:55:33-!- Guest62848 [~eli@dhip-029.rrw.residences.colby.edu] has joined #wesnoth-dev
20130403 14:10:24-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has quit [Quit: bumbadadabum]
20130403 14:14:04-!- Alarantalara [~Adium@CPEc0c1c09e8055-CM00252eac6d62.cpe.net.cable.rogers.com] has joined #wesnoth-dev
20130403 14:19:49-!- Ayne [~Ayne@wesnoth/developer/ayne] has joined #wesnoth-dev
20130403 14:32:08-!- Alarantalara [~Adium@CPEc0c1c09e8055-CM00252eac6d62.cpe.net.cable.rogers.com] has quit [Quit: Leaving.]
20130403 14:42:13-!- irker293 [~irker@ai0867.net] has joined #wesnoth-dev
20130403 14:42:13< irker293> Alexander van Gessel wesnoth:master * 1.11.2-97-ga3fd22e / src/persist_var.cpp: Fix some error messages in persist
20130403 14:42:14< irker293> Alexander van Gessel wesnoth:master * 1.11.2-98-g3939490 / src/persist_var.cpp: Correct another persist error message
20130403 14:52:05-!- Ayne [~Ayne@wesnoth/developer/ayne] has quit [Quit: Leaving]
20130403 14:52:06-!- thunderstruck [~thunderst@cpc5-sgyl29-2-0-cust174.sgyl.cable.virginmedia.com] has quit [Quit: Leaving]
20130403 14:53:48< irker293> Alexander van Gessel wesnoth:master test
20130403 14:54:20-!- thunderstruck [~thunderst@cpc5-sgyl29-2-0-cust174.sgyl.cable.virginmedia.com] has joined #wesnoth-dev
20130403 14:54:27< irker293> Alexander van Gessel wesnoth:master test
20130403 15:00:42-!- davidwan [~chatzilla@60.8.123.20] has joined #wesnoth-dev
20130403 15:06:42-!- vultraz [~chatzilla@wesnoth/developer/vultraz] has quit [Ping timeout: 276 seconds]
20130403 15:07:32< AI0867> Ivanovic: the poll has ended. I believe esr is now waiting for your signal to freeze the current repo and redo the conversion
20130403 15:10:09-!- EdB [~edb@89-93-184-215.hfc.dyn.abo.bbox.fr] has quit [Quit: Konversation terminated!]
20130403 15:14:15-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has joined #wesnoth-dev
20130403 15:15:58-!- Yukiria [~chatzilla@124.109.10.167] has joined #wesnoth-dev
20130403 15:18:25-!- Yukiria is now known as vultraz
20130403 15:18:35-!- artisticdude [~artisticd@108.sub-70-192-196.myvzw.com] has joined #wesnoth-dev
20130403 15:19:22-!- vultraz is now known as Yukiria
20130403 15:19:45-!- Yukiria [~chatzilla@124.109.10.167] has quit [Client Quit]
20130403 15:21:27-!- Yukiria [~chatzilla@124.109.10.167] has joined #wesnoth-dev
20130403 15:22:51-!- Yukiria is now known as vultraz
20130403 15:23:00-!- vultraz [~chatzilla@124.109.10.167] has quit [Changing host]
20130403 15:23:00-!- vultraz [~chatzilla@wesnoth/developer/vultraz] has joined #wesnoth-dev
20130403 15:24:06< vultraz> I think I found a bug. Seems if wesnoth (1.11.2) can't close a quoted string, it will indefinitely use memory until it runs out and aborts itself
20130403 15:26:14< elias> sounds more like the bug is in the WML (missing quote)
20130403 15:27:06< vultraz> yeah, I was missing a quote. But I don't think a missing quote is supposed to cause wesnoth to freeze and cause my whole system to freeze as well from lack of memory
20130403 15:27:15-!- LordNasty [~NaSTy@93-43-168-243.ip92.fastwebnet.it] has quit [Ping timeout: 252 seconds]
20130403 15:29:31< AI0867> true
20130403 15:29:31-!- prkc [~negusnyul@4E5CCA6E.dsl.pool.telekom.hu] has joined #wesnoth-dev
20130403 15:29:38< AI0867> can you throw up a testcase somewhere?
20130403 15:29:40< elias> well, i'd certainly agree, i needed some advanced workarounds around that behavior to parse addons on units.wesnoth.org :)
20130403 15:30:12< AI0867> WML is allowed to abort wesnoth, but not to crash or hang it
20130403 15:32:01< elias> i don't think it uses infinite memory since i could never see the behavior at home with 16GB RAM
20130403 15:32:25< AI0867> I can lower the ulimit for testing
20130403 15:33:48< vultraz> It happens for me whenever I try to load a scenario with an odd number of quotes (eg, one missing)
20130403 15:38:55-!- mjs-de [~mjs-de@g224183085.adsl.alicedsl.de] has quit [Ping timeout: 258 seconds]
20130403 15:41:34< bumbadadabum> that doesn't happen to me IIRC
20130403 15:43:20-!- mjs-de [~mjs-de@g224183085.adsl.alicedsl.de] has joined #wesnoth-dev
20130403 15:43:51< zookeeper> vultraz, you sure the missing quote isn't somehow causing infinite macro recursion or something?
20130403 15:44:00< zookeeper> just a thought
20130403 15:44:01< bumbadadabum> ^
20130403 15:44:15< bumbadadabum> This was the only thing that ever crashed wesnoth in this way
20130403 15:44:23< bumbadadabum> for me, at least
20130403 15:44:51-!- LordNasty [~NaSTy@93-43-168-243.ip92.fastwebnet.it] has joined #wesnoth-dev
20130403 15:45:20< vultraz> well, in the current case, the missing string was at the end of a macro argument. On the previous occasion, though, I think it was just at the end of a message= string
20130403 15:45:59< vultraz> (though in the previous case, I force restarted my computer before wesnoth had a chance to kill itself, since everything was frozen)
20130403 15:46:03-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has joined #wesnoth-dev
20130403 15:47:10< lipkab> fabi: http://forums.wesnoth.org/viewtopic.php?f=19&t=37290 is obsolete now, isn't it?
20130403 15:47:22< lipkab> (Just saying because it's a sticky)
20130403 15:47:45< fabi> lipkab: No, it still holds.
20130403 15:48:30< fabi> lipkab: I will need a few more tests and debuging but the unit feature will be commited soon.
20130403 15:49:07< lipkab> Okay.
20130403 15:49:54< artisticdude> fabi: For future reference, what is the proper image name for the mouseover state of a GUI button?
20130403 15:49:58< artisticdude> <buttonname>-touched?
20130403 15:51:04< fabi> artisticdude: I told it so. But I do not claim that the name is best choice.
20130403 15:52:03< artisticdude> It makes perfect sense to me.
20130403 15:52:15< artisticdude> I just wanted to make sure that was the standard.
20130403 15:52:54< artisticdude> I've been using 'enabled', but that didn't seem like a very accurate description of the state in question.
20130403 15:53:17< fabi> artisticdude: wait
20130403 15:53:23< zookeeper> "hover" seems like a pretty standard way of describing mouseover state
20130403 15:56:13< fabi> artisticdude: The mouseover states are called <button name>-active .png and <button name>-active-pressed.png.
20130403 15:56:58< fabi> artisticdude: The <button name>-touched.png is representing the state between the clicks. You have pressed the button but not released it yet.
20130403 15:57:45< artisticdude> Ah, okay.
20130403 15:57:48< fabi> artisticdude: Just watch a QT and GTK+ application. You will notice the check marker being "transparent"  at that time.
20130403 15:59:24-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has quit [Ping timeout: 252 seconds]
20130403 16:01:40-!- stikonas_ [~gentoo@5.20.200.50] has joined #wesnoth-dev
20130403 16:01:40-!- stikonas_ [~gentoo@5.20.200.50] has quit [Changing host]
20130403 16:01:40-!- stikonas_ [~gentoo@wesnoth/translator/stikonas] has joined #wesnoth-dev
20130403 16:01:41-!- stikonas [~gentoo@wesnoth/translator/stikonas] has quit [Ping timeout: 245 seconds]
20130403 16:05:39< fabi> artisticdude: And zookeeper's "hover" better suits my taste than "active".
20130403 16:08:26< artisticdude> So in the case of a radio button, the image names should ideally be "radiobutton.png" (standard state), "radiobutton-hover.png" (mouseover state), "radiobutton-touched.png" (pressed state), and "radiobutton-disabled.png" (greyed-out, disabled state)?
20130403 16:10:45< fabi> artisticdude: Not quite. radiobutton.png (the state is called "NORMAL" in the code base)
20130403 16:11:24< zookeeper> why touched and not pressed?
20130403 16:11:26< fabi> "radiobutton-hover.png" or the current "radiobutton-active.png" for mouse hovering over the disabled item.
20130403 16:12:06< fabi> "radiobutton-hover-pressed.png" for hovering over an already pressed box.
20130403 16:12:27< fabi> "radiobutton-touched.png" for an pressed but not released button.
20130403 16:13:08< fabi> "radiobutton-pressed.png" for a pressed button that is not being hovered over.
20130403 16:14:23< fabi> "radiobutton-disabled-pressed.png" for currently not working and greyed out but pressed boxes.
20130403 16:14:53< fabi> "radiobutton-disabled.png" for currently not working but pressed boxes.
20130403 16:15:57< fabi> zookeeper: pressed is a button that already triggered its function. The touched one is not triggered yet. One could move the mouse out of the boxes region (un-hover it) and then the action is not fired.
20130403 16:16:07< zookeeper> okay
20130403 16:17:08< fabi> zookeeper: The names are a little bit misleading. I would call the active state hover and the pressed state active.
20130403 16:19:26-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has left #wesnoth-dev []
20130403 16:23:26-!- mattsc [~mattsc@BeaverNet-166.caltech.edu] has joined #wesnoth-dev
20130403 16:33:44-!- Octalot [~noct@host86-148-68-117.range86-148.btcentralplus.com] has joined #wesnoth-dev
20130403 16:34:12-!- mgla [~shishir@unaffiliated/noobjoe] has joined #wesnoth-dev
20130403 16:40:01-!- Samual [diotecktec@xonotic/core-team/Samual] has quit [Ping timeout: 245 seconds]
20130403 16:43:35-!- EdB [~edb@89-93-184-215.hfc.dyn.abo.bbox.fr] has joined #wesnoth-dev
20130403 16:47:39-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has joined #wesnoth-dev
20130403 16:52:11-!- noy [~Noy@wesnoth/developer/noy] has joined #wesnoth-dev
20130403 16:55:29-!- noy [~Noy@wesnoth/developer/noy] has quit [Client Quit]
20130403 17:10:38< fabi> shadowm, gambit: I got it running. phpbb with ldap authentication. I created a user called "test" with password "123456".
20130403 17:10:53-!- [Relic] [~relic@99-58-54-211.lightspeed.milwwi.sbcglobal.net] has joined #wesnoth-dev
20130403 17:11:19< fabi> The ldap database entry for the password is: "userPassword:: e1NTSEF9Mjd2NmtmYXBBS1VNWUlJbTFaRUluT1BicGtSNGVXazM="
20130403 17:13:10< fabi> AI0867: ^
20130403 17:13:16< AI0867> which is base64 for {SSHA}27v6kfapAKUMYIIm1ZEInOPbpkR4eWk3
20130403 17:13:34< AI0867> which ldap are you using?
20130403 17:14:05< AI0867> {SHA} and {SSHA} are RFC 2307 passwords schemes which use the SHA1 secure hash algorithm. The {SSHA} is the seeded varient. {SSHA} is recommended over other RFC 2307 schemes.
20130403 17:14:25< fabi> fabi@sepia:~/sowas$ slapd -V
20130403 17:14:26< fabi> @(#) $OpenLDAP: slapd  (Aug 20 2012 16:26:12) $
20130403 17:14:28< fabi>         buildd@batsu:/build/buildd/openldap-2.4.31/debian/build/servers/slapd
20130403 17:14:28< AI0867> RFC 2307 (Experimental) suggests user passwords be hashed using a one-way (hopefully) cryptographically safe algorithm. They are often referred to as being "encrypted", but this is a misnomer (as they are not designed to be decrypted).
20130403 17:14:32< AI0867> OpenLDAP supports RFC 2307 hashed passwords, including the {CRYPT}, {SSHA}, {SHA}, {SMD5}, {MD5}, and other schemes. Such passwords may be used as userPassword values and/or rootpw value.
20130403 17:14:36< AI0867> Note: use of RFC 2307 Experimental passwords violates the Standard Track specification, RFC 2256, for user passwords and may lead to interoperability problems. 
20130403 17:15:12< fabi> AI0867: Okay, but is that secure enough for us?
20130403 17:15:19< AI0867> seeded sha1 sounds good
20130403 17:15:33< AI0867> better than the homebrew seeded md5 that phpbb uses
20130403 17:15:40< AI0867> at least if it's implemented properly
20130403 17:16:00< AI0867> s/seeded/salted
20130403 17:16:43< AI0867> of course, we can't actually use this ldap with the vanilla phpbb ldap auth mod
20130403 17:16:58< AI0867> as that assumes plaintext
20130403 17:17:33< fabi> I used the vanilla phpbb ldap auth mod.
20130403 17:17:44< AI0867> and you can log in?
20130403 17:17:47< fabi> sure
20130403 17:18:04< fabi> works like a charm
20130403 17:18:06< AI0867> that probably means the password is sent to ldap in the clear
20130403 17:18:17< AI0867> bu as that's a local socket, that's not too bd
20130403 17:18:22< AI0867> I can't type today
20130403 17:18:36< fabi> Yes, I assume that. But we could use the ssl connection.
20130403 17:20:44< irker293> anonymissimus wesnoth:master * 1.11.2-99-g873f3a7 / src/gamestatus.cpp: fix negative gold carried over (bug #20676, patch by Ayne)
20130403 17:21:06< AI0867> relevant info: http://www.openldap.org/faq/data/cache/347.html
20130403 17:22:33< fabi> AI0867: I currently use a script that adds samba users into ldap. It does the password thing for me.
20130403 17:23:05< fabi> I just need to run sudo smbldap-useradd -a -P fabimu
20130403 17:23:14< fabi> and the user is ready to log in phpbb
20130403 17:23:29< fabi> with salted password
20130403 17:27:33< fabi> AI0867: Now I am configuring redmine with ldap
20130403 17:27:38< AI0867> I can reproduce the ssha algorithm
20130403 17:29:53< AI0867> do you have a plan for migrating the accounts?
20130403 17:30:20< fabi> AI0867: Not yet. I guess I will need to write a sql script.
20130403 17:30:26< AI0867> it cannot be done that way
20130403 17:30:35< AI0867> the phpbb hashing system is completely non-standard
20130403 17:30:39< AI0867> it's salted, and it's md5
20130403 17:30:46< AI0867> but that's about all the standard components it has
20130403 17:31:04< AI0867> it also loops somewhere between 2^7 and 2^many times
20130403 17:31:16-!- davidwan [~chatzilla@60.8.123.20] has quit [Ping timeout: 245 seconds]
20130403 17:31:17< AI0867> if I read it correctly
20130403 17:31:36< fabi> AI0867: Right. Can you think of a plan?
20130403 17:31:54< AI0867> so the phpbb login system will need to remain, and prompt users to change/re-enter their password
20130403 17:32:06< AI0867> at which point we move their credentials to ldap
20130403 17:32:56< AI0867> but that means they have to exist side-by-side
20130403 17:33:02< AI0867> does the ldap module support that?
20130403 17:33:53< fabi> AI0867: The ldap module asks the ldap for the user. If it is missing the local database is used for authentication.
20130403 17:36:50< AI0867> that sounds like it should work
20130403 17:37:07< AI0867> is your test system reachable from the internet?
20130403 17:37:08 * fabi celebrates
20130403 17:37:37< fabi> AI0867: No, it isn't. I have a root server but did the install on my Desktop which is behind NAT.
20130403 17:37:39< AI0867> now we just need a way for users to create their ldap account
20130403 17:37:57< AI0867> well, you can ask soliton for a VM on baldras
20130403 17:38:01< AI0867> and move it over there
20130403 17:38:34< AI0867> 17:37 < AI0867> now we just need a way for users to create their ldap account <-- preferable *using* the phpbb stuff shadowm described
20130403 17:38:41< AI0867> s/preferable/preferably
20130403 17:38:48< fabi> That sounds good. I will do so if Soliton agrees.
20130403 17:38:52< elias> if it uses md5, shouldn't it be possible to reconstruct most of the passwords? then could auto-create the new hashes :P
20130403 17:40:00< elias> i mean, the supposed weakness of md5 compared to other hashes is that when breached attackers can get the passwords...
20130403 17:40:55-!- noy [~Noy@wesnoth/developer/noy] has joined #wesnoth-dev
20130403 17:44:22< fabi> AI0867: Note that redmine seems to support user creation in ldap. That means we might use its frontend for user registration.
20130403 17:44:48< AI0867> you'd still need to link it to existing phpbb accounts though
20130403 17:45:18< AI0867> and you don't want to allow people to take over phpbb accounts by creating a redmine account with the same name
20130403 17:52:18< fabi> AI0867: Okay, redmine with ldap works. It was a cakewalk.
20130403 18:04:25-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:11:07-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:11:34-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:15:09-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:15:33-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:19:11-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:19:38-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:23:13-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:23:38-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:26:00-!- boucman_work [~rosen@wesnoth/developer/boucman] has quit [Ping timeout: 264 seconds]
20130403 18:27:15-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:27:41-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:28:21< fabi> artisticdude: I have already commited lord bob's version of the radiobox. But I do not dare to claim the final word on the issue, the images can be replaced if needed. I will let the final decision to some art guru. 
20130403 18:29:06< artisticdude> fabi: No contest there; LordBob's was unquestionably the best of the field.
20130403 18:31:17-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:31:44-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:32:09-!- ettin [~jorda@li145-112.members.linode.com] has quit [Read error: Operation timed out]
20130403 18:35:19-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:35:42-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:36:05-!- ettin [~jorda@li145-112.members.linode.com] has joined #wesnoth-dev
20130403 18:38:33-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has quit [Quit: bumbadadabum]
20130403 18:39:21-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:39:49-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:43:23-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:43:32-!- Wesbane [~Wesbane@sub227-213.elpos.net] has joined #wesnoth-dev
20130403 18:43:50-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:44:54-!- [Relic] [~relic@99-58-54-211.lightspeed.milwwi.sbcglobal.net] has quit [Quit: Leaving]
20130403 18:47:25-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:48:01-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:49:12-!- DCW [~Thunderbi@cpc1-finc14-2-0-cust12.4-2.cable.virginmedia.com] has joined #wesnoth-dev
20130403 18:54:47-!- siddharth950 [~siddharth@115.248.130.148] has quit [Ping timeout: 246 seconds]
20130403 18:55:53-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 18:56:39-!- Wesbane [~Wesbane@sub227-213.elpos.net] has quit [Quit: Wychodzi]
20130403 18:59:23-!- boucman [~rosen@wesnoth/developer/boucman] has joined #wesnoth-dev
20130403 18:59:31-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 18:59:59-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 19:03:33-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 19:04:04-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 19:07:35-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 19:07:48-!- bumbadadabum [~bumbadada@d155109.upc-d.chello.nl] has joined #wesnoth-dev
20130403 19:08:04-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 19:11:37-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 19:12:03-!- siddharth950 [~siddharth@115.248.130.148] has joined #wesnoth-dev
20130403 19:13:31-!- siddharth950 [~siddharth@115.248.130.148] has quit [Remote host closed the connection]
20130403 19:33:54-!- mgla [~shishir@unaffiliated/noobjoe] has quit [Quit: WeeChat 0.3.8]
20130403 20:03:38-!- stikonas_ is now known as stikonas
20130403 20:25:37-!- DCW [~Thunderbi@cpc1-finc14-2-0-cust12.4-2.cable.virginmedia.com] has quit [Quit: DCW]
20130403 20:34:23-!- EdB [~edb@89-93-184-215.hfc.dyn.abo.bbox.fr] has quit [Quit: Konversation terminated!]
20130403 20:42:06< irker293> fendrin wesnoth:master * 1.11.2-100-ga3cd1fa / data/core/editor/brushes.cfg: Removed obsolete image attribute in the editor's brushes.cfg file.
20130403 20:42:07< irker293> fendrin wesnoth:master * 1.11.2-101-g9607000 / src/hotkeys.cpp: Fixed the last hotkey item "null" not being indexed. Added some missing hotkey commands.
20130403 20:42:08< irker293> fendrin wesnoth:master * 1.11.2-102-g224071b / src/editor/editor_controller.hpp: Fixed a typo in a comment.
20130403 20:42:09< irker293> fendrin wesnoth:master * 1.11.2-103-g02ddebb / src/editor/palette/common_palette.hpp: Added methods for getting the state of the palette. (If it is able to scroll up or down)
20130403 20:42:10< irker293> fendrin wesnoth:master * 1.11.2-105-g2f8cbfc / src/editor/editor_controller.cpp src/editor/palette/editor_palettes.cpp src/editor/palette/editor_palettes.hpp src/editor/palette/empty_palette.hpp src/editor/palette/palette_manager.cpp src/editor/palette/palette_manager.hpp src/editor/palette/terrain_palettes.cpp: Fixed the palette not redrawing through scrolling with turbo buttons.
20130403 20:42:13< irker293> fendrin wesnoth:master * 1.11.2-104-g5d7b4ad8 / src/hotkeys.hpp: Added some missing hotkey definitions.
20130403 20:58:26-!- Guest62848 is now known as Elvish_Pillager
20130403 21:08:03-!- artisticdude [~artisticd@108.sub-70-192-196.myvzw.com] has quit [Quit: Computer has gone to sleep.]
20130403 21:40:53< irker293> fendrin wesnoth:master * 1.11.2-106-g319cabb / images/buttons/radiobox-touched.png: New Radiobox touched image from Lord Bob.
20130403 21:46:43< irker293> Alexander van Gessel wesnoth:master * 1.11.2-107-g04127e5 / images/buttons/radiobox-touched.png: Optipng run
20130403 22:14:37< fabi> AI0867: tx
20130403 22:14:57< fabi> AI0867: Did you read my success message with ldap and redmine?
20130403 22:16:17-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has joined #wesnoth-dev
20130403 22:16:37< AI0867> I did
20130403 22:16:43< AI0867> when can I see it in action?
20130403 22:18:20< fabi> AI0867: Shortly after Soliton created the vm on Baldras.
20130403 22:20:24-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has quit [Read error: Connection reset by peer]
20130403 22:20:34-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has joined #wesnoth-dev
20130403 22:20:38< fabi> AI0867: Is Soliton our only root on Baldras?
20130403 22:23:48< vultraz> what is this Baldras you keep talking about
20130403 22:24:01< bumbadadabum> vultraz: idiot...
20130403 22:24:16< bumbadadabum> He's clearly the guy from Liberty
20130403 22:24:18< fabi> vultraz: I think our new server which hosts wesnoth.org is named so.
20130403 22:25:30< vultraz> ah
20130403 22:30:31-!- thunderstruck [~thunderst@cpc5-sgyl29-2-0-cust174.sgyl.cable.virginmedia.com] has quit [Quit: Leaving]
20130403 22:46:17-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has quit [Quit: Konversation terminated!]
20130403 22:46:32-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has joined #wesnoth-dev
20130403 22:48:40-!- lipkabb [~lipk@host-91-147-212-174.biatv.hu] has joined #wesnoth-dev
20130403 22:48:41-!- lipkab [~lipk@host-91-147-212-174.biatv.hu] has quit [Read error: Connection reset by peer]
20130403 22:53:56< AI0867> wesnoth.org == asheviere.wesnoth.org
20130403 22:54:08< AI0867> the new server (which doesn't do much yet) is baldras.wesnoth.org
20130403 22:55:19< bumbadadabum> AI0867: It displays that it works
20130403 22:56:25< bumbadadabum> The ping from baldras is much better
20130403 22:56:33< bumbadadabum> (probably because there is much less traffic)
20130403 23:00:55< Ivanovic> AI0867: jepp, i just came back from work so could now handle the github decission
20130403 23:00:55-!- prkc [~negusnyul@4E5CCA6E.dsl.pool.telekom.hu] has quit [Quit: Konversation terminated!]
20130403 23:01:02< Ivanovic> already sent the mail to the ML about it
20130403 23:01:14< Ivanovic> esr: can you now freeze the repo and fix the open issues?
20130403 23:03:16< esr> Ivanovic: I can't actually prevent anyone from committing during the window.  But it will be trivial to re-apply any missing commits.
20130403 23:03:47< Ivanovic> it would just be a soft freeze by sending a mail to the ml and setting the topic
20130403 23:04:03< AI0867> I could lock it by having the update hook return false, but the sourceforge shell has been broken for days
20130403 23:04:41< Ivanovic> AI0867: i think the softlock should be fine for our usecase
20130403 23:05:15< AI0867> basically, it worked when I was setting up the hook we have now
20130403 23:05:35-!- wesbot changed the topic of #wesnoth-dev to: Developers, please vote: http://r.wesnoth.org/t38590 | 171 bugs, 332 feature requests, 20 patches | Logs: http://irclogs.wesnoth.org | Don't paste on IRC! Use a pastebin: http://pastebin.com | http://imagebin.org
20130403 23:05:36< AI0867> when I wanted to test irkerhook compatibility fixes the next day, it didn't work any more
20130403 23:05:49< esr> Ivanovic: You understand that I am *not happy* about the way this went down, right?  Im going to do what's required to fix the immediate problem, byut the chances that Wesnoth will get more work out of me in the future have decreased significantly.
20130403 23:06:08< Ivanovic> esr: i am also not happy about how it went down with the really late step towards github
20130403 23:06:28< Ivanovic> esr: but i am really happy about the great work you have done for the move
20130403 23:06:38< esr> Ivanovic: So why did you let it happen?  You could have said no.
20130403 23:06:43< Ivanovic> identifying the wiki pages that needed the update alone was really cool!
20130403 23:07:10< Ivanovic> esr: i let it happen because I am not active enough to be a stoping despot
20130403 23:07:41< Ivanovic> my availability is extremely limited lately so that I just don't have the part with "i put this much time into it, so I can stop it" power
20130403 23:08:57< Ivanovic> esr: and i am well aware that without you the move to git would have been basically impossible
20130403 23:09:05< Ivanovic> at least having it done in any reasonable time
20130403 23:09:27< esr> Ivanovic: But you are the release manager.  You have the authority to say "*This* is the repo I will make tarballs from.".  I'm not personally angry with you, but I think you have failed to shoe leadeship and the project is going to suffer from it.
20130403 23:09:58< Ivanovic> esr: it would have suffered about as bad if i had taken on that shoe
20130403 23:10:28< Ivanovic> since if you have many folks which are strickly against the host used you also get not too many commits
20130403 23:10:40< esr> Your choice. I just don't think it was a good one.
20130403 23:10:54< Ivanovic> and since i know that i don't have the time for the arguing right now I can simply not do it
20130403 23:11:05< Ivanovic> there was no good choice possible sadly
20130403 23:11:20< Ivanovic> the best thing would have been if the "lets ask again with github" about one month earlier
20130403 23:11:33-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has quit [Ping timeout: 248 seconds]
20130403 23:14:32-!- lipkabb [~lipk@host-91-147-212-174.biatv.hu] has quit [Quit: Konversation terminated!]
20130403 23:15:29< esr> We don't need to close commits yet.  I can work on the lift script while the SF repo is live.  Just make clear to everybody that they should *not* initialize a github repo - I'll do that when I have the lift script ready.
20130403 23:16:32-!- Blueblaze [~Blueblaze@adsl-99-148-244-197.dsl.hstntx.sbcglobal.net] has joined #wesnoth-dev
20130403 23:16:42< Ivanovic> shadowm: ^
20130403 23:18:08< shadowm> "Initialize"?
20130403 23:18:18< shadowm> Do you mean push?
20130403 23:19:38< Ivanovic> probably
20130403 23:20:16< Ivanovic> shadowm: since you need my account to get me in as owner, use this one: https://github.com/ivanovic-wesnoth/
20130403 23:20:40< shadowm> Ivanovic: So if I am reading things right (I just came back home), you greenlighted the move to GitHub?
20130403 23:20:47< Ivanovic> shadowm: yes
20130403 23:21:02< Ivanovic> shadowm: that is esr will first fix the issues found with the repo
20130403 23:21:08< Ivanovic> wrong references and stuff like this
20130403 23:22:39< shadowm> Okay, you are added as owner now.
20130403 23:22:44< shadowm> https://github.com/wesnoth?tab=members
20130403 23:23:16< shadowm> Feel free to remove me later from the owners list, but only after we have the main repository and hooks set up.
20130403 23:25:17-!- shadowm_desktop [ignacio@wesnoth/developer/shadowmaster] has joined #wesnoth-dev
20130403 23:26:55< shadowm> Deleted topic “For Sale 2X Pioneer CDJ-900 + DJM-900 Nexus Package” written by
20130403 23:26:58< shadowm> » musicwarehouse
20130403 23:27:09< shadowm> ^ vultraz: Explain why you took this action before the account in question was banned.
20130403 23:29:46-!- Gambit [~gambit@wesnoth/developer/grickit] has joined #wesnoth-dev
20130403 23:29:59< shadowm> Gambit: Check the logs.
20130403 23:30:07< shadowm> More LDAP stuff I do not understand.
20130403 23:30:43-!- _8680_ [~8680@2002:44e1:f952:0:76de:2bff:fed4:2766] has quit [Quit: leaving]
20130403 23:31:02< Gambit> I refuse to believe you do not understand.
20130403 23:31:08-!- _8680_ [~8680@2002:44e1:f952:0:76de:2bff:fed4:2766] has joined #wesnoth-dev
20130403 23:33:26< Gambit> k
20130403 23:34:01< Gambit> I no long refuse to believe you understand.
20130403 23:43:30< Ivanovic> Gambit: please read the logs, esr will work on the repo soon and afterwards it can be moved to github
20130403 23:43:49< shadowm> Ivanovic: Something we didn't do with regards to the SF.net move and that I'd like to do this time is to announce this in the forums.
20130403 23:44:03< shadowm> Any suggestions regarding what should go in the announcement?
20130403 23:44:06< Ivanovic> feel free to do so
20130403 23:44:08< Ivanovic> no idea
20130403 23:44:16< shadowm> Cool. Gambit?
20130403 23:44:20< Ivanovic> especially no idea since i am about to head off to bed
20130403 23:49:04< AI0867> anyone want to weigh in on this? http://forums.wesnoth.org/viewtopic.php?f=6&t=38517
20130403 23:49:54< bumbadadabum> AI0867:  This should happen
20130403 23:51:11-!- _Coffee [~david@ppp118-210-51-209.lns20.adl2.internode.on.net] has quit [Ping timeout: 255 seconds]
20130403 23:52:13< AI0867> there are essentially three changes:
20130403 23:52:23< bumbadadabum> to keep the mouseover
20130403 23:52:28< AI0867> 1) no enemy-effects from the statues (like revealing hidden units)
20130403 23:52:33< AI0867> 2) blue orbs
20130403 23:52:38< AI0867> 3) statues are always visible
20130403 23:52:49< AI0867> that is, fog doesn't hide them
20130403 23:52:49< bumbadadabum> that's the problem
20130403 23:53:17< AI0867> I'd ask zookeeper, but he isn't here
20130403 23:53:23< bumbadadabum> Is there a way to implement 1 without 2 and 3?
20130403 23:53:41< AI0867> I doubt it
20130403 23:53:53< AI0867> and 2 is hardcoded for allies
20130403 23:57:56< AI0867> and I just realized statues can probably provide backstab bonuses
20130403 23:58:01< AI0867> as they are now
20130403 23:58:11< AI0867> testing...
--- Log closed Thu Apr 04 00:00:33 2013