--- Log opened Thu Jun 27 00:00:55 2019 20190627 00:06:33-!- Netsplit *.net <-> *.split quits: smiley`, vihta 20190627 00:06:47-!- smiley- [mlsmiley@gateway/shell/xshellz/x-aujpcvkkhsxnkrgv] has joined #wesnoth-dev 20190627 00:07:20-!- vihta [sid239753@gateway/web/irccloud.com/x-vlqlxysugrqpizxn] has joined #wesnoth-dev 20190627 00:28:39-!- stikonas [~gentoo@wesnoth/translator/stikonas] has quit [Remote host closed the connection] 20190627 00:30:42-!- celmin|away is now known as celticminstrel 20190627 02:14:20-!- celticminstrel [~celmin@unaffiliated/celticminstrel] has quit [Ping timeout: 252 seconds] 20190627 03:17:07-!- cryptoquestion [d4810050@cryptofree.cstorm.is] has joined #wesnoth-dev 20190627 03:18:10< cryptoquestion> hello i have a technical question about how multiplayer works. i first tried #wesnoth-mp but its dead there and when i went to #wesnoth i was told to come here. i hope im in the right place 20190627 03:28:33< cryptoquestion> um, well, i guess i'll just ask and hope someone here can answer, maybe a dev familiar with the multiplayer code 20190627 03:37:26< cryptoquestion> actually a few questions. first, if i host a networked game using wesnothd and want some international 20190627 03:37:26< cryptoquestion> friends to join it, all they have to do is enter my IP address and the port to join? or do i need a domain or something?? 20190627 03:41:18< cryptoquestion> nvm it seems im right according to this: https://wiki.wesnoth.org/MultiplayerServers#Local_server i hope thats still accurate 20190627 03:45:28< cryptoquestion> okay next question: when hosting or joining a private network game like the one i described above, are the datastreams encrypted with any transport-layer security (not necessarily TLS)?? in other words, are the packets transmitting the data encrypted in some way or are they in cleartext? when i tested this out by hosting a game and checking wiresha 20190627 03:45:29< cryptoquestion> rk, it seems to me that the TCP packets are garbled, but maybe im just too noob, so i came here to ask. 20190627 05:30:35< cryptoquestion> can anyone here help answer this for me?? or is there somehwere else i should go instead? 20190627 06:02:35<+wesdiscordbot> cryptoquestion: They are compressed, not encrypted 20190627 06:04:44<+wesdiscordbot> There's no encyrption in place for any part of Wesnoth's MP or add-ons server functionality other than the storage of add-on passphrases on the server-side, the hashing of player passwords prior to being sent to the MP server, and the storage of remembered MP passwords on the client side 20190627 06:13:45< cryptoquestion> tyvm for answer. are there are any plans to implement encryption at any/all points of the multiplayer? 20190627 06:16:28< cryptoquestion> transport encryption, that is. endpoint encryption is less concerning and more easily addressed by the end-user anyway 20190627 06:25:25<+wesdiscordbot> not right now 20190627 06:25:28<+wesdiscordbot> no 20190627 06:32:00< cryptoquestion> ok ty for the info. is there any way to request for such features? if the only way is to open an issue on github, then i guess i'll have to make an account for that too. if you are THE vultraz (i assume so), then you would know better than anyone: how likely and feasible is it for transport encryption (E2E, TLS, something) to be added to the multip 20190627 06:32:01< cryptoquestion> layer streams? 20190627 06:32:43< cryptoquestion> im not talking about next release or whatever, just as something that might hypothetically be on the roadmap 20190627 06:35:41< cryptoquestion> apparently someone;) talked to the devs at 0 a.d. recently and they now are planning to implement E2E transport encryption in their multiplayer. since wesnoth is one of the other giants of FOSS GNU/Linux gaming, im seeing what the odds are that this game will go that direction too 20190627 06:35:54< cryptoquestion> link: https://trac.wildfiregames.com/ticket/5467 20190627 06:40:37< cryptoquestion> by the way, to all the devs and wesnoth contributors here: thank you!! the game is amazing and as someone who has been gaming for decades, i find it refreshing to finally play a game that is coded along software values i share. i dont know how to code or draw or any of that... but i do have some ideas about how i can contribute and intend to do so 20190627 06:40:50<+wesdiscordbot> I am vultraz the project lead, yes 20190627 06:41:29<+wesdiscordbot> The best way to keep the issue in our radar is to open an issue on github 20190627 06:41:41<+wesdiscordbot> I'm no export in low-level network programming, though 20190627 06:42:04<+wesdiscordbot> Also, we're attempting to switch to a new engine (Godot) which has its own built-in networking layer 20190627 06:42:08<+wesdiscordbot> and implementation 20190627 06:42:27<+wesdiscordbot> So we'll have to consider such a request in the context of that engine 20190627 06:43:45< cryptoquestion> does the new engine's internal networking layer bode well for the chances of encrypted multiplayer games? at least compared to the old engine? 20190627 06:48:20< cryptoquestion> i have been avoiding creating an account on github for a looong time, but i guess i gotta make one if thats where everyone else is at... if i do so, should my issue be opened at wesnoth/wesnoth or wesnoth/haldric? sorry for the multiple questions, pls take ur time, i just want to know how to best go about this. 20190627 06:48:54< cryptoquestion> and ty again for taking your time to answer me 20190627 06:52:49<+wesdiscordbot> just put it in the regular wesnoth/wesnoth tracker 20190627 06:52:58<+wesdiscordbot> i'm not sure how godot does its internal networking 20190627 06:56:20< cryptoquestion> thats fine, as you said its not your expertise. since ur project lead, though, i assume these decisions will go through you at some point, so im mainly curious about whether youre open to multiplayer encryption or if you think thats not something you are personally interested in seeing wesnoth pursue. u dont need to answer either, its just some foo 20190627 06:56:20< cryptoquestion> d for thought. ur free to pass it on to the devs working on networking, too;) 20190627 06:57:52<+wesdiscordbot> Why do you want such a feature? 20190627 07:08:03< cryptoquestion> well, i'll try to explain my thought process behind bringing it up, but its a bit long... 20190627 07:26:29< cryptoquestion> given how vulnerable unauthenticated datastreams are to exploitation, network-interfacing software such as battle for wesnoth can serve as a potent attack vector for compromising systems, particularly through arbitrary code injection. this is especially important when considering the hostile networks players may be in, whether it be an invasive ISP 20190627 07:26:29< cryptoquestion> or an insecure router or a hacked public wifi hotspot or any of the dozen middleboxes that the streams pass through along the way (this is especially the case when playing with international participants). more over, cleartext data (and metadata) as such is a privacy threat: both are personal data insofar as they expose user activity that can then 20190627 07:26:30< cryptoquestion> be monitored and logged for tracking, profiling, fingerprinting, and social graphing. 20190627 07:26:42< cryptoquestion> as a result, for concerned users such as myself, it is difficult to justify exposing my international friends to a vulnerable connection out into the Web--currently a hotbed of botnets, proxy cyberwars, and a global mass surveillance apparatus that is archiving yottabytes of any datastreams it can hoover--just to play a game. contrary to being just 20190627 07:26:42< cryptoquestion> a game, it is also network-aware software that connects to the open internet and in that context, it very well may be the weakest link in a system or network for adversaries to exploit simply because it is transmitting unauthenticated cleartext into the digital aether. and unlike a web browser, BfW (to my knowledge) is not hardened for such threat 20190627 07:26:43< cryptoquestion> s and does not use isolation or access control to mitigate them. 20190627 07:26:48< cryptoquestion> the best way to stop this gap i can think of is to implement a reasonably secure transport encryption for all online transmissions, whether TLS or an E2E solution. doing so effectively solves and mitigates many of the problems mentioned above, since it prevents men in the middle from snooping and modifying the data on-the-fly. it also restores the 20190627 07:26:49< cryptoquestion> privacy of players and assists in ensuring their system is secure from such attacks, since wesnoth multiplayer is no longer such a vector for them. a side benefit is that it so happens to make cheating a whole lot more difficult, since it no longer involves simply spoofing some TCP packets or injecting some code.;) 20190627 07:26:50< cryptoquestion> i could go on and on and on and on (i didnt even bring up ethics!) but i think i have spammed enough. thats my reasoning in the best pitch i have. if i were to summarize it, tho, its basically that i want the feature because i think it is the bare minimum necessary to ensure a great game like battle for wesnoth does not also serve as a great attack 20190627 07:26:50< cryptoquestion> vector for players to get pwned by someone OUT-game.;)) encryption protects players' privacy and security! the point is not (just) authenticating and obfuscating the traffic... its also closing off that traffic from being hijacked. transport encryption does just that. 20190627 07:26:55< cryptoquestion> (end of spam, sorry!!) 20190627 07:28:01< cryptoquestion> (i hope it all went through too...) 20190627 07:29:59<+wesdiscordbot> I'm not sure just how much anyone could do if they hijacked a wesnoth data stream 20190627 07:30:47-!- vn971 [~quassel@2a02:7aa0:1619::bac5:9483] has left #wesnoth-dev ["https://quassel-irc.org - Chat comfortably. Anywhere."] 20190627 07:33:34<+wesdiscordbot> We've taken care to ensure scripts running on the client do not have access to anything it shouldn't, like unlimited access to the player's filesystem 20190627 07:36:36<+wesdiscordbot> So even if you were trying to distribute a script to steal people's file or something, it wouldn't run 20190627 07:40:21<+wesdiscordbot> Our servers are basically just dumb pipes 20190627 07:40:27<+wesdiscordbot> They don't handle anything about the gamestate 20190627 07:40:34<+wesdiscordbot> That's up to each client 20190627 07:41:53<+wesdiscordbot> If I recall correctly (it's been awhile since I gave thought to the networking internals 😬 ), the only thing distributed across the network are certain actions that need to be synced 20190627 07:41:56<+wesdiscordbot> Like moving 20190627 07:41:59<+wesdiscordbot> a unit 20190627 07:45:07<+wesdiscordbot> So client-side security is much more important 20190627 07:45:08<+wesdiscordbot> I think 20190627 07:45:16<+wesdiscordbot> (not being an export in security either ) 20190627 07:46:07<+wesdiscordbot> And like I said, we've made quick and concerted effort to patch any security holes we find client-side 20190627 07:46:17<+wesdiscordbot> Since those affect singleplayer content too 20190627 07:46:34<+wesdiscordbot> Ie, if someone tried to distribute a malicious addon or something 20190627 07:54:00< wedge009> I think securing network communications is a fair point - it seems to be a growing trend generally. That said, I'm also not sure what one could do from within Wesnoth anyway, but it does seem prudent to avoid exposing things if one can do so. Perhaps that's another reason for the adoption of Godot instead of maintaining custom code (not saying I have an opinion on that either way). 20190627 07:58:12< cryptoquestion> well, since its unauthenticated packets streamed in the clear, arbitrary packets can be injected and any means of exploiting the stream becomes possible. thats not the case when the stream is encrypted. my concern is not about attacks against the server (though that's another issue, the server probably has better security than the users and isn't i 20190627 07:58:13< cryptoquestion> n a privileged position anyway) so much as attacks against users, such as a mitm that injects packets into a peer-to-peer game stream. my use-case is hosting and joining privately hosted P2P matches, anyway, not playing through a third-party server. 20190627 07:58:19< cryptoquestion> it is a relief to hear that the client-side scripts are restricted, but if those restrictions are vulnerable to an exploit that can break a script out (or run a different script), then its just a matter of time and determination... so long as the stream is in the clear. anyway, i do not doubt that client-side security holes are patched and i agree 20190627 07:58:20< cryptoquestion> that client-side security is the primary focus. however, transport encryption is integral to client-side security precisely because they can be targeted through that transport stream, especially in self-hosted games. without the encryption (or at least authentication), those datastreams will always be unprotected, so any vulns that might exist in t 20190627 07:58:20< cryptoquestion> he code making those streams are unprotected too. 20190627 07:58:21< cryptoquestion> idk maybe im just too noob about these issues. i also dont know code, so i cannot inspect the source myself. i just wanted to ask about what encryption-related plans might exist for multiplayer, since thats important to me and im a big advocate of universal cryptography (and other cypherpunk stuff;)) and i also like wesnoth. again, thank u very muc 20190627 07:58:21< cryptoquestion> h for taking ur time out to discuss this with me. i am more then happy to talk more about it, but i dont want to seem argumentative, so ill be quiet now otherwise:)) thx again for wesnoth!! 20190627 07:59:24< cryptoquestion> (p.s. by "server" i mean the third-party servers. i know wesnothd is the self-host server, maybe i misunderstood u there. now im quiet!) 20190627 08:25:02<+wesdiscordbot> cryptoquestion, for longer discussions you may also use the forum. 20190627 08:25:32<+wesdiscordbot> cryptoquestion, for your use case you can use stunnel or a VPN to wrap encryption around the plaintext connection. 20190627 08:27:26<+wesdiscordbot> But the connection is TCP, isn't it? TCP sequence numbers provide some protection here, don't they? 20190627 08:33:45< Soliton> wesnoth's networking is not peer-to-peer. 20190627 08:34:06< Soliton> everything goes through wesnothd. 20190627 08:35:45<+wesdiscordbot> Yes, but cryptoquestion said he would run his own wesnothd 20190627 08:36:05< Soliton> i was responding to "such as a mitm that injects packets into a peer-to-peer game stream" 20190627 08:36:57< Soliton> anyhow encryption could certainly be done and shouldn't be an issue since we're not sending that much data around anyway. 20190627 08:39:08< Soliton> not sure how much you can reasonably prevent with it though so it's unlikely going to be high priority. but if someone is interested in implementing encryption i'm fairly sure we'd accept it. 20190627 08:41:24< Soliton> it'd certainly help privacy and exploiting possible bugs in wesnoth. 20190627 08:41:55< Soliton> well, help prevent such exploits i mean. ;-) 20190627 09:39:52< cryptoquestion> josteph: yes TCP is sequenced and so it is more difficult to inject packets, but they can still be spoofed with the right timing and inference. even tho they are sequenced they are not authenticated. 20190627 09:42:02-!- boucman_work [~boucman@wesnoth/developer/boucman] has quit [Ping timeout: 272 seconds] 20190627 09:42:07< cryptoquestion> soliton: yes yes sorry i was playing loose with "peer-to-peer", technically wesnothd is a third party even when one of the other parties is hosting it on the same machine that is playing as a client. what i meant was to emphasize self-hosted matches, which are "peer-to-peer" (not really) compared to the usual setup of connecting to a server somewhe 20190627 09:42:07< cryptoquestion> re else. anyway thank you very much for the responses. now if only i knew how to code... 20190627 09:45:15< cryptoquestion> (third party as in THE third party that mediates communication between other two) 20190627 09:50:24< cryptoquestion> anyway i have to go now but i might be back someday... maybe opening an issue on github about this?? idk but thanks again for the info!! best wishes!!! 20190627 09:51:31-!- cryptoquestion [d4810050@cryptofree.cstorm.is] has quit [Quit: cryptoquestion] 20190627 09:53:41-!- boucman_work [~boucman@wesnoth/developer/boucman] has joined #wesnoth-dev 20190627 10:10:43<+wesdiscordbot> @Gweddeoran Thanks for the answer on EI 20190627 10:21:05-!- wedge009 [~Thunderbi@60-241-236-92.static.tpgi.com.au] has quit [Quit: wedge009] 20190627 11:08:41-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has joined #wesnoth-dev 20190627 12:09:31-!- celticminstrel [~celmin@unaffiliated/celticminstrel] has joined #wesnoth-dev 20190627 12:18:34-!- celticminstrel is now known as celmin|away 20190627 16:20:00-!- smiley- is now known as smiley` 20190627 16:47:00<+wesdiscordbot> thank josteph 20190627 16:48:53-!- Nobun [~user@51.179.106.232] has joined #wesnoth-dev 20190627 16:54:35< Nobun> celmin|away: I am here (both in IRC and Discord) 20190627 17:29:33-!- stikonas [~gentoo@wesnoth/translator/stikonas] has joined #wesnoth-dev 20190627 18:13:10< Nobun> celmin|away: I wrote you a PM on wesnoth forum 20190627 18:13:43-!- Nobun [~user@51.179.106.232] has quit [Quit: WeeChat 2.1-dev] 20190627 18:43:04-!- stikonas [~gentoo@wesnoth/translator/stikonas] has quit [Read error: Connection reset by peer] 20190627 18:43:09-!- stikonas_ [~gentoo@wesnoth/translator/stikonas] has joined #wesnoth-dev 20190627 19:08:48-!- stikonas_ is now known as stikonas 20190627 20:26:16-!- zookeeper [~lmsnie@wesnoth/developer/zookeeper] has quit [Ping timeout: 252 seconds] 20190627 21:03:46-!- stikonas [~gentoo@wesnoth/translator/stikonas] has quit [Read error: Connection reset by peer] 20190627 21:04:00-!- stikonas [~gentoo@wesnoth/translator/stikonas] has joined #wesnoth-dev 20190627 21:33:12<+wesdiscordbot> @josteph I think that is a subjective question 20190627 21:33:26<+wesdiscordbot> everyone plays the way he plays 20190627 21:33:58<+wesdiscordbot> I mean, someone always cares aabout his leader, and doesn't get him involved into a fight 20190627 21:34:25<+wesdiscordbot> but someone uses leader for combat in every scenario or almost every 20190627 21:34:33<+wesdiscordbot> it is also about the difficulty 20190627 21:34:53<+wesdiscordbot> if you play the easy difficulty, you usually don't have to use your leader(s) 20190627 21:35:37<+wesdiscordbot> but on the hardest difficulty, usually regular soldiers aren't enough and you have to boost them with leaders 20190627 21:37:22<+wesdiscordbot> Dunefolk Rework Update #5 up https://forums.wesnoth.org/viewtopic.php?f=15&t=49630&p=644022#p644022 --- Log closed Fri Jun 28 00:00:56 2019