#general

To prevent RCE on clients, should I add -Dlog4j2.formatMsgNoLookups=true to my client launch options?

if you're using latest client no

oh wow formatting is broken

I've been writing software since 1997 and am baffled how that happens in 2021.

https://osu.ppy.sh/ss/17344677/bc6e

i am angry

got all those 100s on shit easy parts

trash

only if you are using older non-vanilla client that's not being patched

only 99.4%

smh

old naomi gets 100%

nah old naomi gets 96% because she can't aim it

what 😳

if a server "hacked" me before the exploit was fixed and reset my pc the possible hack stops working?

and my antivirus could have helped?

hey i only meant it as a quick fix until mojang fixed the client

its deprecated now and i link to paper-help

ik

but yeah it only filters chat packets to clients

other packets can be added if you want but im not doing it xd

it fixed now (by mojang)

hold up if you join a server which didn't update to a fixed version of the exploit from a client that has the fixed version are you still vulnerable? or the client is enough to be safe?

i think the client is safe

but the server not

both the client and server were vulnerable, there was a moment last night where servers were updated but clients were not

no but let's say I join from an updated client to a server which didnt update

vanilla made another vaccine

am i still vulnerable

no

no you aren’t

the server is

but the server is

oh ok just wanted to make sure

ohhh ok gotcha

https://osu.ppy.sh/ss/17344707/b3ab

noooooo

@mild rune dammit

https://twitter.com/gcouprie/status/1469276948304216077 this tweet made my day lol

Kneny the security expert at paper

smort

All these people surprised Apple uses Java for stuff

Apple used to ship a semi-custom Java with OS X you could use to write "native" apps

They were real big on Java, inherited it from NeXT

knenyy better

iirc they dropped it after Java 6

Uwu it's been stuck on updating for couple min..

the update fix is a hoax made by mojang to keep them in power and control the price of gas

how to check that the exploit is fixed on my client?

yeah java 6 riots were fake news

They apparently take a 10%

hey dap

hey naom

billion dollar nude sharing industry and discord wants some of that pie

holy guac

Win 11 is nice

sry...

It is

Really had no issues with Windows 11 and it ran quite nicely

but I can't move my taskbar 😭

https://naomi.s-ul.eu/Vdn0kIBE guess which score is better

i always had my taskbar down

ez

aurora king

can't do that on unactivated windows

I used to put my taskbar on the top of the screen

So it would feel like macOS

ok

naomi why do all skins have weirdass sounds

because skins can put in custom sounds

mine keeps them mostly default iirc

i use the old -GN skin

what?

@mental meadow uwu

uwu

wtf aurora despises me

uwu!!!

I did not look at discord for a few minutes 😦

wow

why are you still in this server

ok

do I just @ aurora and say uwu every time my depression relapses

seems pretty effective

ded quit

ded is a valuable member of this papermc 2.0 community

what is this exploit thing going around

See pins in #paper-help

okay

delet

what exactly happened tho

bruh what

this is so confusing

Remote code execution vulnerability

A vulnerability in log4j was found

Read #paper-help pins

what does that do

malicious people can run arbitrary code on your server

oh

In the industry that's called "really fucking bad"

wait 1.17.1 is patched up

are people still asking about this days later? lol

yep lol

paper logo likes to jump around a lot

i live in the caves

has only been like 12h...

What do you consider is the bests file systems for a Minecraft server?

Yes, 1.16, 1.17 and 1.18 have received patches

great then!

well yes theoretically that's like absolute worst outcome

gl trying that on any big server

Well yeah any big server has patched it already

or on a server that uses java 17

Kevin was able to get RCE working on all server versions which includes those which require j17

oofies

i wonder how Hypixel patched it when their servers are stuck on 1.8

also imagine how long this exploit was sleeping quietly

we're lucky that the person who discovered it didn't hold out

sometimes i just hate node.js

solution: don't use node

shit lang 😎 im so cool

It's a really easy patch. Paper just cannot be bothered to backport it further than 1.16.5, which I don't blame them for

I feel like, if the patch acts upon code that has been largely unchanged over the versions, that they could do this fairly easily

But they take the whole "old versions bad" thing very seriously

I get not maintaining them but this exploit is pretty huge

Hypickle forked from spigot in 1.6

and, like, they literally have a full dev team maintaining this shit

They do use paper on some servers tho

Do you really think a team as big as hypickle can't do a trivial l4j update?

But yeah, hypixel is the prime example on how you use old versions

With a giant dev team and fix all the issues yourself

hypickle :)

Why are you using globalthis for a bot

C# > * 😎

🦜

@coarse lily I'd love to discontinue distributing our theme in new jars once the new version of timings has been pushed
https://github.com/aikar/timings/pull/127

Been waiting almost 5 months now 😦

people still think hypickle uses 1.8 and download plugins from spigot regularly.

quick vent: i was recruited into the shady botting world for freelance programming work a long while ago and eventually got scammed out of a shit ton of money. i did however learn, to be incredibly weary of people overly reliant on node (specifically electron) or python

there's like thousands of people making their own shit electron bot apps that all do basically the same thing

Timings was made by Aikar and he hasn't been around to test it to give it the green light, is my guess.

I can go through and take a look/test but realistically it won't be for a while. With 1.18, holidays, etc.

Yeah, I'd love for it to get merged so we don't have to continue distributing new jars with it in and so you all can't complain about a changed url in the jar 😄

But I'll put it on my todo list.

Sounds good 😛

@coarse lily 🥺

Morning!

BEST paper moderator

better than larry

@warm anchor

yes I am the best moderator

hi michael

Your pfp always remind me of the awoo girl

is 1.18.1 considered stable?

https://youtu.be/eGslweDOihs

because i think its easier to access some variables when they're global, like chalk, config, database client or discord client

but i think its more easier to not use node.js

Just use dep injection, you aren’t writing for browser

Larry was up until a few hours ago working way harder than me, so he probably wins

But anyways in case you decide to use node again you appear to use es modules (typescript?) in which case the import syntax would be import chalk from 'chalk';

how does one choose ALL mode instead of LAG mode on mobile version of your timings?

buttons are not there

basically unusable on mobile :\

Just pull down in the top box area and it'll let you scroll to the bottom where you can select the timeframe

why is it hidden

my recommendation is making that more obvious

only way to find it is by accidentally swiping in the wrong spot right now

There's only so much room on mobile unfortunately, It's (at least I'd say) an improvement on the existing mobile.

I'm using javascript, i prefer to use typescript but i couldn't do some things with it so i tried using JS

well yeah overall it’s going to be better but if you’re going for an overhaul you should do it right

not hiding half of the menu

If you make something larger or take up more screen space you're going to have to hide something else

i mean just use a hamburger three line thing and have it minimized by default and expands the entire menu when clicked?

Well the fix should be the same assuming you have “type”: “module” in package json

We had decided that splitting the page into two sections and allowing scrolling through both was the best implementation for it, It's on git if you feel a different way looks far better

pretty standard mobile interface

i’d recommend doing that over hiding it

i'll try it, thank you

yes but it is not clear or even close to being obvious that those buttons are hidden there.

I must admit that it actually looks better than what we currently have

an overhaul should improve in every aspect, not make it worse in some. this is a spot where there is room for improvement in my opinion

is dev.bukkit.org down? im trying to update worldedit

use their website, enginehub

ok ty

Correct. There is a log4j config you can use in the pins, but there won't be an update for unsupported legacy software

six year old unsupported legacy software*

then update

then live with the exploit

ok

The config in the pins is non fuctional

Oh, mb

Still, 1.8

ok

no one asked

ok we dont care.

^ If you use legacy versions you should accept that you're on your own

i will take a huge shit later

where can i download it

i need it

can you post pics for proof?

thank you

are we gunna let people advertise their 1.8 forks in paper now

wtf is this

1.8

but but his fork has optimized tnt on 1.8!!!!!

!warn 280917820781494273 Don't post links to other forks please.

:raised_hands: Warned JH3Y50N#3269 (Don't post links to other forks please.) [1 total infraction] -- ocelotpotpie#5943.

Nope.

dam a real papermc moderator

oh

You don't

1. We've already got somebody who's said that they're going to look into it

that’s so unfortunate

i am also sad with you electroniccat

2. We don't want people advertising other services, etc

they probably care so much!

We're an open source community

However, we do not want people linking others to random untrusted software

then leave

1.8 users are very entertaining

But the trusted software is unsupported

average 1.8 user

What are you typing right now though

Stop mentioning

you mentioned cat…

Disable the stupid mention feature in replies

Don't ping in your reply. cat has "no ping" in their name.

and the highliht thing is annoying especially given that I have sight issues

How do I disable mention in replies?

Press the @

LMAOO

That’s one way to solve it

average 1.8 user moment

Please do not advertise 3rd party jars

more for informational purposes than to advertise but ok

Press the @ or shift click when you reply.

pretty the @

very pretty @

what is timings

i never understood that

Wh00ps

Could anyone send me an invite to the Magma discord server? The links on their reddit and github dont work 😦

The time it takes to do shit

Thanks Broccolai

papermc moderator is abusing me by purposefully misspelling my name to cause me emotional distress

Brokoli fomin

@ like this?

I'm sorry sir it's a proper noun it's force of habit.

askers

No.

On mobile phone?

When you click reply a bar shows up with the message you're replying to and "@ON" on the right

imagine complaining about pings instead of just using DND/muting them in this channel

Click on that to turn it off

Oh

Nice explained

Since when does dnd disable the highlighting

It's not unreasonable to ask someone to not ping you.

ask for basic respect so I can read wtf you're saying

LITERALLY THE GHESTAPO!

you mean to not to, right?

I have to do it every reply

Yeah

Discord sucks 😄

Exactly, yes. :)

If you're on desktop, you can shift click the reply button

it caches for a while

🏓

You cant disable pings what are you even talking about rooray

is discord good

They still highlight in yellow

why is it changing my emotes

Discord is terrible all the alternatives are just worse

Except if you simplify things and go back to IRC

Smoke signals are the future.

I love discord 🥺

let's just return to irc ^

and, like, maybe I just come from a different time period, where I don't NEED people to reply to every single message because of basic context following

keeps all the dumb kids out

¯_(ツ)_/¯

when we go back to smoke signals im gunna send cat yellow ones

and the highlight is hard for me to read

https://papermc.io/community-guidelines see point 6.

Reply makes me use my mouse

Yeah when you're in IRC and shit is scrolling like crazy you just get used to it.

No need to discuss that

@naomi we are coming

We used to not even have avatars!

and so I ask for basic respect that people disable it or just not use the stupid reply feature

I mostly only use it when I'm on my laptop since the touchpad is right there

Like, you literally need to do fuck all!

On my desktop that means moving my hands though so fuck that, I'll just type 😛

Just use teams

heck, am saving you 2 mice clicks!

Have you ever tried to input formatting text in Teams?

no thankfully I barely use teams

It's a fucking nightmare

Anyways I’m glad this channel is back to shitposting / dumb posts

I felt weird having to be useful

It doesn't actually let you type markdown, it intercepts your markdown in the middle of putting it in and replaces it with their rich text WYSIWYG system

It’s a worth trade, you can at least create assignments

Like, if you type ``` it'll remove those marks and put in a monospace text box inside your normal text box that you have to type in

I’ve gotten used to disabling the @ when replying thanks to cat

What if you press tab

Instead of like Discord where it leaves the formatting marks in but also does the formatting so you can see what it looks like

I wish discord would just let you disable replies

Like it doesn't seem like a hard feature to add lmfao

I wish discord let you see who replied to one of your messages without pinging

I think replies are useful when there are 4 conversations going on at once

Many features discord didn't implemented yet and some they will never implement aren't hard to implement

I just wish discord cared about disabled users rather than just trivial random shit which clearly nobody who is disabled actually looked it

They can be, sure.

But you can reply without pinging.

Like their option to down down the UI literally starts blending shit like buttons into one another

It'd be nice to have a toggle but Discord is dumb.

Remember when they removed light mode and instantly regretted it

Yea or they should make replies no mention by default because the only time you will really need to mention is when replying to something from hours ago which is rare

I don’t mind having replies, just add a toggle to have them not ping automatically

I just want the damned option to be able to say "hey, am a blind fuck, don't highlight this shit"

I never have my replies ping because I hate the pings so I assume others do as well

and ideally don'tmark it as unread as I generally don't give a shit...

For me pings just help me see when someone reply me

I mean, i decided to make my eyes worse and somehow got an eye infection

it seems to be slowly clearing up but, just, jesus fuck

cat stop dying thanks.

or

/gamemode creative

maybe just let him die in peace

gratz ocelot

masochist

signed up for torture

why did i get kicked from the discord server

tf

A dm from @thorny flicker will tell you why

I'm on a server that the admin keeps pinig @ everyone everyday, I had to disable notifications

"Don't send seizure-inducing gifs"

oh

did i send that?

Yes.

im sorry

That's why you got kicked.

lol

it was my brother on my phone that did it

i didnt know

(hopefully I disabled ping this time.) The blending of buttons in UIs and that bullshit "flat" design of everything makes differentiating UI elements difficult anyway. It's form over function and it's annoying

I'd probably still use old Windows classic theme if I could without any bs attached.

I do love that microsoft is taking off of KDE

Like

Haha

their new notepad app has so much whitespace it's annoying

what has changed

I miss the Windows Aero Glass theme.

They added dark mode

today I rebooted my server

And made some changes to the UI as a whole

and guess what

it started up without me having to go down with my bootable usb

however I forgot the command to turn off the screen so that was fun

holy moly I just discovered that notepad++ has dark mode now.

it's not amazing, but it's better than when I've been in a terminal or in vscode and need to open a text file and die

https://tenor.com/view/reaction-my-eyes-cant-unsee-burn-gif-7225082

GNOME was the one with excessive whitespace, not KDE 😛

Although I guess even KDE had more than, like, Windows 95

I was never able to get into either DE. GNOME was too simple and KDE had too much noise, or weird way of doing things. I may try again later. I just keep trucking on with macOS and Win10 (and WSL)

sublime text 3

I can't brain today

Right, GNOME I struggle with sometimes because they don't let you configure it much but KDE just feels weird and jank no matter how I theme or configure it

Plus I'm in general a fan of the GNOME style

Oh that’s neat

Wish they revamped wordpad now though

https://thewincentral.com/official-android-gaming-on-windows-10-11-to-be-a-reality-soon-as-google-plan-to-bring-play-games-app-to-windows/

an ideia since optfine is not yet patched just add ```java
-Dlog4j2.formatMsgNoLookups=true

Windows is going to pass SafetyNet and have the full Google Play Services?

What a weird timeline

inb4 the linux x^2 + y^2 = r^2 jerk crowd comes in and tells me how wrong I am after I tried it for years x)

I mean, I'm using GNOME right now 😛

And still have commit access to a GNOME project that I believe is still used as a part of the "GNOME Classic" suite of gnome-shell extensions and apps

You’re wrong

git gud use arch no balls

It was a part of the GNOME 2 default desktop

GNOME 2 was by far my favorite years ago.

I'm also an Ubuntu Member and former Ubuntu developer 😛

(paid developer even)

So fuck arch 😄

is 1.8 nice?

I don't consider myself a developer, given I'm still trying to learn. Ignore my github link. It's mostly garbage x)

It's pre-1.9 combat changes so yes

Some day I'm going to be less lazy and switch to Fedora Silverblue though

@half hawk what?

With silverblue your OS is managed via snapshots and such and all your apps are docker containers or flatpaks

hi what do you need

Im considering to use it for my serevr

don't

why did u add 😐 to my question lol

do it

And then they have a "dev toolbox" or whatever that is a persistent environment for working on stuff but that's also just a docker container so you can put whatever distro you want in there

So I can use Fedora but dev on Ubuntu

And never have to touch RPM, yum, or dnf

If neofetch has one million downloads i am one of them 🙋🏻. if neofetch has ten downloads i am one of them. if neofetch has only one download that is me 🙋🏼🙋🏽🙋🏾. if neofetch has no downloads, that means i am no more on the earth 😢. if the world against neofetch, i am against the world ❌🌍☄️.

they have a similar toolbox thing going for coreos

gnome-flashback #2nd best gnome

I want ZFS in the kernel, because it would be great for a root fs, I think. RIP the licensing conflicts--it'll never happen :/

for shits and giggles

high iq chat again i see

I barely know the surface of what ZFS can do and I absolutely love it for my home NAS build.

The silverblue one started out as just using that one then changing it a little then they rewrote it

because most people have an attitude and/or personality that tells me they are expecting proper support. since you are planning to start an 1.8 server, i assume you are going to ask questions in this discord, but as paper developers have said many times, they are not going to put any effort in supporting a 7 year old version. this usually makes people act like a dick when they don't get support.

well i mean half of this chat is people complaining about pings

and 1.8 is genuinely aight

iirc the CoreOS one was just a 1000 line shell script or something, really barebones

how did you get from "i like 1.8" to "i like this version thats been long depreciated and have ignored several warnings about is depreciation to tell you that i want support for this version"

✨ stackoverflow

marked duplicate, -11 downvotes
(to a post from 10 years ago and has no relevance)

Marked as off-topic

marked as duplicate, -47 karma

they just yeeted all my posts

i had a few with over 5000 views lol

paper backports an unsupported version and is surprised that people assume they're gonna backport other version

I understand if someone posts "what does cout << "hello world" mean?" but I've seen actual questions that received abhorrent replies. Stackoverflow is useful as I've been learning C++ this year, but sometimes it's depressing. I don't post. I just Google and use it that way.

I’ve never had to ask a question on stackoverflow because all my questions usually have already been asked

It's more the fact that people refuse to read the various bits of info we've left around and start acting like we really must patch it because plz!!!

i mean it is a critical security vulnerability

as I've said, it's not easy for us to push out a fix for those versions as all of the build pipelines are literally gone

Literally irrelevant

It being a security vuln does not change the fact that we don't have build pipelines setup for those versions

Nor does it change the fact that we'veliterally been warning people of this shit for years

does the vanilla minecraft log4shell patch apply to all versions?

yes

Like I feel sorry for the bastard that had to push an update out to fix terminal services security bug in Windows XP in 2019. XP dropped support in Apr 2014... I'm not a dev, but I understand.

XP is still maintained in a sense

Just, only for corpro shills

chances are they just deemed this one was worthy enough to issue more as a general throw out

But, I mean, they've stillgot all the tooling there setup to be able to do that

Understandable. When I was in undergrad, our quantitative analysis lab equipment still ran XP. Although I believe it was airgapped. No harm. No reason to upgrade equipment that has costs with multiple 0's.

Yea, that's part of the joyous thing

I still keep on an old XP machine around for when I write floppies for my vintage PCs when I play around sometimes.

back in the early 2010's I had to shove XP onto my grandfathers work laptop to be able to service some PLCs and stuff

and the thin is that much of this gear is managing the power towards critical infra like hospitals, so, it's not easy to justify everything to replace

Old machinery that costs $100k's or more. Old proprietary ISA card to interface with. XP was end of the line. Airgap and move on. shrug

Because you wanna replace that PLC? Well, now you've gotta redo all the wiring looms because the form factors have changed in the 20 years since that system was installed, some requirements have changed and while you're there, you might as well look at replacing those 30 year old ACBs, etc, etc

I was under the impression that people who were still on 1.8 were on 1.8 because they are using a ⚡️✨high performance async customized 100tps fork of paper that they purchased for $500. Can’t believe how many people there are who are just using paper 1.8 with 0 support

and, at that point, now you've got an entire hospital wing out of action

the NMR computer at my university was running Windows 7 when I left. albeit heavily modified with proprietary software. NMR isn't cheap. It's cool. Not cheap. Liquid helium and liquid nitrogen is also expensive. It's a continuous cost. if it ain't broke, don't fix it...

the execs holding the purse also aren't gonna budge x)

(btw NMR is exactly the same thing as MRI) it's called MRI because people are scared of the word "nuclear".

what does nmr stand for?

nuclear magnetic resonance

I still barely understand it. I was much better at fourier-transform infrared spectroscopy. I've decided to move into computer science from chemistry., once I start grad school.

my mod said someone joined and started spamming tthis

yes.

i'm guessing its blocked by anti link ttho

no

and please actually use the correct channel.

i mean for clients

we're freeeee

#869651180698099732 ?

All the info we're able to give is already in the announcements, etc

No

All the info we can provide is pinned in the #paper-help channel

Youre not reporting an exploit

poor cat

kk

Literally all of that shit is well known

We've literally patched it

tf would we need a report to say it exists.

Cat?

Do you want me to report that bug you announced?

How do I help my friend's Celeron Laptop run Minecraft?

I'll take your lack of response as a yes.

oh no

they did publish the exploit

of course they did

its an exploit

mm yes shell expansion because someone didn't scrub inputs :3

why shouldn't they

the funny thing is if people actually followed best practices (e.g. least privileges and service containerization) then even vulnerable servers would be at relatively low risk

I think they even stopped XP support for ATMs

but what can you expect from people who want support for 7 year old game software

rip guess i gotta switch my atm to windows 11 now

helikopter helikopter

You're gonna containerize a minecraft server?

Ballsy.

The last officially supported date for NT 5 was Apr 9, 2019. Of course corps could ship $$ to msft for a little longer

i will make docker and jvm wear a big shirt together so they have to get along

Once someone has arbitrary code execution you should assume they also have privilege escalation and likely a container escape too

oh lol that a squid game pfp

but that's a much higher skilled attack than copy paste rce payload lol

This is why clouds don't use containers to separate customers

same concept as "assume all firearms are loaded and dangerous and never point them at anything you don't intend to destroy, injure, or kill". Assume the worst and take precaution.

docker escapes and linux privilege escalation are much more difficult to do

Instead they use custom VMs that don't fully emulate a legacy PC so they can start up in like 250ms and tooling to use them as if they were containers

ideally you would do that but as far as setup and maintainability are concerned, custom virtualization software might be out of the question for most mc servers

containerization and least privileges with a relatively hardened linux system would be the ideal balance between security and devops simplicity for an mc server imo

They will announce when a stable build for 1.18 is ready correct?

https://firecracker-microvm.github.io/

yes

Tnx

I always think this way--if someone wants in, they will get in. It's just how much time and effort they want to put into targeting an individual.

containers have been busted before

You can also just check on https://papermc.io/downloads there it will say if the builds are still experimental.

i love this solely because it's primarily written in rust

they'll be busted again

im not saying that containers are foolproof at all lol

just because it's hard to do or there is no active exploit well in the known doesn'tmean that it'snot all that unheard of

Firecracker takes your standard docker (runC, whatever) container and bolts on a custom kernel and such below it to run it in a VM

With less than a second boot times and less than 5MB RAM overhead

relevant

oh what the hell that's amazing

Okay, but

lmfao

So you just build your normal containers then you run them with firecracker and they're actually VMs

does it have a virtual floppy driver?

Cos, I really love virtual floppies

for ingesting my mission critical virtual floppies ofc

that's not the only thing that's floppy

runs

IT HAPPENS TO EVERYONE

This, along with a streamlined kernel loading process enables a < 125 ms startup time and a < 5 MiB memory footprint. The Firecracker process also provides a RESTful control API, handles resource rate limiting for microVMs, and provides a microVM metadata service to enable the sharing of configuration data between the host and guest.

What's the catch?

honestly the us govt probably would've been better off leaving the nuclear system on ancient IBM mainframes.

obscurity security 😎

If you want to do like bind mounts or something I don't think those work so your container needs to be really isolated

gnome is awesome

• gnome user

Pretty sure that anyone with half a brain would keep nuclear armaments away from the internet.

So if your container isn't stateless I don't think it works

Or any computer-based interface, for that matter.

the old farts that are still kicking and can write the software for those things probably make bank

assuming the us government has any cognitive ability

(it doesnt)

In war?

did someone say OIL?

So I wouldn't use this for dev since I have it mount my project directory in to the container to do incremental hot reload builds and such

the FBIs no fly list was found sitting on a public-facing server a few months ago

And if you wanted to use it for a DB or something you'd need some NAS to store the DB on

But maybe those things do work, just slower, not 100% on that

They didn't work when the project started

the old farts in congress wanting backdoors in commonly used software as if their number one arch-nemesis (Russia) won't find it and exploit it

or anyone for that matter.

.merica

https://www.youtube.com/watch?v=h3jcmFNxRzQ

been goin downhill

But they advertise it as being able to install containerd-firecracker and then just use it with your docker or systemd-nspawn CLI tools just like it was standard container systems

I should try this on my laptop, see if it works for my dev environment

LMAO that video

americans*

see told ya the earth is flat

Like, KVM/qemu has infrastructure to let you access directories on the host but I don't know if firecracker implements that bit

fact!

?

inotify probably doesn't work on those shares though so nodemon would still break

I use bind mounts in proxmox for my zfs datasets.. although that's lxc rather than a VM

Their list of features mentions block devices (virtual HDD) but no file sharing so that's probably a no-go

Firecracker actually uses the same cgroups tech that containers use too, it basically runs your VM inside a container and then your VM is hosting a container that got converted into a full OS

yo dawg

kvm/qemu directory sharing infrastructure is pretty much p9 network filesystem, or new virtio-fs nowadays

p9 is s l o w

Right, virtio-fs is what I was thinking of

I wonder if WSL2 will ever switch to virtio-fs and implement that in Windows instead of 9p

doubt

hmm, Kata Containers is built on Firecracker and is the project virtio-fs is made for

So maybe firecracker on its own can't do it but Kata Containers can

Why will my framerate refuse to exceed 60 even with vsync disabled?

My limit is set to 95

your gpu driver probably enforces that

It only startet just now

If you're on linux turning off vsync is actually kind of a PITA

disable vsync in the gpu driver control panel

Otherwise if you're on Windows check the nvidia control panel or whatever

I'm on Windows 10

Cute, virtio-fs is basically just FUSE but the daemon runs on the host instead of in userspace

So the protocol for the hypercalls or whatever you call them is just FUSE

I'm using a laptop :I

sounds like overhead

ngl

Sounds cheaper than 9p

possibly, if it's implemented well

FUSE can use DAX and supports inotify

ah yea

So it works like a real filesystem instead of a network share

File contents can be mapped into a memory window on the host, allowing the guest to directly access data from the host page cache.

yep yep

This also avoids the problem everyone runs in to with WSL2 where the duplicate page cache in the guest bloats your memory usage

They had to patch the kernel to periodically flush the page cache or something otherwise WSL2 just slowly grew to use all of your RAM

wait

why is Proxi not here

:(

I was gonna ping her and say best proxi.

LOL

"ship now fix later" type beat

looks like jroy has escaped the abyss

Oh and since it's just FUSE you can use WinFsp to get it on Windows already

What?

(that's for Windows guests)

running joke from earlier in the chat regarding basnishing and summoning jroy with certain topics.

Ah.

jroy is the running joke

aside the running part

he cant do that

Ah, Kata Containers supports multiple VMs, Firecracker doesn't support virtio-fs but cloud-hypervisor does

That's the Intel version of Firecracker, more or less

@waxen panther

@waxen panther

@waxen panther

@waxen panther

I don't think it was a fork though, just their version of the same idea

May I help you Spottedleaf?

Please do not ping random members thank you.

the fuck is this feature?

@coarse lily

Time out.

shhhhh

timeout

he fell victim of moderation

Please do not ping non-random members thank you.

so sad

@coarse lily

@static badge

It's not random, it was very specific

another day of being abused but tyrant papermc moderators

broccolai fell victim again

intel had clear vms or something

they evn torment uyou with your own role

that evolved into kata

Oh, it is based on firecracker, kind of. Firecracker was actually based on Google's VM for running Android apps and standard Linux on Chromebooks

afaik

Vegtebal Overlord

clear containers, sorry

They turned the shared bits between crosvm, firecracker, and cloud-hypervisor into separate rust crates

I’m assuming it’s okay to ping if already engaged in conversation?

I’m trying to ensure that I disable the ping option, now that I’m aware of it

clear containers was a patch of qemu, the kernel, and a custom UEFI for qemu iirc

yep

Now they just tossed qemu and have a new VM

i digged those patches one day

what

Damn fresh isntall of windows is bluescreening hastn gotten to OOBE yet.

Where do I disable vsync for my gpu? I can't find anything?

I try not to ping people who I'm sure will be able to follow the conversation (staff and regulars and such) but still use the reply so other people know I'm not talking to them

there has yo be a piece fo failing hardware

Memtest86

(left the ping on on purpose there)

I usually don't use replies at all in here, only for answering questions in #paper-help or #paper-dev

Ah okie. Thank you.

Check temps and fans in UEFI?

running through Lenovo UEFI Diagnostics

It's either going to be bad RAM or a dead fan

I am getting Bad system config info BSOD

Or terrible thermal paste that has degraded in to nothing and you need to redo your heatsink mount

this is a laptop

If you have another machine and a spare usb flash drive, go get a copy of memtest86 and let it run.

less than a year old

Ah, laptops are more likely to have been abused and have something else wrong

DIMMs or soldered?

DIMMS

I am in computer repair

Sounds like a Thinkpad so either 2 SO-DIMMS or 1 and 1 soldered

so I am currently diagnosing it

it is a thinkpad

its gort 2 SO-DIMMS

The P ones (iirc) have one soldered on and an open slot for upgrade

Ah then you should be aware of anything I’d start with. I tend to start with memtest86 if I get random BSOD. Bluescreenview to see what the dump shows when possible

Whatever the thin ones are

Wait, it's the S

T490S for example

use memtest86+ or something

made a meme

but wen update to 1.12.2

Also the rookie: make sure you didn’t accidentally change SATA to emulate IDE rather than native AHCI 😅

#gifs-and-memes

TRUE

https://tenor.com/view/drake-clapping-clapping-drake-high-quality-hq-gif-23598042

https://xkcd.com/243/

(DiscordBot) xkcd: Appropriate Term (2 April 2007)

thanks, had no idea how this discord worked

dio I sense sarcasm

lol >nipple mouse

worst thing ever invented in this universe

That's usually what I call it

I should sell my modded T430

yep same

I can see how if you practiced with it you could get really good and never want to use anything else

I like multitouch and gestures too much though

Can someone please help me with this, it's driving me of the walls.

you mean the best invention since 3000 BC?

i like my macbook's huge trackpad

I have a feeling it is eaither a faulty RAM or failing HDD

that's why you should try memtest86+

I have my own tools I use.

I have a USB with over 100+ diagnostic tools and OS's on it

Every time my Minecraft framerate goes below 60, my actual screen framerate goes down to like 10 for a moment.

ah great. then no need of assistance

once I get the system fixed and fully functionall it is going to be sold

And sometimes it spontaneously decides, YEET let's go from 60 to 30.

why... i hate the index _C

sounds like thermal throttling

agreed

hwinfo64

My fans are silent at the moment.

Nevermind, the issue went away by itself.

while playing a game?

And it's back again

Wait so is 1.18 officialy out or just a pre build

Time to copy your patch somewhere, reset your branch to master, copy the patch back in, and rebuildPatches 😄

There is probably a better way to do that but bleh

Goes to 90fps for like 5 seconds then back to 55

Well, it depends on what the graphics processor is processing.

140F (60C) is normal for air cool while under load. if liquid coold there may be an issue and same if you are getting that when idle

I believe Intel begins to throttle at 90C?

yeah

Their limit is 100C still, right?

Or at least drop to base clock

And AMD is 110C?

@frail trail depends on what intel you are using. In MacOS afaik its more than 90C...

100-105 depending on architecture I believe. That's absolute max limit.

AMD lower if you have "cool and quiet" enabled around (70C)

I believe my 2017 MBA begins to throttle at 95C. So yes I think so

I mean, the joke about cooking dinner with macbook isn't that much of a joke ... right ?

M1 is a totally different beast. Intel Macs on the other hand... yes. unless you disable hyperthreading

Although the Intel iMacs (at least the 2017 27" I was using) took quite a bit to get up to 100C. It didn't throttle though. It would just drop to base clock

Btw, can I talk about non-mc related dev stuff here? Or there is a better channel for that?

It's unfortunate that I ended up sending the M1 Mac mini back, because they apparently have issues with some external displays. I was getting strange, dark vertical lines across all my screens over HDMI. I can't afford to try buying new screens. Other computers don't have this issue on my displays. :/

ik that feeling bro. Still can't properly use my Samsung G7/etc ( not M1, but still it won't be better with m1 )

hola hablo ingles

ENGLISH!

ok what´s up

It says "hello, I speak English" I believe

yes

could be just dead hdmi cable

I had read a couple of posts on macrumors forums that also had the same issue, and I made a post too. There's also a formal thread of "compatible monitors" that work with the M1 mini. Uh no... ALL monitors should just work with it. HDMI is a standard. If both the computer and the monitor (and their firmwares) follow said standard, and you don't have a shoddy cable, then it works.
The Apple fanboys adamantly refuse to believe the problem is with the computer and keep trying to buy monitors until they get one that works. (sans a few who get downvoted)

Oh, I wish it were only that simple.

though i'd not be surprised that apple did some poopooo

its Fucking Apple they suck

they want everything propietary

It could be that your screen is hdmi 2.1, and m1 is too ( afaik ), or 2.0

And the cable doesn't support 2.0/2.1

My screens are too old for that. lol

Have same issue with my 2.1 HDMI tv 😦

Then its just apple being apple lol.

As if Apple is the only company doing that. 🙄

(not same, but similar - I have just random pixels turning to weird colours)

My 2017 Intel MBA doesn't have any issues. But it's considerably underpowered for more than web browsing, document work, and SSH. Which is what I use it for. I didn't buy it new anyway x)

"A freaking landmine deals with pressure better than apple, and would kill fewer people."

I do wish Apple would acknowledge issues more appropriately... "A very small number of users...." <insert louis rossmann rant here>

releases 2019 MacBook Pro..... immediately adds it to the butterfly keyboard recall bulletin page

https://tenor.com/view/mindblown-excuse-me-what-me-dr-phil-gif-14053511

"Awww. You think they're a threat. Show's about to start. Careful though, The first three rows are a splaaaash zooone" Maniacal Laughter

yeah in the past i remake all like spigot patchs.. but lynx give me a tutorial for avoid this xd
almost are only the index... if not then broken git again try things XD

the first time when try https://github.com/Doc94/Paper/blob/master/CONTRIBUTING.md#rebasing-prs i broke the branch because in step 2 to 3 not explain (or i dont know how to read english) the index :C

Wow Yogscast are doing a poker tournament and Lewis is making all his decisions via wheel spin

Definitely the easiest way

He has a wheel with like fold, raise, all-in, etc (some real goofy stuff too) and he spins it every time to decide what to do

Gonna be gusty

    Number of packets received by the client.

is the rx value in the F3 screen per second?

can't find information on this

pretty sure it is, yes

Very Funny
https://www.youtube.com/watch?v=SAc7L5sLaG0&t=530s

for some reason I read that as "SQL most quotable lines" and was very confused

thoughts on native bedrock servers?

do you think there is a market for decent bedrock servers?

i m ean there are more bedrock than java players

bedrock sucks

meh

its an inferior game but there are more bedrock than java players

and bedrock is the only option on many platforms

part 2
https://www.youtube.com/watch?v=WP1oJPxuI1o

uwu

hello there naomi

what cpu would be good for some servers? was thinking of setting up my own machine

wow middle of december 57F outside and i am turning on the AC

Xeon processor is a good one

https://www.intel.com/content/www/us/en/products/details/processors/xeon.html

what about one of the 12th gen intel cpus?

if you plan on doign any gaming with it i woudl avoid the 12th gen due to DRM issues

na I meant a computer just for servers and some general web hosting

@red halo pig owns

seriously, there is very little sane reason to own your own box

hardware moves so fast that if you wanna stay on the latest hardware it's cheaper to just rent a box and keep moving forward

I wish SAO Abridged was still a thing

(it might be but they do like one episode a year at most so who knows)

Well the Log4J RCE just took a hilarious turn. Apparently something in Discord's search stack uses Log4J so search is currently disabled 🤣

lmao

yeah i wished it would continue it kinda dropped off mid way

I was wondering why it was disabled

https://tenor.com/view/disappointed-picard-face-palm-enterprise-star-trek-gif-15057652

adam do you watch sao quotes all day or something

not all day but ive probably seen the entire sao abridged series 6x this year

sounds like you need help

i do watch a ton of anime on cruchyroll and netflix though

finished Demon Slayer and now watching Are You Lost

I have also finished the entire SAO series.

who wants lunar cape?

i mean cloak

watch dragons blood

@rich cove how long have you been doing cpp

actual exploit

they can remotely execute any arbitrary code

read the stuff they sent

read #paper-help pins

you should have everything you need

but yeah it's full RCE on both server and client

who wants free lunar client cloak

since it's been exploited already, I wonder which server got the msft-insiders\™️ experience

only optifine can give capes so stop trying to scam

bruh no

lunar client can give capes

I think it's against the eula

wdym?

do you know lunar client?

it still falls under mojangs EULA lol

why do you want to give people a cloak

i just have too many of them

so yea

I want a free cape

where is free cape

too bad

already got someone

Hi guys, quick question. Does anyone know if it is possible, with gradle, redirect the output of the task "buildsNeeded" inside one single fat jar (Without using plugins like shadow)

lol

wait a sec

yes, disabled because of the exploit

is that a joke or is that serious

serious, they are using elasticsearch, which is affected

kekw

damn

I mean

it stays in your mind so

it's okay

have you ever tried making a minecraft server impl?

"Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable,"

btw the cve is released

discord search as well, thats why its currently not available

CVE-2021-44228

ohh that's why they took it down

automatic timer?

???

???

https://youtu.be/Xqi9azBaTng this is so bad its good

The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is an unauthenticated RCE vulnerability allowing complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1.

oh

what else have you made?

lmao

imagine not having tens of alternatives 👍 that's one of ways the humanity will collapse miserably

After the first proof-of-concept exploit was published on GitHub yesterday, threat actors began scanning the Internet for systems vulnerable to this remotely exploitable security flaw that doesn't require authentication.

what's vulnerable

anything that runs that log4j thing?

so all servers which didn't patch yet are vulnerable???

yup

stupid

there may be inactive servers

tens of thousands

only big ones are updated

well you can be sure people will try to automate exploits

and tens of thousands of other applications, log4j is pretty popular

it is bad

4j means 4 java right?

glad I don't use it

thats really bad yes

yep.

from wikipedia

The problem lies in Log4j, a ubiquitous, open source Apache logging framework that developers use to keep a record of activity within an application. Security responders are scrambling to patch the bug, which can be easily exploited to take control of vulnerable systems remotely. At the same time, hackers are actively scanning the internet for affected systems. Some have already developed tools that automatically attempt to exploit the bug, as well as worms that can spread independently from one vulnerable system to another under the right conditions.

yup

pretty much

not really if you don't have your ports opened no?

no

you should also have firewall rules in place to block port scanning

https://www.toolbox.com/tech/operating-systems/question/how-to-block-port-scanning-tools-and-log-them-with-iptables-051115/

its fun how a logging framework can give hackers remote access to a server machine

just block everything unless the production ready stuff

java moment

I down a can of monster when I want a good nights sleep

average arch user

??

oh.. you mean to install

there's choco lol

wat

you sound like you have 0 fucking clue of whatever the fuck you're talking about

Guess what!

whomstdvent

Literally every linux desktop has a web browser too!

And, get this!

it can download shit!

Whodathunk!