Client-sided modding: Good or bad?

Do you think client-sided modding is a good feature in Minetest?

Yes.
15
83%
No.
1
6%
I don't know or I don't care.
2
11%
 
Total votes : 18

User avatar
Wuzzy
Member
 
Posts: 2161
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy

Client-sided modding: Good or bad?

by Wuzzy » Tue Mar 21, 2017 16:39

Hi! This is a thread to discuss client-sided modding or “CSM” for short.

Client-sided modding is a feature which has been added into the developer version of Minetest a few days ago.

This thread has been created to stop the off-topic spam in this thread: viewtopic.php?f=9&t=17046

Documentation (looks very WIP): https://github.com/minetest/minetest/bl ... lua_api.md
Last edited by Wuzzy on Wed Mar 22, 2017 15:31, edited 1 time in total.
I'm creating MineClone 2, a Minecraft clone for Minetest.
I made the Help modpack, adding in-game help to Minetest.
 

User avatar
Wuzzy
Member
 
Posts: 2161
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy

Re: Client-sided modding: Good or bad?

by Wuzzy » Tue Mar 21, 2017 17:01

Linuxdirk wrote:The lack of communication to the users about CSM.

sofar wrote: We didn't communicate less than normal. All development and discussion is done in the open. Blame yourself instead.


In Linuxdirk's defense, there was no post in the News forum and there wasn't a serious discussion in the forum about this before it has been merged. So many players probably weren't aware. You can't expect that everyone tracks down every single commit of Minetest development in GitHub or to hang around in IRC 24/7. I think it is VERY reasonable to expect that such a gigantic change like client-sided modding deserves at least a mention in the News forum. But I didn't see any.
While I think it would be unfair to say that there was no communication at all, it clearly could have been better.

sofar wrote:CSM has the potential to massively offload visual and audio features to the client to make the game much more visually and soundwise appealing (ambiance, particles, special effects) to the players. This is good. Minetest is really bleak without many sounds. More particles will make things like fire and torches nicer. We can finally get better fire sounds and not bring the server down with sound packets. Actual Fog. Better footsteps and water splashing, etc.. A lot of the UI can stop relying on the server and we can make better HUD bars, enhance the minimap, make game screen overlays and score panels.


This sounds great on the surface, but there's a HUGE “but”.
But I am worried that Minetest pushes more and more responsibility from the engine to mods. The engine becomes dumber and dumber (read: It has less core features) and the mods must therefore become more and more complex.
Even standard game features like ambient sounds are not considered to be core features. Other examples:
- There is a relatively small amount of builtin chat commands
- There is no default player model
- There is no built-in help system
- The sound system is still rather weak
- There are no mobs. Instead, there are tons of laggy and incompatible mob mods
- Other things you just mentioned

I think it is a mistake to think that client-sided mods will become the “magic bullet” to solve all of these problems.
I think the answer to many (maybe not all) of these problems is not neccessarily adding more Lua scripts, but improving the core features of the engine. Pushing the responsiblity for even such basic features like sounds to the modder does not feel right to me.
Can you give me some examples for use cases which could ONLY be done by client-sided modding, meaning that an engine implementation would be actually the worse idea?

Also, the example “actual fog”. Seriously? Are you suggesting that mods now also have the responsibility for rendering? Lol, if this trend continues, Minetest will soon be nothing but Lua. xD

The GUI of Minetest is already pretty bare bones and the engine gives you almost nothing by default. Meaning, without mods, you only have a very crappy default GUI, you have to do almost everything by hand first.

sofar wrote:You seem to be under the misunderstanding that "minetest_game" is supposed to be the end-all super duper multiplayer subgame. It's not. It's never meant to be, although some people want it to be, and some people don't want it to be. It'll never get solved, either, at any rate.

If you don't want to create a great game, why bother? This is a serious question. I still have not been able to understand the point behind Minetest Game.
Also, this argument is invalid because it ignores other subgames which actually want to be serious multiplayer games.



But at least now I take back the security concerns against client-sided modding, knowing that modifying the engine is not much harder either.
This means the real problem is that it is way too easy to cheat either way. Serious multiplayer subgames are not really possible when it is a key element that players are not allowed to know everything. If it is easy to reveal the positions of all ores, for example, it is impossible to make a “mining competition”-style game without it being flooded by cheaters which you can't even detect.

Then the “documentation”:
https://github.com/minetest/minetest/bl ... lua_api.md

Sorry, but this looks very very WIP and most of it looks just like copypasted from lua_api.md. Not even the introduction is correct:
Mods are contained and ran solely on the server side. Definitions and media files are automatically transferred to the client.


Also not much about the capabilities of this feature is explained, especially the difference from “normal” modding. Sorry, with this document you can't complain about users ignoring it, because it is not really useful at this stage. Linuxdirk was completely right in complaining about the lack of proper documentation.


Overall, to be honest, I remain rather skeptical about this client-sided modding thing. But I will wait and see how things will go.
Last edited by Wuzzy on Tue Mar 21, 2017 17:22, edited 4 times in total.
I'm creating MineClone 2, a Minecraft clone for Minetest.
I made the Help modpack, adding in-game help to Minetest.
 

bell07
Member
 
Posts: 140
Joined: Sun Sep 04, 2016 15:15
GitHub: bell07

Re: Client-sided modding: Good or bad?

by bell07 » Tue Mar 21, 2017 17:02

I am not long at Minetest, and I do not know the client/server concept in detail, but I do not see any reason to fear the client sided modding, even not in security point of view. Minetest server and client are both Open Source. That means any "Hacker" was able to hack and cheat the game in the past too, using modified client version. So all threats are before client sided modding and Minetest developer did a great job to manage them.
New client sided modding leads to new ways and to more people are concerned about it, that leads usually to even more quality where possible in OS-projects

That was my 2 cent: client sided modding +1
 

User avatar
Wuzzy
Member
 
Posts: 2161
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy

Re: Client-sided modding: Good or bad?

by Wuzzy » Tue Mar 21, 2017 17:19

Oh, before people complain I was ignorant before this was merged:

I posted a discussion thread in October 2016 (!) to learn more about the rationale behind client-sided modding but it never really took off and I never got an helpful answer:
viewtopic.php?f=3&t=15803

:-(
So much for communication. I don't believe in malice here, it probably was just overlooked. Still:
:-(
I'm creating MineClone 2, a Minecraft clone for Minetest.
I made the Help modpack, adding in-game help to Minetest.
 

Nyarg
Member
 
Posts: 144
Joined: Sun May 15, 2016 04:32

Re: Client-sided modding: Good or bad?

by Nyarg » Tue Mar 21, 2017 18:01

CSM is a good idea. That allow the server free own time at least as a base feature.

More epic:
CSM may be used as cloud computation system in future that allow server wideself into cloud )
Last edited by Nyarg on Tue Mar 21, 2017 18:21, edited 2 times in total.
I am a noob. still yet. Not so noob ) [vml] WIP
"My english isn't well" I know. I'm sorry )
 

red-001
Member
 
Posts: 126
Joined: Tue Jan 26, 2016 20:15
GitHub: red-001
IRC: red-001

Re: Client-sided modding: Good or bad?

by red-001 » Tue Mar 21, 2017 18:09

An announcement would just build unnecessary hype. Client-sided modding isn't meant to fix all issues minetest has just off load some of the graphics and ui stuff to the client. Yes the start of the doc is copied form the server documentation but the api list is accurate. You could also read the dev wiki about what csm is meant to achieve (it is a bit out of date) or just search github. All the information is publicly available. If someone doesn't want to do basic background research then there really isn't much that can be discussed. Of course the documentation could be improved and the wiki page updated to be more accurate but getting CSM to a state where it's useful is more important right now.
 

User avatar
burli
Member
 
Posts: 1313
Joined: Fri Apr 10, 2015 13:18

Re: Client-sided modding: Good or bad?

by burli » Tue Mar 21, 2017 19:25

CSM is not bad. Many things can be done.

But what Minetest really needs is a better multicore support, better mapgens, better GPU support and better support for mobs. This has to be done in C++
 

Byakuren
Member
 
Posts: 441
Joined: Tue Apr 14, 2015 01:59
GitHub: raymoo
IRC: Hijiri

Re: Client-sided modding: Good or bad?

by Byakuren » Tue Mar 21, 2017 20:45

One use case for client side modding is GUI with fast response time and mod-defined behavior. Current GUI (formspecs) have a slow response time since the input has to travel to the server and back, but if GUI stuff could run on the client side then you would only need to send a message to the server when something needs to affect the server. For example, you could have a multiple-page dialog setting up some protection area, and the client would only need to communicate with the server once the player was done inputting all the settings.
Every time a mod API is left undocumented, a koala dies.
 

User avatar
rnd
Member
 
Posts: 136
Joined: Sun Dec 28, 2014 12:24
IRC: ac_minetest
In-game: rnd

Re: Client-sided modding: Good or bad?

by rnd » Wed Mar 22, 2017 12:16

FEATURE REQUEST:
server setting : enable_local_scripts = true/false

when false client is prevented from running its own scripts, only those provided by server are allowed.

EDIT: don't reply with how client can do what it wants.. ofc it can if you compile it and change. That's not the point. Point is to prevent "cheat client" being same as game you get when you download minetest from minetest website - "zero effort" cheating, "user friendly" cheating, "cheating in a package"...
Last edited by rnd on Wed Mar 22, 2017 15:51, edited 3 times in total.
 

bell07
Member
 
Posts: 140
Joined: Sun Sep 04, 2016 15:15
GitHub: bell07

Re: Client-sided modding: Good or bad?

by bell07 » Wed Mar 22, 2017 12:56

when false client is prevented from running its own scripts, only those provided by server are allowed.

The server cannot prevent anything on the client. This fact is independent if client sided mods are implemented or not. In the past it was possible to run own code on client using patched clients. It is open source, so no security by obscurity. If the CSM are implemented it will be simpler to get a "cheater client".

So the main challenge for CSM is to implement the suspicion. The server should never thrust client functionality (vice versa). That means the data sent to client needs to be filtered if the player is allowed to see them (Do not trust the client concealed received data). And all received data back to the server needs to be checked for plausibility.
So the "Jump-functionality" for example needs to be implemented on both sites: On client how the jump is visible and on the server if the player is going up or not.

Now I agree there is a lot to do before MT is ready for CSM.
Pls note the wording: "Mod" means "Modification of existing" not "Adding new". The base needs to be there that could be modified by mods.
 

User avatar
DS-minetest
Member
 
Posts: 707
Joined: Thu Jun 19, 2014 19:49
GitHub: DS-Minetest
In-game: DS

Re: Client-sided modding: Good or bad?

by DS-minetest » Wed Mar 22, 2017 13:16

@Wuzzy: Suggestion: Open a poll (good or bad) to see how many people are there that still think, there would be a problem.
Do not call me -minetest.
Call me DS or DS-minetest.
I am German, so you don't have to pm me English if you are also German.
The background is a lie.
 

Nyarg
Member
 
Posts: 144
Joined: Sun May 15, 2016 04:32

Re: Client-sided modding: Good or bad?

by Nyarg » Wed Mar 22, 2017 15:26

bell07 wrote:The server cannot prevent anything on the client.
patched clients.
no security by obscurity.
If the CSM are implemented it will be simpler to get a "cheater client".

Yes but it's not problem because server may prevent most cheats in case:
1. Server is End point and control a protocol flow.
2. At end only Server cover and allow change a world data
In other word server is Owner and Supervisor.
I am a noob. still yet. Not so noob ) [vml] WIP
"My english isn't well" I know. I'm sorry )
 

User avatar
Wuzzy
Member
 
Posts: 2161
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy

Re: Client-sided modding: Good or bad?

by Wuzzy » Wed Mar 22, 2017 15:33

Poll added. But please remember this is still a discussion thread.

If the CSM are implemented it will be simpler to get a "cheater client".

It IS already implemented, in case you haven't noticed. Not in version 0.4.15, but in the developer version.
I'm creating MineClone 2, a Minecraft clone for Minetest.
I made the Help modpack, adding in-game help to Minetest.
 

bell07
Member
 
Posts: 140
Joined: Sun Sep 04, 2016 15:15
GitHub: bell07

Re: Client-sided modding: Good or bad?

by bell07 » Wed Mar 22, 2017 15:46

It IS already implemented
I seen it, and I seen the first cheater-mod [oredetect] is already developed. It is just I like to talk in general and/or abstract. ;)

About the "Good" or "Bad" poll, I do not have an answer. In general: yes, In fact: I do'nt know. I have doubts about the minetest sends currently more data to the clients as needed (invisible nodes and nodes metadata, like chests content for them). If before I need a modified client to use them now I just need to install a mod. Cheating will be user friendly now.
 

User avatar
burli
Member
 
Posts: 1313
Joined: Fri Apr 10, 2015 13:18

Re: Client-sided modding: Good or bad?

by burli » Wed Mar 22, 2017 15:53

But you can't install these mods on the client. You have to load them from the server. Or did I miss something?
 

Nyarg
Member
 
Posts: 144
Joined: Sun May 15, 2016 04:32

Re: Client-sided modding: Good or bad?

by Nyarg » Wed Mar 22, 2017 16:05

bell07 wrote: I seen the first cheater-mod [oredetect] is already developed.
Hmm, we need full list of potential way of cheating.
May be somebody create that topic (my english isn't well for it).

For like 'oredetect' mod server may transfer only surface.
I am a noob. still yet. Not so noob ) [vml] WIP
"My english isn't well" I know. I'm sorry )
 

red-001
Member
 
Posts: 126
Joined: Tue Jan 26, 2016 20:15
GitHub: red-001
IRC: red-001

Re: Client-sided modding: Good or bad?

by red-001 » Wed Mar 22, 2017 16:57

Making minetest only send the surface nodes is possible but you have to ask yourself is the extra load on the server and the time it will that to add that worth stopping a few cheaters? It is also likely to make the experience worse for honest players that just have a bad connection.
 

red-001
Member
 
Posts: 126
Joined: Tue Jan 26, 2016 20:15
GitHub: red-001
IRC: red-001

Re: Client-sided modding: Good or bad?

by red-001 » Wed Mar 22, 2017 17:08

Anyway since you asked for a full list of cheats possible in minetest in general, here is one:
fly (requires making a single function return true, iirc there is an open PR that is meant to stop it)
noclip (same as above, iirc there is an open PR that is meant to stop it)
wireframe (same as above, close to impossible to detect, impossible to fix)
fast (same as above) can be stopped by the built in anticheat
No drowning/lava/fall damage (can be achieved just by removing a few checks, there is an WIP pr that is meant to fix this)
xray (can be achieved in lot of ways, with the most basic version only requiring a texture pack or a client-sided mod, but more advance versions requiring a modified client, hard to detect, difficult to counter-act)
full bright (requires basic c++ modification, close to impossible to detect, most likely impossible to stop)
 

bell07
Member
 
Posts: 140
Joined: Sun Sep 04, 2016 15:15
GitHub: bell07

Re: Client-sided modding: Good or bad?

by bell07 » Wed Mar 22, 2017 22:42

I readed the client_lua_api.md, some brainstorming for it

Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
Code: Select all
minetest.register_alias()
Really? Could client site aliases be useful? Oj, I need just to set an alias for dirt to mese !
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
Code: Select all
formspec list[context;main;0,0;8,4;]
The context could be other players inventory, locked chests and so one. Is this feature secured already?

At the other site I did not found the methods used in [oredetect]
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
Code: Select all
minetest.register_on_punchnode()
core.find_node_near()
core.get_node()
Is the mod really for the client? After short code inspection it should work on server. By the way, in the folder structure I cannot see any difference if it is a client- or server mod. Maybe "clientmod.conf" should be used instead "mod.conf" to get a difference?

Next question: Is a protocol implemented for Mod2Mod communication? That will be the next insecurity-vector, a buggy mod could open backdoors on server. :/

I realize the CSM should be just an "Enhanced texturepack framework" in first step. That means lua enabled way to modify some visual effects on the client site according to players taste. But it should be clear the most enhancements and features should be still written to the client framework in C++.
A client mod should never be able to do something gameplay relevant because the gameplay is on the server.

Is any documentation available about the visions, goals, concepts and design of currently implemented CSM? Or does it just exists in developer's head?

[/Brainstorm off]
 

red-001
Member
 
Posts: 126
Joined: Tue Jan 26, 2016 20:15
GitHub: red-001
IRC: red-001

Re: Client-sided modding: Good or bad?

by red-001 » Wed Mar 22, 2017 22:57

The document is based of the server scripting api doc. The register alias section should be removed. Formspecs created on the client are separated from formspecs sent to the client by the server. However you shouldn't trust formspec data sent to the server by the client, Minetest Games doesn't and if your code does you should change it as someone with a modified with client could send back fake data. The folder data section is closer to an end goal then the current state. Communication between the client and the server hasn't been added yet. I don't know why you think that's a attack vector.
https://github.com/minetest/minetest/issues/5394 is the current issue for tracking bugs and features that should be added to CSM soon there is also a wiki page that is a bit outdated but does cover most of the basics.
 

Byakuren
Member
 
Posts: 441
Joined: Tue Apr 14, 2015 01:59
GitHub: raymoo
IRC: Hijiri

Re: Client-sided modding: Good or bad?

by Byakuren » Thu Mar 23, 2017 01:28

bell07 wrote:I readed the client_lua_api.md, some brainstorming for it

Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
Code: Select all
minetest.register_alias()
Really? Could client site aliases be useful? Oj, I need just to set an alias for dirt to mese !
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
Code: Select all
formspec list[context;main;0,0;8,4;]
The context could be other players inventory, locked chests and so one. Is this feature secured already?

At the other site I did not found the methods used in [oredetect]
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
Code: Select all
minetest.register_on_punchnode()
core.find_node_near()
core.get_node()
Is the mod really for the client? After short code inspection it should work on server. By the way, in the folder structure I cannot see any difference if it is a client- or server mod. Maybe "clientmod.conf" should be used instead "mod.conf" to get a difference?

Next question: Is a protocol implemented for Mod2Mod communication? That will be the next insecurity-vector, a buggy mod could open backdoors on server. :/

I realize the CSM should be just an "Enhanced texturepack framework" in first step. That means lua enabled way to modify some visual effects on the client site according to players taste. But it should be clear the most enhancements and features should be still written to the client framework in C++.
A client mod should never be able to do something gameplay relevant because the gameplay is on the server.

Is any documentation available about the visions, goals, concepts and design of currently implemented CSM? Or does it just exists in developer's head?

[/Brainstorm off]


I don't see any issue with gameplay-relevant client<->server messaging since players can already send bad formspec submissions (as red-001 said), and formspec submissions can be gameplay relevant (for example, clicking buttons on some machine). It just means that the server needs to do validation of messages from client mods like they already should be doing with formspecs.
Every time a mod API is left undocumented, a koala dies.
 

User avatar
Linuxdirk
Member
 
Posts: 497
Joined: Wed Sep 17, 2014 11:21
GitHub: dsohler
In-game: Linuxdirk

Re: Client-sided modding: Good or bad?

by Linuxdirk » Thu Mar 23, 2017 06:50

burli wrote:But you can't install these mods on the client. You have to load them from the server. Or did I miss something?

That's the point here. You download an "X-ray mod" like [oredetect] and install it as client-side mod. Now you can use the mod on every server you want without the server knowing that you have X-ray capabilities. Server owners can't even disable it properly.

In it's current state it is not ready for wide use. Currently it is in the development version only yes, but I hope it will stay there at least as long as it would take to add a server option to disable "convenient cheating" in the client.
 

User avatar
burli
Member
 
Posts: 1313
Joined: Fri Apr 10, 2015 13:18

Re: Client-sided modding: Good or bad?

by burli » Thu Mar 23, 2017 07:26

Linuxdirk wrote:You download an "X-ray mod" like [oredetect] and install it as client-side mod.


Really? Really really? That's ridiculous, if that is true. But I cant believe that the devs are that dumb
 

bell07
Member
 
Posts: 140
Joined: Sun Sep 04, 2016 15:15
GitHub: bell07

Re: Client-sided modding: Good or bad?

by bell07 » Thu Mar 23, 2017 08:07

I don't see any issue with gameplay-relevant client<->server messaging since players can already send bad formspec submissions
A client<->server / mod <-> mod messaging presupposes a mod at the server site provide an additional sender/receiver. Such sender/receiver is always an additional risk like an open TCP-port.
The most mods are not under control of minetest_mods or minetest_game and do not follow any security guidelines (not needed before). But if I provide an eye-catcher mod with not secured message channel any server owner installs a backdoor by installing such mod. I thing many people does look to screenshots only but not to the code before installing a mod. Of course such issue will be reported and fixed soon, but the area for possible attacks will grow with each additional mod that provides a sender/receiver server site.
 

User avatar
Linuxdirk
Member
 
Posts: 497
Joined: Wed Sep 17, 2014 11:21
GitHub: dsohler
In-game: Linuxdirk

Re: Client-sided modding: Good or bad?

by Linuxdirk » Thu Mar 23, 2017 08:12

burli wrote:
Linuxdirk wrote:You download an "X-ray mod" like [oredetect] and install it as client-side mod.

Really? Really really? That's ridiculous, if that is true.

It is. As I was told client-side mods can see anything that the client can already see. And since the client can see all ores client-side mods can see them, too.

burli wrote:But I cant believe that the devs are that dumb

Professionally blinkered maybe. Living in an ivory tower at most. But I totally won't call them dumb.
 

User avatar
burli
Member
 
Posts: 1313
Joined: Fri Apr 10, 2015 13:18

Re: Client-sided modding: Good or bad?

by burli » Thu Mar 23, 2017 08:17

Linuxdirk wrote:It is. As I was told client-side mods can see anything that the client can already see. And since the client can see all ores client-side mods can see them, too.


Yeah, that is ok. But I can't believe that players can install a client side mod at the client. They should be downloaded from the server
 

Byakuren
Member
 
Posts: 441
Joined: Tue Apr 14, 2015 01:59
GitHub: raymoo
IRC: Hijiri

Re: Client-sided modding: Good or bad?

by Byakuren » Thu Mar 23, 2017 08:44

bell07 wrote:
I don't see any issue with gameplay-relevant client<->server messaging since players can already send bad formspec submissions
A client<->server / mod <-> mod messaging presupposes a mod at the server site provide an additional sender/receiver. Such sender/receiver is always an additional risk like an open TCP-port.
The most mods are not under control of minetest_mods or minetest_game and do not follow any security guidelines (not needed before). But if I provide an eye-catcher mod with not secured message channel any server owner installs a backdoor by installing such mod. I thing many people does look to screenshots only but not to the code before installing a mod. Of course such issue will be reported and fixed soon, but the area for possible attacks will grow with each additional mod that provides a sender/receiver server site.

Why is mod messaging worse than formspecs? In both cases, the server receives some (possibly forged and invalid) strings from the client, and mod code needs to interpret these strings. Why is the text in a mod channel more dangerous than the text from a text field from a formspec?

I'm also skeptical of any attacks that could ruin anything outside of the game or provide a real backdoor, unless the mod calls loadstring on parts of the message from an insecure environment (or with mod trust turned off). This is a very rare case and I have only seen it used for mods that are explicitly lua interpreters, in which case they already do sandboxing.

Could you please:
A) Demonstrate that mod message channels are significantly more dangerous than formspecs
B) Separately, give an example of an exploit enabled by message channels (or formspecs) that does not rely on the server-side mod using loadstring or similar functions, and which could cause lasting undesired behavior outside of minetest. This exploit should still work with mod security turned on (otherwise the solution is just for Minetest to require mod security in order to use mod channels).

For A, there's the case where minetest.deserialize can run functions if they are in the serialized data, but I hardly think that's a fatal security flaw, since minetest.parse_json and minetest.write_json could be used instead (and have warnings to use them plastered over the mod channels API). With mod security turned on (and assuming the server has not imported into the global environment a package that can be used to set up a server to listen for commands), it's not something that could create a backdoor, either. minetest.deserialize isn't as big of a problem for formspecs because it's unlikely that a mod will try to interpret player formspec input as serialized data.

EDIT: I like the idea of client mods sent by the server, but I don't like that clients can enable their own client mods (which is the only kind of client mod currently supported). Yes, a cheater could compile a modified client, but I think having client mods loaded from the client makes the barrier to cheating too low, compared to if the player had to recompile Minetest with cheats or seek out a modified build from someone else.
Every time a mod API is left undocumented, a koala dies.
 

User avatar
Linuxdirk
Member
 
Posts: 497
Joined: Wed Sep 17, 2014 11:21
GitHub: dsohler
In-game: Linuxdirk

Re: Client-sided modding: Good or bad?

by Linuxdirk » Thu Mar 23, 2017 09:47

Byakuren wrote:Yes, a cheater could compile a modified client, but I think having client mods loaded from the client makes the barrier to cheating too low, compared to if the player had to recompile Minetest with cheats or seek out a modified build from someone else.

Yes, exactly THIS is an issue here. OF COURSE it is possible to modify the code and create a "hacked client" that allows a lot of shit on servers even when the user account does not have the sufficient permissions.

But since I started playing Minetest a few years ago there was exactly ONE client that was built with cheating in mind. But the mod releases sub-forum contains 868 topics (mods). With CSM cheating becomes one of the easiest things possible in Minetest. No need to "hack", no need to recompile with changed code, no need to use exploits, simply use a few lines of documented API calls in an officially supported client-side mod.
 

bell07
Member
 
Posts: 140
Joined: Sun Sep 04, 2016 15:15
GitHub: bell07

Re: Client-sided modding: Good or bad?

by bell07 » Thu Mar 23, 2017 11:14

Byakuren wrote:Could you please:
A) Demonstrate that mod message channels are significantly more dangerous than formspecs
B) Separately, give an example of an exploit enabled by message channels (or formspecs) that does not rely on the server-side mod using loadstring or similar functions, and

A) No, it is not more dangerous than formspecs, it is equal dangerous. The point is each message channel is additional danger on top of the formspecs danger.

B) No I cannot demonstrate anything because message channels are'nt implemented currently (https://github.com/minetest/minetest/issues/5390). I like the idea, the real potential of CSM is given only if mod2mod message bus exists. Without them it will be hard to follow the client-server concept in modding. And I like to talk about it before it is implemented.


The formspec is currently implemented in the way as you propose for the client-mods. The server creates the formspec and send them to the client. Of course the client can modify the formspec, but usually it is used as is and send data back as expected.
Client-site installable mods gets in addition the compatibility issue between the client and server. To stay with the formspec example: If formspecs could be installed client-site the situation can happen the client uses an old version of formspec and send data in old way, but the server does have the new one or vice-versa.

+1 the CSM mods should follow the existing formspec strategy and be downloaded from server and not installable directly (like JS in web)

But at the other site client-installable mods could be useful for "Enhanced texturepacks" or something like, But such mods should send nothing to the server.

EDIT:Previous it was from server point of view, but I am unsure if I am happy as player if unknown lua code is automatically downloaded from server and executed on my client during connection. So -1 and I am back to +/-0
 

Nyarg
Member
 
Posts: 144
Joined: Sun May 15, 2016 04:32

Re: Client-sided modding: Good or bad?

by Nyarg » Thu Mar 23, 2017 15:54

red-001 wrote:send the surface nodes is possible but you have to ask yourself is the extra load on the server .

Ok then another way - server send only ore location in sphere radius of player location.

red-001 wrote:Anyway since you asked for a full list of cheats possible in minetest in general, here is one:
red-001 wrote:fast & fly

Seems unreachable at first glance. Really, how server may detect player fly if player's hacked client send permanent walkGround position till player suspiciously fly around with 500 or more look distance.

red-001 wrote:xray & noclip & wireframe

Useles in most case till ore locations send by server.
Separate mapgen code in 2 part
1 mapgen without ore producing formula - client and server
2 ore gen part - only server - oops client don't calculate any data for ore

Yes, double a mapgen code to serverside is a cost for CSM improving.
But, MT low cost computation is target more on client so server may be load tiny more than client.
At end, when MT run as 'singleplayer' most anticheat logic in server part will off and don't decrease MT performance.

red-001 wrote:drowning/lava damage

it's sad but server must control changing world by fluids because all players must see same environment.
it's good because HP etc in this case controlled by server.

red-001 wrote:fall damage

For server it seems as insideCalculatedTransaction - server immediately know result of fall and without waiting send it client, but If player for example used alpenstock success inside transaction brunch then current transaction will rollback and new transaction rise.

red-001 wrote:full bright

Not so useful for cheaters than ore detection
I am a noob. still yet. Not so noob ) [vml] WIP
"My english isn't well" I know. I'm sorry )
 

Next

Return to Modding Discussion

Who is online

Users browsing this forum: Google [Bot] and 12 guests

cron