Guest Posted September 5, 2004 Share Posted September 5, 2004 First a little quote from slashdot. I've never been a fan of c++ add-ons. You can't build a newbie-friendly community when your mods are potentially unsafe. Unreal, for example, allows c++ add-ons but it's considered very poor form. The big MSU contest bans entries with native code. These days I don't see c++ as a pro. When I see that I think of it more as a "no scripting language" con. I'd hate to see mods begin to bundle in other software, for example. I'd just much rather keep things in a safe sandbox. I certainly don't have the time or desire to review source code before playing a mod. As far as I've understood mods will be C/C++ only. What about buffer overflows? What about malicious mod makers? Wouldn't a sandbox, like suggested in the comment above, be a better idea? Link to comment
StAnToN Posted September 5, 2004 Share Posted September 5, 2004 I think the mta team are aware of these issues and in the new core (mta Blue" there will be prevention of these things happening but as the mta team say IT WILL BE ADDONS nothing else, not cheating, just addons therefore maybe the mta team will put a block on how big the file size can be.... im not sure but only time will tell Link to comment
orappa Posted September 5, 2004 Share Posted September 5, 2004 I don't see what the problem is, as everyone has to have the same mod installed. If the mod happens to crash the server, then the server admin will remove it. Link to comment
StAnToN Posted September 5, 2004 Share Posted September 5, 2004 Yes i still like my idea that i suggested of something like a message dialog popping up and asking you to download the specified "add on" or have the downloads integrated into the server list therefor meaning that wen u cvlik on a server to look at the options it will tell you what "add on" they are playing and giving you a download link Link to comment
b0b0 Posted September 5, 2004 Share Posted September 5, 2004 I don't think either of you understand. This is beyond cheating and beyond MTA. Razo means that because the language used is C++, this will give people with malicious intent the ability to exploit client and server machines and gain command access. Simply put, he means that bad people will be able to hack into players' computers unless the system is sandboxed, or contained within an isolated virtual environment. Very good question Link to comment
Guest Posted September 5, 2004 Share Posted September 5, 2004 Err.. I think you're missing my point here. I was not talking about cheating, the size the of add-on or anything. I just don't like the idea of compiled binaries that the mod user hasn't got a clue of what does. For all you know, it could secretly send your passwords to a server in China - and you would never know. I'm not going to explain buffer overflows in detail here, but they are basicly bugs that may allow malicious people to run arbitrary code on your PC. EDIT: You beat me to it b0b0. Link to comment
eAi Posted September 5, 2004 Share Posted September 5, 2004 We have discussed this as a team, and we're going to try to think up a method for ensuring addons are safe. As has been pointed out, an addon could theoretically do anything to your system, be it a half-life addon or a blue addon. I think the key will be that certain addons will appear that are considered the best - like CS on half-life, and these will be safe. Its only when you start downloading random addons that are new that you should worry about the safety of them. eAi Link to comment
OpiuM. Posted September 5, 2004 Share Posted September 5, 2004 dont download them from malicious people. maybe MTA could have a validation team, that will inspect mods, and have links to the on thier site? like phpbb.... not telling you to copy, but validated mods would make ppl feel alot more safe. Link to comment
darkdreamingdan Posted September 5, 2004 Share Posted September 5, 2004 so one day, wen mta has more servers than cs, we'll find sum nobody to inspect every server and check the source code? Link to comment
OpiuM. Posted September 5, 2004 Share Posted September 5, 2004 no, your not understanding me at all. you have to download the mods off a site, why not by MTA? and have inspectors, to inspect these mods. Link to comment
darkdreamingdan Posted September 5, 2004 Share Posted September 5, 2004 no, your not understanding me at all.you have to download the mods off a site, why not by MTA? and have inspectors, to inspect these mods. so instead of these insectors inspecting these mods, we will have inspectors inspecting every mod site that uses an mta server? Still sounds samey to me. Link to comment
OpiuM. Posted September 5, 2004 Share Posted September 5, 2004 NO JESUS, LMFAO! people submiit thier mods to these ppl, and they get a link on the MTA site if they are verifyed, the MTA site could be a safe haven for mod downloaders, im not responing if you dont get this Link to comment
darkdreamingdan Posted September 5, 2004 Share Posted September 5, 2004 so inspeectors have to go to mod sites AND servers to check if they r allowed or not and check the source code? lol im only j/k now i understand. but wat if ppl get them verified and edit them at the last minute. edit: deleted sum crap after re-reading it. Link to comment
tbot Posted September 5, 2004 Share Posted September 5, 2004 First of all, if this is going to be a dll/so system, source code doesn't necessairily have to be released, so how would you want to check those? Native code implies massive security risks, so if I were developing this I wouldn't let the responsibility at the end-user, who are, generally taken, not very aware of these risks. And in this case it's not the lack of alternatives that should be the deciding edge. Not too long ago I did some research into scripting engines (and am currently working on my own), and as a very good alternative to native code there is the SeerC scripting engine, offering almost ANSI C scripting with possibilities very near (if not the same) as native code, yet in a somewhat protected environment. Link to comment
ashdexx Posted September 7, 2004 Share Posted September 7, 2004 Perhaps a better way to "pack" your assests (models, textures, etc) would be to write up a small app that contains all the necessary code for an addon, and all the end user has to do is compile the assets into the appropriate .dll/.so file wih the exe, and never touch the code itself. This is both safer and more user friendly. Link to comment
eAi Posted September 7, 2004 Share Posted September 7, 2004 Not sure what you mean by that... eAi Link to comment
Posty Posted September 7, 2004 Share Posted September 7, 2004 I think he means like, add all the mods you want to put on a server into one huge mod pack (such as the Vice City Delux mod pack, that contains all different mods). Because you said only one pack at a time, right? Link to comment
Brophy Posted September 7, 2004 Share Posted September 7, 2004 when he is trying to say is make something in which only the addon source is in it and nothing else is touched Link to comment
ashdexx Posted September 7, 2004 Share Posted September 7, 2004 I'll clarify / elaborate a bit more... When we refer to "addon", we're refering to a .dll file (or .so on linux servers). When we refer to "modification"/"mod" we're refering to the complete resources needed for the game-mode such as textures, sounds, sprites etc. Addons will have to be coded in either C or C++. We will be providing support for a free IDE and compiler as well as Visual C++ 6, both will work as well as eachother. We will also be providing some useful 3rd party tools that we think you will find useful along with some sample source code. Although C or C++ knowledge is useful for writing the addon of your dreams, we expect that by reading through the existing code and fidiling around you should be able to get the hang of it easily. We will also hope to provide tutorials and other support for writing specific parts of addons and gamemodes For common types of mods, map mods, vehicles, etc, you could use a standardized template, so that no code needs to be touched. The template would be stored in a small exe, perhaps a command line app, where with the template, you could "compile" the files required to build the mod against the exe, using the template, to build the necessary .dll file(s). I'm not sure what else can be accomplished via your method of hand compiling the mods, but i think this would work for msot of the common types of mods. Link to comment
Kent747 Posted September 7, 2004 Share Posted September 7, 2004 using a template system can be rather limiting in what you allow a person to do with the addon.... also, we don't want to spend a hwole lot of time writing a scripting parser / engine because we think that our time is better spent giving you the options you need. Point is... if a person wants to write a virus, there are more effective ways of doing it than through a game addon... C++ addons are viable in HL and UT... and this is no different, just trusting the person you are downloading from is important. Kent Link to comment
eAi Posted September 7, 2004 Share Posted September 7, 2004 We've contemplated producing a scripting engine via an addon, or integrating lua or similar, but we don't really have the time, if we want to release blue any time within the next year It'd be entirely possible for someone to integrate a scripting engine, but we believe that allowing C++ addons gives people a lot of power that can be well used (as well as badly used of course). We will try our best to make everything as straightforward as possible to create an addon, and I'm sure some people will make tools that make it even easier, once we release the SDK. eAi Link to comment
tbot Posted September 8, 2004 Share Posted September 8, 2004 but we don't really have the time May I point you to the fact that there are quite a few good and fast ready-to-use scripting engines. Embedding those wouldn't take more (possibly even less) time than implementing dll support. The engines are well enough to give the scripter enough power to effectively create addons. Besides that dll's aren't portable, so it's up to the mod maker to also compile it against linux, and not everybody may be able to do so (making the whole less portable). Link to comment
eAi Posted September 8, 2004 Share Posted September 8, 2004 As you don't know quite what addons will have access to, its hard for you to judge how easily they could be implemented. I have looked around at some scripting engines and none of them could be implemented easily enough for what we require. eAi Link to comment
TempEcho Posted September 8, 2004 Share Posted September 8, 2004 maybe its an idea to use a service intregrated in SP2 for WinXP , the programmer (The MTA team in this example) , can use it to only give an other programm (an addon) acces to gta-vc.exe , and not other processes and folder. Or you could write some code that prevents acces to anything outsite the Grand Theft Auto Vice City folder Jsut suggestions... Mr.Xanni Link to comment
orappa Posted September 8, 2004 Share Posted September 8, 2004 I don't see what the big deal is. You take exactly the same risk when you download a mod for, say Half-Life, or when you download anything executable for that matter (e.g. a utility from download.com). It concerns me that a lot of your suggestions may limit unscrupulous users, yet they will also limit those with a legitimate use for a particular function. Also, btw, a lot of virus scanners can detect "virus-like activity" and flag up a message to the user. I'm not sure how effective this is though. Link to comment
Recommended Posts