|
chris-74269 Magician
Joined: 23 Nov 2004 Posts: 364
|
Posted: Mon Oct 23, 2006 3:31 am
package contents |
i was wondering if when you gave a package to someone over the library would they be able to see the code in it or just its label? i was thinking that i could make a lot of coins in the game if i sold out my scripts, but the problem would be that i would give it to one person and they would just distribute it to all their friends ect. so basically i'm wondering if there ever will be some option such as this to protect your work but still allow people to use it.
|
|
|
|
MattLofton GURU
Joined: 23 Dec 2000 Posts: 4834 Location: USA
|
Posted: Mon Oct 23, 2006 4:41 am |
They would probably be able to see the code once it was downloaded.
|
|
_________________ EDIT: I didn't like my old signature |
|
|
|
Rainchild Wizard
Joined: 10 Oct 2000 Posts: 1551 Location: Australia
|
Posted: Mon Oct 23, 2006 5:40 am |
Zugg stated that there was not going to be any way to protect scripts because they could potentially contain malicious code and therefore anyone downloading from the package library was able to see the script in plaintext.
I had the same initial thought (as a mud admin) that we could perhaps create a 'premium' package which you got if you donated, but there's no way to protect it. |
|
|
|
chris-74269 Magician
Joined: 23 Nov 2004 Posts: 364
|
Posted: Mon Oct 23, 2006 8:14 am |
well i don't see why you would download shady scripts in the first place, but maybe just trying to protect the new users. can there perhaps be a toggle to show the code or hide it? i don't think people would just go around downloading random scripts that they have no idea of what is inside but having a toggle at the same time will let clans have protected scripts. i'd love to be able to rent out my selling scripts/bots/ect. but not unless the code would be protected.
|
|
|
|
Taz GURU
Joined: 28 Sep 2000 Posts: 1395 Location: United Kingdom
|
Posted: Mon Oct 23, 2006 8:56 am |
It's far too early in the life of CMUD for something as complicated as this, but think of how zMUD evolved over 10 years, no doubt when Zugg has more time to think of the intricacies of such a system he will figure a way round potentially abusive hidden scripts and something like that will eventually be possible.
|
|
_________________ Taz :) |
|
|
|
Seb Wizard
Joined: 14 Aug 2004 Posts: 1269
|
Posted: Mon Oct 23, 2006 9:01 am |
That's not a bad idea as long as the hidden flag were visible from the package library, so users could decide whether or not to download it knowing that the code would be hidden and could potentially contain malicious code. (Reviews by other users might give some reassurance for non-malcious code.) Actually, the compiled code could still be visible perhaps - since that can't be entered into a script, you can't duplicate on the basis of seeing the compiled code and it might enable one to see if there was anything malicious in the scripts. Also, the number of commands that can do highly malicous things outside of CMUD is pretty limited and it would be a good idea to put a flag against any package that uses these commands (even if the source code to the package is visible). Even if it were just possible to protect a package such that it was not modifiable by users without a password, and not exportable while in this mode, then it would be possible to put some code in it so that it only worked for given characters, to stop further distribution. Or if these packages could only be installed from the package library and not from the pkg files, that would also put a limit on redistribution.
In the same vein... an expiry date on when a package would stop working - I know it is certainly possible to do this in the zScript code, but a user could take it out at the moment to bypass it. |
|
|
|
Rainchild Wizard
Joined: 10 Oct 2000 Posts: 1551 Location: Australia
|
Posted: Mon Oct 23, 2006 2:13 pm |
I think that Zugg's main concern was a script could simply have a hidden trigger like "Rainchild waves to you." -> "#TIMER +200000 {remove all;junk all;delete self}"
Obviously if it could be linked to you, you would last about 2 seconds before being perma-banned when a MUD admin finds out what you did, but it shows at the most basic level of how a script could be malicious. I don't think he was worried so much about the PC or filesystem - you can't really do much damage to the actual hardware from within scripts, but you can do irrepairable damage to a character, which is really what the player cares about. It's an evening out of your life to reroll windows, it's a couple of years out of your life to reroll a triple-remorted character with the uberest of ubers. |
|
|
|
Seb Wizard
Joined: 14 Aug 2004 Posts: 1269
|
Posted: Mon Oct 23, 2006 2:57 pm |
A good point well made, Rainchild. However some of the ideas I came up with might help people who want to share packages with select friends but ensure that it their package doesn't get widely distributed.
|
|
|
|
Taz GURU
Joined: 28 Sep 2000 Posts: 1395 Location: United Kingdom
|
Posted: Mon Oct 23, 2006 4:01 pm |
Like I said, it's very early in the life of CMUD. Given time I have no doubt at all in Zugg's ability to think round/through the problem and come up with a solution. I don't see this being for a couple of years yet though.
|
|
_________________ Taz :) |
|
|
|
JWideman Beginner
Joined: 08 Mar 2006 Posts: 12
|
Posted: Mon Oct 23, 2006 5:45 pm |
Protecting the script wouldn't stop anyone from sharing copies of it, unless there's something I'm missing.
|
|
|
|
Seb Wizard
Joined: 14 Aug 2004 Posts: 1269
|
Posted: Mon Oct 23, 2006 6:22 pm |
Well protecting the package could make it useless for people who weren't allowed by the author to use it, even if they get a copy (if the package is designed in a certain way that is probably mud specific)...
Anyway, not very important for me right now - I was just doing some brainstorming. |
|
|
|
|
|