Glad you’re doing something like this you have no idea how many communities can be saved by this. My question is how much do you plan on making the “average” price?
1 Like
I’m on my phone now btw. It is very hard for me to tell in advance as a lot of factors will go into it. The data from the alpha test will help me determine the price. I think $0.10 USD per CPU hour may give you a good idea of what your looking at. That hour only is process specific time, not including when your script isn’t running nor even when the process running your script is swapped out. If your script only runs for 0.1 seconds handling admin commands, you can run about 36,000 commands for $0.10 USD. I hope that preliminary information helps.
As for code reviews, I’ll quickly review scripts submitted and give an estimatebased on how long it will take me and the current work load. If you accept payment will be due and I will review the code. In most cases I’ll approve it. If there is questionable activity then I will ask for it to be revised and we’ll begin the process over (although it shouldn’t take me as long to review code I’m familiar with, so the estimate will be lower).
2 Likes
I see. The pricing sounds fair to me. I haven’t understood how this works 100% but does this mean that UIs and other stuff that would be inside the module normally would be available to the public?
Note that I haven’t tried your service yet
Yes. The upload page of my website will ask for a link to the public model acting as a frontend for your protected module, and a .lua file for the source of your protected module. The game using your protected module will use my loader script and enter your protected module ID. At runtime my loader will insert your public model, and require the main module. Your public module will basically use an object like a RemoteFunction to communicate with your protected code, similarly to how localscripts and scripts communicate. Your public model can contain a GUI, or your public module can automatically generate a GUI.
There is a way to protect all asset types, not just scripts, from being stolen but it would require lots more work to setup. Perhaps in the future. It involves making a game that neither the game owner or asset developer have access to, so neither can steal each other’s assets.
(This isn’t different from current private modules. Any instances created can always be seen by the server, and so have never been truely private.)
2 Likes
Hey, it’s a great concept and all… but I don’t think developers are willing to trust a complete stranger with their code.
1 Like
Great idea, however, imagine you get 1000 requests / min. Yes you might have a good server, but every single code on the server must be non-blocking and not being synchronous.
Providing a service like this is great, but it’s voluntary work. You have no commitments to actually deliver the service anymore and can stop at any time, I’m not saying you will stop, but that you actually can.
reCaptcha <= v2 is nothing, there is a reason Roblox changed to fun captcha (mainly to prevent fraud and carding). Yes, recaptcha by google is an amazing free service. You are covered by a service that might be good enough. There are many ways to bypass a captcha, and one way is really good but nobody knows of it (rumours say it does not bruteforce), emulating a browser, getting people to do them for you (found on many sites where you have to pay for people to solve them, and they require you to complete a captcha before you can log in, ironically.)
The point is that your service can get botted, and all the bots will make you save their code. Eventually you will pay for more storage, get rid of the bots and implement a manual verification process, or give up.
There might be other options, though.
I am not trying to make you discouraged at all, I am just stating the amount of work it is to do this. It is great that you do it, but it comes with a lot of work. Just be prepared 
So far this service seems promising, as you do seem to know what you’re doing. It makes sense that people are skeptical, given the nature of this kind of service.
This is from HTTPS, right?
I’m more concerned about what you’ll do with passwords. I can totally understand how the current output is just debug and you aren’t saving the passwords just yet.
When you do start saving the passwords, will you be doing it securely? That is…
- Hashed passwords, with a strong, slow hashing algorithm. A suggestion I found online is PBKDF2 with HMAC-SHA-256.
- User-individual salts, to prevent hackers from seeing when two passwords are the same if your database is leaked.
- Nearly unlimited password length; something like 1000 characters. You’re storing fixed-size hashes, so this only matters so that you don’t have to do long, slow hashing on thousands-of-character passwords.
If you can assure us that you’ll be following modern password storage practices, this will ease our minds when it comes to some of the security aspects of this service. There are libraries to handle these things, so you really just have to plug in the password, salt, and iterations then store the resulting hash.
Not everyone will trust you to maintain this service. It would be awesome if you made the service open-source with a permissive license so that independent developers can run their own server that they can absolutely trust.
This doesn’t bar you from making money from this service: most developers will not run their own server, and probably don’t know how. It’s easier to pay you than it is to run their own server and pay for it. The ones that can run their own server don’t need your code to do it, your code just makes it easier.
Additionally, keeping the service open-source allows others to find and patch security flaws, and allows others to do security reviews on the server code.
Making the service open-source will go a long way towards building trust with the community.
3 Likes
I appreciate your willingness to help the community out with things like this. I for one was very dissapointed to find out they were removing modules, because I had created a complex module system to deal with blacklisting and other things, and only 5 days later did they make that announcement haha. However, I believe it was the right call as the backdoor module problem has really grown quickly and almost every front page plugin was a backdoor. Additionally, I think it is crazy to be able to modify a module and have it replicate to every game without the game owner even knowing. I may try this service out to see how it is, but currently I just rely on obfuscation or people being good samaritans and not leaking my code. I’ll let you know in the future if I am interested!
The web server immediately creates a new thread for every https connection. When requests are for a protected module, that module runs in a new process. The debian linux OS handles scheduling them and swapping them out when needed. If server resources become too strained, a new instance can be spun up with an ECS application load balancer to sort based on the HTTP URI.
An interesting point. If I ever do decide that I’d like to move on, I’d be sure to hire someone capable. I don’t see myself moving on though because it is voluntary work with compensation. 
If it becomes a problem, I’ll look into it some more. It is on the login page mainly to prevent people from running password scans. For registration, you will be required to post a link on your Roblox profile. That means that at the minimum, my services bot prevention is as strong as Roblox’s.
Thank you.
Yes. The public key algorithm was RSA as well. That is the 256 bit AES with ECDHE and RSA is the only OpenSSL option my server has enabled.
Yeah. I remember when Blizzard entertainment had their breach and user information was leaked. Luckily, they hashed everyone’s password.
I’ll have to think on this some more. An excellent thought.
2 Likes
What I said about you having no commitments to actually deliver or continue might have come off wrong.
I meant like if you don’t want to continue delivering the service, you don’t really have to. It was just a heads up for other people, so they were aware.
I hope you do, though, because everything else (AFAIK) seems good enough.
2 Likes
I have one more question, couldn’t we just make the module we upload on there be require(id) lol
This is a replacement for closed source modules. Requiring a module from February 1st on will error if you don’t own it, meaning you can’t hide your source code. This is meant to give that functionality w/o allowing backdoors.
1 Like
I’d like game owners to use my loader for a reason. I could, however, make my loader a module that returns a function which acts like require and takes in a protected module id.
Here are the reasons a custom loader is desired:
- I can setup the connection to your protected module for you. This includes starting another instance of your protected module and setting up the RemoteFunction like object to be passed into your public module code. It also provides a good time to setup the event to remove this additional instance when the server shuts down. This connection setup procedure may change over time, so it is best if I control it and hide it from users.
- This also allows me to add additional game-specific protections if the game owners desire it. This may include sandboxing your public module to impose restrictions like maximum run time per game step, or restricting access to instances and library functions.
- Adding an additional layer allows me to add or remove features as I see fit and the service grows. It has been well said: “All problems in computer science can be solved by another level of indirection”
I could see using a protected module being as easy as this:
local protRequire = require(1234567) -- my public loader (not a real id rn)
local protModule = protRequire(4125) -- your protected module id
-- use protModule like a regular module
2 Likes
Alpha testers can now register and log in. Passwords are hashed with Sha256 (Edit: PKCS5_PBKDF2_HMAC) before being saved in the database, along with a salt based on the hash of the username. In addition, I’ve made a discord channel or additional questions and announcements so that those without access to the dev forum may participate: Discord
Shouldn’t you use something like BCrypt, or something more secure than SHA256?
“bcrypt has a significant advantage over a simply salted SHA-256 hash: bcrypt uses a modified key setup algorithm which is timely quite expensive. This is called key strengthening, and makes a password more secure against brute force attacks, since the attacker now needs a lot more time to test each possible key.”
Is information sent to the server and to the game server encrypted both ways? If not why?
Seems like your site does not work?
EDIT: Would also tell you that you must choose certificate to connect with, and using a phone emulator and the menu is 2/10th of the screen.
Also insecure use of headers, I recommend you check out some guides for what headers you should use to make your site even more secure.
I guess one concern I would have if I were you is - what happens if roblox provides an alternative to private modules, or an improved system in the near future?
SHA256 is an industry standard. BCrypt is not included in then openSSL library and I would be very hesitant to leave industry standards. I’ll be switching to PKCS5_PBKDF2_HMAC as recommended above though.
Yes, it will be. I’ll begin working on that this week.
Haha, it is designed to fail early and often rather than let things slip by. I’ll be working on better error handling once the core features are in place. I’m assuming that after refreshing you were able to log in?
I’m not interested in supporting mobile device at this time: Roblox studio is desktop only, and so is my website.
I’m sorry? What do you mean. The server is sending its certificate out and RSA is being used.
I’m assuming you are discussing caching, sniffing, and like matters. The security is in place, the headers only politely ask attackers to stay away. I’ll look into it in the future after the core functionality is present, but if you feel that it should be more of a priority, feel free to send me a message.
My intent isn’t to benefit from the community, but to provide a bridge and help out in a time of need. That being said: the sooner Roblox offers a replacement, the better. There is an argument to be made for commercialization of features though, much like businesses taking over where the government used to manage. For that to be a success though, even I must admit that competition is needed.
1 Like
Apologies, but I had to choose a certificate upon visiting your site for the first time.