The cause doesn’t matter here though, I don’t care wheter or not they get removed, I care about us getting a good replacement for it (before it gets removed)
I have no problems with people who want to let them stay either, I wouldn’t mind if they stayed, it’s like a software, the user is responsible if they download a virus, not the OS, you shouldn’t remove the freedom of downloading third party apps because you want to ensure that everyone is safe…
No, but you do make sure there’s at least some security measures in place to prevent those apps being installed and updated arbitrarily. Roblox could stop what they were doing and make that a priority in this case, and delay everything else they have on the roadmap… Or they could do this with the promise of a replacement eventually.
When they have a replacement we are likely already 2021 if we’re lucky, that’s not meant to be rude, if we need to wait a year, all groups are already dead, it’s like giving a medication a year too late, what’s the point in that…
The community brought to light any issues that may not have been considered already. We’ve laid out the magnitude of the impact as best possible. If there was going to be a change at all we would have heard before the final hours. As pointed out there is as much chance of an alternative coming as not so you can’t bet on it. It’s time for those of us who are negatively impacted to give up the debate and find solutions or alternatives, me included.
It’s unfortunate that this change will go through as the community who legitimately used this feature will now have to rely on potentially hacky and possibly unreliable methods to achieve what we already had or could have raised awareness in attempting to fix now rather than say later. I am truly disappointed in the direction ROBLOX has lead us here and those who refuse to understand why we need such protection. Yes, we can have a legally binding contract, but how do you take legal action on an underage kid? Again, it’s not the top developers who know what they’re doing I’m worried about, it’s the inexperienced and underage who don’t understand.
I have an alternative I’m currently designing and testing that won’t require obfuscation and can keep code private. It’ll require HttpService to be enabled, function just like closed source modules using require, but no loadstring nor loadstring VMs will be used. I am not sure on how reliable it’ll be yet unfortunately, more details soon.
I apologize if anything I say here is a complete duplicate of previous arguments. There are a lot of posts on this thread. I’ve read a good number of them, but there’s just too many.
I’m a bit late in joining this conversation since I wasn’t really on much in December and early January, but I really don’t believe that removing features in order to prevent users from being exposed to malicious code is a great idea.
It’s understandable that you want to prevent users from getting frustrated at the fact that they’ve at some point inserted an untrustworthy model. I get that. The thing is, it is entirely their fault. The rest of us should not be punished for their mistakes. It’s a learning experience, and it prepares them for the real world. After inserting untrustworthy assets and having their game infected with malicious code, the person would (hopefully) know better and never do it again. They’ve become a better developer through the experience.
If I disable my anti-virus software and visit untrustworthy and very obviously malicious websites, then it is completely my fault that my computer gets infected, because I stupidly decided to disable my anti-virus. Nobody else should be punished for my mistakes.
I really don’t understand the need to “investigate” this or to try and find “certain safeguards.” I know from experience that Roblox safeguards can be either extremely limiting or just very annoying.
Really though, if I insert a free model or use a plugin from an untrusted source, then it is entirely my fault that my game has been exposed to malicious code. If I were to figure out where that malicious code came from, THEN the originator should be punished after I report their asset as malicious. Then you can simply take the asset down and the module can no longer be required.
Even in a situation like this, why exactly would it be okay to disable a feature that certain developers rely on just because some kids are gullible enough to fall for this? I’m just not okay with the reasoning behind all of this. Removing features purely based on gullibility doesn’t seem right.
The ever-growing limitations of this platform are frustrating.
It’s sad to see that private modules are being removed as this was a vital piece for a feature in my game. Said feature providing people the ability to import their own arena into my game to use the wrestling system I’d created.
I can continue to provide this, but people who utilize this feature in my game now will be hesitant to do so, as they’ll have to make their module public and could lead to someone taking their arena (and anything else they import) without their explicit consent.
I think that let developers view the source code inside the game using the Development Console will be better. They can still view the code (inside the game) but they cannot copy them directly.
For example: printAllModuleScript() > Give a ID and corresponding name for that module printModuleScriptSourceCode("A") > print out the source code of the private module with given ID
Personally agree with lots that has been said here. I think what happened when they decided this is they didn’t consider IP concerns properly, but they do really care for people’s security. The fact they’re not even going to release any options in the meantime is not great for people who rely on it. (I did at one point but not at the moment!)
Here’s what I think should happen;
Release a feature such as AllowThirdPartyModules as a temporary solution
Disable by default
Work on trust system, having bought a bit more time by alleviating most criticism
Release trust system and auto configure based on AllowThirdPartyModules setting
I’d like to add on; this isn’t just affecting people selling. It is effecting the thousands of users that rely on the functionality for their game and/or group. This update will do more bad than good because all that’ll end up happening is exploiters (or people who make these backdoors) finding an alternative, and while they have found an alternative, hundreds of thousands of groups and game will be killed, all because Roblox took the easy choice of removing this feature in it’s entirety.
I will like to repeat a point I made before. There used to be (not sure if it still exists) a bug with audio that allowed you to upload any audio you wanted without it being moderated. This resulted in exploiters uploading racist or highly inappropriate audio, which gave Roblox a really bad look to parents, but that doesn’t mean they remove the feature, no, instead they fixed the issues, and that is what they should do with private modules.
If you had actually read @SquirrelByte’s points before, you would realise that it isn’t just about whitelisting. This update opens up a massive vulnerability with his ad service.
I honestly think this update is pretty “broken” …
This does not stop backdoors modules from being obfuscated lol.
Many people would try to get around it and run a private module somehow or hide the code …
That doesn’t mean they have to cut all their services? I have used several terabyte application centers and never did I consider ads or even really look at them. I feel like they could have come to some resolution. Ofuscated the code heavily even. That’s just my two cents.
That’s why I suggested api keys for their service considering they already have a domain. Even with that in mind, there are people that have obfuscated stuff to the extent that it would take incredibly long amounts of time to deobfuscate it. I don’t rally for that, I’m just saying it’s an option. API keys would be the better solution for the application center part.
I absolutely understand the reason for this update but this isn’t going to stop backdoors at all.
Most models with backdoors are not even what they say they are or are stolen.
This person does not care if he makes it open sourced or not because they most likely didn’t put any effort into it anyway.
Their only goal is to scam or annoy as many players as possible.
Besides that, a lot of groups and games will be destroyed because their application system or their guns use closed source modules.
I understand people can script their own application and gun system but the majority of the people that used these closed source modules do not know how to make those systems.
It most definitely is going to stop backdoors. Models will be forced to become open source, or go out of commission. Models can be easily looked through and any popular ones which would affect more games most certainly will be looked through, because more developers will decide to have a look at what it does and so more will find any backdoors in the script. Then, ROBLOX will be able to filter out which models are likely to be backdoors based on the quantity of reports, and moderation will have a lot less work to do - it is far easier to look through only models which have been reported much by the public, than to look through every model that is ever uploaded. Realistically, only models which are probably backdoors, and also popular should need to be looked into. Moderation might not even need to get involved, it could simply be a matter of enough reputable devs saying not to use a particular model will be enough to minimize the chances of that backdoor being put into games.
If you don’t want people reading your code, don’t release it.
If your “service” has to piggyback on other services, and does nothing more than act as a middleman, then you aren’t really providing a service. Actual services can provide api keys and the rest can become obsolete.