Removing Support for Third Party Closed Source Modules

I mean, I’m certain developers who develop games on this platform wouldn’t care any. Developers like Stylis Studios & Badimo wouldn’t be affected by this at all.

Again, the idea of selling products on Roblox has never been fully supported, and at one point, it was against the TOS to sell free models. Not sure why the removal of an abused feature would be a surprise to people.

5 Likes

It’s not a suprise, it has been done a lot before, that doesn’t mean however that we agree with it, the TBS petition has over 250K+ signatures (and someone is going to say that they’re players and not well informed, don’t tell this, the players are being affected too), and the majority (currently 71% if I’m not mistaken of the developers voted on the poll above, is against the removal (or want some kind of alternative/replacement/change made instead of the removal)

Even though it may be abusable, the abusable part of it is findable in a lot more things than just private modules, and if Roblox were to remove them all, you could basicly give up on free models in general, maybe even plugins. Private modules (however abusable they MIGHT be) had their use cases, and denying that won’t change anything.

Even though we might get a replacement in the future, that replacement will come too late, taking away something and letting people wait a year will simply kill all the people interested in using that feature (or the ones who already used it), we also heard that other replacements would come which we haven’t heard a thing about (leaderboards for example), I’m affraid that the same thing will happen to private modules.

And I don’t see a lot of people speaking about this, but let’s just remember that bots will profit from a change like this too, they can now freely copy all private modules and add virusses to them

And again, the people who are for the removal of private modules can just not use them, the people against if however cannot just magically remake them.

9 Likes

Well actually, most people signing that signature did it because it was a button with bold text and bright red. People hear the removal of private modules as some horrible thing that Roblox is doing for no reason, when in reality they don’t understand how many security flaws they have. Terabyte Services does not need to cease to exist, because there are other methods. They could totally make it so you get an api key on the website and input that into the application center’s core script. But it was their choice not to. There are ways people can open source http related scripts without compromising the web server. It just requires effort.

3 Likes

yes and no,

I’m not that stupid to not realize that people click on it because it’s advertised on TBS, however, that still doesn’t change the fact that their opinion is that it shouldn’t be removed (because in that specific case TBS will have problems to keep functioning (and might even stop functioning at all))

(And that point also doesn’t apply for the devforum (new)members)

That’s not a good alternative and would likely require them paying money for servers and that stuff, while they could do it for free.

EDIT

Bad point,

  1. security flaws can be patched easily, and it still is the developer’s choice wheter or not to install it or not, free models also have that SAME FLAW, being able to look for it however isn’t a big help for the biggest part of developers (which includes kids)
  2. “People hear the removal of private modules as some horrible thing that Roblox is doing for no reason” nobody ever said it was for no reason, you can read the petition here, and even if it isn’t a horrible thing, it still is a bad thing for lots of people using these features.

They don’t need to understand their flaws, the things they do on Roblox might get removed, that’s a big enough point to sign for them

Hm… If it’s not a good alternative to have to pay for a server when you are selling a service… doesn’t that same argument say “The service itself is not a good alternative in comparison to other solutions like making your own system for free, or turning to free alternatives”? It does. Besides they already own a domain and appear to have a web-server for their website.

If a developer is selling a service and want to black box their code, they should do it on their own servers.

That’s not really true at all. Or I s’pose it is if we look at the fact that they easily patched it by disabling requiring private modules since it was a security flaw. The problem with private modules isn’t as small scope as you imply. It’s one thing to have malicious code exist, it’s another to have malicious code no one, not even experienced programmers, can audit and find is doing something it shouldn’t. Not being able to identify abuse is far bigger a problem than people being able to abuse and be caught.

2 Likes

not everyone does, I’m not completely talking TBS specific.

Also, not everyone sells, this will also kill out people who want to make free stuff and for who open sourcing it isn’t worth it

options

  • sandboxing
  • disabling by default (now it’s the user’s issue, not Roblox’s)
  • moderating (if this is too much work the previous ones are still very possible)

They have enough options, I might have said “patched easily” incorrectly, and instead should have said “add alternatives easily” though

small edit

Most private modules flaws are also seen in

  • free models
  • plugins
  • any obfuscated scripts (as most players and devs are kids on Roblox, de-obfuscating isn’t commonly used, starters would have no idea what’s going on, and not all devs are scripters, builders who use free models can have this issue too)

(all this quick responding is tiring)

You don’t realize that Terabyte IS PAYING for a domain so your point is invalid. There is no excuse for them saying they cannot do an api key. If they really care about the people the serve, and they want to do it for free, while they pay for their domain which they have done for the past year now, then they’d implement api keys. Also security flaws cannot be patched easily so I’m not sure what you are talking about. You cannot tell me that Roblox can have some magic system that detects when someone adds a backdoor into a module or when it is remotely updated with malicious code. It is painfully obvious how unorthodox it is to have code that you can not modify or even view and the developer behind it can modify it at any time without you realizing. Roblox is not removing them for no reason. They don’t want to deal with all the security risks with private modules.

read what I said again

small edit

also wrong, I do realize that, also, I don’t know much about web development but I’m pretty sure that hosting a website is a totally different thing than keeping a few thousand games running

It’s a fair point from their side that Terabyte’s systems are not open source, so they shouldn’t be expected to make them so. However, I would imagine if they decide to continue operating after this, they would have to settle with some heavily server dependent code that is visible to their clients, and an API code system.

Just because it’s a niche use case, doesn’t make it not worth considering. It’s not impossible that there may be a better alternative than removing them altogether, or a way of restricting plugin/ private module access.

4 Likes

Sandboxing takes time, and in the meantime it causes serious problems wherein people are compromised without even knowing it.

Disabling requiring private modules is as bad as not doing anything because people can and will just turn it on willy nilly because “oh this admin needs a module”.

There’s no compelling argument for private third party modules that can adequately address the issue of code being impossible to audit, which is the main reason for their removal.

And yes, I’m going to say the petition was absolutely invalid, like I have said multiple times before. It’s a bright red button saying a change by Roblox is bad. Of course people will click it.

The fact is, it doesn’t matter how many people get ‘hurt’ by this change because it is a security flaw. Genuine use cases do not and never will justify leaving a known security issue alone.

1 Like

More people get hurt than get helped, that’s the fact that we’re trying to prove, the petition also shows that, most people that clicked it do play games from TBS, meaning that they get hurt, this change is hurting more players than saving them, that’s why it’s a bad change, also, it’s a bad idea to ignore players, a very bad idea

The same applies for free models, a gui saying “enable httpservice and loadstring for this to work!”, no, that’s not a good argument against such option.

Look at all the posts above, if there wasn’t any, noone would be complaining

Also, nobody mentioned it’s bad, they just mentioned it’s going to kill their services, which is correct, unless they want to spend a lot of money and time coming up with an alternative plan

Besides that, the devforum poll is also against the removal

3 Likes

There’s no metric to determine how many people are being helped by this change because most of them probably don’t know themselves. Without both sets of data it’s worthless to argue about the number of people who are hurt vs who are helped.

I’ve read every single post in this thread and I’ve still yet to see a pro to third party private modules that’s compelling enough to overcome the security flaw. Again, a security flaw is still a flaw even if people are using it legitimately. Nobody has addressed that beyond saying it doesn’t matter.

1 Like

Yes, but that doesn’t mean anything. Nobody is saying that there aren’t flaws in them, people are saying that the flaws that can be abused are present in a lot of other features and removing them from 1 thing won’t help, even worse, it will hurt several groups of people.

We know that atleast 250K people aren’t happy with this change, yes, a few of them are alts and so, but from the stats that I’ve seen most of them are legitimate (also looked for bots but didn’t find any)
“Don’t know themselves”, that sounds ridiculous, also has nothing to do with the discussion

The simple fact that this will kill thousands of groups?

2 Likes

It has everything to do with the discussion. Most people impacted by this change will not notice because they were unaware of the third party module to begin with. That’s kind of the problem with them to begin with.

We know that 250k people are theoretically unhappy with this change after being told sparse details by Terabyte. We also know that thousands of groups will be negatively impacted by this change.

We have no way of knowing how many people will benefit from this change. It could be millions of people. Nobody knows.

3 Likes

The cause isn’t the problem, the effect is

1 Like

The cause directly correlates with the effect.

6 Likes

The cause doesn’t matter here though, I don’t care wheter or not they get removed, I care about us getting a good replacement for it (before it gets removed)

I have no problems with people who want to let them stay either, I wouldn’t mind if they stayed, it’s like a software, the user is responsible if they download a virus, not the OS, you shouldn’t remove the freedom of downloading third party apps because you want to ensure that everyone is safe…

5 Likes

No, but you do make sure there’s at least some security measures in place to prevent those apps being installed and updated arbitrarily. Roblox could stop what they were doing and make that a priority in this case, and delay everything else they have on the roadmap… Or they could do this with the promise of a replacement eventually.

2 Likes

When they have a replacement we are likely already 2021 if we’re lucky, that’s not meant to be rude, if we need to wait a year, all groups are already dead, it’s like giving a medication a year too late, what’s the point in that…

4 Likes

The community brought to light any issues that may not have been considered already. We’ve laid out the magnitude of the impact as best possible. If there was going to be a change at all we would have heard before the final hours. As pointed out there is as much chance of an alternative coming as not so you can’t bet on it. It’s time for those of us who are negatively impacted to give up the debate and find solutions or alternatives, me included.

2 Likes