The security risks will always take priority. Roblox is about EVERYONE and not just experienced developers. The Roblox platform is meant for growth, for learning, for developing skills, talents, and knowledge.
You have to stop referring to only experienced developers on Roblox because not everyone IS an experienced developer.
In addition, your reference to ‘admins’ should be more along the lines of ‘engineers’. It is not just one small team of people making decisions like this but likely an entire department within the company, and possibly multiple.
As I stated in my post above, constantly rehashing and trying to prove your points is useless at this moment.
Roblox staff does read most, if not all, of the comment on threads of this magnitude and everything that could be said, mostly has been already.
I’m not arguing for or against this change. Just stating some observations and opinions on everyone else’s opinions.
When you do take inexperience into account, it becomes apparent that this update does not do its job - that’s my whole point. Backdoors can still be utilized in open-sourced scripts and, as I said before, inexperienced users will not know to check or how to identify. That’s why the opt-in feature that a few of us spoke of earlier would make the most sense given the solutions being considered; it’ll protect inexperienced users, warn them about dangers when they attempt to remove said protection, and still allow devs who are already adept at using the platform to still have this important feature.
Nonetheless, I agree that pretty much everything has been said here, so I don’t intend to make any further followups.
Noted. I do agree that this is a temporary ‘fix’ to a long withstanding problem and that private modules aren’t the only part of the problem. I am sure Roblox is aware of other issues and are working on solutions to rectify them. Only time will tell where this leads.
Having a lot of people look at it doesn’t mean they couldn’t make a mistake or overlook a large impact on the community. They could have pulled up numbers on the requires and contacted the developers for the most heavily used modules, like Terabyte services. They could have reached out to developers like Squirrelbyte ahead of time, asked if he would be willing to open source his product. At least have a chance to gauge the impact before pulling the trigger.
No alternative was offered paired with the release, which at this point indicates one of two things.
They were not aware that a minimum 200k+ players were going to be negatively impacted by this change from developers refusing to give up their IP.
They were aware that a minimum 200k+ players were going to be negatively impacted, but this number is not significant enough to warrant pairing this change with a viable alternative.
Draw your own conclusions, but in my opinion number 1 ceased to be viable a couple weeks ago. You can’t really claim ignorance when it’s been laid out that one of the affected developers is going to have that impact, maybe Terabyte is the single biggest, but it’s certainly not the only one. I have stuff that is staying private and breaking and I’m not alone.
The developers utilizing private modules are sorely under represented on these forums. I couldn’t speak here until later in the debate or I would have been on it from day 1. Perhaps the recent changes to how approval is done here will help with this in the future, but also it wouldn’t hurt to reach out to the larger community on feature removals to make sure they know all of the impacts. Worst case they reach out, and learn nothing new.
Regardless, someone may need to explain what Terabyte is and what they do because I’ve personally never heard of it.
And if your 200k+ stat is coming from some of the previous comments it’s already proven to be a relatively inaccurate bias stat based on the way the poll was presented.
(realized that I’m replying to a post that is a couple hours old, but still…)
This is fine and all, as they did say they would release an alternative, but they should not take away a feature that developers like me rely on to sell services to people without having to run into major problems with copying, etc. Most people don’t have the resources available to set up a stub system or web server system as people have suggested.
The fact that this post has so many arguments tells you that this change will damage the workflow and development process of many developers.
And that’s fair. I’m not discounting that people do make use of private modules for good, it’s the overarching fact that private modules are a nortorious security risk.
Roblox gave us quite a bit of time to prepare before they made this change (from what I’ve seen they may have even not flipped the flag yet). This thread was meant for one purpose. As an informational notice of a major change coming to the site. Nothing else. Sharing opinions are good but when people start reiterating the same points over and over it drags on into a never ending circle. I urge every one of the people coming up with new ideas about how rectify the bigger issue here to utilize the #platform-feedback category in submitting feature requests.
If you were to say that it’s 200k players who understand the topic and are voting against it sure, that isn’t an accurate number, but nobody is saying that. It’s certainly not what I indicated, not now or any previous times I’ve referenced the poll.
The number of people in the poll is relevant, because the poll was presented to people who were using a Terabyte service that is going to break due to this change.
Anyone who saw that poll and was able to vote is going to be seeing a broken place and that is the number that matters.
The Terabyte poll is a relevant number because it means that 250,000 users have seen a product that was made by Terabyte Services, which means it is quite a widespread product.
However, with this change, Terabyte can no longer function because they do not want to give out their IP and/or they do not want sensitive header information that is sent to their web servers to be exposed (and there isn’t really another way to hide it without private modules, either)
That means that 250,000 players will be impacted negatively by this change in some way because they have used a product that they will no longer be able to use. Terabyte had no competitor and that means that there is no options for the group owners who need an application center.
To clarify: The petition was held our Application Centers. It’s not like we put a button at a front-page game and encouraged random players press it. Every single vote came from a Terabyte customer, who was given a detailed explanation of what the petition entailed and what removing private modules would do. That’s 250,000+ players (Devs or not) who understood what was at stake and signed voluntarily. They’re the fans of the 60,000+ games who’ve used our modules over the past three years: Cafes, airlines, roleplaying communities, even Pinewood Builders. They’re ALL being impacted by this change…
Does the petition include the other side of the argument? the fact there is backdoors and code changes without the devs knowledge because of private modules?
perfectly summarizes the entire topic for me. Roblox is trying to fix a problem with the wrong solution.
For me, I’ve lost all the security of my products and I’m quitting product creation in favor of game creation, hoping for a more reliable source of income.
It’s only a matter of time before people grab the source of my system, insert a back door into it and resell it to other players, hurting my reputation and my clients.
It’s only a matter of time before people grab the source of my system, modify the UIs and claim it as their own.
I hate this update with a passion. I understand what this update is trying to achieve and it’s a noble goal, but brotha, this is not tha way.
People are thinking of this with such a strange mindset. People want to run mock businesses on Roblox and create content other than games. The variety of content should be embraced. If someone wants to start an application “business” on this platform, where they sell code to people, they need closed source in order to do so. You can’t base a profitable business off of open source code on this website.
Along with purchasing closed source code, you accept the risks that come along with that.
Private modules aren’t the best way to go about this, but they are the only option we had that was on site.
People keep saying to use external api instead, but that isn’t a reliable solution. Also, what’s stopping people from creating malicious code through web codes?
Edit : People have to enable http service in order to run the “alternative” solution that we currently have. Which means that an option to enable private modules shouldn’t be so quickly dismissed.
I’ve seen the petition in question and unless you changed it dramatically it’s generous to call the explanation given detailed. It was one-sided with rhetoric aimed at convincing people, not informing them.
The 250,000 number is significant its own sake, but to say everyone who clicked “sign” was told of the postives and negatives of this change is just not true. To say nothing of the security flaw you yourself showed off by inserting this petition without the consent of those people you sold your product to.
I think this is a real issue that should have been resolved. Including version number or latest would have done it, and I don’t think you’d find many in opposition of it.
Many people were confused, so we gave a followup explanation that the same functionality that lets us run our services also enables trolls to break other peoples’ games (i.e. inserting nukes, banning the owner, generating lag waves, etc.) Modules have always been a double-edged sword, and there’s no denying that this update is ethically-grey.
The fact is, most people signing that petition don’t actually understand the fundamental reason for its removal. I also remain how shocked that people are spamming likes on pro-module posts just because that person is arguing how it messes so many freelance developers up, but they don’t even take into account the 600 other replies that go in to detail about all of the problems that half-baked closed source modules provided. The fact of the matter is, closed source modules are not the same as free model scripts with them, because first off, those have always existed, but experienced developers would recognize the malicious script and remove whatever free modeled asset they added, whereas with modules, you could have a popular dev that built up a lot of trust, silently adding backdoors to everyone’s games that used their asset(s), and a large game creator relied on them for some certain thing but they could not tell it was malicious. The fact of the matter is, the current implementation of closed source modules is not sufficient for Roblox quality/security standards, and there needs to be a complete reworking of them, if they are to be readded. Don’t get me wrong, I also think plugins need work (being able to show the source code without having to grab the .rbxm in the studio directory), but closed source modules were a very big problem on Roblox since they were released and this change will be for the better in the long run. And trust me, I understand how difficult it is for some, especially those who do freelance, because most of my dev work is freelance and selling products for users. In fact, I work closely with @grilme99 yet we have two very different opinions on this issue, which shows how doubled sided this argument is. So don’t think that those arguing for this removal are all major game creators that don’t freelance, nor worry about having to use closed source modules, because that simply isn’t true. And yes, I have seen people that have conveyed these thoughts.
