This is why many people here are arguing for an option to allow closed source modules on your game specifically. Then if a code becomes malicious, you can simply flip the switch and all the closed source modules in your game no longer work.
Or…
That works too.
Isn’t that essentially saying the same thing? You’re placing blame upon the end-user for not knowing better when surely it should be the other way around; the end-user shouldn’t have to know better because people should be discouraged and disallowed from inserting backdoors in the first place.
The original spark for this debate about private modules was not in fact plugins with backdoors in them. It was the fact that there were hundreds, if not thousands of free models with the entirety of their source code in a private module… That were all extremely “popular” models and inserted into an unknown amount of games.
Under the current logic being espoused by Terabyte and others, this should be fine because they are simply protecting their code from copying. However, after some investigating it was found out that all of these models had backdoors in them. Not one or two, but all of them. This is a big big problem. It’s unreasonable to expect every user of free models to look at a script they can’t read and think “maybe I shouldn’t use this” because, well, that same logic leads to the defeat of every single use case of third party private modules at this point in time.
Take something like Terabyte’s service. There is exactly zero guarantee that there isn’t a backdoor in any of their services (I’m not accusing them, I’m just using them as an example because they are prominent), so why should anyone use something they made? You cannot do anything beyond trust them, which is fine for people like Terabyte who have proven trustworthy. But what about other cases?
Take Kohl’s Infinite. It’s a free model that is entirely closed source. There is exactly guarantee that there isn’t a backdoor in these commands. It could be something as simple as always whitelisting Kohl, or something as obviously malicious as stealing people’s games. Nobody can verify this isn’t the case without the source code. We simply have to trust that Kohl isn’t being awful. I would never use Kohl’s admin for this reason, yet tens of thousands of people do. Because it is so popular, it becomes trusted by potentially millions of people, yet there’s no reason to trust it.
Now back to the original point of malicious free models. Let’s pretend you’re an average user. You see people using Terabyte’s services, which are closed source, and nobody bats an eye so you think it’s fine. You see people using Kohl’s Infinite, which is closed source, and very few people bat eyes at it so you think it’s fine. Then, you come across a model has been botted into being popular – i.e. it has the same look to it at a glance as Kohl’s Infinite does – which is also closed source. Why would you question it. The other things are closed source as well, and they seem to cause no harm.
It is absolutely absurd to expect people to tell the difference between a paid closed source service, a well-known closed source free model, and a malicious closed source free model. They look identical to most people, and even simply saying “don’t run code you can’t see” means that the use cases for private modules are moot. You can’t have your cake and also eat it.
You can argue all day for and against, but ultimately this feature does more harm than good, and trying to justify it by simply telling people to “not trust code you cannot see” is ignoring the bigger picture. Higher-end Roblox developers are not the only set of users on the site. It is insulting to small developers and the millions of children on the site to suggest that they should put up with backdoors and blindly trust strangers just because some hundred people want to sell their code.
One of my main and largest arguments on this thread is that features should not be removed due to a few bad eggs. An entire community should not be punished from the maliciousness of the few.
I would stop looking at it as “punished”. That is obviously not the intent, nor really the outcome. Yes it’s bad for some, but like I said above, it’s simply collateral damage.
Or people could be informed of Private Modules and know who to trust.
Not to mention that this thread is not intended for arguing either side but merely an informative post notifying about a major change.
We have the #platform-feedback category for feature requests and whatnot. I recommend people make use of it. I’ve seen a lot of different ideas about how to make this work but yet none of them seem to show up as an actual feature request.
How do you suggest we go about doing this?
“Punish” - inflict a penalty or sanction on (someone) as retribution for an offense, especially a transgression of a legal or moral code.
Punishment is a collateral side effect of the removal of this feature. The reason this feature is being removed is to prevent malicious coders. The removal of this feature is a penalty in response to the offence of creating malicious code through closed source modules.
Bystanders are feeling the effects of this “punishment.” Therefore, the rest of us feel somewhat “punished” as well.
That’s how collateral damage works.
Go support it. Add your opinions. Keep it alive and thriving for Roblox staff and engineers to see. It was bumped after 2 months of being dormant. 2 months everyone could have been making all of the valid opinions in the proper category that have been made here.
My response is the same as @Scriptos for this one. Why punish everyone for the actions of the few? I myself used private modules in a genuine way, and I am not going to waste my time proving it to you.
And do you think this would change by making the code public? If people figure out a popular admin script has backdoors, they delete it, then what? Every other admin is backdoored as well. Wait for another one to be made? I don’t think so. They’ll continue using it in hopes that something else will be made, or, they can make their own.
Not really. I myself have had a lot of uses with private modules. Genuine ones at that.
Suggest? What?!?!?! I am suggesting that people should put up with backdoors!?? Woah! I do not remember making that suggestion! I simply suggest that people should opt in to using private modules. They will be informed that they will be running code they cannot see, and they should only accept if they know it is non malicious. So, Terabyte services. Great example of why this would be a great option. It would also benefit me, a genuine user of private modules. I’m sure many others would benefit as well.
The problem is, the original post doesn’t exactly explain all the different arguments that we keep repeating on this thread. I would create my own thread and include many of the arguments that I see here, but I’m afraid that they’d just merge the two due to requesting the same basic idea.
By the way, I want to apologize if it seems like I’m singling you out or if it appears as if I hold anger towards you. I only keep replying to you specifically right now since you appear to be one of the more active posters at this moment.
I urge you to make a new thread with the points made in the comments here. At the very least, add it as a comment to the existing one. If they merge it, they merge it, the opinions will still be heard. Nothing gets accomplished by running in circles and arguing different opinions in a category that’s not meant for it.
Yes, and this is a forum. A post is created, and we have the ability to reply to it. What do you want us to do, reply “ok.” with every new announcement?
Use the proper channels to improve the site. #platform-feedback exists for all things bug reports, feature requests, and everything in between. Like I’ve said above, there seems to be a 2 month old post in feature requests about this that doesn’t have much support/traction and that’s it. All of the ideas and arguments made here should really go in a feature request to be heard.
I’d say because this is a forum and there is a reply button, and we can reply with things relative to the announcement.
And that’s fair. I’m just stating that your replys containing good ideas, opinions, and valid arguments may fall of deaf ears (blind eyes?).
The proper way and the guarenteed way to get your voice heard with changes you want to see is to use the feature requests.
Well I would hope that the engineers at Roblox, or whoever passes our ideas along to them, are able to look at the replies to their own announcements.
Took your advise and created a new thread. I probably won’t be replying on this one anymore, since I’ve stated most of my arguments on that one.
Roblox is removing a major feature that thousands of people rely on. You cannot expect people to not debate their opinions about the change here.