Removing Support for Third Party Closed Source Modules


#733

That is exactly what I am saying. If you put a Private Module or Free Model into your game that is on you. I only use Private Modules from trusted individuals.


#734

Exactly. I would never use a private module from someone I just hired, or someone sent to me, etc.


#735

It feels like you’re saying that part of the learning process is that you shouldn’t trust anything you didn’t make? Doesn’t that go against the entire reason for free models existing in the first place?


#736

I said to not trust code you cannot see. Please re-read my post. You can see everything in a free model, if it doesn’t use private modules, and if it is obfuscated, you can un-obfuscate it. That is, once again, you know how.


#737

I never use Free Models because of the malicious code they can possess that can ruin my game. I only use Private Modules from trusted developers that I know


#738

I want the entire source code for Skyrim (or Adobe Photoshop), so that I may have the “proper knowledge” of what is being added to my computer.

As for someone above saying that code should be open-sourced so that you can learn from it, well, I present the same argument. I want the entire source code to Skyrim (or Adobe Photoshop) so that I may learn from it. What’s the problem?

The problem is that this logic doesn’t work for business practices, which is what people are trying to imitate.


#741

Trust is easily broken and people betray each other all time(I know too well), now that code has to be open source with the removal of private modules, you don’t have to trust anyone to not suddenly turn their admin script into a script that plays loud explict rap music and covers your game with explicit images becuase you can read the code and not require code that can change at any time.


#742

Then i’ll remove the module.


#743

If you think about it, that’s kinda what Roblox is doing here, just on a universal scale. Yes, there is some collateral damage, but that’s unavoidable in nearly every major change.


#744

Really, if you’re looking for someone to blame for this, blame the bad eggs who did use private modules for malicious things.


#745

This is why many people here are arguing for an option to allow closed source modules on your game specifically. Then if a code becomes malicious, you can simply flip the switch and all the closed source modules in your game no longer work.

Or…

That works too.


#746

Isn’t that essentially saying the same thing? You’re placing blame upon the end-user for not knowing better when surely it should be the other way around; the end-user shouldn’t have to know better because people should be discouraged and disallowed from inserting backdoors in the first place.

The original spark for this debate about private modules was not in fact plugins with backdoors in them. It was the fact that there were hundreds, if not thousands of free models with the entirety of their source code in a private module… That were all extremely “popular” models and inserted into an unknown amount of games.

Under the current logic being espoused by Terabyte and others, this should be fine because they are simply protecting their code from copying. However, after some investigating it was found out that all of these models had backdoors in them. Not one or two, but all of them. This is a big big problem. It’s unreasonable to expect every user of free models to look at a script they can’t read and think “maybe I shouldn’t use this” because, well, that same logic leads to the defeat of every single use case of third party private modules at this point in time.

Take something like Terabyte’s service. There is exactly zero guarantee that there isn’t a backdoor in any of their services (I’m not accusing them, I’m just using them as an example because they are prominent), so why should anyone use something they made? You cannot do anything beyond trust them, which is fine for people like Terabyte who have proven trustworthy. But what about other cases?

Take Kohl’s Infinite. It’s a free model that is entirely closed source. There is exactly guarantee that there isn’t a backdoor in these commands. It could be something as simple as always whitelisting Kohl, or something as obviously malicious as stealing people’s games. Nobody can verify this isn’t the case without the source code. We simply have to trust that Kohl isn’t being awful. I would never use Kohl’s admin for this reason, yet tens of thousands of people do. Because it is so popular, it becomes trusted by potentially millions of people, yet there’s no reason to trust it.

Now back to the original point of malicious free models. Let’s pretend you’re an average user. You see people using Terabyte’s services, which are closed source, and nobody bats an eye so you think it’s fine. You see people using Kohl’s Infinite, which is closed source, and very few people bat eyes at it so you think it’s fine. Then, you come across a model has been botted into being popular – i.e. it has the same look to it at a glance as Kohl’s Infinite does – which is also closed source. Why would you question it. The other things are closed source as well, and they seem to cause no harm.

It is absolutely absurd to expect people to tell the difference between a paid closed source service, a well-known closed source free model, and a malicious closed source free model. They look identical to most people, and even simply saying “don’t run code you can’t see” means that the use cases for private modules are moot. You can’t have your cake and also eat it.

You can argue all day for and against, but ultimately this feature does more harm than good, and trying to justify it by simply telling people to “not trust code you cannot see” is ignoring the bigger picture. Higher-end Roblox developers are not the only set of users on the site. It is insulting to small developers and the millions of children on the site to suggest that they should put up with backdoors and blindly trust strangers just because some hundred people want to sell their code.


#747

One of my main and largest arguments on this thread is that features should not be removed due to a few bad eggs. An entire community should not be punished from the maliciousness of the few.


#748

I would stop looking at it as “punished”. That is obviously not the intent, nor really the outcome. Yes it’s bad for some, but like I said above, it’s simply collateral damage.


#749

Or people could be informed of Private Modules and know who to trust.


#750

Not to mention that this thread is not intended for arguing either side but merely an informative post notifying about a major change.

We have the #platform-feedback category for feature requests and whatnot. I recommend people make use of it. I’ve seen a lot of different ideas about how to make this work but yet none of them seem to show up as an actual feature request.


#751

How do you suggest we go about doing this?


#752

“Punish” - inflict a penalty or sanction on (someone) as retribution for an offense, especially a transgression of a legal or moral code.

Punishment is a collateral side effect of the removal of this feature. The reason this feature is being removed is to prevent malicious coders. The removal of this feature is a penalty in response to the offence of creating malicious code through closed source modules.

Bystanders are feeling the effects of this “punishment.” Therefore, the rest of us feel somewhat “punished” as well.

That’s how collateral damage works.


#753

#754

Go support it. Add your opinions. Keep it alive and thriving for Roblox staff and engineers to see. It was bumped after 2 months of being dormant. 2 months everyone could have been making all of the valid opinions in the proper category that have been made here.