Removing Support for Third Party Closed Source Modules

Like Optikk pointed out, I simply do not get how you can trust high ranking members with edit permissions but not trust them with a private module…? Your entire game could be leaked by a simple download button but yet you’re trying to fight for a single script? :thinking:

Worst case scenario you take their edit permissions away. Have them share individual games with you if they are part of development and use what they share with you from there.

Exploiters will do whatever to infect games even if it means that their code is at stake. Also a simple popup would help because Terms and Conditions are usually 20 pages of information that no one cares about, while a popup that could explain what could happend might help as now you would be informed on a private module being inserted into your game rather than you inserting a model and not knowing the effects.

Even if a warning shows up for private modules, ultimately it will do nothing as the developers are simply provided with absolutely no information on the private module that is being added to their game. Unless they are given the source code of the private module, in which they can then read through like the terms and conditions, the warning serves practically no purpose.

It would serve the purpose of allowing the user to know that an unknown private module is being inserted. If I were to insert a private module like CheckMeIn and got the notification I would be like alright! But if I insert say a mountain model from the toolbox and get the popup I would be suspicious and check it out. Part of the notification would hopefully be a button to go to the script itself and see what it is and so you can delete it. But will this stop exploiter completly? No, Will this maybe cut back on exploiters and give developers the freedom of Private Modules? Yes.

Well, its my friend that is holding the group. We both founded it and I created a good code for it and he said he wanted it. I am afraid he will come on the game and take it which I do not want.

If you feel as though your friend, who founded the group with you and should have mutual trust with you, will betray you and run off with the code, then sell it to them for a price you feel reasonable and say that it is a price that they must give for protection of your services.

See, I wouldn’t have to do that if ROBLOX simply didn’t remove private modules.

Known models can often have their name copied in a malicious model with different scripts in them. Take the front page of the models page for example. A car would definitely have a script, possibly closed source, in order to function although (with all due respect and no intentions of defaming) the car could, for all we care, have a malicious code that allows for exploiters in. Some of the top models could even purely have malicious code in them and became popular through bots but the developers would end up making an assumption that the code is somehow needed in the module.

Edit: Oops ended up seeing that I was replying to myself :sweat_smile:, the reply was intended for b_irdio

Your friend would still end up asking you for the code for it, I don’t quite see how making private modules public would make a difference in your situation?

If anything, your friend could always distribute the closed module ID and the code that goes with it. Any good scripter could probably make an educated guess at how the module works and adapt to it (possibly even change stuff around if errors show up).

1 Like

The point is, I don’t want him getting to the code. Simple as that.

If people want their code to be private, then so be it. Don’t interrogate them on their relationship with someone else.

5 Likes

This just shows that it makes more sense to not have private modules. If your friend owns the group, they’re free to let you go. The ability to hold this over someone is terrible and you should have never done this in the first place.

I would never take code for a game of mine that can just be modified or taken away from me at any time, and your friend shouldn’t either. That’s dangerous.

1 Like

So far flag is still not flipped, so it’s speculated they’re having last second discussions on it.

Although closed-sources modules were important, it had to be done. There was no sandboxinv at all, so there was no security at all. It was definitely a hard choice, but hopefully the right one.

What’s that have to do with my post? I’m saying the post I responded to is using private modules in a very shady way. I don’t see how whether or not Roblox is having last minute discussions has anything to do with how correct their practice is. You have to explain your point better.

If you’re so concerned with not being able to see the source code in private modules, it’s simple: don’t use them. Just because you’re concerned with your own games being affected by something that ROBLOX isn’t forcing upon you to insert in your game doesn’t mean others won’t benefit from it.

I also can say that many of the people who would get viruses from private modules are also people who simply would not even bother to check the source code of open modules; thus this change doesn’t solve the issues ROBLOX is trying to fix.

I understand why ROBLOX think this is a fix to their issues, but it hasn’t been well thought out as these changes won’t simply have people suddenly think to themselves Oh! ROBLOX removed private modules! Hm! I must now check the source codes of open modules and ensure they are safe! which I probably think ROBLOX hasn’t thought about.

9 Likes

Doesn’t matter - that isn’t the point of this change. Forcing all require’d modules to be public allows me (and others) to reverse engineer malicious scripts easily without being forced to work around a black box enforced by Roblox itself. It also enforces accountability - an admin script (for example) cannot hide a secret backdoor without being easily noticed now.

2 Likes

Once again, if you’re concerned with a specific admin script using a backdoor, don’t use it. It’s simple.

2 Likes

This has nothing to do with “not using it” - I already don’t use any private modules for obvious reasons (still quite funny that Adonis, a public module since day 1, is better then any other admin script) - but as I said, it enforces accountability for script developers. If a script developer secretly updates their public module to include a backdoor, chances are someone will notice within a short time frame. On the other hand, a backdoor added to a private module will likely never be discovered unless someone finds another way of stealing their source code.

Simple rule: If X code runs in your game, it should be visible to you to analyze.

2 Likes

I see what you mean, but I can’t imagine a developer frequently looking through the open-source module code to ensure no backdoors have been added which makes this update somewhat not logical in my opinion.

Since you said that, I assume you are concerned for others who rely on modules?

1 Like