Post 1.0 Planning Update

[psi29a]

If you think zinimw is bad, try Linux or should I just call it LinusUnix (yes, bad joke)

You can fork Linux too btw, in fact, many do.

[NullCascade]

Extending the scripting language will not cause any regressions at all with existing content files (unless we produce a bug, which is always a risk when you work on any code). I have a scheme that takes care of this problem.

This is demonstrably false. We have open issues on the tracker. We have warnings in the console. Morrowind (and mwscript in general) is a steaming pile, and you've seen how inconsistent and weird it is and how modders have used this (like elseif vs. else if). The more you try to fix the syntax, the more you break previous mods. This is inherently solved by two approaches: respect the bytecode, or move away from the monstrosity that is mwscript and leave it there only to support legacy MW mods/modders that want to use it.

Regarding limiting modders: I don't see that. We do take feature requests after all. And if a mod developer is capable of creating executable he is probably also capable of contributing to OpenMW. It is open source after all.

Don't want to go into details now, but most of the listed functionality could probably better implemented with core support within the engine itself, which is then used by content developers. We are able to dish out new releases quite quickly if there is enough development activity, so I don't see delays resulting from waiting for a new OpenMW version a problem either.

Mort expressed some concerns there already, but I'll add that it's a really weird approach to take. Do you really want to micromanage modders? Is that healthy for OpenMW, or healthy for the Morrowind modding scene? You are absolutely going to find things that you are either just not interested in, or don't agree with, and that mod just can't be made? That's... legitimately disappointing.

With things like Sky Diversity, Discord Rich Presence, and Fliggerty's C&E mod, what is a modder to do? Try to convince you to add imagemagick bindings? Bundle the Discord API? Expose networking functions? I don't see you approving any of those things, so those mods just can't be made for OpenMW?

Then you're not longer in the same league as a typical modder, but a programmer. Might as well fork OpenMW to add the features you need.

You should totally look into what is possible, I think you misunderstand what LuaJIT offers a project like this or MWSE. Again I'll use the Discord Rich Presence mod as an example here. I had to write no bindings. I had to write no C (other than what I added to MWSE to allow Lua mods). I used freely available, MIT-licensed FFI bindings to the Discord RPC library, and made a few function calls inside of Lua.

Don't get hung up on how unimportant Discord or RPC is, but that's the power it gives. It lets modders do insanely revolutionary modding, things that would never make sense to bundle with OpenMW or to make bindings for. And they don't need to learn C to do it. They don't need to clone and redistribute a big project like OpenMW. They only need to write a few lines of Lua. That's it. A half-hour's work, not 6 months of trying to argue for and wait for the feature to be bundled in OpenMW.

The solution is not to fork OpenMW for each mod you want to make that doesn't fit into the limited cookie-cutter mwscript. Please, please reconsider. I'll happily work on all of it, and do any sandboxing restrictions we need, so long as players can choose to lift the restrictions by changing a config entry and use mods.

[Chris]

Ok so what if someone has an idea for a function that you don't agree with.

Depends entirely on the function. Speaking in hypotheticals doesn't help here since there are numerous reasons why a particular function request may be denied, and the impact it has on the potential mod depends on exactly what the function would be.

As a real actual modder - the idea of continuing to use mwscript is insane to me. You have the option to use lua or literally anything but the nonsense that is mwscript but instead you choose to double down on bethesda's bad code lmao.

Whether or not to use MWScript is completely separate from whether or not to allow system API access. I'm fully on board with using a different scripting language. I find MWScript insanely horrid, and extending it to enable advanced functionality is just going to make it more horrid. But regardless of what scripting languages get supported in the future, scripts must be properly sandboxed.

[NullCascade]

Whether or not to use MWScript is completely separate from whether or not to allow system API access. I'm fully on board with using a different scripting language. I find MWScript insanely horrid, and extending it to enable advanced functionality is just going to make it more horrid. But regardless of what scripting languages get supported in the future, scripts must be properly sandboxed.

Depends entirely on the API. Speaking in hypotheticals doesn't help here since there are numerous reasons why a particular function may be sandboxed.

Please provide an example, in the nearly two decades of TES modding, where a malicious mod has been delivered.

[Zini]

This is demonstrably false. We have open issues on the tracker. We have warnings in the console.

I meant for future extensions. The remaining issues you mentioned are the result of us not being fully aware of how badly broken the original compiler was.

Morrowind (and mwscript in general) is a steaming pile, and you've seen how inconsistent and weird it is and how modders have used this (like elseif vs. else if). The more you try to fix the syntax, the more you break previous mods

The original compiler is a steaming pile. The language itself (if you apply a basic set of common sense to compensate for the garbage compiler) is rather meh then terrible (with some glaring omissions). And again, nothing will be broken (beyond what is broken now already).

Mort expressed some concerns there already, but I'll add that it's a really weird approach to take. Do you really want to micromanage modders? Is that healthy for OpenMW, or healthy for the Morrowind modding scene?

That isn't micromanaging, that is open source development. And yes, I consider that extremely healthy.

With things like Sky Diversity, Discord Rich Presence, and Fliggerty's C&E mod, what is a modder to do? Try to convince you to add imagemagick bindings? Bundle the Discord API? Expose networking functions? I don't see you approving any of those things

I can see most of these things going into OpenMW in one way or another.

[lysol]

Just curious as a computer literate but non-programmer: What does it actually mean to sandbox the scripting language? Will there be no possibility to write viruses in mods if you sandbox Lua?

[Chris]

Please provide an example, in the nearly two decades of TES modding, where a malicious mod has been delivered.

Considering the vanilla engines don't support arbitrary code execution from mods, how do you expect me to answer? Even in regards to vanilla script extenders, I don't know every mod that has ever been made, nor do I know every instance of drama that occurs in the TES modding scene to know whether there has ever been a case of a mod that had an embedded virus. But even if there hasn't been, that simply means it hasn't been worth the trouble for someone to try, so what do you suppose making it easier would accomplish?

[Chris]

Just curious as a computer literate but non-programmer: What does it actually mean to sandbox the scripting language?

It basically means that scripts can only see and interact with information the engine specifically provides to it. It can't see or do anything the engine hasn't allowed for.

[JDGBOLT]

Just thought I would post my 2 cents, for whatever that is worth. I fully understand that there is a lot of concern with security and everything else with regards to extending what mods can do with regards to scripting. I also understand that extending the original Morrowind Scripting Engine is at least part of the plan. Speaking as someone who used to do scripting way back in the day, before the Morrowind Scripting Extender existed, it definitely was something that was very limited, and you couldn't do very much with it short of simple checks on variables and slight changes to behavior or whatever, you could not really do things that the creators did not intend, at least not very easily and that was prone to many problems. So extending the morrowind scripting language is a noble goal to help to enable modders to better able to realize their visions of what they want to add to the game. I can see where both sides are coming from, so to speak, you have one camp who wants to stick with the morrowind scripting language, syntax and all. And you also have the folks working on the Morrowind Script Extender, who is trying to extend what modders are capable of. Personally I think you could do many things to help to extend the vanilla morrowind scripting system, such as having support for references, strings, and functions with parameters if we are really lucky. I also see what having support for a language like lua built into the engine could also do. I personally think that both options are valid, though I do think that we are at a rare opportunity for being able to help shape what the future of Morrowind modding could be. Within the Morrowind Script Extender, NullCascade is attempting to integrate a lua api to better extend what modders are capable of doing in the future of scripting with Morrowind.

I personally would like to see a world where the goals of both projects can be realized, I understand some might be iffy relating to allowing arbitrary code to execute on the machine, and am a bit iffy on that myself, for a variety of reasons. I'm not sure that OpenMW needs to support going out and calling to code contained within external DLL's and equivalent, as we should give Modders the capability to realize their visions, but honestly the likelihood of there being a large amount of plugins that use external DLL's should be relatively small, if the scripting language itself is flexible enough to allow modders to create what they wish within the confines of the implementation. I would like to see that the mods that people create with these new tools able to be enjoyed by a variety of people across a variety of experiences. With Lua, there is a lot less of the baggage that has accumulated over the decade and a half of Morrowind modding, so this could be a chance for a fresh start. I personally would like to see that the API's used in this new set of tools for Morrowind modding able to be used on both engines. Not necessarily the same experience, of course, as if you really don't want to allow native code to be executing freely on the User's system, that is perfectly fine. Lua as I understand it can be greatly sandboxed to only be able to talk to the game itself, it was designed for game scripting afterall. If we can have the same functionality of the MWSE lua implementation, without the capability to say do full disk and network access, I don't see what the problem of supporting that would be. If the developer of the new functionality that new mods will undoubtedly use is on hand to be able to explain the intent for what a particular function is supposed to do, isn't that the ideal with regards to implementation? Even better if the author of said implementation is offering to implement on his own time that functionality into the OpenMW engine. I personally think that using Lua, which is a very mature language in comparison to the Morrowind Scripting, which is kind of a hodgepodge of functionality, limited as it is, would be a better use of engineering resources. If we have a properly sandboxed implementation of what future modders will be using for Morrowind, would this not be the ideal for being better able to cater to the player experience?

These are just kind of my thoughts on the matter, and probably don't matter too much in the grand scheme of things. Just we are kind of at a potential new point of Morrowind modding, without the burden of trying to support past plugins, but create something new. And it just kind of seems a shame to be at this point and yet again diverge into 2 different implementations of largely what are the same ideas, to help extend Morrowind so that we as a player can enjoy new mods. Since at the end of the day, for a player, that is what they care about, being able to play new things that revitalize the life of this 16 year old game, and potentially offer future players to come back to this gem. Lua itself has a long history in gaming, and it just seems like it would be a better fit if that is where the Morrowind scripting of the future in the vanilla engine is going to head to. For the modders, having the capability of being better able to realize their vision would probably be the greatest thing, and Lua itself has much more references and capabilities than whatever we could try to extend the vanilla scripting system to, having to sidestep around 15 years worth of modding, trying to ensure that nothing is broken in the course of the extensions. It will probably never have the same number of users and experience than Lua, which has been around for decades and has a loyal following, and frankly works quite well for what it is. If given the choice between a frankenstein Morrowind script and a proven implementation of a popular scripting language which is purpose built for this purpose, I probably would go for the more mature one. Especially if we can ensure compatibility for mods created in the two engines, since there will always be people who will choose one or the other, why do we have to create fragmentation in the mods that they want to play?

[Jemolk]

Please provide an example, in the nearly two decades of TES modding, where a malicious mod has been delivered.

Considering the vanilla engines don't support arbitrary code execution from mods, how do you expect me to answer? Even in regards to vanilla script extenders, I don't know every mod that has ever been made, nor do I know every instance of drama that occurs in the TES modding scene to know whether there has ever been a case of a mod that had an embedded virus. But even if there hasn't been, that simply means it hasn't been worth the trouble for someone to try, so what do you suppose making it easier would accomplish?

It still wouldn't be as easy or effective as plenty of other methods of distributing viruses. Seriously, what's our threat model here? Is a malware author going to write malware specifically to be used off a very specific game engine where most of the mods are consolidated on places like the Nexus and GHF? The Nexus automatically virus-scans files, and GHF has moderators manually approving mods. So good luck distributing viruses that way. People generally only go looking for mods in out-of-the-way, unknown places on the net when there's a very specific mod that they're looking for that was never uploaded anywhere beyond the author's own site. In such cases, they already know of its existence and want to use it or at least test it. What odds would you like to give that malware authors will manage to become known enough as legit modders with good mods to have people do this with their stuff? Especially when it's just so much less hassle to just run an illicit shady DLL site that purports to give you DLLs that you were probably searching the web for simply because they were part of an error message and you're not super computer-literate, unlike most OpenMW users? Essentially, why would anyone target OpenMW users with mods when they get a broader audience with less effort by targeting certain ways in which Windows is beyond fucked up? Are we trying to defend against malware authors who are braindead morons with no clue of what they're doing or why for mod users who are even bigger morons here? If so, how are those people even writing malware to begin with?

I do feel somewhat better seeing your and Zini's comments about the extent of things that would be included. I still think more open-ended scripting is better long-term, but I'm not really as worried that things that need to be there simply won't at this point. Just that it will make things that don't need to be a pain in the ass at all into an absolutely massive one.