On Lua Scripting Limitations

Feedback on past, current, and future development.
User avatar
Husaco
Posts: 44
Joined: 07 Aug 2011, 11:54
Location: Australia

Re: On Lua Scripting Limitations

Post by Husaco »

wazabear wrote: 06 Apr 2021, 04:53 I should also note that MWSE would be able to do everything I mentioned above, and I would also urge everyone reading this to consider the history of script extenders, which have been around for over a decade across various games (not just BGS titles).
These features, while potentially incredibly dangerous and destructive to your system, also have the potential to do many "cool" and useful things (like in the examples I mentioned above) with little effort and that would otherwise be impossible.
It seems fairly relevant to me that none of things are actually impossible to do with OpenMW as they are in a closed-source, commercial game, it's just that they can't be done within the modding system. We don't need unbounded script extenders that clumsily hack their way into full access of the program to implement things that would be considerably better suited to be patches; that's half the point of FOSS. The examples that you've given mostly seem to point to implementing an intricate, fully-featured modding framework within the basic modding framework, which surely is at least a little silly.
User avatar
akortunov
Posts: 899
Joined: 13 Mar 2017, 13:49
Location: Samara, Russian Federation

Re: On Lua Scripting Limitations

Post by akortunov »

wazabear wrote: 07 Apr 2021, 07:34 I think my point is not getting across at all.
I got your point that the features you described are needed for modmaking tools (script editor, mod organizer, mesh previewer, etc) and the idea is to create a framework to implement them and embed them to the game itself as Lua mods, but it is a quite strange approach which more likely will not be allowed.
wazabear wrote: 07 Apr 2021, 07:34 You can export these configs to share, or import an existing ones from your Downloads folder (which you conveniently downloaded from the Nexus).
It can be done manually, just as with settings.cfg file. There is no need to add a separate entity with the full access to filesystem for that.
User avatar
wazabear
Posts: 96
Joined: 13 May 2020, 19:31
Gitlab profile: https://gitlab.com/glassmancody.info

Re: On Lua Scripting Limitations

Post by wazabear »

Husaco wrote: 07 Apr 2021, 07:41 It seems fairly relevant to me that none of things are actually impossible to do with OpenMW as they are in a closed-source, commercial game, it's just that they can't be done within the modding system. We don't need unbounded script extenders that clumsily hack their way into full access of the program to implement things that would be considerably better suited to be patches; that's half the point of FOSS.
I think it's clear we're talking about upstream OpenMW here. Yes, I know anyone can fork and do whatever they want with it, I've even done this myself with my GUI changes and shared it. I'm not arguing the philosophy of FOSS here either, just what I see to be best for the game engine, and the people using it. As for not needing clumsy hacks, I agree. That's why I love this project so much, because things can be implemented properly and run a game that stays close to my heart. I would not call being able to copy files as being "unbounded" either.
Husaco wrote: 07 Apr 2021, 07:41 The examples that you've given mostly seem to point to implementing an intricate, fully-featured modding framework within the basic modding framework, which surely is at least a little silly.
There is nothing intricate about importing and exporting a config file that is likely a small JSON file.

Anyways, I guess I'm the only person here with these opinions, so I don't see much use in going on with this. I just wanted a clarification on what the Lua system actually aims to be and get a response to my concerns, which seem to be "just don't do it, you aren't allowed".
User avatar
urm
Posts: 83
Joined: 02 Jun 2017, 16:05
Gitlab profile: https://gitlab.com/uramer

Re: On Lua Scripting Limitations

Post by urm »

psi29a wrote: 06 Apr 2021, 09:29 Unfettered network access is a non-starter. If there is a way to mitigate security concerns about having network access, then we can provide a mechanism for a specific protocol to be used, such as REST or some other Pub/Sub mechanism.
Could you explain this in more detail? Ptmikheev shares this idea, but failed to provide any convincing arguments.

I don't see how having access to arbitrary HTTP requests or even arbitrary socket connections can cause any real safety issues. Assuming the rest of the sandbox is secure, there is nothing meaningfully malicious one could do with them.
Chris
Posts: 1625
Joined: 04 Sep 2011, 08:33

Re: On Lua Scripting Limitations

Post by Chris »

wazabear wrote: 07 Apr 2021, 00:14 The argument seems to be you'd never need any of these functionalities since the API can always be extended and should be powerful enough.
No, the argument is that much of what's needed can be provided with a built-in interface, and that the compatibility, stability, and security issues outweigh the remaining benefits. Take something like disk access. How would that work across platforms, some of which have very restricted file system access? How would you protect against a mod from sniffing /dev or $HOME? We don't want mods being able to read a user's personal private data, we don't want mods to be OS-specific, and we don't want mods to break because the engine updated or the user switched OSs.
urm wrote: 07 Apr 2021, 12:56 I don't see how having access to arbitrary HTTP requests or even arbitrary socket connections can cause any real safety issues. Assuming the rest of the sandbox is secure, there is nothing meaningfully malicious one could do with them.
Such a mod would be able to send any data it wants over the network, including information it didn't ask if the user was okay with reporting. At the same time, it could cause mods problems if it wants to access the network and network connectivity is spotty. Mods with bugs that only show up with certain network conditions? Always-online mods?
EvilEye
Posts: 33
Joined: 12 Feb 2014, 13:45
Gitlab profile: https://gitlab.com/Assumeru

Re: On Lua Scripting Limitations

Post by EvilEye »

urm wrote: 07 Apr 2021, 12:56I don't see how having access to arbitrary HTTP requests or even arbitrary socket connections can cause any real safety issues. Assuming the rest of the sandbox is secure, there is nothing meaningfully malicious one could do with them.
Not a safety issue per se, but it'd make it very easy to make a mod that forms a DDOS network. Dunno if that should be considered particularly concerning, but hey.
User avatar
wazabear
Posts: 96
Joined: 13 May 2020, 19:31
Gitlab profile: https://gitlab.com/glassmancody.info

Re: On Lua Scripting Limitations

Post by wazabear »

Chris wrote: 07 Apr 2021, 16:34 No, the argument is that much of what's needed can be provided with a built-in interface, and that the compatibility, stability, and security issues outweigh the remaining benefits.
Right, by extending the API (ie having a built-in interface)?

Fine, users cant share configs then nicely for anything ever. Thats going to be left to 3rd party tools. Again it's encouraging use of exes/binaries (the best way to ship these tools as a modder) as a solution to a sandboxed environment. Whether this encouragement is intentional or unintentional, it is a real consequence and I see the irony in it.

As a modder, this is terrible news and pretty discouraging.

It's been said that even the VFS will be restricted, ie mods have have write access to only their folder (and it's not even been clarified if its direct access to files or just shared persistent storage). The biggest consequence of this is it makes mod config menus impossible (a 100% necessary feature), so OpenMW will need to hardcode a system in place. Probably you need this right away, as you want mod authors to all use this standard method and not do so through hacky methods like messagebox prompts.
User avatar
AnyOldName3
Posts: 2668
Joined: 26 Nov 2015, 03:25

Re: On Lua Scripting Limitations

Post by AnyOldName3 »

I don't see how what we're proposing stops mods from having save-local storage or profile-local storage. I also don't see why we can't have a button in the launcher to import and export a mod's profile-local storage to a nice YAML file that they can share. Maybe we can even add a nice API so the mod can control what can be exported. That immediately covers use cases like settings and shareable user-generated content like this Fallout 4 mod: https://www.nexusmods.com/fallout4/mods/22442
User avatar
wazabear
Posts: 96
Joined: 13 May 2020, 19:31
Gitlab profile: https://gitlab.com/glassmancody.info

Re: On Lua Scripting Limitations

Post by wazabear »

AnyOldName3 wrote: 07 Apr 2021, 21:52 I don't see how what we're proposing stops mods from having save-local storage or profile-local storage. I also don't see why we can't have a button in the launcher to import and export a mod's profile-local storage to a nice YAML file that they can share. Maybe we can even add a nice API so the mod can control what can be exported. That immediately covers use cases like settings and shareable user-generated content like this Fallout 4 mod: https://www.nexusmods.com/fallout4/mods/22442
It's not that it stops it, but that is not a nice way of doing things. Objectively, the most intuitive method is to do this from within the in-game mod config menu (which must be created by OpenMW, so I can't speak to what this will look like). If we can do it from the launcher why can't we do it from in-game? Also that mod suggests a 3rd party tool for managing them, a general export/import functionality wouldn't be able to do that unless you had a complex system which allowed custom UIs.

In this particular instance of configs, transferring files to specific folders is not user-friendly. A downloaded config should be able to stay in your Downloads folder.
Last edited by wazabear on 07 Apr 2021, 22:24, edited 1 time in total.
User avatar
AnyOldName3
Posts: 2668
Joined: 26 Nov 2015, 03:25

Re: On Lua Scripting Limitations

Post by AnyOldName3 »

If we put a button in the launcher, users are aware when they're clicking it. If we add an API to do the same thing in-game, the user doesn't know when a script's calling it without asking them.
Post Reply