What This Means [Clientside modding now possible?]

Discussion in 'Bukkit Discussion' started by Specops343, May 11, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    Specops343

    Alright so i've been following this for a couple of days. It seems a guy has made a custom client(i think thats what it is?) that makes it so when the client connects with the server, the server tells it what to download mod wise. As this opens up a lot of possibilitys, I'd like to learn more, but my knowledge of java is slim. Here are the links for you:
    http://www.facebook.com/pages/Minecraft-Mo-Creatures-SMP/191875320849125

    The "user" package:
    link removed by mod

    The "dev" package:
    link removed by mod

    Kinda got it to work, console didnt come up when I ran it but the server was running.

    I need a dev to port this to bukkit, it would finally allow client mods by just connecting to a server.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 16, 2016
  2. Offline

    PhantomGamers

    I don't think Bukkit's intention is to require users to have a client modification to join servers.
    This would only work if Notch implemented it into MC.
     
  3. Offline

    Specops343

    However, it seems like every other plugin request involves client-side modifications. Im sure a lot of other server admins would at least like the option to add mods to their server that require client-side mods, like mo creatures, planes, guns, whatever mod they like really.
     
  4. Offline

    dezzicky2

    i think it would be awesome if someone could incorporate this into bukkit
     
  5. Offline

    mze9412

    That would open up nasty possibilities. I would refuse playing with a client which could and would download content that the server tells it to download. It would basically mean that you could never join a server were you do not fully trust the server owner(s) because they could make you download code which opens up your machine to them and then take a look at your files ;)
     
  6. Offline

    ledhead900


    :rolleyes:I have a easy full proof solution for this and once u do this you will never have to worry about these things,
    Unplug your cat5e cable from your computer and turn off your wireless.

    I think you would be much safer not knowing about the giant cloud. :p
     
  7. Offline

    Brain

    Well, bukkit plugins can execute arbitrary code on your Minecraft server too. Even worse, those are often dedicated machines connected to the internet with a really good connection.
    However there is a solution to make sure the files distributed by an appropriately modified server to the client are the very same that everybody trusts by calculating a checksum and then comparing them with the official checksum published by the plugin author. Another advantage of keeping checksums for the distributed files at hand would be that you don't have to download the same file multiple times.
    All in all I don't think the arbitrary code execution problem on the client side is any worse than on the server side. Since there are likely more clients than servers the chances that somebody spots suspicious plugin behavior are actually better even. :)
     
  8. Offline

    mze9412

    @ledhead
    I am a software developer myself but to me there is a huge difference between trusting some arbitrary server admin and trusting a company. Yeah, companies fuck up often enough but at least I know who is fucking up and I know who I can sue if I wanted to (not that it would help much). If such a system would have a checksum feature (like Brain suggested) it would not be that bad.

    @Brain
    Yeah, but I trust that server admins look at what they execute on their servers ;) Players often have no idea what that client software is doing so someone who knows how to admin some dedicated server. I know there are exceptions to this...

    Overall: If this was done by some plugin author who I would not know and who just says "hey, download my special client which can do this" I would definatly not use it. If it would be some system with checksums set up and integrated into bukkit itself I might use it with open source plugin where I could look into the source code (not that I would bother all the time ...).

    Why? I do not trust single individuals who do not have to publish any information about themselves aside of an arbitrary nickname when it comes to downloading executable code on machine when no source code is available.
    That does not mean that I would entrust all my personal info to some company (but I do use cloud services). My experiences with anonymous individuals when it comes to executables is just not the best ;)
     
  9. Offline

    ledhead900

    I know what you ment I was just poking some fun dont worry :p I'm not a dev but I'm a confident IT techy well awear of risks and so on.

    There are other alternatives to what is posted here tho like that DynCraft mod that appears to actually be an API for Developing mods that would essentially do the same thing as this is suggesting, I would assume tho the mod would have a chucksum so you could easily varify the source.
     
  10. Offline

    Brain

    Cool, would you trust me with your ATM card and PIN? :p
    Jokes aside, I doubt many server admins look at the sources of the bukkit plugins or bukkit itself before they use bukkit or its plugins. One of the advantages of the open source approach, someone will eventually look at the code, even if it's just some random dude who wants to fork. Makes it difficult to hide evil things(TM).

    Totally with you on this one. Open source, provide a fingerprint the user can check against a trustworthy source, I think that's the best you can without resorting to draconian, DRM-style hardening. It won't protect you 100% from malicious software, but at least you can be fairly certain that the software you are installing IS the software that you THINK you are installing.
    Or even better, disable automatic downloading of client mods by default and just provide a list of mods you lack when trying to join a server. You can then download and install them yourself while making sure you got them from a reliable source.
     
  11. Offline

    CompuIves

    I think it needs to be like Garry's Mod. There the client downloads also client side addons, I don't know how Garry made it virus-free though...
     
  12. Offline

    Specops343

    I feel like this is the next step for bukkit.
     
  13. Unless notch adds auto-downloading code for other stuff then minecraft itself, bukkit won't add it, becouse every user (over 9000) needs to download a client mod which needs to be manually updated too, probably
     
  14. Offline

    Specops343

    Im pretty sure at least most of my users would be willing to do this for mo creatures and other client mods.
     
Thread Status:
Not open for further replies.

Share This Page