Risks of non-default CSM settings in 5.0+

User avatar
paramat
Developer
 
Posts: 3412
Joined: Sun Oct 28, 2012 00:05
Location: UK
GitHub: paramat
IRC: paramat

Re: Risks of non-default CSM settings in 5.0+

by paramat » Sun Jun 16, 2019 01:28

Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.

CSM features that initially seem harmless can and will be harmful to the gameplay of certain servers, so servers have to be able to completely disable client-provided CSM.
Many server owners, and most of the owners of the most popular and respected servers, very strongly demanded a way to completely disable client-provided CSM, for good reason.
 

User avatar
Lejo
Member
 
Posts: 634
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Sun Jun 16, 2019 06:59

paramat wrote:Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.

CSM features that initially seem harmless can and will be harmful to the gameplay of certain servers, so servers have to be able to completely disable client-provided CSM.
Many server owners, and most of the owners of the most popular and respected servers, very strongly demanded a way to completely disable client-provided CSM, for good reason.

There are pretty useful things possible just look to the forum-CSM-subtopic. I used it pretty often. One Example: you have a buggy shared chest and nobody can dig it. Just read the meta using CSM and you know that no owner is set so you can now check what went wrong in the mod.

I only had one CSM Problem on my server: chest cheats.
Some other server had a bigger Problem: creative inventory opening.
And most survival servers: Ordetect
The first two could easily been fixed and for the last we have the get_node limit.
What’s now the reason why to fully disable CSMs?
 

yw05
Member
 
Posts: 108
Joined: Tue May 07, 2019 12:59
Location: linux-forks.de port 30000
IRC: yw05
In-game: ywang

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Sun Jun 16, 2019 11:11

Lejo wrote:It’s just a bit strange:
You have CSM great things are possible and then the server can completely disable CSM.
Why? The server doesn’t care about the most things done by CSM. The settings are much to strict especially by default. Why is the server allowed to disable CSM loading? That’s nothing the server should control.

Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.
Lejo wrote:I fully agree with block lookup limits, they are needed. But others are overblocking just because there were some leaks to for example cheat items but as they are all fixed we don’t need a full CSM block.

These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."
Huh, why am I still using Minetest 4.x?
 

User avatar
Lone_Wolf
Member
 
Posts: 2179
Joined: Sun Apr 09, 2017 05:50
Location: Hopefully very far from yours, snoop :P
GitHub: LoneWolfHT
IRC: Lone_Wolf
In-game: Lone_Wolf

Re: Risks of non-default CSM settings in 5.0+

by Lone_Wolf » Sun Jun 16, 2019 15:28

paramat wrote:Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.

I use the dte CSM to make CSM chatcommands that allow me to run complex WE commands with ease. Adding a mod to run the command would be a pain. And it would usually only be used once.
It can also be used for aiding in server moderation viewtopic.php?f=53&t=20648 (In a lot more ways than a formspec)
 

User avatar
Lejo
Member
 
Posts: 634
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Sun Jun 16, 2019 16:14

yw05 wrote:Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.

If don’t like that people hear music while playing this is no reason why I can disallow it them. There’s no me known reason for this.

These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."

In my opinion it’s not a real hacked client if you enable CSM-Loading when blocked by server. It’s as the name says Clientside and the server should only care about if the client uses it for malicious things. You can also kill people with a knife but that’s no reason why you aren’t allowed to have one as long as you haven’t done it.

Lone_Wolf wrote:I use the dte CSM to make CSM chatcommands that allow me to run complex WE commands with ease. Adding a mod to run the command would be a pain. And it would usually only be used once.
It can also be used for aiding in server moderation viewtopic.php?f=53&t=20648 (In a lot more ways than a formspec)

I also use this mod! It’s just great to code some things quickly ingame.
 

yw05
Member
 
Posts: 108
Joined: Tue May 07, 2019 12:59
Location: linux-forks.de port 30000
IRC: yw05
In-game: ywang

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Sun Jun 16, 2019 16:29

Lejo wrote:
yw05 wrote:Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.

If don’t like that people hear music while playing this is no reason why I can disallow it them. There’s no me known reason for this.

The fact is that some server admins don't like CSMs, and cheating is one of their reasons. What I was trying to say is that such admins exist, not that CSMs shouldn't exist. Personally I don't like disallowing CSMs either, but I do think that this could be a feature for those who want to disallow them.

Lejo wrote:
These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."

In my opinion it’s not a real hacked client if you enable CSM-Loading when blocked by server. It’s as the name says Clientside and the server should only care about if the client uses it for malicious things. You can also kill people with a knife but that’s no reason why you aren’t allowed to have one as long as you haven’t done it.

Just like what I said above, I don't like disallowing CSMs either, but such warning would still be useful. Such warnings are more like "Be careful, you can get in trouble for hurting others with this knife" and not "Knives must be banned."
Huh, why am I still using Minetest 4.x?
 

User avatar
Linuxdirk
Member
 
Posts: 2107
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: Risks of non-default CSM settings in 5.0+

by Linuxdirk » Mon Jun 17, 2019 05:00

yw05 wrote:What I was trying to say is that such admins exist, not that CSMs shouldn't exist.

CSM in the current state was never planned and should not exist. It was a mistake to release it in the state it is.

CSM was planned as something like Javascript: Sent from the server to the client and the client runs it. That clients can run arbitrary self-provided code was never part of the plan according to the roadmap.
 

User avatar
Lejo
Member
 
Posts: 634
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Mon Jun 17, 2019 06:32

That’s true but why was it a mistake? CSM helped to find leaks for Example: formspec security, metadata security(range and locked) and as we said before csm is useful.
 

yw05
Member
 
Posts: 108
Joined: Tue May 07, 2019 12:59
Location: linux-forks.de port 30000
IRC: yw05
In-game: ywang

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Mon Jun 17, 2019 10:12

Linuxdirk, Lejo:
I'm afraid that this is getting off-topic now.
When I wrote that "I didn't mean that CSMs shouldn't exist", I was trying to explain that I'm not one of these admins who don't allow CSMs, and not that I have an opinion on whether CSMs should exist. Linuxdirk, please don't change the meaning of my words by quoting only the part that you are interested in - this often ends up with misunderstanding, especially with the fact that we are from different countries, and our way of thinking may differ because of cultural difference(s).
The original topic is about risks of non-default CSM settings, not about whether CSMs should exist.
Huh, why am I still using Minetest 4.x?
 

Previous

Return to Client-side modding



Who is online

Users browsing this forum: No registered users and 1 guest