Risks of non-default CSM settings in 5.0+

User avatar
paramat
Developer
Posts: 3700
Joined: Sun Oct 28, 2012 00:05
GitHub: paramat
IRC: paramat
Location: UK

Re: Risks of non-default CSM settings in 5.0+

by paramat » Post

Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.

CSM features that initially seem harmless can and will be harmful to the gameplay of certain servers, so servers have to be able to completely disable client-provided CSM.
Many server owners, and most of the owners of the most popular and respected servers, very strongly demanded a way to completely disable client-provided CSM, for good reason.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

paramat wrote:Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.

CSM features that initially seem harmless can and will be harmful to the gameplay of certain servers, so servers have to be able to completely disable client-provided CSM.
Many server owners, and most of the owners of the most popular and respected servers, very strongly demanded a way to completely disable client-provided CSM, for good reason.
There are pretty useful things possible just look to the forum-CSM-subtopic. I used it pretty often. One Example: you have a buggy shared chest and nobody can dig it. Just read the meta using CSM and you know that no owner is set so you can now check what went wrong in the mod.

I only had one CSM Problem on my server: chest cheats.
Some other server had a bigger Problem: creative inventory opening.
And most survival servers: Ordetect
The first two could easily been fixed and for the last we have the get_node limit.
What’s now the reason why to fully disable CSMs?

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Lejo wrote:It’s just a bit strange:
You have CSM great things are possible and then the server can completely disable CSM.
Why? The server doesn’t care about the most things done by CSM. The settings are much to strict especially by default. Why is the server allowed to disable CSM loading? That’s nothing the server should control.
Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.
Lejo wrote:I fully agree with block lookup limits, they are needed. But others are overblocking just because there were some leaks to for example cheat items but as they are all fixed we don’t need a full CSM block.
These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."

User avatar
Lone_Wolf
Member
Posts: 2576
Joined: Sun Apr 09, 2017 05:50
GitHub: LoneWolfHT
IRC: LandarVargan
In-game: LandarVargan

Re: Risks of non-default CSM settings in 5.0+

by Lone_Wolf » Post

paramat wrote:Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.
I use the dte CSM to make CSM chatcommands that allow me to run complex WE commands with ease. Adding a mod to run the command would be a pain. And it would usually only be used once.
It can also be used for aiding in server moderation viewtopic.php?f=53&t=20648 (In a lot more ways than a formspec)
My ContentDB -|- Working on CaptureTheFlag -|- Minetest Forums Dark Theme!! (You need it)

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

yw05 wrote:Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.
If don’t like that people hear music while playing this is no reason why I can disallow it them. There’s no me known reason for this.
These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."
In my opinion it’s not a real hacked client if you enable CSM-Loading when blocked by server. It’s as the name says Clientside and the server should only care about if the client uses it for malicious things. You can also kill people with a knife but that’s no reason why you aren’t allowed to have one as long as you haven’t done it.
Lone_Wolf wrote:I use the dte CSM to make CSM chatcommands that allow me to run complex WE commands with ease. Adding a mod to run the command would be a pain. And it would usually only be used once.
It can also be used for aiding in server moderation viewtopic.php?f=53&t=20648 (In a lot more ways than a formspec)
I also use this mod! It’s just great to code some things quickly ingame.

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Lejo wrote:
yw05 wrote:Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.
If don’t like that people hear music while playing this is no reason why I can disallow it them. There’s no me known reason for this.
The fact is that some server admins don't like CSMs, and cheating is one of their reasons. What I was trying to say is that such admins exist, not that CSMs shouldn't exist. Personally I don't like disallowing CSMs either, but I do think that this could be a feature for those who want to disallow them.
Lejo wrote:
These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."
In my opinion it’s not a real hacked client if you enable CSM-Loading when blocked by server. It’s as the name says Clientside and the server should only care about if the client uses it for malicious things. You can also kill people with a knife but that’s no reason why you aren’t allowed to have one as long as you haven’t done it.
Just like what I said above, I don't like disallowing CSMs either, but such warning would still be useful. Such warnings are more like "Be careful, you can get in trouble for hurting others with this knife" and not "Knives must be banned."

User avatar
Linuxdirk
Member
Posts: 3218
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Risks of non-default CSM settings in 5.0+

by Linuxdirk » Post

yw05 wrote:What I was trying to say is that such admins exist, not that CSMs shouldn't exist.
CSM in the current state was never planned and should not exist. It was a mistake to release it in the state it is.

CSM was planned as something like Javascript: Sent from the server to the client and the client runs it. That clients can run arbitrary self-provided code was never part of the plan according to the roadmap.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

That’s true but why was it a mistake? CSM helped to find leaks for Example: formspec security, metadata security(range and locked) and as we said before csm is useful.

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Linuxdirk, Lejo:
I'm afraid that this is getting off-topic now.
When I wrote that "I didn't mean that CSMs shouldn't exist", I was trying to explain that I'm not one of these admins who don't allow CSMs, and not that I have an opinion on whether CSMs should exist. Linuxdirk, please don't change the meaning of my words by quoting only the part that you are interested in - this often ends up with misunderstanding, especially with the fact that we are from different countries, and our way of thinking may differ because of cultural difference(s).
The original topic is about risks of non-default CSM settings, not about whether CSMs should exist.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest