Page 2 of 2

Re: Risks of non-default CSM settings in 5.0+

Posted: Sun Jun 16, 2019 01:28
by paramat
Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.

CSM features that initially seem harmless can and will be harmful to the gameplay of certain servers, so servers have to be able to completely disable client-provided CSM.
Many server owners, and most of the owners of the most popular and respected servers, very strongly demanded a way to completely disable client-provided CSM, for good reason.

Re: Risks of non-default CSM settings in 5.0+

Posted: Sun Jun 16, 2019 06:59
by Lejo
paramat wrote:Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.

CSM features that initially seem harmless can and will be harmful to the gameplay of certain servers, so servers have to be able to completely disable client-provided CSM.
Many server owners, and most of the owners of the most popular and respected servers, very strongly demanded a way to completely disable client-provided CSM, for good reason.
There are pretty useful things possible just look to the forum-CSM-subtopic. I used it pretty often. One Example: you have a buggy shared chest and nobody can dig it. Just read the meta using CSM and you know that no owner is set so you can now check what went wrong in the mod.

I only had one CSM Problem on my server: chest cheats.
Some other server had a bigger Problem: creative inventory opening.
And most survival servers: Ordetect
The first two could easily been fixed and for the last we have the get_node limit.
What’s now the reason why to fully disable CSMs?

Re: Risks of non-default CSM settings in 5.0+

Posted: Sun Jun 16, 2019 11:11
by yw05
Lejo wrote:It’s just a bit strange:
You have CSM great things are possible and then the server can completely disable CSM.
Why? The server doesn’t care about the most things done by CSM. The settings are much to strict especially by default. Why is the server allowed to disable CSM loading? That’s nothing the server should control.
Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.
Lejo wrote:I fully agree with block lookup limits, they are needed. But others are overblocking just because there were some leaks to for example cheat items but as they are all fixed we don’t need a full CSM block.
These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."

Re: Risks of non-default CSM settings in 5.0+

Posted: Sun Jun 16, 2019 15:28
by Lone_Wolf
paramat wrote:Nothing great is possible in CSM until server-sent CSM is completed, it's currently fun but trivial things like coloured chat.
I use the dte CSM to make CSM chatcommands that allow me to run complex WE commands with ease. Adding a mod to run the command would be a pain. And it would usually only be used once.
It can also be used for aiding in server moderation viewtopic.php?f=53&t=20648 (In a lot more ways than a formspec)

Re: Risks of non-default CSM settings in 5.0+

Posted: Sun Jun 16, 2019 16:14
by Lejo
yw05 wrote:Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.
If don’t like that people hear music while playing this is no reason why I can disallow it them. There’s no me known reason for this.
These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."
In my opinion it’s not a real hacked client if you enable CSM-Loading when blocked by server. It’s as the name says Clientside and the server should only care about if the client uses it for malicious things. You can also kill people with a knife but that’s no reason why you aren’t allowed to have one as long as you haven’t done it.
Lone_Wolf wrote:I use the dte CSM to make CSM chatcommands that allow me to run complex WE commands with ease. Adding a mod to run the command would be a pain. And it would usually only be used once.
It can also be used for aiding in server moderation viewtopic.php?f=53&t=20648 (In a lot more ways than a formspec)
I also use this mod! It’s just great to code some things quickly ingame.

Re: Risks of non-default CSM settings in 5.0+

Posted: Sun Jun 16, 2019 16:29
by yw05
Lejo wrote:
yw05 wrote:Some server admins don't like CSMs becsuse of such cheating, but that doesn't necessarily mean that every admin want to have CSM disabled. It's just a choice for those who are against CSMs.
If don’t like that people hear music while playing this is no reason why I can disallow it them. There’s no me known reason for this.
The fact is that some server admins don't like CSMs, and cheating is one of their reasons. What I was trying to say is that such admins exist, not that CSMs shouldn't exist. Personally I don't like disallowing CSMs either, but I do think that this could be a feature for those who want to disallow them.
Lejo wrote:
These CSM options are more about "Some server admins don't want you to do these things. Don't say that you aren't warned." and not "Get a hacked client if you want to do these things."
In my opinion it’s not a real hacked client if you enable CSM-Loading when blocked by server. It’s as the name says Clientside and the server should only care about if the client uses it for malicious things. You can also kill people with a knife but that’s no reason why you aren’t allowed to have one as long as you haven’t done it.
Just like what I said above, I don't like disallowing CSMs either, but such warning would still be useful. Such warnings are more like "Be careful, you can get in trouble for hurting others with this knife" and not "Knives must be banned."

Re: Risks of non-default CSM settings in 5.0+

Posted: Mon Jun 17, 2019 05:00
by Linuxdirk
yw05 wrote:What I was trying to say is that such admins exist, not that CSMs shouldn't exist.
CSM in the current state was never planned and should not exist. It was a mistake to release it in the state it is.

CSM was planned as something like Javascript: Sent from the server to the client and the client runs it. That clients can run arbitrary self-provided code was never part of the plan according to the roadmap.

Re: Risks of non-default CSM settings in 5.0+

Posted: Mon Jun 17, 2019 06:32
by Lejo
That’s true but why was it a mistake? CSM helped to find leaks for Example: formspec security, metadata security(range and locked) and as we said before csm is useful.

Re: Risks of non-default CSM settings in 5.0+

Posted: Mon Jun 17, 2019 10:12
by yw05
Linuxdirk, Lejo:
I'm afraid that this is getting off-topic now.
When I wrote that "I didn't mean that CSMs shouldn't exist", I was trying to explain that I'm not one of these admins who don't allow CSMs, and not that I have an opinion on whether CSMs should exist. Linuxdirk, please don't change the meaning of my words by quoting only the part that you are interested in - this often ends up with misunderstanding, especially with the fact that we are from different countries, and our way of thinking may differ because of cultural difference(s).
The original topic is about risks of non-default CSM settings, not about whether CSMs should exist.