Discussion about client-side modding

[TumeniNodes]

Will we need to have the dev version of 0.4.16 after it's release? Or will we be able to use csm with the 0.4.16 stable release when it comes out?

I am only asking as I normally like to use stable builds, and will wait to attempt any csm'ing until the next stable release.

[nrz]

it's present in current dev version and at 0.4.16 release you will have it in your client, but mods will be disabled. You should add enable_client_modding = true to your minetest.conf configuration to enable mods loading

[TumeniNodes]

Thank you. I put that in my notes so I don't forget.

[xoy]

I am unable to use csm mods.
I am build MT from master github sources with RUN_IN_PLACE=TRUE. After enable csm in minetest.conf.
Run MT in terminal and see debug messages saw me CSM "preview" mod worked. But if i remove CSM "preview" mod, and copy in folder "clientmods" another CSM mod, downloaded on its thread. I see debug message

Code: Select all

WARNING[Main]: Mod name conflict detected: "oredetect"
WARNING[Main]: Will not load: .../minetest/bin/../clientmods/oredetect
WARNING[Main]: Overridden by: .../minetest/bin/../clientmods/oredetect

too with other mods. it is a problem not of "oredetect"

UPDATE:
oh, sorry. The mods are work. but i see a warning anyway.

[TumeniNodes]

nrz, or anyone else,

quick question.
So, if texture packs are client side..., does this mean there may be a possibility of adding small scripts into tp's which could alter some server side graphics code?

For example, the way I was trying to find a way to change the colour of the sky from blue to gray, by adding a bit of code to the TP?

Sorry if it is a dumb question, just thought I would ask.

[red-001]

nrz, or anyone else,

quick question.
So, if texture packs are client side..., does this mean there may be a possibility of adding small scripts into tp's which could alter some server side graphics code?

For example, the way I was trying to find a way to change the colour of the sky from blue to gray, by adding a bit of code to the TP?

Sorry if it is a dumb question, just thought I would ask.

Well that might work if the server is already using a texture for the sky, but code for manipulating the sky hasn't been added to CSM yet, so you will probably have to wait till someone adds it.

[TumeniNodes]

ok, thank you.

[red-001]

I am unable to use csm mods.
I am build MT from master github sources with RUN_IN_PLACE=TRUE. After enable csm in minetest.conf.
Run MT in terminal and see debug messages saw me CSM "preview" mod worked. But if i remove CSM "preview" mod, and copy in folder "clientmods" another CSM mod, downloaded on its thread. I see debug message

Code: Select all

WARNING[Main]: Mod name conflict detected: "oredetect"
WARNING[Main]: Will not load: .../minetest/bin/../clientmods/oredetect
WARNING[Main]: Overridden by: .../minetest/bin/../clientmods/oredetect

too with other mods. it is a problem not of "oredetect"

UPDATE:
oh, sorry. The mods are work. but i see a warning anyway.

Could you check if https://github.com/minetest/minetest/pull/5554 fixes the warnings? Edit "mods.conf" in the "/clientmods" folder in order to enable or disable mods.

[the_raven_262]

Is there any way to get player's ObjectRef in clientside mods?

[nrz]

you have core.localplayer which is a reference to localplayer itself

[the_raven_262]

But i can't set anything, like change skybox etc?

[burli]

Client-Side mods are a new method to customize your Minetest client.

In my opinion it is a new method to cheat on a serve. I installed oredetect and try it online (I didn't use it to dig something). It is not just easy to find ores, it is also possible to find any kind of node, even hidden user stuff.

I'm not sure if this is really good for gameplay

[nrz]

For the ores, we are thinking about a better ore creation, but it needs a break and can be fixed only on next release.

For the hidden stuff sfan5 is introducing some hidden meta permitting (if mods are updated) to hide many useless metas to client

[Linuxdirk]

I'm not sure if this is really good for gameplay

It isn't but that's not the matter. The devs want it, the devs make it. (And some of them already started to use it as excuse to not add core functionality.)

[burli]

For the ores, we are thinking about a better ore creation, but it needs a break and can be fixed only on next release.

Creating ores only if they are exposed to air is not the right answer. You still need to create them on the wall of caves and they can be found. And they have to be created also if there is water, lava or anything else that is not "solid".

And make ores just randomly drop from "default:stone"? Really? I don't want to walk through caves and dig stone like an idiot just to hope that something different drops

For the hidden stuff sfan5 is introducing some hidden meta permitting (if mods are updated) to hide many useless metas to client

I don't think that helps to hide chests, furnaces and other stuff that shouldn't be found. I have a hidden cave on hometown (nothing interesting, so don't waste your time to find it ;-). With oredetect it would be easy to find if you know where you have to search. Just punch the ground every other second if you are walking around and you can find it

[azekill_DIABLO]

It is not just easy to find ores, it is also possible to find any kind of node, even hidden user stuff.

Sorry, guys, i'll go cheat right now.

[Wuzzy]

I still have a hard time to understand what this is all about.

1: What were the key motivations/justifications to implement this in the first place?
2: What are the claimed key benefits of client-sided modding?
3: You said this feature is experimental. Will a removal be considered should this experiment be a failure?
4: What can people do with it what is not already possible with normal mods (some examples)?
5: Please give me a brief introduction on how it is supposed to work. No need for details, I just fail to see the bigger picture. Frankly, the “documentation” at https://github.com/minetest/minetest/bl ... lua_api.md is a joke, it looks almost just giant copy-paste from lua_api.txt but does not explain any of the underlying concepts and it fails to explain the distinction from normal mods.

[burli]

There are a few reasons for CSM I can see. Most important is performance and less network traffic.

CSM is interesting for things like particles.

But there are things I really don't understand. I think, the current CSM is a big mistake. This enables so much potential for cheating without a chance to protect from that.

[BBmine]

It is not just easy to find ores, it is also possible to find any kind of node, even hidden user stuff.

Sorry, guys, i'll go cheat right now.

Me too! When I get more time, I'll see if I can make a CSM and cheat :)

[Linuxdirk]

1: What were the key motivations/justifications to implement this in the first place?
2: What are the claimed key benefits of client-sided modding?
3: You said this feature is experimental. Will a removal be considered should this experiment be a failure?
4: What can people do with it what is not already possible with normal mods (some examples)?
5: Please give me a brief introduction on how it is supposed to work. No need for details, I just fail to see the bigger picture. Frankly, the “documentation” at https://github.com/minetest/minetest/bl ... lua_api.md is a joke, it looks almost just giant copy-paste from lua_api.txt but does not explain any of the underlying concepts and it fails to explain the distinction from normal mods.

From what I learned and from how I perceive the devs:

1. The communication between the server and the client is too slow to do some things lag-free just because of that's how Minetest is coded. Therefore CSM was created so mod authors and devs can outsource stuff to the client.

2. See 1. Plus: It can be used as excuse for not adding core functionality (in form of no, we won't add it, but if you want it, use CSM for that and now stop bugging us. Closed. Won't add.).

3. Haha, no. Look who's involved. As long as those devs don't lose interest in CSM this will be in the game. Cost what it may.

4. Modify anything the client can "see" (visuals, audio, chat messages, HUD, etc. but without server interaction). You can do anything on the client without server owners knowing it or being able to prevent it. Normal mods are always server-side (even in singleplayer game, because singleplayer technically is a server), CSM is, well, client-side and does not depend on a server. Client-side mods can be enabled and disabled wherever a player wants.

5. There is none and there likely will not be one in the foreseeable future.

[Wuzzy]

Well, this begs the question why the obvious solution of simply fixing the client and/or net code itself has been discarded, but instead pushing this responsibility to the modders. Client/server lag as the key motivation for this seems pretty awkward IMO. Why going the path of introducing a gigantic new layer of complexity instead of fixing the engine, client prediction, net code, etc.? I have the feeling that mods are seen as the golden hammer which solve all problems. I don't think so. ;-)

But OK. Is there any compelling use case for client-sided modding where it would really make sense? I mean, where an engine implementation would be too much pain or just senseless. I can't think of one for now, I need a little clue.

I'm not really impressed by the stuff in this forums so far.
I mean, ore detection, chat log and what else is in this forums. These things don't really sound like they would be uber hard to do in the engine. And why on Earth would anyone want a chat log feature in a mod? Why the hell does this need a mod? It doesn't make sense.

But well. I'm open to new insights and I might be completely wrong here. Especially since information on this feature seems to be rather scarce.

[Linuxdirk]

Why going the path of introducing a gigantic new layer of complexity instead of fixing the engine, client prediction, net code, etc.?

Yes, that makes no sense. Maybe directly ask the few CSM-loving devs? It seems like most of the devs don't read forum posts about features/functionality or participate in discussions about those.

I have the feeling that mods are seen as the golden hammer which solve all problems. I don't think so. ;-)

It once was like that. Development pretty much stopped and "EVERYTHING is a mod" was proposed but this was dropped due to the fact that mods are slow and don't have access to a lot of important game features and mechanics.

I mean, ore detection, chat log and what else is in this forums. These things don't really sound like they would be uber hard to do in the engine. And why on Earth would anyone want a chat log feature in a mod? Why the hell does this need a mod? It doesn't make sense.

Currently the only REAL use case is cheating mods like oredetection and stuff. All the other currently available client-side mods are 3rd-party workarounds for missing core functionality.

[nrz]

Wuzzy, we can take a simple example usage modders can offers to end user at the end (CSM is not complete yet): client side craft guide.

Why do you want server to know on which button you click on the craft guide, it generate some server useless overhead, you can just have it client side, and it's reactive because no traffic is sent to server. For the chat the goal is also to get the chat having a better protocol but it will be for next release, permitting clients to custom their chat with colors etc as they want. Also having a button creation API client side (outside of formspecs) can be good to add some missing minetest controls directly with mouse (example toggling differents flags), and this can be in builtin directly.

For those who think about cheat, it depend on which mod you add, and we should prevent ores to be detected by client, maybe the breaking compat release (after 0.4.16) will permit us to prevent this). Hidden stuff can now be prevented by servers owners as sfan5 added private meta ability to server owners using 0.4.16 permitting to prevent sending some metas to clients (atm all meta are sent to client, which is crazy!).

For those who don't see the goal, look at World of Warcraft modding, it's our goal.

[Linuxdirk]

Why do you want server to know on which button you click on the craft guide, it generate some server useless overhead, you can just have it client side, and it's reactive because no traffic is sent to server. For the chat the goal is also to get the chat having a better protocol but it will be for next release, permitting clients to custom their chat with colors etc as they want. Also having a button creation API client side (outside of formspecs) can be good to add some missing minetest controls directly with mouse (example toggling differents flags), and this can be in builtin directly.

So CSM is seen as golden hammer. :(

[tjnenrtn]

The hand-wringing and FUD slinging on this topic is laughable. Here's y.st. speaking sanity over in the OreDetection thread:

Security 101: The user/client can never be trusted. Ever. No exceptions. This new development doesn't cause any security issues, it only exposes ones that were already present. Unless security is implemented *SERVER-SIDE*, there was never any security to begin with. Most Minetest server administrators have been ignoring the problem by hiding behind a no-hacked-clients policy. This is ridiculous. Now that this hacking capability has become even more user-friendly, perhaps developers, administrators, and players will take a more realistic view on security: namely, that any and all "client-side security measures" are not security measures at all and that anything not implemented server-side cannot be depended upon.

Totally correct and valid points. Those of you busy collapsing onto your fainting couches may have not noticed this recent pull request that enabled private (aka server-side-only) metadata:

https://github.com/minetest/minetest/pull/5702

There's others in the pipeline that address similar concerns. It's almost as if this very big, complex new feature set is in an unreleased and actively developed state.

I recently found some mods needing a patch to protect from CSM features, but instead of clutching my pearls I just, ya know, submitted pull requests and contacted mod authors. And everyone was nice and everything got fixed -- and really fast, too. Now several widely used mods are more secure as a result. Neat.

Let me pose a question: what possibly could be any better for the state of Minetest security and exposing problems than CSM?! A spotlight is shining on security weaknesses that have been around forever (in core and mods) and are now finally getting fixed -- thanks exclusively to the addition of CSM. What could be better?!

CSM is cool, it will let us build really slick things and I'm excited about the potential. I'm excited that it is driving the focus on security and making people re-think their old assumptions.