That plugin approval

Discussion in 'BukkitDev Information and Feedback' started by blint66, Jul 16, 2014.

Thread Status:
Not open for further replies.
  1. Offline

    Tadukoo

    Honestly, I would love to have a faster plugin approval time, but I've learned through the past 7 days of waiting for my first plugin to be approved that it doesn't matter that much that the files/plugins take a while to be approved, unless it is to fix an important bug (which I believe I saw somewhere that you can contact BukkitDev staff if this occurs). I believe that not many new people would join if there was a quicker approval process, but that if security was lowered it would only take one or two bad cases before people started to leave.
     
    drtshock likes this.
  2. Offline

    nelson2tm

    If this will happen, the newer developers don't have downloads, because their plugins are not seen as they are down the list. It would be nicer that if you open up the plugin page, the plugins are sorted by last updated, (such as now) and you can manually select if you want to sort by points.
     
  3. Offline

    blint66

    Like I promised: I'm back after 10 days of vacations! I won't answer to everything in that mess (sorry to say it like that) but I'm glad very interesting related topics had been mentioned here and that you guys encourage the collaborative spirit :)

    However, please let's get back in my main idea: let's hold hands and work together <3 We're now huge lots in the community, so please stop referring to the beginnings of Bukkit. If some of us will be faking kindness, will be all of us to crush them.

    I came with suggestions, well okay, you may have great reasons to think they're not adapted to the situation. "adapted to" means that good conditions had been defined for plugin development. I'm trying to mention that these good conditions may be erroneous. Let me explain.

    Bukkit, what is it? An official Minecraft server's wrapper that aims to open Minecraft's world to an unlimited scope of possibilities. This can't be without developers, as well as this can't be without CraftBukkit's developers. Server owners trust Bukkit staff, and entirely rely on it for their business. Why wouldn't they trust plugin developers as well? They're also unknown people from the web that release free software. Nobody can be trusted, that's why I'm invoking community power to help on that: provided we can't rely on anybody on the web, developers can be approved, both by the community and by the way-more-skilled Bukkit staff.

    What would it change from now? I still can't imagine how hard it can be to handle that validation flow! Uploads could be instant. Bukkit staff would focus on work that really matter, and stop wasting that much work and time on approvals that can't be perfect anyway. Look at the most famous "open" platforms' out there way to work as an example: does Sourceforge undergo approval for each release of someone's software? How can StackOverflow work... without official moderation?! Community power!

    This would come with a new philosophy, and the need to teach server owners what are the risks using software provided by Bukkit and volunteer developers team. I don't really care of the means of doing this (even if I've got many ideas about how), so please let's not talk about technical limitations. Btw trust me: Bukkit won't lose its popularity from server owners.

    In short: the issue is not developer-side, but server owner-side.
     
  4. Offline

    Wolvereness Bukkit Team Member

    There are a handful of people who can actually push code to the repository and have it built automatically, with every one of those people under heavy scrutiny from each other both prior and ongoing. I have seen developers, in general, make horribly insecure patches (and even outright malicious ones, defining one of the reasons we don't allow unofficial build discussion) to CraftBukkit. I definitely do NOT trust the average developer, especially with a platform so much easier to distribute (see: exporting a plugin) than building CB.
     
  5. Offline

    blint66

    Wolvereness, this argument is as devalued as approval isn't perfect.

    Anyway, have you ever read the rest of my reply, after your quote of it?
     
  6. Offline

    Necrodoom

    The amount of malicious plugins being uploaded means that removal of the approval system would be disastrous. Yes, approval isn't perfect, but its better than plugins infecting people with viruses.

    Unlike most other mod communities, modding does not have the ability to insert viruses into the mod, or developing the mod requires vast knowledge of the game and the language used to develop, making malicious uploads often not worth it, and easier to be found by an antivirus usually.

    Bukkit, on the other side, allows you to develop plugins by the dozen without any knowledge of how MC works, and easily insert all kinds of malicious things into them. This is why the approval process is needed. Yes, it isn't perfect, and the community can help by reporting projects breaking the guidelines.

    The suggestion here's aims for a utopian spirit, which may fit a community where malicious users cannot do any more damage than trolling, but not one where malicious users can turn other users into botnets under the malicious user's command.

    You shouldn't let known developers off either- what happens if one of them gets their password stolen? Not everyone protects their account well. He could easily reupload a popular plugin, with a malicious virus, and infect hundreds of thousands of users. This would be so severe it would basically tag bukkit it self as a malicious website, something you cannot ever recover from.

    The approval process is necessary, yes, some trust can be given, but not where the danger is malicious viruses infecting the community.
     
    AoH_Ruthless likes this.
  7. Offline

    blint66

    Necrodoom: did you actually read my posts? Please highlight where I suggested removing approval system.

    And what if one of Bukkit team member's got stolen? Worse, what if any admin password got stolen?! This could be an infinite debate from this point, let's not obfuscate what I'm talking about.


    Please don't take it too personal, but this kind of pre-made repetitive answers doesn't permit to get forward, so please let's try to open our minds.
     
  8. Offline

    Wolvereness Bukkit Team Member

    You're biting off more than you can chew, and I don't appreciate your dismissals. This isn't supposed to be an internet argument, but I'm getting the impression you just want to win without regard to having a healthy discussion. I responded to what I wanted to respond to, but I'll humor you.
    Because obviously your appeal to ignorance with an implied appeal to authority is a great argument; come back when you've run a successful project or even have an ounce of imagination in your head. Are you really unable to comprehend that a particular task can be difficult? Are you really analytically oblivious? Excuse me for not hearing this in-person and immediately turning away from you to talk to the rest of the group, preferably interrupting you and giving a clear indication that your existence if of little importance.
    If you had the aforementioned imagination, a minuscule amount of insight to Java, or candidness about human nature, you wouldn't say that it's a waste of time. But wait! First I need to point out the obvious false premise. For reference, there are many different teams in the Bukkit community, with the BukkitDev Staff being one. There are also the forum staff, the core developers, and the bleeding / PRH developers. So, let me demonstrate a solid syllogism:
    • A malicious plugin author can garner a significant number of downloads and active servers.
    • BukkitDev Staff have caught malicious plugins.
    • The number of malicious plugins/developers caught is non-trivial.
    • The work done by the BukkitDev Staff is not wasted effort, as defined by 'wasted' to mean 'of no use'.
    Oh, you mean a site that decides to inject their own malware into the downloads? That's a great idea, if money were the issue instead of morality.
    StackOverflow doesn't have multiple clienteles. They only have one, which is the targeted audience. Bukkit targets at least three: the players, the admins, and the developers. One of those we have no way to exert any control or visibility without compromising our goals (players). Another is wide-ranging, and our goal has always been a high quality, usable product with a safe and effective ecosystem (admins). The last we have an system that is unrivaled in scope, complexity, and possibility (developers). For the developers, I do think the statement needs to be qualified a bit. Consider that no modding platform contains the power (see our lack of security manager and Java in general, compared to almost every other modding or pluggable platform), the scope (see the size of the community, the number of bare machines running this software, and the resources available to distribute your works, with a barrier to entry), and possibility (see the scope of the API in relation to player/admin experience, and how any restrictions on the causalities becomes a solution to the Halting Problem). Every other platform has a fault at one of these points, be it a fee to enter the smartphone market, a lack of visibility like hosting it yourself, a lack of functionality like being able to have certain causalities like the World of Warcraft API, a complete disregard for anonymity and publishing freedom like Debian packages (you can't just walk up and publish a piece of software there, or even push updates without review, in addition to the security signatures on EVERYTHING). The comparable flaw in our system is a strict rule-set on malicious or dubious activities, paired with a mandatory review.
    Ignoring that I don't contribute to Bukkit for popularity, but sorry, I'm not going to trust you; I remembered to wear my hat. That's normal to avoid appeal to authority fallacies, right?
    [​IMG]
     
    garbagemule likes this.
  9. Offline

    blint66

    You totally made me laugh Wolvereness, your golden and so rich answer perfectly illustrates how Bukkit team members' time can be wasted. Sadly, many of your arguments are not correct, we're out of the topic anyway. I'll PM you details if you want some off my unimportant person.

    But Hello, I'm here to help improving the community. Now, please, try imaginating (again) a world where approval happened afterwards (please try). There would be the following non exhaustive list of adapted solutions:
    • Server owners sensibilization
    • Warning icon on "non-official" approvals
    • Community feedback
    • Open-sourceable projects *

    * We could link projects to a git/svn (or only Github) repository that would version a maven project. Then, a simple system would represent the build from a branch/revision. jars would be built by Bukkit platform, which means:
    • Many source controls could be automated on original source code
    • Manual controls would be possible and way faster
    • Developers would want to be trusted.
    We also could imagine an "open source mode" for projects that would imply these benefits. This would even promote the open source community.
    I'm only looking for improvement of comfort and time gain for both Bukkit team and plugin developers. So Wolvereness, I may not be any part of Bukkit teams, but as a recognized experienced professionnal (not only Java), I know how all of this work, even if I don't get the deepest details at first glance.
    Now Bukkit, please tell me if the "open" spirit is anything that you think is good.
     
  10. Offline

    Necrodoom

    blint66 you just ignored any counter-argument against your suggestion, self-claiming you are some kind of expert, and try to belittle anyone who argues against you. I don't see how you can contribute to this.

    You say you don't want the removal of the approval system, but then say its a waste of time and we should depend on the community feedback on this and then somehow have instant uploads, as if the approval will some way become instant? Also, this is exactly the thing I addressed in my post. Having the approval after just basically invalidates any point of the approval, as plugin developers will simply tell people to download the unapproved builds and ignore warnings

    Also, the bukkitdev staff and administrators are explained on how to protect their accounts, and are extra secured, a developer who has a successful plugin does not have this, and at the same time is more dangerous, if the approval system was not enforced, as the update would make it, uninspected, to the thousands of users, while an administrative account would be protected under security protocols. But security is useless according to you, right?

    You can't claim "openness" without security. There will be always these who will use the goodness of other users to harm them and line their own pockets. This is what dev.bukkit.org aims for: a safe enviourment, for both server owners and developers, to download and use plugins, without the risk of people trying to use their work against them.
     
  11. Offline

    blint66

    Ok Necrodoom, I'll give details because you're cute:
    I know, some people are bad, that's true everywhere. Approvals are a really bright thing, I already said I admire this work. I'm just looking for ways to reduce this need, as I'm convinced much time checking plugins can be saved, automated, validated (at least partially by the community).

    Do you know what Sourceforge is? I don't see how your comment is related to a platform where developers offer their open source projects to the world.

    Wrong, you don't know what you're talking about. Btw, I'm a StackExchange member.

    Who said that? Just important for the community that it keeps its popularity, didn't say it was a goal.


    Wolvereness and his hat are both good now.

    Necrodoom, now please re read my last post because you obviously didn't read it:
     
  12. Offline

    Necrodoom

    Oh yes, because somehow we would have the approval process, without the approval process, but with the approval process, all while having the "openness" of the community, and the security of the approval process, but you completely fail to address the problems of your suggestions, all while claiming no one, as well as Wolvereness completely don't know what they are talking about, but you know exactly, because you are an expert, but you fail to backup your claims with any kind of proof, as well as managing to fail to actually even READ the arguments against you, while insulting the very people you talk to, and claim to want to "help" them.

    Congratulations.
     
  13. Offline

    blint66

    Thank you Necrodoom :D

    Who's insultingly rejecting suggestions with demonstratedly wrong counter-arguments? Certainly not me, this is clear.

    Now I'm not forcing you to be part of the debate if you don't get my point. However, if you want more exmplanations about my ideas you can just ask instead of falling back everytime into your good safe peaceful working restricted platform.

    Necrodoom, it's not an attack but please consider this same post again. Let me highlight what you could have missed:
    This would mean that an intermediate solution could be to keep the current very-safe system, but allow a new open-source mode that could help reducing work required by BukkitDev team.

    Let's get out of the gunfight and talk as grown guys again.
     
  14. Offline

    Necrodoom

    You still fail to explain how your open-source mode solves the security problems.
     
  15. Offline

    blint66

    I'm meaning that if BukkitDev is able to approve a jar with a preset of tests and checks of decompiled source right now, I'm pretty sure we can imagine ways to automate these checks from the whole original source and its associated jar built by Bukkit platform itself.

    This is a critical feature to think about, that could save so much BukkitDev's time not so hardly and that could rescue good-willed developers from their frustration, as well as encouraging good behaving. Am I more clear?
     
  16. Offline

    Necrodoom

    You think automated checks aren't already done? You think they would automatically be able to catch any possible malicious code? Both automated and manual checks are done.
     
  17. Offline

    blint66

    No Necrodoom, I don't think BukkitDev don't already run automated check. Just highlighting the benefits of open sourcing:
    • Gives a way to bind a jar to its original source
    • Source would be clear and non-obfuscated, thus more easily checkable with automated tests
    • Open-sourcing would make a "pressure" effect on malicious developers. They wouldn't dare trying anything exposed like this. If they did, the following will catch them anyway.
    • If scanned code contains doubtful instructions (like reflection, that could reveal obfuscation), an alert could still be raised to BukkitDev and switch approval to manual mode.
    • Using a platform like Github gives a good way to scan only modified files. Scope of control can thus be reduced to modifications only, which is useful in case of manual fallbacks. (avoiding them if the file approved in the past hasn't changed)
    In short, open-sourcing is a way to help making approval as automatic as possible, eventually falling back in manual checking if really necessary.
     
  18. Offline

    Skye

    Are you saying the Bukkit community should develop its own heuristic scanner to find malicious code?
     
  19. Offline

    blint66

    Skye, maybe not something that much complex, what I encourage is only more automation. If BukkitDev has a very specific (manual) testing process, I'm quite sure open-courcing could complete the automatibility.
     
  20. Offline

    Skye

    There are an infinite number of ways to write malicious code. It would take complex heuristics to catch everything, which is why humans are a big part of the current review process.
     
    drtshock likes this.
  21. I must say, this thread has been quite an interesting read...
     
    drtshock likes this.
  22. Offline

    TnT Retired Staff

    If you expect us to take you seriously, try not to talk down to the people responding to your posts. It only makes yourself look bad.

    The only way to be certain code reviews are handled properly is by making humans do the work. If code could be easily examined by a computer, any program written would be flawless. At that point, we wouldn't even need humans to write the code, we would just tell the computer what we want and out would pop a program written for us to do what we requested. While this would be beautiful, its not possible. As such, humans must be involved.

    Keep in mind, we've been handling BukkitDev approvals for a few years now. We have some very intelligent people on our staff; these ideas you have are not new by any means. We have debated them, investigated them and ultimately ruled them out as it compromises the system for the sake of speed.

    However, for the sake of discussion, lets investigate your idea. The most basic malicious plugin uploaded is one that will OP the person who runs a command (ex. /opme). Sure, we could automate any checks for .setOP or <insert code check here> but what about false positives? Perhaps someone wrote a plugin to OP a group of people (/op TnT, Wolvereness, Necrodoom, evilmidget) instead of running a command individually for each person. So now for false positive checks on even the most basic malicious plugin needs a human to double check the plugin anyway to see if its documented and clear that's what the plugin is meant to do. Therefor, if we cannot eliminate the most basic malicious plugin, we will not be able to automate any more complex attempt to get malicious code onto BukkitDev. At best we can provide warnings to those who do the code reviews, but even then it can start to be used as a crutch ("nothing set off the malicious code checks, this file must be clean!") and ultimately lead to malicious code on BukkitDev. After all, the people reviewing the code are only human after all, and mistakes can be made. Even if we had 10 years to write a flawless plugin that would check every known instance of malicious code and validate whether it is a false positive or not, we would only end up finding yet another example of how our clever community can find ways to intentionally harm someone's server. While we write that program, are you OK with having absolutely no plugin approvals happening? I'd wager that you still want your plugins approved, so we need to dedicate manpower to handling manual reviews. Given that manpower is a finite resource, and time is finite, and approvals must still happen this fabled program (which as we discussed above would have dubious benefit, or be outdated immediately) would only take that much longer to create. Open source said project you say? Sure, lets tell everyone how to get around the automated checks! On top of that, now you've launched an entirely new project which needs code review and close scrutiny over what is pushed to be sure that program itself isn't compromised.

    You're talking a huge, monstrous project that makes the amount of effort our team currently puts into handling code reviews pale in comparison. Good idea? Perhaps. Feasible? Not at all.
    This is what we would need to accomplish @blint66's idea.
    Yet you have no understanding of what we currently do. How we approve projects is clear - we have the submission guidelines anyone can follow. How exactly we check the code is not stated publicly due to the very nature of what we do. No proper security system is documented fully for the public to see. You wouldn't see a document outlining exactly what the Bank's security measures are to protect their clients money, along with an outline of the Bank's security cameras, where to find the silent alarms, what shifts their guards work, etc. All you would find is vague references to keep you satisfied that the Bank is keeping your money safe. We would not outline exactly how we handle files anymore than Bank would give you the outline of their security system. Given that you do not know what we currently do, it is clear you are in no way qualified to make suggestions on how to fix it.

    Bukkit staff are split up into multiple different organizations withing the Bukkit umbrella. BukkitDev staff's sole responsibility is to handle the queue. While they are encouraged to help out in other areas of the project, their task remains handling approvals. Moderators handle forum moderation, Admins handle answering the same questions over and over again, Bukkit team members (aka, developers) handle writing code for Bukkit and CraftBukkit. Your idea is based on a false premise that we waste time on approvals (which as Wolvereness stated, is not a wasteful endeavour whatsoever) instead of handling other tasks. If we didn't have approvals, we wouldn't need BukkitDev staff to spend their free time slaving away at the queue, but that wouldn't mean they would even want to contribute elsewhere in the project. All it would mean is they would have more free time to pursue their other interests, the rest of the project would remain mostly unaffected. I would like this opportunity to point out, again, that it is best if you understand how the current system works before you attempt to completely change it in favor of an ideological vision that doesn't actually apply to the current situation.

    That is quite the bold statement to make. Do you know how to manufacture your own car, to install plumbing in your home, to wire the electrical in your house, to heal yourself when sick or mend a broken bone, to teach a foreign language class, to pave a road, to grow a perfect pine tree, to milk a cow, or even the different technique required to harvest a crop of wheat vs harvesting a crop of soybeans? Yet, you expect server administrators to know how to write code to be able to run a server? Again, you've hit an ideological premise that has no basis in reality. Bukkit was never about being elitist and only letting only those who know how to develop Java write plugins or run a server. Bukkit has all types of people who use our software.
    You say you are concerned about the popularity of Bukkit, but you intend of cutting what could easily be the largest part of our community out if they do not know Java. Currently, anyone can learn to develop a Bukkit plugin if they wish, we have numerous tutorials already, so those administrators can choose to learn Java if they wish. However, instead of having that choice now, your suggestion would force those server administrators to learn Java in order to have a chance of keeping their server safe. That would be a huge blow to the popularity of Bukkit, not a boon as you suggest. That said, lets move onto one point that you've repeated multiple times now.

    The entire Bukkit organization, including BukkitDev staff are entirely made up of the members of this very community. We have already invoked this "community power" you mention. Anyone is free to review all plugins on BukkitDev right now and report any malicious plugins to our staff if they find any. Anyone is free to apply to be a BukkitDev staff member. Our community is already comprised of this vision you have, and more. Our system doesn't segregate who can be a developer by a pure popularity contest, that merit is earned through getting a project approved following our reasonable guidelines. Thus developers earn their title. Leaving it up to the community to vote would only leave this title be a popularity contest, which should be avoided as much as possible.
     
    JaguarJo, drtshock, Traks and 8 others like this.
  23. Offline

    blint66

    You got this one, I must admit I couldn't contain myself on some things I read. However, I really was incitated.

    Humans aren't perfect by nature, whereas computers can be. You're distoring the subject right now with an out of topic subject about code generation.

    As I said, we still could have rules for suspicious code, with human checks.

    I'm sorry I really didn't understand this.

    Nothing is impossible, tought I never said I suggested this. I'm suggesting a whole package.

    This is an additional wrong judgement.

    The fact you have internal guidelines for code checks, hidden or not, means that they can be automated.


    I'm making suggestions, from a (not so) naïve point of view, and these are important to consider precisely because they're not limited by barriers the human brain naturally creates when it learns rules. According to me, this is enough to justify that "we already had this discussion" agrument isn't one without associated arguments. You already gave some, I already gave their limitations, let's not continue this way anymore.

    *phew*... Never expected server owners to learn or know Java. As much as I don't expect you to analyse all the binary code of WinRar installer if you need to install this boy.

    BukkitDev is a subset of Bukkit community right? So not everybody in Bukkit Community have a proper role in plugin approval. Right. Now please justify "Our community is already comprised of this vision you have"

    Never supposed that... But multiple down votes tell that something's wrong for example.


    TnT, seriously, no more that long answers please :eek: I really can't take that long time again to read all these wrongly picked up examples and obfuscation... (you really should have some post checker coded for you hahaha ;) )
     
  24. Offline

    Skye

    The only real way to automate what humans do in the plugin review process is what you dismissed. However, if you have some clever solution that none yet have been able to comprehend, perhaps you should write the framework and present it.
     
  25. Offline

    blint66

    Skye, I don't know the detailed guidelines and I'm more and more curious. What I mean is that we could add ways to reinforce the definition of the need, like:
    • Asking developers to define all the commands that can be invoked in plugin.yml for example
    • Creating special technical "permissions", like "can set op", "can create a socket" or whatever
    • Associate permissions to the commands, and directly aware server owners of requested permissions
    • Make some permissions critical enough to require manual check
    Skye, it's a pleasure to talk with you.
     
  26. Offline

    TnT Retired Staff

    You are only upset because your ideas are being considered and rejected. You need to learn when you're wrong, admit you don't know everything as well as sit back and learn from those who do. You will struggle in life if you cannot accept this now.

    Computers are only as perfect as the humans who design them, and therefor cannot be perfect at all.

    At what point does this actually speed up the system?

    Which is why your idea wouldn't possibly work.

    Yet you don't understand that very package you want us to write.

    No, its not. You want automation without understanding the current process. I have only taken your idea, and expanded upon it to make it fully realized.

    I'll restate that you have no idea what the current system is, so stating certain tasks should be automated is making a giant assumption about the current state of the system.

    Great, glad I could clarify to you why these ideas wouldn't work. I agree, lets move on.

    You expect them to know Java though, so they can protect themselves. You can't expect server owners to understand the code they read, which is the only way they can protect themselves, without also understanding Java. You can't have it both ways.

    The Bukkit Community itself has the role of "Bukkit Community" which contains the role of reporting projects or files that are a concern.

    It tells me that multiple people do not like that author, or someone was clever enough to bot the system (which is a constant issue with voting sites). It doesn't mean anything more than that.

    I like to make sure my points are clear, as you clearly wanted a more elaborate response since my previous response was not adequate enough for you.
     
  27. Offline

    Skye

    blint66 Much like how iOS and Android handles apps? That might actually work, but it would require extensive changes to Bukkit. I don't think anyone could pick up that this is what you were suggesting, but it is an idea worth considering.
     
  28. Offline

    blint66

    Yes like this Skye, tought it's not "what I was suggesting", I'm only sparing some ideas... I don't pretend to have any fully designed perfect revolutionary prototype, just explaining that there are possibilities. Anyway I'm glad it made at least someone wonder about.

    Now that I got that Bukkit team don't want to hear about this any more, I won't keep losing my time in endless mostly unconsidered agumentation. I'll sum up my ideas in the first post, just pick me up again if some minds change.
     
  29. Offline

    TnT Retired Staff

    blint66
    I am always happy to hear good ideas. I am glad I could help you realize why these ideas won't work for a system as unique as BukkitDev.

    Thanks for your time!
     
  30. Offline

    Wolvereness Bukkit Team Member

    You also have the audacity to call my entertainment a 'waste of time'. Something comes to mind though, when I think of what I want my response to be! Also:
    [​IMG]
    I could've sworn I mentioned the halting problem earlier...
    Yes.
    I think we're just too mainstream.
    The same cannot be said about you. Every argument you have made has been an appeal to authority. It's incredible that anyone is even bothering to post in this thread anymore, considering your complete disregard for bi-directional conversation, properly quoting people, hypocrisy about reading arguments, and syllogisms. But, on the note of appeal to authority, the assumption of it being a valid argument implies the only counter is ad-hominem. Do you really want to start a flamewar (trick question for everyone else, considering the post count)?
     
Thread Status:
Not open for further replies.

Share This Page