[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scripting

Hash: SHA1

#Wednesday 17 April 2002 16:29# Message from Steve Baker:
>> the game that caused a problem. To an extent anyway.

> ...there is no possible pre-/post- condition check you can do that'll
> allow you to know that the bug that shows up 10 minutes later in a
> different part of the code was caused by this "script"!

Notice the "To an extent anyway" in my original mail? But anyway, *I* need 
to run that risk. Either that or throw out 90% of the capabilities of my 
code - you can catch a number of things in the code, but not everything. 
I can't afford the interpretation overhead, even from a bytecode interpreter, 
even on a fast system. But that's just me. For other people a bytecode 
interpreter may be the best way. For others a python engine would be. <shrug>
There's a correct tool for every job, same with game scripting I suppose :)

> > There is a way it can be done I think. I'm working on this because I'm
> > relying on a system that will allow the game to pull in new items, AI and
> > other game entities from specified "approved" repositories when the user
> > requests it (or joins an online game to ensure their copy is up to

> Yes - that's OK - but it implies a measure of trust in your system that's
> unlikely to be there for *most* amateur Linux games.
> I'd certainly be very nervous about running an OpenSourced game that
> connected to an unknown other player if it could download (in effect)
> unprotected machine-code without my prior approval.

Do you check every piece of code you download and install, every rpm? If not,
then how is your day to day installation of code any different? That program
you compiled from source yesterday could include something that'll index
every file on your system collect your credit card details and mail them to a
crazed flea circus owner in Grimsby for all you know. There is a good chance
that it won't simply because the source is available, you can easy check it,
verify it, make sure it doesn't contain anything like that. You will also
notice that I never, ever said anything about unapproved - the bit you
snipped contained:

"(or joins an online game to ensure their copy is up to scratch -
*all with confirmations* and so on)."

it can only download from approved sites, it can only install after the user
has approved it, it can only install is the signatures match, hell I could
even build in something that scans the code for operations it shouldn't
contain if I wanted. In fact, unless you check the singatures on all your 
RPMs, audit all the code you install and only download programs from the ftp 
servers of major distros, this should actually be *more* secure than most 
people's day-to-day code compilation and installation activities.

> Better by far to utterly limit the power of downloaded code to play only
> in it's sandbox.  Think JAVA - not Active-X.

Think Java speed. The sort of things I'm doing simply aren't possible in
Java, python or any other interpreted language in a responsive time - but
that's no reason why these techniques aren't useful for othe rpeople of

- --
Cogito cogito ergo cogito sum --
"I think that I think, therefore I think that I am."
        -- Ambrose Bierce, "The Devil's Dictionary"

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org