I thougt I'd start a thread here in the hope that a few people might take a look at my new project and maybe provide some feedback.
I'm almost positive that there isn't anything like it out there yet, at least I haven't seen anything similar except for the automated external installers from Curse and WowAce.
In a nutshell: It is an addon that allows you to send and receive other addons via ingame chat channels without having to visit a website or run an external program. You don't even need to restart your client. Simply share addons ingame with your friends.
Born out of some kind of need I guess. The need to have whatever your raid leader wants you to and not care about what it actually does? Not wanting to look at what it actually is, how to install it?
in short: l2addon dumbshiat users.
in less short: I think this idea is totally out of scope for wow interface addons and besides that storing an entire addon in a saved variable and then just "load string"'ing it is not very attractive. If my raid leaders want me to install this ill /gquit.
I've implemented RSA and SHA in Lua just for the security aspect of this idea. Using digital signatures, I'm sure I could make it fairly save. So no screwing of users. It's basically up to module authors what they want to implement and the addon tries not to restrict them in any way.
You are right of course, storing addons in variables takes twice as much memory as normal addons do. Once because it's in a variable and again when it gets loaded.
But for many smaller addons with only a few kilobytes, this wouldn't be too great a problem, right? The memory requirement for each addon could be displayed to the user so they could decide for themselves which addon is too wasteful for their taste.
With the digital signatures in place, the community could even decide not to sign badly coded modules.
Thanks for the comment about RDX. I will definitely take a look at openrdx.
Thanks for the heads up. I've just tested it with a 1MB string and there seems to be no limit. I agree that keeping the memory footprint small would be a major design goal.
I like it, even if only for the innovative approach :)
If it catches on, it might start a trend in addon development too:
Coding practices that would make an addon more suitable for distributing/installing in this way.
A proof of concept addon (with some practical value) would probably illustrate it nicely.
Same addon (if coded the right way: xml-free) distributed in alternate ways,
or even an external converter application (parser of classic addon folder -> serialized code)
to make the process easier might be down the road ...
unfortuantely this idea is just that. an idea, it will never be practical or viable due to the fact that i could setup a addon stub that sends me 1c every time you visited the mail box, and hook and protect it to where YOU WOULD never know it was there... other than it would be listed as some random addon that's getting loadstring'ed and your raid leader said so.
@Astaldo: I don't know about starting a new trend. I think the current way of addon distribution via the web is very nice, just in some cases it doesn't work very well. There are some ideas for addons in my head that just won't work unless there's a faster way to install them.
E.g. a minigame like chess or nine men's morris. If you're waiting outside an instance and want to play a game or two, good luck trying to convince your party members that they need to download it from some website now and restart their client just for those 10 minutes.
Some addons just won't work unless everybody has them and the reason why they don't get them is because they're useless because nobody else has them. Chicken and egg problem...
I do have a first addon module in place that works. I don't know about its practical value since the normal version is only downloaded by 3-4 users from Curse each day. It is posted as Base64 block in my Modules forum.
I agree about the need to have a converter. It's not too much fun translating XML files from existing addons into Lua code. Maybe something like that already exists? I really don't feel like writing yet another XML parser.
@OrionShock: What's the difference with real addons? You'll probably say: "The difference is that publicly posted addons can be scrutinized by knowledgeable users so unsafe addons like your 1c hack can be identified and removed."
But the same holds true with signed addons. You can't just make a bad addon and send it to people because it'll lack a digital signature. You need to post your addon publicly where it can be checked to get it signed by me or some other party. Once it is signed you can send it to people ingame but cannot change even a single byte without invalidating the signature.
And that's why I hope my idea will work in the end. I would never even have started without my own Lua crypto libs in place.
It's not like I dislike the idea. Actually, there have been many situations where I just wanted to be able to send someone an addon. But I think this is a functionality that has to be provided by Blizz. Would make things that much easier. They could also make it possible to really download an addon from someone else, including fonts and graphics and such.
I can see this being useful (and used in the past) to exchange updates to your addon... mainly things like bossmods and threat (granted, complicated threat addons will die in wrath).
But exchanging entire addons? BARF. That's just a huge mess you're getting yourself into, and all for what? Users that cannot master zip files? You think these people are going to do better with you addon than WinZip? What a nasty concept.
The main problem is getting people to install the base addon. Once that's on many players' computers, the system would start working. Yeah, it very much suffers from the same chicken and egg problem it tries to solve.
But I don't think it's a lost battle. Maybe the concept has to be changed a bit. I've identified two points I can work on:
1. Creating modules has to be extremely easy. Developers will stick to the old way of creating addons using XML and not just switch to another system that depends on a framework. A converter that reads a toc file and spits out a module would be extremely helpful.
2. An ingame browser that lets you download shared addons from other people. That way, even if only one person who is online has the base addon and a few cool modules it'll be a very impressive show effect if a user who is trying the base addon comes online and sees a whole list of other addons to get.
@Pusikas: I'd say Blizz has implemented a very solid addon system and that's as far as they'll go. Any further innovation beyond that has to come from players. I can see this work within the current bounds set by Blizzard if it's done right. And I'm willing to see this through no matter how much work is involved.
@tekkub: Winzip isn't all that complicated. But it's still one step less to take and a whole lot faster if you don't have to restart the client. I'll admit that many problems are yet to be solved once this system gets used more widely (e.g. giving users a good overview over all modules they have installed and keeping memory usage in check etc). But it's not really a complicated system. You pack an addon into a single string, append a well documented header and that's it. The base addon is responsible for managing them and making them visible to users. But apart from that, modules don't really differ from normal addons. They are in a special form but not changed or restricted in any other way (apart from not being able to include special graphics). A badly coded addon will be just as bad if inside a module but it won't mess anything up beyond that just because it's a module.
I don't think the security concerns are valid as long as it isn't able to receive and run code from someone without asking the user first. Such a restriction would make it just as safe as downloading an addon from WOWUI (ok bad example, heh).
My problem is that I don't see a real use-case for it. I think inexperienced users would find it just as confusing and scary as using an updater.
I do think the settings sharing idea has merit though.
I do think security would be a bigger issue than anyone would let on, your basically allowing someone to inject code at runtime. all you need is someone to crack a key and there ya go, insta-worm vector.
I do think security would be a bigger issue than anyone would let on, your basically allowing someone to inject code at runtime. all you need is someone to crack a key and there ya go, insta-worm vector.
No, because the OP's idea doesn't _require_ the ability accept and run code from everyone on every addon channel without any confirmation from the user. It doesn't require the ability to accept and run code from *anyone* that you don't trust. In fact, I doubt it'd allow reception of code from anyone outside of your guild and/or party/raid, and I also doubt that it'd be implemented to be able to receive and execute code without asking the user first.
With that said, I'm sure some chinese gold farming account hacker will try to join random guilds and then blast code at people (disguised as something innocuous) that would cause them to send him all their gold next time they visit a mailbox.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
I'm almost positive that there isn't anything like it out there yet, at least I haven't seen anything similar except for the automated external installers from Curse and WowAce.
In a nutshell: It is an addon that allows you to send and receive other addons via ingame chat channels without having to visit a website or run an external program. You don't even need to restart your client. Simply share addons ingame with your friends.
I've written some stuff on how it all works here: http://www.lenja.ch/forum/viewforum.php?f=2 (shamelessly posting link to my forums)
If some of you can spare 5 minutes and take a look at it... I'd be really grateful for any feedback you can give.
in short: l2addon dumbshiat users.
in less short: I think this idea is totally out of scope for wow interface addons and besides that storing an entire addon in a saved variable and then just "load string"'ing it is not very attractive. If my raid leaders want me to install this ill /gquit.
Sorry. :-)
But I can agree with Industrial pretty much :P
I've implemented RSA and SHA in Lua just for the security aspect of this idea. Using digital signatures, I'm sure I could make it fairly save. So no screwing of users. It's basically up to module authors what they want to implement and the addon tries not to restrict them in any way.
You are right of course, storing addons in variables takes twice as much memory as normal addons do. Once because it's in a variable and again when it gets loaded.
But for many smaller addons with only a few kilobytes, this wouldn't be too great a problem, right? The memory requirement for each addon could be displayed to the user so they could decide for themselves which addon is too wasteful for their taste.
With the digital signatures in place, the community could even decide not to sign badly coded modules.
Thanks for the comment about RDX. I will definitely take a look at openrdx.
If it catches on, it might start a trend in addon development too:
Coding practices that would make an addon more suitable for distributing/installing in this way.
A proof of concept addon (with some practical value) would probably illustrate it nicely.
Same addon (if coded the right way: xml-free) distributed in alternate ways,
or even an external converter application (parser of classic addon folder -> serialized code)
to make the process easier might be down the road ...
E.g. a minigame like chess or nine men's morris. If you're waiting outside an instance and want to play a game or two, good luck trying to convince your party members that they need to download it from some website now and restart their client just for those 10 minutes.
Some addons just won't work unless everybody has them and the reason why they don't get them is because they're useless because nobody else has them. Chicken and egg problem...
I do have a first addon module in place that works. I don't know about its practical value since the normal version is only downloaded by 3-4 users from Curse each day. It is posted as Base64 block in my Modules forum.
I agree about the need to have a converter. It's not too much fun translating XML files from existing addons into Lua code. Maybe something like that already exists? I really don't feel like writing yet another XML parser.
@OrionShock: What's the difference with real addons? You'll probably say: "The difference is that publicly posted addons can be scrutinized by knowledgeable users so unsafe addons like your 1c hack can be identified and removed."
But the same holds true with signed addons. You can't just make a bad addon and send it to people because it'll lack a digital signature. You need to post your addon publicly where it can be checked to get it signed by me or some other party. Once it is signed you can send it to people ingame but cannot change even a single byte without invalidating the signature.
And that's why I hope my idea will work in the end. I would never even have started without my own Lua crypto libs in place.
http://svn.wowace.com/wowace/branches/Interview/
But exchanging entire addons? BARF. That's just a huge mess you're getting yourself into, and all for what? Users that cannot master zip files? You think these people are going to do better with you addon than WinZip? What a nasty concept.
But I don't think it's a lost battle. Maybe the concept has to be changed a bit. I've identified two points I can work on:
1. Creating modules has to be extremely easy. Developers will stick to the old way of creating addons using XML and not just switch to another system that depends on a framework. A converter that reads a toc file and spits out a module would be extremely helpful.
2. An ingame browser that lets you download shared addons from other people. That way, even if only one person who is online has the base addon and a few cool modules it'll be a very impressive show effect if a user who is trying the base addon comes online and sees a whole list of other addons to get.
@Pusikas: I'd say Blizz has implemented a very solid addon system and that's as far as they'll go. Any further innovation beyond that has to come from players. I can see this work within the current bounds set by Blizzard if it's done right. And I'm willing to see this through no matter how much work is involved.
@tekkub: Winzip isn't all that complicated. But it's still one step less to take and a whole lot faster if you don't have to restart the client. I'll admit that many problems are yet to be solved once this system gets used more widely (e.g. giving users a good overview over all modules they have installed and keeping memory usage in check etc). But it's not really a complicated system. You pack an addon into a single string, append a well documented header and that's it. The base addon is responsible for managing them and making them visible to users. But apart from that, modules don't really differ from normal addons. They are in a special form but not changed or restricted in any other way (apart from not being able to include special graphics). A badly coded addon will be just as bad if inside a module but it won't mess anything up beyond that just because it's a module.
Having trouble with Grid? No problem, I'll just send you my profile!
This is a great idea.
Plus the shared data will be a lot smaller than a "whole addon".
Granted that the correct version of the addon must be installed first.
My problem is that I don't see a real use-case for it. I think inexperienced users would find it just as confusing and scary as using an updater.
I do think the settings sharing idea has merit though.
No, because the OP's idea doesn't _require_ the ability accept and run code from everyone on every addon channel without any confirmation from the user. It doesn't require the ability to accept and run code from *anyone* that you don't trust. In fact, I doubt it'd allow reception of code from anyone outside of your guild and/or party/raid, and I also doubt that it'd be implemented to be able to receive and execute code without asking the user first.
With that said, I'm sure some chinese gold farming account hacker will try to join random guilds and then blast code at people (disguised as something innocuous) that would cause them to send him all their gold next time they visit a mailbox.