Minetest Forums

[neoh4x0r]

EDITED TO ADD: This problem is solvable but only without having the pre-conditions "being a non-destructive and non-restrictive solution".

EDIT: csm_restriction_flags seems to include the ability to disable calls from the client to get_item_def and get_node_def (the call is disabled on the server, not the client, to enforce the restriction).

So, a possible compromise could be to add extra flags to csm_restriction_flags to rate_limit the number of calls to those functions (like with get_node / csm_restriction_noderange).
----------

For instance, moving the ability to read the ore-data from the client to the server would allow the following scenario:

1) Client requests nodes (including the associated ore data) from the server
2) The server sends the data for (a server-side configurable number of) nodes surrounding the player (or around a specified location)
3) The client requests the same data again (either the same location or a different location)
4) The server rejects the request (and it won't send the data to the client until (a server-side configurable) amount of time has passed. Ie a cool-down period.

This doesn't defeat ore-detect, per se, or CSMs, but it does prevent the client from having an unfair advantage (ie seeing all nodes with ore-data everywhere).

This is a completely viable solution, but it would require an updated client and for ore-detect (and other CSM mods) to be modified to make a call to the server to get the ore-data.

Like I was saying before, there isn't any good way to do this ("to defeat ore-detect") without "cracking a few eggs." (and breaking those "pre-conditions")

[neoh4x0r]

We have this now. So I think we're back to trying to stop hackers?

Long story short, csm_restriction_flags isn't meant to stop hackers (or cheaters) -- ie preventing client mods from being loaded by the client.

Just considreing the first restriction ("load_client_mods") -- I would assume that CSM mods are loaded on the client's side and not loaded on the server (ie they essentially act like bots that mimic the player).

As for the other restrictions I assume that when a CSM (or client) makes a call to the server, the server is choosing to reject, accept, or rate-limit the requests depending on the value of csm_restriction_flags and that isn't the client choosing whether to do this or not.

EDITED TO INCLUDE:
https://wiki.minetest.net/Mods#Client-Side_Mods

A Client-Side Mod (short: “CSM”) is a mod used to customize your Minetest client. Client-Side Mods can be used when connected to a Minetest server because they are loaded locally.

So this confirms it...CSMs are loaded by the client -- how can the server actually enforce the policy (if the server has no control over them being loaded) ? [rhetorical]

[Lone_Wolf]

Long story short, csm_restriction_flags isn't meant to stop hackers (or cheaters) -- ie preventing client mods from being loaded by the client.

Just considreing the first restriction ("load_client_mods") -- I would assume that CSM mods are loaded on the client's side and not loaded on the server (ie they essentially act like bots that mimic the player).

As for the other restrictions I assume that when a CSM (or client) makes a call to the server, the server is choosing to reject, accept, or rate-limit the requests depending on the value of csm_restriction_flags and that isn't the client choosing whether to do this or not.

EDITED TO INCLUDE:
https://wiki.minetest.net/Mods#Client-Side_Mods

A Client-Side Mod (short: “CSM”) is a mod used to customize your Minetest client. Client-Side Mods can be used when connected to a Minetest server because they are loaded locally.

So this confirms it...CSMs are loaded by the client -- how can the server actually enforce the policy (if the server has no control over them being loaded) ? [rhetorical]

You can't get around the server preventing you from using CSM without modifying your client. At that point even if we removed CSM completely the people who could bypass the server restrictions could just as easily add it back to their client

btw I think we've been a little offtopic. Unless I read this wrong, it is a little late for me...

[neoh4x0r]

btw I think we've been a little offtopic. Unless I read this wrong, it is a little late for me...

That was my point...

Enforcing restrictions on the client side is only practical if the server is the one doing the enforcing.

Furthermore, since a client can be modified by users (and any csm loaded) -- trying to "prevent" them from doing or using something renders this whole thing moot.

PS: As I was saying the only way to do what was asked, would be to violate those pre-conditions (there isn't any other way to do it without it being a very bad kludgey hack that is unreliable).

The fundamental question was: "how to make ore-detect unnecessary" -- in short it means making the reward of finding all of the ores not necessary.....or somehow making it not work.

To not break the pre-conditions: making ore-detect not useful or necessary, would be to give the player the ores or embed the function on the server-side (making ore-detect a server mod).

Like I said, it just is not fundamentally possible for everyone to have their cake and eat it too -- some sort of compromise would have to be made.
--------------------
To follow-up with at least a somewhat workable solution. However, it is not without a caveat in that it would make mining/digging less important (which is one of the minetest's core gameplay features).

For instance, to place less importance on mining/digging for ores (even from common to more scarce ones) would be to setup various tasks, jobs, etc and a player is rewarded for the time spent with various levels of ores, the more time spent performing the task would give more rare/scarce ores.

Like I said, in my opinion, while it is a viable solution -- it makes one of minetest's core gameplay features less important and, to me, making a core gameplay feature less important is technically destructive (it takes away from the game).

Furthermore, it doesn't solve the problem completely, because it requires that players actually want to earn ores by taking on jobs -- the players that chose to cheat using ore-detect (that is the ones causing the issue) are unlikely to want to work for them and, in that case, it doesn't fundamentally solve the issue.

Which is why I said that a compromise would have to made somewhere.