BukkitDev is Cursed

Discussion in 'BukkitDev Information and Feedback' started by drtshock, Sep 8, 2014.

Thread Status:
Not open for further replies.
  1. Offline

    Jeyge

    FYI - there are people here that already decompile most of the requested plugins and report the ones that contain code that might exploit a users server. If you finalize what can and can't be reported and no longer call out those who do report users, I'm sure most of the bad people will be picked up by the community without extra involvement from your team.
     
  2. Offline

    Kaelten


    Call out people who report users? Why on earth would someone do that?

    If you're reporting as a form of griefing you'll be reprimanded, in private.
    If you're crass and doing report worthy behavior in your report you're likely to get a timeout, again in private.
    If you're reporting because you believe you have a legitimate issue you'll be thanked and/or educated on why it's not a big deal.

    Regardless I won't stand for public shaming.
     
    Mavhill and SGrayMe like this.
  3. Offline

    timtower Administrator Administrator Moderator

    Old system allowed it but at own risk, some people asked me to check those plugins for them to make sure they weren't malicious.
    It is probably best to put a notice on the plugin request section about that otherwise people will continue to use third party links. And also be ready for a full bukkitdev file approval list with this method, or loads of PM's to get around the system. ( which are more likely to contain malicious content )
    I won't post new links but I am also not planning on changing my signature link.
    I appreciate the responses of Curse on this.
     
  4. Kaelten No offence but your priorities seem a little off. For this post I'm going to act under the assumption that you value both the continued existence of Bukkit and the community itself. If I'm wrong on that point, it's a shame, but would should that Bukkit definitely doesn't have a chance anyway.

    Disallowing likes to sites like Dropbox for fulfilling plugin requests would be a dubious decision at the best of times, but especially in times like this. Plugins have always been a large part of what made this community the great place that it was, and the plugin requests section definitely played its part in that. After the development was halted (by the way, I sincerely doubt mbaxter wants to drag EvilSeph through the mud, so not sure what you were implying with that comment) and recent recents, the plugin development side of things became a whole lot more important. After all, that's a big part of what the community intended to continue as.

    The following has been said by timtower (who plays a big role in the plugin requests section) but it overlaps so I'll repeat and build on some of it. By disallowing the third-party links, you're making it harder to fulfil the plugin requests, for those still interested in keeping what they can of the community alive. You force them to have to go through either the official route of BukkitDev, which will take a lot longer than a simple link at the best of times. Or they go through the unofficial route of sending the plugin via PM, which has always been against the rules yet happens anyway - the disallowing decision would simply increase this practice greatly. PM'd links both have more chance of being malicious, since nobody with the know-how would be able to check it, and it means that it can only really help the person who asked, as opposed to being available to the general public.

    Now onto BukkitDev - BukkitDev is a great system, but it's not an easy one. For a while, BukkitDev queues have been very large, and not enough volunteers to work through the system in a speedy manor. This is nobody's fault really, and I'm not trying to assign blame. I much rather the security BukkitDev offers than the speed it could potentially offer. After all, removing all need for approval would be instant but not even slightly secure. That's not what BukkitDev aims for. With recent events, BukkitDev certainly cannot handle the approvals anymore, and you adding fuel to the fire by not allowing external links will certainly not help, it will cause the queue to grow even more.

    I've also heard that Curse staff do not want to work on BukkitDev unless they are given better tools, and I've heard that BukkitDev staff have been requesting and promised these tools for years. I suppose it's not really my place to comment on that, though. Consider both of the above points and the fact that you are not currently going to accept any more staff, nor any word on when such a thing might happen (sorry, but if you still think "we'll let you know" is of any reassurance to the community after all the times it's been said with no follow up, you are sadly mistaken) you have a recipe for disaster.

    So, as well as slowing down an already bogged down system, you're going to allow discussion and even direct link and advertising of alternatives to Bukkit? Wonderful. I could accept casual mentions like "Oh, I'm going to move to Sponge" or something similar to that, but explicitly allowing advertising "when Bukkit's future is uncertain" is another matter entirely. Doing so shows a complete lack of faith in the potential for Bukkit to live on, regardless of what it actually will end up being, if anything. But I can tell you for sure that Bukkit can't possibly survive unless you act as though it can.

    You may not be the reason Bukkit is dying, Curse. But you're driving the knife in to make sure it does.
     
  5. Offline

    Jadedcat


    We had been informed that third party download links were not allowed on Bukkit. If that is not the case, then certainly we can revisit that. I am mildly confused since EvilSeph tweeted that allowing unofficial links is a security breach and I shouldn't allow it.

    As to discussing competitors sites, we cannot and will not censor them. The former team had reason to disallow them from a tech support perspective. But we (Curse) do not. If we block competition it is nothing more than censorship as we cannot claim tech support issues for something we can't do tech support for.


    Bukkit Dev wait times have always been much slower than any of the other ques. We are not removing a need for approval. We are still working out what will be done there.


    We have better tools and software on the other sites. Those tools in my understanding were offered to the leaders of BukkitDev, but we (Curse/CurseForge) were told the staff didn't want them. I am starting to get really curious as to who exactly was asking us for updated software, because we had updated software and were told the team didn't want it. Somewhere communication broke down. The bukkit team was left thinking we wouldn't help them, and we were under the impression Bukkit didn't want our help.

    Which I personally think more than anything shows that Curse does not come in and trample communities. If we had been, this site would at least be on the newest xenforo and on the shiny new Ellerium que software. I don't know where the breakdown occurred, I only got started in April. But it was one of the first things I was told when I asked why this site was so much older than many others. "Bukkit prefers we just manage their hosting and leave the rest to them"


    We do not and never have believed in censorship. You may discuss/debate/rage about Curse on any of our forums. You may discuss any competitor. Competition drives communities to be better so that they are used by more people. You can control a community by eliminating all competition including the discussion of competition and insisting you are the best. Or you can make your product better allow comparison and discussion and try and make a product people want to use because it is the best option. Curse removing references to competitors is much different than Bukkit removing tech support issues.

    Right now we do not know what will help with Bukkit. None of us would be up to coding it, even if it wasn't under a DMCA. If people want to advertise for other competitors fine. We won't stop them. Normally I'd say "we'll just try and make our version better so people prefer to use it" but umm yeah... can't do that right now. We don't control the code, our hands our tied. The future of Bukkit is in Mojang and the community's hands not ours.

    Disclaimer: I work on CurseForge, I moderate forums. I can only comment on what I know from the time I was hired in April. I was not here for much of the Curse-Bukkit relationship. I may be wrong on some points in which case my boss Kaelten will correct me.
     
  6. It's been an exception for quite a while now, and I believe was addressed earlier in this thread. I'm just trying to point out why that would be a bad idea.


    As said, I can't really argue this point since I'm an outside observer and was not privy to any discussions that may or may not have taken place.


    Preventing people from advertising rival services is not really censorship. A certain level of censorship is always required when running forums.

    I understand the problems associated with continued development of CraftBukkit at this time, and that's not the point I'm arguing. EvilSeph didn't try to shut the development side of things down for no reason, and it was always the intention for the forums to continue (if your company allowed it).

    Following this and our quick IRC conversation, I'd like to emphasise the fact that I in no way blame Curse for the above events, and especially not specifically you. I merely am questioning the seemingly contradictory motivations of Curse in its current dealings. I welcome further healthy debate on the subject.
     
  7. Offline

    ZeusAllMighty11

    The system we used when I was staff wasn't foolproof, but it was damn close. How can you possibly take anything lighter than what we did?
     
  8. Offline

    Jadedcat


    What system?

    For approving plugins?
     
  9. Offline

    xize

    oh man this sound not really good neither safe.

    if the speculations are true with plugins being approved in the time of now without a good PSA malicious check things go more down hill.

    I remembered the first time reading the post about the introduction of plugin approval and what plugins where found then and what malicious harm was in it, I just want to say I hope never see something malicious as that again and want to thank all dbo staff at the time of doing this, its not cool if a plugin could make you appart of a botnet, and since the whole illuminati era I actually would like this will still be enforced rather than being fast and overlooking these things because you are a big company and not a volunteer, like the retired staff is.

    curse seriously, you should consider to listen what the retired dbo staff has to say on this manner because these things could also cause lots of troubles since most of bukkit has a safe and good reputation, its sad when that gets destroyed because for example money is envolved and things need to be fast approved and also the people who previously did the good things get smacked by that. to.
     
  10. Offline

    Jadedcat



    Umm?? What? Plugins aren't being approved right now. We are working on figuring that part out. Not sure why us moderating the forums are turning into "they are going to auto approve plugins without looking" . We don't even do that for MC mods where we know the authors. Why on earth would we do it for plugins?
     
    HoneyBuzzard, Lactem and timtower like this.
  11. Offline

    xize

    Jadedcat

    I didn't state auto aproval, I state that it could be possible the people who aprove plugins may not look into the source code which is a very big concern, I don't know curse very well so let it say in this way how I interpret this:

    curse takes over, curse is a big company some of us know that big companys can be lazy, and also overlooking things because most of the employees are in a hurry and as result plugins are backdoored.

    its not that I directly say or acuse that I think curse handles like this, but we want to know you still respect the workings and honours of the old DBO staff and whenever like this scenario as above, that this almost not should happen, of course sometimes it happens but not that people start abusing it and all the retired staff get smacked due that by lots of angered persons.

    I hope that curse does not take plugin aproval to lightly, this is what I ment to say.
     
  12. Offline

    HiveMC

    Then why was someone banned and their post deleted for doing so?
     
  13. Offline

    Jadedcat


    Huh? Where?


    Edited to add: figured it out. And no that guy was banned for something else. He just would like people to think he was banned for disagreeing with Curse. Search Curse on the forums, lots of people are arguing/pissed/unhappy. They aren't banned.


    We take malware very seriously. On MC mods we don't judge "quality", like say if its coded well, or if the world needs yet another Emerald Tool mod. However we do check for malicious code. I appears Bukkit plugins have a few more "types" of things we need to look out for.

    That's why all jokes aside we are not going to wading into the plugin que right away. That's a recipe for disaster.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Aug 25, 2018
  14. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    If he didn't step down, an alternative explanation is that he was removed. Yes it's less flattering for whomever removed him, but he didn't step down.

    The project was nearly dead; it was on life support. Our volunteers were running out of steam. The primary developers were not going to be able to get a 1.8 update out in a reasonable period of time, even if we felt it was still safe to do so (I want nothing to do with legal arguments on this). EvilSeph simply declared the current status, halted development, and said we'd continue to help where we could as long as possible. I don't see anything mud-dragging about that.

    Perhaps if Curse had hired some of the current developers after Mojang picked up the original four they had been paying, things would have gone differently. Perhaps if Mojang had provided support to the project they secretly acquired years ago, things would have gone differently. There's a lot of what-if's we can throw around on this, but that's not going to change the reality of the project's demise.
     
  15. Offline

    xize

    Jadedcat

    thanks for the clarify I already was becoming afraid:p
     
  16. Offline

    timtower Administrator Administrator Moderator

    The honesty is greatly appreciated.
     
  17. Offline

    Jadedcat

    Though since I feel like joking a minute... I'd like a nickel for every "Emerald/Obsidian Tool" mod please.... :p

    I could buy a small island. Or at least a kitten.
     
  18. Offline

    timtower Administrator Administrator Moderator

    If I would get a nickel for every survival game plugin then I could do the same :p
     
  19. Offline

    desht

    Ah, so Emerald/Obsidian tool mods are the Forge equivalent of Bukkit's TnT blocker plugins.

    There, a bit of cultural exchange :)
     
  20. Offline

    Jadedcat


    Pretty much. Its the first thing almost everyone codes. And then shares. And its really hard to tell if they are copies since they are all written pretty much the same way. :p
     
  21. Offline

    Quantum64

    I did that for my first mod. Was so proud of it.
     
    justcool393 and timtower like this.
  22. Offline

    SGrayMe


    I'd argue that whitelist plugins are the Emerald Tools of Bukkit... and whatever is the tutorial flavor of the week. :D
     
  23. Offline

    robotnikthingy

    Wait, so bukkit is basically dead, but bukkitdev and the forums are here to stay?

    I do admit, bukkitdev is a way more organized place to post plugins and such in comparison to how mods are posted in the Minecraft forums in an unorganized jumble. So maybe my first plugin may get approved

    But at the same time, I feel for the former bukkit Staff... I thought at first the whole thing was that wolf-whatever his names fault until I pieced together the whole story
     
  24. Offline

    Maximvdw

    Why would you buy a cat :O.....

    As for the actual topic. I personally don't think you should check the quality of someone's code on Bukkit. But it can be important if the lack of quality causes damage (like deleting worlds, corrupting files,... and not warning the players about it) and ofc there is the malicious code of plugins that have OP backdoors or even shell access.
     
  25. Offline

    timtower Administrator Administrator Moderator

    Over all: nobody checked the quality, just if it didn't contain malicious code. ( backdoors etc )
     
    justcool393 and 1Rogue like this.
  26. Offline

    Shevchik

    Just let bukkit die.
     
  27. Offline

    Kainzo

    "Lack of motivation" ... "Volunteers losing steam" ....
    Yet #Sponge has "500+" developer apps (large amount of ex-bukkit staff, outcasted users from bukkit and anyone whos anyone from minecraft) and the largest channel on esper.net at the moment...

    Flaws in logic, 'ere where.
     
  28. Offline

    Jade

    Kainzo TIL I joined a channel and am suddenly relevant and a valid argument. tmyk.
     
  29. Offline

    drtshock

    People just want to be the teet everyone sucks.

    EDIT so mbaxter can understand: Everyone just wants to be the one in control and do things their way.
     
    railguy_ and garbagemule like this.
  30. Offline

    garbagemule

    Kainzo
    I recall a very topical scene from the movie "300", where Leonidas and the Spartans' commitment is questioned due to their low numbers.

    500 developer applications means nothing - a significant amount of people who "want to help" have popped up in the IRC channels, some not even knowing how to import stuff in their IDE, others claiming they'll "learn Java along the way", and no doubt all of them have applied. There's a big difference between competent, capable developers, and people who just want to have their name on a list on github. There's also a big difference between competent, capable developers with the required spare time and dedication, and competent, capable developers with a tight schedule.

    Besides, how on Earth is it fair to compare the motivation and steam of volunteers in a brand new project to those of an old one going more and more downhill over the past couple of years? It's pretty clear that part of the "burnout" from some of these people is a result of doing the same thankless job over and over again, as well as being a keystone treated like rubble. Some of them (ex-Bukkit staff) are probably just happy to have the chance to be part of a truly independent project where a big corporation isn't (directly) using them as free labor. Not underestimating some of the things that were taken for granted in the Bukkit project is paramount for Sponge to succeed, especially in the long term. Remember that nothing has actually come out of the Sponge project yet; speculation is fine, but arguments are only as sound as the foundation they're based on.

    And just to make it abundantly clear, I'm in no way saying Sponge will fail, nor am I saying the support for it isn't genuine. However, there is a lot of hype (I heard it'll brew my morning coffee and mow my lawn in the summer), and it is getting a lot of excess attention right now, because everyone is panicking and looking for something to cling on to while Bukkit is sinking. Let's not jump to too optimistic conclusions so early...
     
    JaguarJo, lDucks, Hoolean and 17 others like this.
Thread Status:
Not open for further replies.

Share This Page