xKiv
Active member
How about two files - one with not-vetted versions, editable by all authors; second with vetted versions, editable only by ... how do you call them - mods, approvers, vetterans?
Official script registry - discussion
- Thread starter roippi
- Start date
How about two files - one with not-vetted versions, editable by all authors; second with vetted versions, editable only by ... how do you call them - mods, approvers, vetterans?
zarqon
Well-known member
If SVN is the route we're going, ignore all my suggestions. I had been suggesting on the assumption that there would be a secure, non-public data file, with a script hosted on kolmafia.us regulating all read/write access. Script submission via web-based form, or via mafia GUI posting data to script. Data requests via mafia (and answered in JSON or whatever format mafia can accept most easily). Script edits allowed for the original author or by moderators. Vouches also registered via mafia GUI, using real logged-in KoL names, and saved as part of the registry data. Moderation via PHP web interface or via mafia GUI. No direct access to data file AT ALL, except for fewyn.
SVN has no support for partial ownership of data and I feel doesn't make a very helpful solution for this issue. Using our own database we can both customize and streamline.
It was also under the assumption that real KoL in-game names would be associated with each script. Which is possible if the script submission form was located in the mafia GUI. Making many KoL smurf accounts just to get a malicious script into the list (which would probably be removed fairly quickly) seems like a huge waste of effort (which is the best form of prevention). Further, there could be real in-game consequences for identifiable users who post malicious scripts. If we use real names, I also like the idea of tying this in with Trustbot somehow.
Again, if we're going with SVN, I retract my previous recommendation of moderation after submission -- restricting access is the only secure way to deal with a file on SVN.
EDIT:
Good suggestion, but a needless hassle for the mods. If we were to use the vouch idea, mafia could pop up a warning for any script with fewer than X vouches, something like "This script has not been vouched for by (m)any users. It may be malicious, harmful, or even SUBOPTIMAL. Are you sure you want to install it?" ( Yes | No | View Repository )
Last edited:
roippi
Developer
Yeah, I gotcha, Z. Your suggestions make total sense in light of that. It seems that we had agreed to the file-hosted-on-SVN part somewhere 'round page 2 and moved on to other things, but if we want to reexamine that, I'm down. It's not the perfect solution.
Anyway, what it comes down to is: I can get the mafia end of things to do whatever. That's cool. I'm personally not up for programming anything outside of that. If someone wants to set up (black box X) that accepts (encoded information Y) which somehow coalesces into (data file Z) and host said Z file, that seems awesome, but I'm out of that loop.
Anyway, what it comes down to is: I can get the mafia end of things to do whatever. That's cool. I'm personally not up for programming anything outside of that. If someone wants to set up (black box X) that accepts (encoded information Y) which somehow coalesces into (data file Z) and host said Z file, that seems awesome, but I'm out of that loop.
zarqon
Well-known member
I really feel like with a custom backend this could be an ideally-implemented feature rather than a better-than-nothing feature, and I feel like taking a crack at writing said backend. Unfortunately, I've had a cold for a friggin' month and been burning my candle at both ends the whole time to boot, so I'm behind in supporting my scripts (doesn't help that KoL is on a new content/revamp rampage) and it might be a month before I had a functional prototype for you to look at. Is that too far in the future to be helpful?
zarqon
Well-known member
Okay, I was able to work on catching up on some playing/scripting today, and feel as though I can see the light at the end of the tunnel. I'll begin work on the black box this week.
Right now, I'm trying to think of a way to avoid making every single person create an email/password account to be able to interact with the registry. The mafia GUI will be making quite a few handshakes with the black box (for submissions, edits, deletions, vouches), but without some kind of user verification, since the mafia source is public it could be possible for a sneaky jerk to spoof a mod username and wreak havoc. I'm thinking that, on your first interaction with the registry, if your "registryPassword" property was empty (the default), mafia will prompt you for a password to use with it, then save that password in your properties for all future interactions. The email address seems like it would be necessary for sending forgotten passwords, or for notifying mods of new submissions. Not asking for email would be nicer, but since the server wouldn't be logged in to KoL or this forum, it couldn't send them a kmail/PM.
The server being logged in to KoL would make this all very easy. We could even make a chatBot that interfaces with the PHP script and serves as the registrar! Interactions would occur mainly through chat and wouldn't need additional ID verification, plus since there would be no public URLs the security would be high. Not to mention the great flavor of having an NPC registrar. Major downsides, of course, being that someone would need to keep the bot running, and that the ASH scripting environment is far more volatile. Yeah, ok, actually this is probably not viable, though it would be cool if it were.
Thinking out loud. Well, it wasn't actually audible, I just typed it, so I guess... thinking... visibly.
tl;dr: Nothing to see here, folks. Move along.
Right now, I'm trying to think of a way to avoid making every single person create an email/password account to be able to interact with the registry. The mafia GUI will be making quite a few handshakes with the black box (for submissions, edits, deletions, vouches), but without some kind of user verification, since the mafia source is public it could be possible for a sneaky jerk to spoof a mod username and wreak havoc. I'm thinking that, on your first interaction with the registry, if your "registryPassword" property was empty (the default), mafia will prompt you for a password to use with it, then save that password in your properties for all future interactions. The email address seems like it would be necessary for sending forgotten passwords, or for notifying mods of new submissions. Not asking for email would be nicer, but since the server wouldn't be logged in to KoL or this forum, it couldn't send them a kmail/PM.
The server being logged in to KoL would make this all very easy. We could even make a chatBot that interfaces with the PHP script and serves as the registrar! Interactions would occur mainly through chat and wouldn't need additional ID verification, plus since there would be no public URLs the security would be high. Not to mention the great flavor of having an NPC registrar. Major downsides, of course, being that someone would need to keep the bot running, and that the ASH scripting environment is far more volatile. Yeah, ok, actually this is probably not viable, though it would be cool if it were.
Thinking out loud. Well, it wasn't actually audible, I just typed it, so I guess... thinking... visibly.
tl;dr: Nothing to see here, folks. Move along.
roippi
Developer
I'd really like it if we didn't have to depend on the GUI to be the interface that scripters use to submit/update script info. I'm not trying to be lazy, it's just that there's plenty of work to do already on a strictly read-only system that can interact anonymously. And my time is extremely limited nowadays.
Any way we can just go with a barebones web interface for that stuff?
Any way we can just go with a barebones web interface for that stuff?
Now we are going to have Mafia's Java GUI communicating via KoL's php chat with a bot written in python that interfaces with an SQL database linked with an obfuscated perl script that sends to black box X some encoded information Y that is coalesced into file Z.
I'm sure we can add a step somewhere where lambda calculus is used to optimize stuff
Perhaps veracity could be asked to contribute her LISP skills?
roippi
Developer
Okay, I'm gradually working on this, and I'm at the point where I really need a solid spec for the registry file. Remotely retrieving it, etc. can wait.
I'll post an example JSON-ified file soonish, but here's the bare minimum fields I'm thinking of:
With all being compulsory. The description fields could both be made optional in theory, if I am so persuaded.
The difference between short and long: short will be inlined in the script manager table and will be truncated to ~80 characters or so (more if the user expands their display). The long description supports html markup and will be displayed in a separate viewer panel below the table.
Let me know if there are other fields I should include, optional or otherwise. I'll have a sample JSON file to share in a day or two.
I'll post an example JSON-ified file soonish, but here's the bare minimum fields I'm thinking of:
- script name
- author(s)
- short description
- long description
- repo url
With all being compulsory. The description fields could both be made optional in theory, if I am so persuaded.
The difference between short and long: short will be inlined in the script manager table and will be truncated to ~80 characters or so (more if the user expands their display). The long description supports html markup and will be displayed in a separate viewer panel below the table.
Let me know if there are other fields I should include, optional or otherwise. I'll have a sample JSON file to share in a day or two.
roippi
Developer
mkay, this is what I'm going to be working off of, let me know now if we want to change the spec. It has a superfluous .txt extension because this forum isn't happy with *.json files.
For any curious, the way I generated this in python:
For any curious, the way I generated this in python:
Code:
import json
chit = {'name':'CHIT','author':'Bale, Chez','shortDesc':'Character Pane Replacement','repo':'https://svn.code.sf.net/p/mafiachit/code/','category':'relay','longDesc':'This is a character pane replacement. It is shiny.'}
wham = {'name':'WHAM','author':'Winterbay','shortDesc':'All-knowing CCS','repo':'https://svn.code.sf.net/p/winterbay-mafia/wham/code/','category':'combat','longDesc':'This is a custom combat script. It kills all the things.'}
x = [chit,wham]
with open('repo.json','w') as f:
json.dump(x,f,indent=1)roippi
Developer
... and by "the OP" I meant Bale's thread.
The core of this is done. You can view/sort/delete already-installed scripts, and install scripts from the svnrepo.json file. Just need a place to host that file.
What do we want to do on that front? Fewyn can almost certainly host a random text file for us, but providing facilities to have one/multiple people edit it is another can of worms. I feel like I should just throw it up on sourceforge/github and just pull it from there until we get that business sorted out. I have a feeling it may take a while.
I'm now wondering how people are going to track down the place to post questions/suggestions for scripts.
JSON is probably easier to maintain anyway, since this file won't have thousands of entries like other mafia data files.
I attached a json file. I left out Bale's shore script since he seemed to agree with me (based on his thread edit) that it's obsolete, and I left out Theraze's scripts at the end of the list because I didn't want to pick names for them. I also mostly used the same thing for the short and long description because I didn't want to spend time thinking about those while copy-pasting, so the file probably needs more work before it's ready to go.
JSON is probably easier to maintain anyway, since this file won't have thousands of entries like other mafia data files.
I attached a json file. I left out Bale's shore script since he seemed to agree with me (based on his thread edit) that it's obsolete, and I left out Theraze's scripts at the end of the list because I didn't want to pick names for them. I also mostly used the same thing for the short and long description because I didn't want to spend time thinking about those while copy-pasting, so the file probably needs more work before it's ready to go.