[Question] Anyone tried to edit the AI json scripts?

under media\pa\ai\ there are fabber and factory folders and a unit encyclopedia for the ai. Not even sure if its being called upon or what, since I just tried to blank out the order files (to create a sandbox mode of sorts) and the AI still builds stuff.

Anyone else had success with these?

It wouldn't effect anything because the AI is run on the servers.

It would be hilarious if it was run through clientside though.

wow, totally forgot about the whole server thing
guess I'll have to wait to totally screw up sorian's work
(don't worry I always make backups)

So. When we gonna get the server? Nudge nudge wink wink

Not until late beta or even release.

But we will have to see, how mod-friendly the server is going to be anyway. Contrary to SupCom, most of the logic isn't going to be accessible in the form of LUA files but rather hard coded in binary files, so unless we get access to the internal APIs, modding is going to be rather ... limited.

Isn't that still a big open question of how that is gonna work? Judging by the UI Uber really puts a lot of work into modability, so a near unmodable server would be weird.

My impression has been more that it relies on compiled scripts. While not lua level accessible, it should still hopefully be easily moddable with the right tools. Also, a fair bit of modding will be identical to client modding, only the values are actually used instead of ignored (like how changes to the AI on the client don't mean anything, but would if you were the server).

Yes, if you are just going to tweak numbers, thats probably going to work just fine.

But what I'm more worried about, is about core features like intelligence, extending the unit model with new properties or even modifications to the path finding.

In short: Anything which goes beyond just writing a new web application for UI or tweaking numbers within the hard limits of the engine.

There was a discussion about APIs and possible ways to allow user code for replacing core features inside the server a few months ago (various scripting languages, sandboxes or even native, dynamically loaded libraries were under discussion), but since then, nothing.

what if uber gives us the architechture to the server and we have to mail them mods that are then accessible throught a choice on the main menu to those who have been chosen by the modder to be able to test it, in a list in the mod?

after sufficient testing the mod would recieve uber's approval and become accessible to everyone?
(I dunno just being noob and with incorect phrasing but I'm only trying to imagine how it would all work, I see a risk with giving the server to everyone, such as people trying to set up their own server. Maybe i'm just talking out of my ***. tell me if you think it's a good idea or not.)

Such a system would be very unpractical to use for every mod.

Indeed, and neither would it provide "security".

If you are going to "enhance" your server with native stuff, you will need to trust the author any way.
If someone was to hide malicious stuff in the server, no one at Uber would be capable of telling for sure, not even if they had access to the source code. Malicious code is just to easy to disguise / hide nowadays.

Security can only be ensured for mods which solely use the data formats used by the default engine (and those mods are also the only ones which could possibly load on official servers), anything which exceeds that must be considered unsafe which means you use it at your own risk.

Oh common! a room full of devs? they could write malitious code ten times better than the wrongdoer! and also antiviruses have come a long way, the two top ones that is.

But anyhow yes I can see how my idea would be tedious and impractical. Nvm I was just making a suggestion.

Good luck at detecting e.g. the simple combination of a buffer overflow, return based programming and content loaded from the web. (Content from the web is used in the buffer overflow to mess with the stack, allowing to use fragments created by return based programming to execute a program flow which didn't exist nor was possible prior to the stack manipulation.)

You will neither be able to tell from the source code nor from the binary if done properly. Antivirus doesn't stand a chance against such an attack either, they only have signatures for certain byte sequences which are know to be part of malware.

they could run it in a "box" first to check what it does. sure, it wouldn't have access to internet then but you could check in a console what urls it calls and check them individually.

Nope, doesn't work with that type of attack. The malicious nature isn't reveled unless the attacker unleashes it.
Quite a lot of malware on the iOS-plattform is based on this concept, and Apple does perform a quite sophisticated analysis of any application before they allow it in the store (including static analysis and sandbox). And yet there is still malware in the Apple Appstore.

But thats just one example. I just wanted to show, that you can never trust in code from a stranger and no analysis is capable of reveling all possible backdoors.

You also have to consider that Uber doesnt have a full room of devs that have nothing better to do than to check mods.

Also the current UI mods can already do pretty malicious things in theory. I haven't checked, so I don't know for sure, but I am pretty sure you could i.e. make a mod that grabs login data from the user directly from the login form and pushes it to a server somewhere.

So basically when you install a mod from somebody you already have to trust him.

It's sound so funny for me. Native/scripted doesn't change anything in terms of security these days. Even now UI mods can actually do a lot of bad stuff and powerful server-side scripting will obviously be as dangerous as native code.

And on current operation systems it's actually easier to limit native code, than scripts. Because you can never know what exactly screen doing because it's using bloated interpreter.

It's why Uber move UberNet code outside UI, because some good modders use user session for stuff it's not designed to.

Then you shouldn't use any mods at all because any powerful scripting API will be able to do harmful things. Actually malicious things are possible in most games which allow midding, so I think you just need learn about sandboxing or virtualization if you paranoid like this.