no longer possible to use the os library?
Since the new build (181), I'm getting this error trying to run my in-progress replay mod: trying to index global 'os' (a nil value). Looks like the devs have removed the os library from their costum lua environement completely.
I've been using os.clock() to determine how much time running parts of my script take so I can identify performance bottlenecks. This isn't possible via Shared.GetTime() cause the game time is appearantly set by the engine before calling a lua script and remains constant during the current cycle. Looks like I'll have to give their profiler a try or I have to substitute os.clock() with a simple CFunction.
Maybe they wanted to prevent mods from using os.execute() or os.remove() ?
I've been using os.clock() to determine how much time running parts of my script take so I can identify performance bottlenecks. This isn't possible via Shared.GetTime() cause the game time is appearantly set by the engine before calling a lua script and remains constant during the current cycle. Looks like I'll have to give their profiler a try or I have to substitute os.clock() with a simple CFunction.
Maybe they wanted to prevent mods from using os.execute() or os.remove() ?
Comments
Its a "new" thing, i don't remember how you start the server with the console open, but i'm sure somebody can help out here.
I've noticed this change also. For my purposes i've managed to rely on deltaTime to test out isolated pieces of code.
Basically:
function GUITestBed:Update(deltaTime)
for i = 1,30000 do
SlowCode()
end
Print(deltaTime)
end
I wonder if the devs could just add a high-res time function to lua (i don't think Shared.GetTime() could be used for this). Probably the only thing stopping them is their's no need with that profile system. But they may be the only ones that know how to use it :P
Yes it should. Executing system commands should be *hard*, it shouldn't be something that's built into the engine. The reason behind this is if you fail to properly escape your commands, you run the risk of allowing players to do whatever they want with the server. Source had a few exploits that allowed players to upload various malicious plugins. The results of this would have been far worse if it were possible for them to execute commands with minimal effort.
Again to stipulate, I'm talking about the Server-VM, not the Client-VM. Clients should be assumed to be utterly ignorant in all matters of security and not be exposed to anything remotely harmful, server-operators on the other hand I assume to be competent and well aware of the risks involved running custom script\code.
Well i finally figured out how to get the server profile display to work. Start the dedicated server with -console added to the end of it command line. After its started select the window titled console and press you ` key(really unintuitive) and just type profile and press enter
You would be very mistaken. Most server operators would have exactly 0 idea that a malicious plugin can actually effect their server. I've spoken to many who refuse to believe that the plugin they just added to their servers is responsible for the crashes that just mysteriously started happening. Few have the knowledge that a plugin can perform any action on their server if they are handling the security incorrectly. Even fewer have the knowledge necessary to look at a plugins code and see if it's doing anything malicious.
If the admins would just stick to this forum shopping for their mods it'll probably be just fine. Many forum-goers have a decent competence in Lua and routinely subject mods to scrutiny. I don't think a malicious mod would have a high life-expectancy here...