no longer possible to use the os library?

wulf 21wulf 21 Join Date: 2011-05-03 Member: 96875Members
Since the new build (181), I'm getting this error trying to run my in-progress replay mod: trying to index global 'os' (a nil value). Looks like the devs have removed the os library from their costum lua environement completely.

I've been using os.clock() to determine how much time running parts of my script take so I can identify performance bottlenecks. This isn't possible via Shared.GetTime() cause the game time is appearantly set by the engine before calling a lua script and remains constant during the current cycle. Looks like I'll have to give their profiler a try or I have to substitute os.clock() with a simple CFunction.

Maybe they wanted to prevent mods from using os.execute() or os.remove() ?

Comments

  • playerplayer Join Date: 2010-09-12 Member: 73982Members
    Are we talking about the Server-VM? That certainly shouldn't have such inhibitions.
  • AsranielAsraniel Join Date: 2002-06-03 Member: 724Members, Playtest Lead, Forum Moderators, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Shadow, Subnautica Playtester, Retired Community Developer
    You can always use the PROFILE macro (look around the code, used everywhere). then you can see your function in the profiler (profile 1 in the console).
  • wulf 21wulf 21 Join Date: 2011-05-03 Member: 96875Members
    yes, the server vm. And maybe I'll give PROFILE a try, however I have no idea how this could work on a dedicated server.
  • AsranielAsraniel Join Date: 2002-06-03 Member: 724Members, Playtest Lead, Forum Moderators, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Shadow, Subnautica Playtester, Retired Community Developer
    you can open profile from the server console.
    Its a "new" thing, i don't remember how you start the server with the console open, but i'm sure somebody can help out here.
  • FocusedWolfFocusedWolf Join Date: 2005-01-09 Member: 34258Members
    <!--quoteo(post=1863060:date=Jul 24 2011, 01:36 PM:name=wulf 21)--><div class='quotetop'>QUOTE (wulf 21 @ Jul 24 2011, 01:36 PM) <a href="index.php?act=findpost&pid=1863060"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->I've been using os.clock() to determine how much time running parts of my script take so I can identify performance bottlenecks.<!--QuoteEnd--></div><!--QuoteEEnd-->

    I've noticed this change also. For my purposes i've managed to rely on deltaTime to test out isolated pieces of code.

    Basically:

    function GUITestBed:Update(deltaTime)

    for i = 1,30000 do
    SlowCode()
    end

    Print(deltaTime)

    end

    I wonder if the devs could just add a high-res time function to lua (i don't think Shared.GetTime() could be used for this). Probably the only thing stopping them is their's no need with that profile system. But they may be the only ones that know how to use it :P
  • devicenulldevicenull Join Date: 2003-04-30 Member: 15967Members, NS2 Playtester, Squad Five Blue
    edited July 2011
    <!--quoteo(post=1863068:date=Jul 24 2011, 02:22 PM:name=player)--><div class='quotetop'>QUOTE (player @ Jul 24 2011, 02:22 PM) <a href="index.php?act=findpost&pid=1863068"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->Are we talking about the Server-VM? That certainly shouldn't have such inhibitions.<!--QuoteEnd--></div><!--QuoteEEnd-->

    Yes it should. Executing system commands should be *hard*, it shouldn't be something that's built into the engine. The reason behind this is if you fail to properly escape your commands, you run the risk of allowing players to do whatever they want with the server. Source had a few exploits that allowed players to upload various malicious plugins. The results of this would have been far worse if it were possible for them to execute commands with minimal effort.
  • playerplayer Join Date: 2010-09-12 Member: 73982Members
    The Server-VM is untouchable by anyone but the server-operator (barring any mistakes on UWE's part), it's up to the individual modders not to screw up in this department. If it's completely disabled now, the only way to accomplish the same is to load up a custom module and do it via machine-code, I don't think that's what anyone wants.

    Again to stipulate, I'm talking about the Server-VM, not the Client-VM. Clients should be assumed to be utterly ignorant in all matters of security and not be exposed to anything remotely harmful, server-operators on the other hand I assume to be competent and well aware of the risks involved running custom script\code.
  • fsfodfsfod uk Join Date: 2004-04-09 Member: 27810Members, NS2 Developer, Constellation, NS2 Playtester, Squad Five Blue, Squad Five Silver, Squad Five Gold, Subnautica Playtester, NS2 Community Developer, Pistachionauts
    <!--quoteo(post=1863090:date=Jul 24 2011, 09:42 PM:name=wulf 21)--><div class='quotetop'>QUOTE (wulf 21 @ Jul 24 2011, 09:42 PM) <a href="index.php?act=findpost&pid=1863090"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->yes, the server vm. And maybe I'll give PROFILE a try, however I have no idea how this could work on a dedicated server.<!--QuoteEnd--></div><!--QuoteEEnd-->

    Well i finally figured out how to get the server profile display to work. Start the dedicated server with -console added to the end of it command line. After its started select the window titled console and press you ` key(really unintuitive) and just type profile and press enter
  • devicenulldevicenull Join Date: 2003-04-30 Member: 15967Members, NS2 Playtester, Squad Five Blue
    <!--quoteo(post=1863198:date=Jul 24 2011, 11:12 PM:name=player)--><div class='quotetop'>QUOTE (player @ Jul 24 2011, 11:12 PM) <a href="index.php?act=findpost&pid=1863198"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->Again to stipulate, I'm talking about the Server-VM, not the Client-VM. Clients should be assumed to be utterly ignorant in all matters of security and not be exposed to anything remotely harmful, server-operators on the other hand I assume to be competent and well aware of the risks involved running custom script\code.<!--QuoteEnd--></div><!--QuoteEEnd-->
    You would be very mistaken. Most server operators would have exactly 0 idea that a malicious plugin can actually effect their server. I've spoken to many who refuse to believe that the plugin they just added to their servers is responsible for the crashes that just mysteriously started happening. Few have the knowledge that a plugin can perform any action on their server if they are handling the security incorrectly. Even fewer have the knowledge necessary to look at a plugins code and see if it's doing anything malicious.
  • playerplayer Join Date: 2010-09-12 Member: 73982Members
    Maybe generally-more-competent-than-players would've been a better phrasing. The question is, do you really want to curtail functionality up to the point where even the most naive server-admin is protected from malicious behaviour? I'd argue we'd be left with an incredibly tiny sandbox where nearly nothing can be accomplished by modders, which would be a shame.

    If the admins would just stick to this forum shopping for their mods it'll probably be just fine. Many forum-goers have a decent competence in Lua and routinely subject mods to scrutiny. I don't think a malicious mod would have a high life-expectancy here...
Sign In or Register to comment.