Extensions

M

Marcus12321

Guest
Is there a way to create a GML extension that can be distributed without actually giving the source code? Like some sort of compiling? I am talking about an extension that is written completely in GML, like scripts and objects.

Thanks.
 
S

Steevo

Guest
Nope.

I have wanted this for years, and have requested this feature a few times through support tickets. But it is not on their to do list.

You might have more success as you have the Chuck Norris look about you. Hard to say no to Chuck Norris! :D
 
M

Marcus12321

Guest
LOL, thanks for the laugh.

That's too bad about the extensions. Would be nice if they could be compiled into some sort of library.
 
S

Steevo

Guest
Yes, that would be truly awesome. Maybe one day, who knows?
 

YellowAfterlife

ᴏɴʟɪɴᴇ ᴍᴜʟᴛɪᴘʟᴀʏᴇʀ
Forum Staff
Moderator
You may look around and find the original discussion topic, but this comes down to roughly:
  • You cannot possibly have such a file format that can compile to bytecode, JavaScript, and C++ without being significantly close to AST, at which point it'll be timely reverse-engineered by any remotely competent third-party as soon as there's monetary interest involved.
  • It is often preferable for the user to not have a closed-source extension.
    For example, if I bought one of the video player extensions on the marketplace, and I later find that it's actually hard crashing the application on select systems, and the author does not respond (say, because they'd threw a fit and left forums again), that's it - I wasted anywhere between 3 to 40 dollars. Nothing can be done.
    Over years I've been hired multiple times to fix the existing assets in light of original authors vanishing permanently, and in most cases it would have cost hundreds to thousands of dollars to replicate the entire thing if the source code was unavailable.
therefore it seems pretty logical that it's nowhere up on YYG's wishlist - may as well just obfuscate your GML code. Though the fact that there's not an obfuscator available already indicates that there isn't much demand for that kind of thing either...

My Haxe->GML compiler makes it possible to auto-strip non-public-facing information as part of complication process,
upload_2018-11-12_23-16-19.png
(shown: if something should never be accessed directly, it's renamed to hx#)

but it's probably an overkill to write your extension in other language just for this.
 
S

Steevo

Guest
I wouldn't rely on the forums as a means to communicate with the publisher. Half the time they'd go by a different name anyway. That's what the 'Contact Publisher' button is for.

As for the video player, I am pretty sure that Taylor Dale is ZBox around these parts. He seems pretty accomodating to me. And the reviews don't seem to give any indication of any issues.


most cases it would have cost hundreds to thousands of dollars to replicate the entire thing if the source code was unavailable.
Exactly, and you wonder why Authors might want to protect their code? ;)

We are working in the constraints of a closed source environment after all.
 
M

Marcus12321

Guest
1) It could still be GML that has been encrypted in a manner that the IDE can still read it but not make the code visible to the user. So, it would not change the compiling of the project at all, other than the IDE unencrypting it for compilation. As long as it were done in memory, there would be nothing for the end user to easily get their hands on.

I agree, yes it could probably be decrypted. But for a $5 or $10 extension, would somebody really go out of their way? Maybe... But "locks don't keep criminals out, they keep honest people honest".

2) Yes, there is the worry of a bug. But that is possible with any product. It could be that the end user buys the library for $5 and the source code for $20 or something of that nature. Or, maybe the Yoyo Marketplace has the source code stored away, and if somebody quits supporting their extension, it gets released to people who had purchased the extension?!?! Or maybe, the marketplace can be setup to offer refunds in the case of game breaker bugs. Or some other safeguard to be determined.
 
S

Steevo

Guest
GameMaker semi compiles the code at build time. Pretty obvious they'd have the means to decompile their own format if they wanted to.

Why not have the option to compile extensions into the format that he runner uses and just import that as an extension, with all of the code hidden away, just exposing the functions to the end user. The same way that DLL's are used.
 

YellowAfterlife

ᴏɴʟɪɴᴇ ᴍᴜʟᴛɪᴘʟᴀʏᴇʀ
Forum Staff
Moderator
I wouldn't rely on the forums as a means to communicate with the publisher. Half the time they'd go by a different name anyway. That's what the 'Contact Publisher' button is for.

As for the video player, I am pretty sure that Taylor Dale is ZBox around these parts. He seems pretty accomodating to me. And the reviews don't seem to give any indication of any issues.
That was an example as this is what I hear high-profile users complain most often about - some extensions are WIndows-only, some can't hold up with large-resolution videos because their decoder is written in GML, a few fit all purposes but are not stable and the authors hadn't been responding to publisher contact emails for a while. Which brings us to...
We are working in the constraints of a closed source environment after all.
There are layers upon layers of closed source environments, from components to OSs to hardware itself. Yet that somehow didn't stop people from making open-source software in past.
There are also slightly different levels of trust and expectations from a single-person asset creator versus a company that shouldn't mysteriously disappear one misty morning.

Exactly, and you wonder why Authors might want to protect their code? ;)
It requires a great deal of technical knowledge on the subject to "steal" something without a single trace, often more than making it from scratch. For example, last year someone got caught on have been lifting code from my and few other's assets, and they did rewrite the code, but the general flow remained the same, so they were outed by fact that the edge case behaviour on few effects was exactly the same as in originals. Most of the people that are willing to steal work won't even go that far.

For a larger-scale example, few years ago there was that court case where one company based their MMO client on other company's MMO client while writing a custom backend. And got caught on some easter egg grade behaviour if the user did very specific actions. And owed millions of dollars in the end.

As they say, if you want absolute security, never release anything ever. Or license things privately and with a legally binding contract if you may.

1) It could still be GML that has been encrypted in a manner that the IDE can still read it but not make the code visible to the user. So, it would not change the compiling of the project at all, other than the IDE unencrypting it for compilation. As long as it were done in memory, there would be nothing for the end user to easily get their hands on.
Yes and no. For example, GameMaker's HTML5 runtime is stored in a encrypted archive called scripts.html5.zip. Just as you would expect of this, over years various people found ways to get into that. Know why it's not a big deal? It's still obfuscated. There's nothing won by getting to it, and it's impractical to pick that apart, just like any medium/large scale web application.

2) Yes, there is the worry of a bug. But that is possible with any product. It could be that the end user buys the library for $5 and the source code for $20 or something of that nature. Or, maybe the Yoyo Marketplace has the source code stored away, and if somebody quits supporting their extension, it gets released to people who had purchased the extension?!?! Or maybe, the marketplace can be setup to offer refunds in the case of game breaker bugs. Or some other safeguard to be determined.
Even if we assume that YYG would be willing to go those lengths (none of other engine creators did), that wouldn't go very far without someone manually reviewing each asset to make sure that the source code is what it is, is not obfuscated, and otherwise usable. And you can't offer long-term refunds if the asset creator got their money months ago and now is nowhere to be found - it'd have to be at your own expense.

GameMaker semi compiles the code at build time. Pretty obvious they'd have the means to decompile their own format if they wanted to.
Absolutely no potential side effects with shipping a feature-complete decompiler to the end user, none whatsoever. 10/10 idea

Why not have the option to compile extensions into the format that he runner uses and just import that as an extension, with all of the code hidden away, just exposing the functions to the end user. The same way that DLL's are used.
That's not the case for HTML5 and also not all that secure.
You could very well restructure your extension to be a native extension with the GML part only calling one or other GM function and then returning the result back to the native code.
 
M

Marcus12321

Guest
That is my point though. It doesn't have to be bullet proof. Just good enough. Glass windows are easily broken, but they seem to keep a lot of people out of my house.

It could be that I upload the source code and YYC's server compiles it. Then they DO know they have the source code. There are ways to make it work. But as you said, if they want to go so far as to protect everybody then it will take effort on their part. But if they just let me make an encrypted extension or a library of sorts, then once it's done it's done.

I see you have some tools you have written. If I purchase them, do I get all of the source code in case there is a bug I can fix it? ;)
 

YellowAfterlife

ᴏɴʟɪɴᴇ ᴍᴜʟᴛɪᴘʟᴀʏᴇʀ
Forum Staff
Moderator
It could be that I upload the source code and YYC's server compiles it. Then they DO know they have the source code
As I have mentioned, code that compiles is not necessarily the code that is readable/editable. It might be obfuscated, or it might be interfacing with native code, or there might be just way too much of it for a normal person to make sense of without handwritten annotations (e.g. GMLive.gml counts 8500 lines of GML)

I see you have some tools you have written. If I purchase them, do I get all of the source code in case there is a bug I can fix it? ;)
Pretty often and for that exact reason
upload_2018-11-13_1-25-46.png
upload_2018-11-13_1-26-10.png
upload_2018-11-13_1-27-11.png
upload_2018-11-13_1-28-13.png
upload_2018-11-13_1-29-5.png
 
M

Marcus12321

Guest
Sometimes, in other words. I can understand that; which is all I was asking about extensions.

Really, this whole thing just started with a question. I don't really care one way or another. But I do understand that there could be code that someone probably would not release without being able to protect it. Then smaller projects/extensions, that there would be no problem with releasing the code.
 
G

Glyph

Guest
Forgot to say. I'd be all for a GML extension encryption format also, for want of a better term.
 

zbox

Member
GMC Elder
As for the video player
Thanks for the shout out :D I'm pretty sure he's referring to Lonewolff or something though who is a bit of a skitzo from most accounts I've heard (including contact with him myself). Unless he was referring to me, then all I've got to say is my inbox is always more than open to patrons of my assets!

Re obfuscation I'm sure someone if they were really bothered could take a similar language like JS and rewire it to work with GML, not sure how much of an audience there would be. I've started before but stopped after realizing it probably won't pay off, either for the utility in my own extensions or for others that want to use it.
 
Top