Sponge: New Era


Firstly i’d like to tell you that my english is not as good as my java

When I first saw the sponge project, I thought it will change the world of minecraft. Just like the Bukkit did, thanks to it we could create servers with new features(?). When i read all about Sponge, saw git project etc. I understood that this project will be similar to BukkitForge - minecraft → forge → bukkitforge → plugin.

Why can’t we create something new? Something which will completly change the servers?

Firstly, let’s review what we have:

  1. Forge - modification available for client and server, we can add new blocks, entities and change the world.
  2. Bukkit - modification of the original world. Changes server’s behavior, no client-side changes required
  3. Spigot - more Bukkit modifications
  4. MCPC+/Cauldron - server connecting Spigot and Forge
  5. More
    Thank to all people, who contributed to this type of modifications. Thanks to you, our square world looks better.

Secondly, what can we change? (read everything before commenting)

  1. Automatic mod instalation?
  2. Server engine wrote from basics
  3. Easy mod usage for players

How would it work? How to do it?
We could write new Forge version with actual Forge team, in which we would be able to send mods to client etc. The server could be Sponge. Basics of it’s behavior I’ll describe later.

How this server would work?
We have 2 options:

  • server, which adds new things to the game (for example blocks), When player joins server, it checks if the player have installed forge. If player don’t have forge, server sends information about it. Otherwise server sends necessary blocks, entities etc which are automaticly registered client-side
  • server, which dont add anything new to the game, only changes game. On this server there is no checking if player has any modifications, he just loggs in.

Q: Safety?
A: We send block structure in separate packet (Custom payload). We don’t send jars/zips!

Q: Entity logic?
A: bloodshot, sk89q, LexManos, cpw and others can figure something out :smiley:

Q: Multithreading?
A: Of course it have to be. From the very beginning ticks have to be designed diffrently. Just like sk89q wrote (http://www.sk89q.com/2013/03/improving-your-minecraft-servers-performance/ )

My idea looks like this:

  1. ForgeAPI with ability to register blocks, items, entities etc. through server
  2. Forge for client and server
  3. SpongeAPI based on ForgeAPI
  4. Sponge as implementation of SpongeAPI

Write if you have questions or suggestions :wink:


Also do not speak much English

Good topic, it would be great if it were possible this type of forge where the player does download when you enter the server if necessary.
The only problem is still security

I agree that a key concern is how we can get custom info such as blocks entities and such to users, a system like server resource packs are setup now but will inform of outdated data/plug-ins etc. and perhaps point to the download page to update perhaps? Or grab the update from its respective repo.

I’m not sure if this is the right place for this, but I think if there was a way (when the Sponge dev area is created) if you have a plugin, there should be an Auto-updater class built into the Sponge api, where all we have to do is access the class, and use a method to check for an update, and it will compare the latest version on the download page, to the version that the end user is using, if it’s newer, it’ll either auto-download the new version OR ask if you want to update.

I also think that in the auto-updater and the dev page, we can mark what versions of Sponge our plugin is compatible with. That way, if you have an old version of Sponge, it wont want you to or force you to update a plugin to an incompatible version. That way all the Auto-Updating will be regulated, and for users that don’t know how to implement something like that, they will have the resource available.

1 Like

Of course we dont send files, but only packets with prepared blocks/items/entities and others.

I think I have to disapoint you but I’ll quote from the FAQ.

“With executable code” It means that packets with block id, texture and some info about block is allowed

Every packet is allowed to be send.

To send a packet to a client mod there is already a way: Plugin Channel
Through this channel you can send customized packets to the client.

But as mentioned the security is threatened when automatic mod installation can be done.

Got it!
will be a difficult task


but why not? :slight_smile:

I’m going to make a few points here about the mod downloading.

Most mods that are required on the server usually have blocks or items that need to be registered and rendered. There is actually a way, and someone is working on it, to do this without the client needing to download any additional mods.

The way it will work is the server will require to download a resource pack. If they refuse, they can still join; they’ll just see a bunch of missing textures.

After joining, one of 2 things might happen. It’s to be decided which one. Either the blocks will be defined in the resource pack or the server will send some packets containing the info needed to register the blocks. The info includes the ID, material, and texture name. If it uses a resource pack, that info will probably go in a file called blocks.json (similar to sounds.json)

Another thing I’ve been thinking about is GUIs. This is already a thing with sounds (/playsound). With sounds, you can send someone a .ogg file in a resource pack, then have the client play that sound. The same could be said for guis. The simplest way would be to provide a simple resource, then have the server tell the client what do display, where to display it, and for how long.

Gui Screens are a bit more complex. We need to define the uv map, and what to do when the mouse is moved or clicked. It would also be possible to define some inventory slots.

Lots of stuff could be possible with this API.

It is already possible to send files to the client – ever since we could send Texture packs over, and now Resource packs.
Possibly files could be sent over into the client that shoot itself into the main client minecraft files to install them, and all it takes to play on the server is to restart the game?

What part of “security risk” did you not understand? There will be those servers that will install malicious software to clients. Key loggers, back doors, shell access, etc. In order to stop that from happening we have to stop everyone from being able to do it. No automatic mod installs. Simple.

1 Like

I agree with what you said, but there might be one way to eliminate the security threat and that is to have an approval system but that takes time, money and people.

As someone who tries to run a server for friends, I can say that getting the mods to them with all the right configurations and whatnot is the hardest part. Then, when anything updates, I have to go through it all again. I think it is a mistake to dismiss automatic mod installs.

There are lots of things people connect to on the internet that require security and trust, but the problem was figured out and solved. It would be a bummer to not do this, simply because someone would abuse it.

To me, the benefits out weigh the cost. I won’t log into strange servers that my client says needs to install stuff.

1 Like

Regarding auto installer ive been using http://dev.bukkit.org/bukkit-plugins/plugin-installer/ for a month and its amazing

I’m a little on edge about auto-mod installation. Could that lead to malware, I wonder?

Sounds like Garry’s Mod, only for Minecraft. The Auto Installation can be a little tricky, as the server needs to check for Malicious Plugins, which would require a Security System , which could take a lot of time and money. One way I could see this happening, is to implement an Online Repo that a single server can connect to, to gather SHA1 and CRC’s and see if the plugins or mods in that instance are registered with the site, and that they match. That could also have a lot of flaws, as you can always get A) False Positives, B) Accepting a plugin or mod that appears to not have been injected or compiled maliciously.

We won’t send code, only block structures (id, texture, hardness, maybe custom model), entity structures and item structures. No code, no chance for malware.

Doesn’t Soak make this client-side mod installation?