Go with me on this, I promise it'll have a happy ending. If not, then you deserve a cupcake.
Here goes:
So often as I drive home from work ideas spring up that make a lot of sense. I try to remember to jot them down when I get back home and if they still make sense, I ponder how they would work and if they would make a positive difference. This is such an idea.
As an example, let us consider the music CD. Redbook audio CDs.
There was a time not too long ago when a organization called CDDB sprang up to collect table-of-conent (TOC) vectors of the tracks on a CD. I won't bore you with the actual technical details, but suffice to say Redbook standard audio CD's contain a vector of integers coded on the media that the compliant driver can read. This vector defines in units of a frame (1 frame = 1/75th of a second) of duration of each track on the disc. When discs are mastered, a person (human) literally marks the end points. So, during the production of a CD, over the lifetime of making instances of the versions of the CD, the TOC may change slightly. Pink Floyd Dark Side of the Moon has about 100 different TOC variations in the wild, for example.
CDDBs algorithm was (is) basically to hash the TOC into a 32 bit number, represented by a 4 octet hex number.
The algorithm had a feature to be loose enough to create collisions on TOC's that were close to another. This meant that if the same disc title had two distinct TOC, the algorithm would still collide to hash on the same key. This is by design.
Now CDDB eventually became very popular and during the history of the group, was approached by several media player software companies to acquire them. They refused and now they are known as GraceNote (or whatever they have morphed into).
The point being that a database of media, with open standard to submit and query became very popular and useful. It is how when you insert a music CD into your player, the software knows which disc it is. More advanced standards of encoding include other tags now (ID3, and other data) that make this system almost obsolete, but the impact is still there.
Now turn to Minecraft mods and the idea that had me up awake thinking through the process.
One essential part of mod pack development is securing permission to use the mod. Typically, this involves a lot of painful web surfing through ad hell to find the developer, find their license, and analyze the facts. Then a list is made and this tedious manual process is continued until the list is burned down to what you describe as the permissions list.
I think there's abetter way to deal with this.
Let's suppose there's a service, a website with a database. The database accepts submissions of a mod developer for their mod. The mod dev provides the meta data and in return the site returns a key. The key is actually the public part of a key-pair. The server keeps the private portion.
The mod developer uses a (yet to be made protocol) to insert a statement to generate a log entry that prints another key (which happens to be the data produced by a private key of the mod-dev and the public key given by the web site).
When a mod pack developer wants to seek permission, all they need to do is get the data-string from the log, go to the web site and enter it. The website (because the mod dev entered it beforehand) spits out the actual licensing terms of the mod (CC, GPL, whatever, whatever the specifics are). Then the end-user knows exactly where they stand.
No more annoying PM's to mod developers. No more guess work. No more huntin through ad-hell infested web sites. Plus it actually forces mod pack developers to seek, run and test the mods before asking. This will also have a side effect of (hopefully) cutting down on the number of 12 year olds who want to throw mods together and ask vague questions on the wrong forum "can I use it?"
The other side effect is that it forces the end user (mod pack developer ) to know that THAT version of the mod is the one they got and specifically if the permissions are granted. Having to guess is a pain.
So, having a log that is auditable, complete and concise is very useful for a user to know where they stand with respect to permissions and licensing.
So, the immediate questions you might have are:
"who is going to host this service?"
"who is going to maintain it?"
"who's going to build it?"
"will mod developers be required to use it?"
"how do users know they got a bonafide key of the mod and aren't victim of MitM attack?"
"does the site actually host the mod?" Flat answer "f* no. It stores meta data, not the mod or anything that the mod produces. Just meta data and a keypair"
I'll take astab at answering these questions but the essence of this is to improve the system by making the process of getting permissions (the one stumbling block among a handful) of mod pack developers.
To me, it would create a new formal sense of responsibilty in the mod-pack and mod dev community to hold up some standard on how they define licenses and how users may apply them.
So, that's the idea. I'm eager to try to implement this on the back end and a mod on the system side that will use it. I think working through the use-cases will be valuable to determine any risks and feasibility.
I wrote the software in various media player software that did CDDB algorithms and back end services of the same. So I've been down this road before. I want to leverage that knowledge here for the minecraft mod community.
Comments, suggestions, big rotten tomatos, etc.. welcome.
Thanks.
Here goes:
So often as I drive home from work ideas spring up that make a lot of sense. I try to remember to jot them down when I get back home and if they still make sense, I ponder how they would work and if they would make a positive difference. This is such an idea.
As an example, let us consider the music CD. Redbook audio CDs.
There was a time not too long ago when a organization called CDDB sprang up to collect table-of-conent (TOC) vectors of the tracks on a CD. I won't bore you with the actual technical details, but suffice to say Redbook standard audio CD's contain a vector of integers coded on the media that the compliant driver can read. This vector defines in units of a frame (1 frame = 1/75th of a second) of duration of each track on the disc. When discs are mastered, a person (human) literally marks the end points. So, during the production of a CD, over the lifetime of making instances of the versions of the CD, the TOC may change slightly. Pink Floyd Dark Side of the Moon has about 100 different TOC variations in the wild, for example.
CDDBs algorithm was (is) basically to hash the TOC into a 32 bit number, represented by a 4 octet hex number.
The algorithm had a feature to be loose enough to create collisions on TOC's that were close to another. This meant that if the same disc title had two distinct TOC, the algorithm would still collide to hash on the same key. This is by design.
Now CDDB eventually became very popular and during the history of the group, was approached by several media player software companies to acquire them. They refused and now they are known as GraceNote (or whatever they have morphed into).
The point being that a database of media, with open standard to submit and query became very popular and useful. It is how when you insert a music CD into your player, the software knows which disc it is. More advanced standards of encoding include other tags now (ID3, and other data) that make this system almost obsolete, but the impact is still there.
Now turn to Minecraft mods and the idea that had me up awake thinking through the process.
One essential part of mod pack development is securing permission to use the mod. Typically, this involves a lot of painful web surfing through ad hell to find the developer, find their license, and analyze the facts. Then a list is made and this tedious manual process is continued until the list is burned down to what you describe as the permissions list.
I think there's abetter way to deal with this.
Let's suppose there's a service, a website with a database. The database accepts submissions of a mod developer for their mod. The mod dev provides the meta data and in return the site returns a key. The key is actually the public part of a key-pair. The server keeps the private portion.
The mod developer uses a (yet to be made protocol) to insert a statement to generate a log entry that prints another key (which happens to be the data produced by a private key of the mod-dev and the public key given by the web site).
When a mod pack developer wants to seek permission, all they need to do is get the data-string from the log, go to the web site and enter it. The website (because the mod dev entered it beforehand) spits out the actual licensing terms of the mod (CC, GPL, whatever, whatever the specifics are). Then the end-user knows exactly where they stand.
No more annoying PM's to mod developers. No more guess work. No more huntin through ad-hell infested web sites. Plus it actually forces mod pack developers to seek, run and test the mods before asking. This will also have a side effect of (hopefully) cutting down on the number of 12 year olds who want to throw mods together and ask vague questions on the wrong forum "can I use it?"
The other side effect is that it forces the end user (mod pack developer ) to know that THAT version of the mod is the one they got and specifically if the permissions are granted. Having to guess is a pain.
So, having a log that is auditable, complete and concise is very useful for a user to know where they stand with respect to permissions and licensing.
So, the immediate questions you might have are:
"who is going to host this service?"
"who is going to maintain it?"
"who's going to build it?"
"will mod developers be required to use it?"
"how do users know they got a bonafide key of the mod and aren't victim of MitM attack?"
"does the site actually host the mod?" Flat answer "f* no. It stores meta data, not the mod or anything that the mod produces. Just meta data and a keypair"
I'll take astab at answering these questions but the essence of this is to improve the system by making the process of getting permissions (the one stumbling block among a handful) of mod pack developers.
To me, it would create a new formal sense of responsibilty in the mod-pack and mod dev community to hold up some standard on how they define licenses and how users may apply them.
So, that's the idea. I'm eager to try to implement this on the back end and a mod on the system side that will use it. I think working through the use-cases will be valuable to determine any risks and feasibility.
I wrote the software in various media player software that did CDDB algorithms and back end services of the same. So I've been down this road before. I want to leverage that knowledge here for the minecraft mod community.
Comments, suggestions, big rotten tomatos, etc.. welcome.
Thanks.
Last edited:
