Adding weapons

[calani]

If I made a 'secure' example or doing it serverside, it would likely confuse the poor person.
Also, I chose a triggeraction becasue it is much easier to understand for a new scripter than a DB.

If you expect a new scripter to be able to create perfectly (or even remotely) secure scripts, there's a problem there.

(With help given like this?) Help given in a form they can understand it, yes. Possibly not secure but that's something that is too complicated for most newer scripters to grasp.


Anyways, I rather think that the question that this entire debate was started over has been answered at least three times already.

[Lance]

Quote:

Originally Posted by calani

If I made a 'secure' example or doing it serverside, it would likely confuse the poor person.

So instead you chose to spread an insecure script as an example of something people should do? How does this help, again?

Quote:

Also, I chose a triggeraction becasue it is much easier to understand for a new scripter than a DB.

Feel like justifying that claim?

Quote:

If you expect a new scripter to be able to create perfectly (or even remotely) secure scripts, there's a problem there.

I don't. I did, however, expect you to be able to.

Quote:

(With help given like this?) Help given in a form they can understand it, yes. Possibly not secure but that's something that is too complicated for most newer scripters to grasp.

"Here's some (insecure) code. It adds a weapon." is not help. It's a violation of rules 2) and 4) of this forum.

[protagonist]

Quote:

Originally Posted by Lance

So instead you chose to spread an insecure script as an example of something people should do? How does this help, again?

I think it is quite obvious that what Calani provided was simply an example of using the triggeraction and addweapon commands in conjunction; a skeleton script, if you will. As long as the author of the thread understands this, no harm can come of it. Besides, are you suggesting she post a fully functional, fully secure script for him/her? Now that would be breaking the rules.
Just about every programming guide there is starts you out with writing "Hello world" to the screen. The guide doesn't explain complex concepts like security, addresses, or ways that people hack your program until much later (if at all). Security and scripting are two different things. Learning scripting first is essential to understanding security. The author didn't ask for a secure script, just an example of weapons being added.

[Lance]

Sweet, the peanut gallery is here for the party. Let's dance!

Quote:

Originally Posted by protagonist

I think it is quite obvious that what Calani provided was simply an example of using the triggeraction and addweapon commands in conjunction; a skeleton script, if you will.

It was insecure code without an explanation. See also: the part where I already explained this!

Quote:

As long as the author of the thread understands this, no harm can come of it.

Do you honestly suppose that without the resultant discussion, the author would have understood this? Calani didn't bother saying anything about it until I commented, after all.

Quote:

Besides, are you suggesting she post a fully functional, fully secure script for him/her? Now that would be breaking the rules.

Certainly not. If you bothered to pay attention, you'd have noticed I already noted that by posting all that code with no explanation that she was violating rule 2 as it is. If she's going to post some copy&paste code, she should at least make it secure. Otherwise, she's just doing more harm than good.

Quote:

Just about every programming guide there is starts you out with writing "Hello world" to the screen.

1) This is not a programming guide.
2) There is no "Hello world" involved.

Since we are now 0/2 in the "talking about related things" department, I must ask: relevance?

Quote:

The guide doesn't explain complex concepts like security, addresses, or ways that people hack your program until much later (if at all).

1) This is still not a programming guide.
2) Calani still didn't explain any concepts (simple or 'complex').

You do realize that to have a good analogy, you need to compare related things, right?

Quote:

Security and scripting are two different things. Learning scripting first is essential to understanding security.

Learning about script security is an integral part of learning how to script. If you cannot script something securely, you cannot script well.

Quote:

The author didn't ask for a secure script, just an example of weapons being added.

I believe you need to recheck your facts.

• The author asked for the how, not for an example, and certainly not for the posting of a full script and violation of the forum rules.
• The author asked for a weapon being added by a level npc. Calani supplied an (insecure) weapon triggeraction (and no way to connect it with a level NPC, even if she was interested in answering the author's question).

[calani]

Quote:

Originally Posted by Lance

Calani supplied an (insecure) weapon triggeraction (and no way to connect it with a level NPC, even if she was interested in answering the author's question).

Quote:

Originally Posted by calani

a level npc (shop or suchlike) could also use that trigger, granted the player has a weapon on them like that one that accepts the addw trigger

hmmm

[protagonist]

Quote:

Originally Posted by Lance

It was insecure code without an explanation. See also: the part where I already explained this!

If I asked for help on how to use a command, I wouldn't want it nested in a load of "secure" coding. I would simply want an example and, if need be, apply my own security measures. There's no inherent reason in posting a command example with security included. It provides the answer plus a cumbersome read.

Quote:

Originally Posted by Lance

Do you honestly suppose that without the resultant discussion, the author would have understood this? Calani didn't bother saying anything about it until I commented, after all.

Well, I noticed right away that there were no security features in the script. The first thing I thought was: "Wow, I wouldn't copy and paste that code. It doesn't even check to see who uses it.". I don't even write in GScript. Also, if you say something is insecure, it wouldn't hurt to point out why it is insecure.

Quote:

Originally Posted by Lance

Certainly not. If you bothered to pay attention, you'd have noticed I already noted that by posting all that code with no explanation that she was violating rule 2 as it is. If she's going to post some copy&paste code, she should at least make it secure. Otherwise, she's just doing more harm than good.

It's not copy&paste code. It's an example. If the author copy and pastes it, it's his or her fault for doing so. People who ask for help are supposed to use the help in order to write their own scripts, not to copy and paste the suggestions.
Also, to post what the script does is redundant. The author presumably knows his or her own desires.

Quote:

Originally Posted by Lance

1) This is not a programming guide.
2) There is no "Hello world" involved.

1) That's where you're wrong. The NPC scripting forum frequently acts as a scripting guide. In fact, a guide is precisely what this forum appears to function as.
2) So? It was an example, not a direct reference to the current discussion.

Quote:

Originally Posted by Lance

2) Calani still didn't explain any concepts (simple or 'complex').

Is it necessary to explain commands? If someone gave me something I didn't understand, I would go look up the command. It encourages the self-teaching method, rather than the "oh I got something wrong, can you tell me what to do to the letter?" method.

Quote:

Originally Posted by Lance

Learning about script security is an integral part of learning how to script. If you cannot script something securely, you cannot script well.

You also can't script well if you don't grasp elements of the language. The nature of the question the author poses suggests that he or she does not yet have a grasp on some of the commands.
P.S: Why don't you address the author with suggestions on security, rather than engaging in a confrontation with another forumer who was trying to be helpful?
P.P.S: And no, I'm not being hypocritical. I'm simply asking why a moderator who is so concerned with security would be so eager to attack someone's efforts without providing an example of an improved script.

Quote:

Originally Posted by Lance

• The author asked for the how, not for an example, and certainly not for the posting of a full script and violation of the forum rules.
• The author asked for a weapon being added by a level npc. Calani supplied an (insecure) weapon triggeraction (and no way to connect it with a level NPC, even if she was interested in answering the author's question).

Learning by example is probably the most effective way to learn anything. Including scripting.

[Lance]

Quote:

Originally Posted by calani

hmmm

1) You did not explain what a trigger was (to someone who does not understand it).
2) You did not note which code would be required to connect the two.

Therefore, you did not connect it.

[calani]

Very well, as thou dost wish, I shall henceforth comment every line of code that I do post on this most wonderful of forums. *bows low*

[protagonist]

Quote:

Originally Posted by calani

Very well, as thou dost wish, I shall henceforth comment every line of code that I do post on this most wonderful of forums. *bows low*

You must bow lower to be accepted by Lance. You have to have a negative z value before you get low enough.

[Lance]

Quote:

Originally Posted by protagonist

If I asked for help on how to use a command, I wouldn't want it nested in a load of "secure" coding. I would simply want an example and, if need be, apply my own security measures. There's no inherent reason in posting a command example with security included. It provides the answer plus a cumbersome read.

This isn't about what you would ask or what you would want. This is about what was asked, what was provided, and why it was the wrong answer.

Quote:

Well, I noticed right away that there were no security features in the script. The first thing I thought was: "Wow, I wouldn't copy and paste that code. It doesn't even check to see who uses it.". I don't even write in GScript.

Now might be a good time to point out that you are not the author of this thread. The discussion point you are attempting to reply to deals not with you but with the author of this thread. You have not answered my question.

Quote:

Also, if you say something is insecure, it wouldn't hurt to point out why it is insecure.

Actually, I did. In my first reply to her post. Please read it!

Quote:

It's not copy&paste code. It's an example. If the author copy and pastes it, it's his or her fault for doing so.

Read the forum rules lately? Code that you can copy and paste and use it as-is (or with trivial modifications) on your server is just that.

Quote:

People who ask for help are supposed to use the help in order to write their own scripts, not to copy and paste the suggestions.

Yeah, supposed to. In the real world it doesn't quite happen just like that. That's why the rule exists.

Quote:

Also, to post what the script does is redundant. The author presumably knows his or her own desires.

Oh, please. His or her own desires are not necessarily equivalent to random code posted by random people in response.

Quote:

1) That's where you're wrong. The NPC scripting forum frequently acts as a scripting guide. In fact, a guide is precisely what this forum appears to function as.

Looks like you need to re-read rule 1 of this forum.

Quote:

2) So? It was an example, not a direct reference to the current discussion.

No relation -> false analogy.

Quote:

Is it necessary to explain commands? If someone gave me something I didn't understand, I would go look up the command. It encourages the self-teaching method, rather than the "oh I got something wrong, can you tell me what to do to the letter?" method.

If you have sufficient belief that the person you are helping does not understand a command or concept, it behooves you to explain it. That certainly does not mean that you should do all of their work for them, but at least you can give them the information they would need to learn from it (while avoiding giving them the chance to simply copy&paste without learning).

Quote:

You also can't script well if you don't grasp elements of the language. The nature of the question the author poses suggests that he or she does not yet have a grasp on some of the commands.

How does this respond to my point that scripting and security are not actually two different things? Your claim that they were separate was what I was responding to, after all.

Quote:

P.S: Why don't you address the author with suggestions on security, rather than engaging in a confrontation with another forumer who was trying to be helpful?

I consider "Their question did not deal with security, but one of the responses was quite insecure" to be good enough reason for that.

Quote:

P.P.S: And no, I'm not being hypocritical. I'm simply asking why a moderator who is so concerned with security would be so eager to attack someone's efforts without providing an example of an improved script.

An improved script of which, now? If you're referring to calani's, the approach is flawed. There is no 'improved script' for that approach for this problem.

Quote:

Learning by example is probably the most effective way to learn anything. Including scripting.

Different people learn differently, man. The best thing any of us can do is provide people with enough information so they, with every learning style ("give me the the finished code and I will learn" naturally excepted), can learn.