Opencomputers: [Feature Request][Java/Scala] File transfer dialogs / Using binary files with OC

What are you hoping to be added that can't already be done with things already present in OC?

The internet card can create TCP sockets, so implementing a FTP client wouldn't be that hard...

The dialogs can be added by the aforementioned potential software....

This API would be always enabled and would let you transfer files to servers which don't allow HTTP for security reasons.

If a server doesn't allow HTTP for security reasons, I don't see why it would allow TCP.

Either way, you can't use arbitrary IP addresses by default, so the user's IP address wouldn't be accessible from in-game anyway. This is why it should be built-in. It should also go through minecraft's own packet system, not HTTP or arbitrary TCP.

So you want to have the ability for random players to be able to upload/download binary files from OC because the server host wont allow HTTP (and/or TCP) for security reasons?
Even thought the reasons that they (the server host) might turn off HTTP/TCP is because they can't trust players yet you want the players to be able to transfer files even when HTTP/TCP have been disabled for 'security reasons'? That's a paradoxical statement.

What actual benefit would this add? Currently I can't see it adding anything because the reasons you've given as to why someone might want to use it contradict the reasons why the restrictions had been put in place.

Actually, you can already (slowly) send files with copypaste and base64 but it's a pain to do.

In other words file transfers are not a security issue because you can have them with or without HTTP/TCP, it's just a pain without them.

For receiving them you base64 and OCR instead.

In other words file transfers are not a security issue because you can have them with or without HTTP/TCP, it's just a pain without them.

How is allowing players to transfer binary files via some sort of built in protocol suddenly not a security issue where HTTP/TCP transferring the same data might be?

It's not the data that is a security issue, it's the programming APIs that you can call through TCP and HTTP that are a security issue.

I do feel that I am not seeing your point, could you please elaborate?

@SoniEx2 excuse my ignorance, but what is OCR?

So you never heard of things like github API and google API and twitter API and SSH and email APIs and stuff?

@MajorGeneralRelativity Optical character recognition.

Fair enough, thought so, just wanted to confirm

@SoniEx2 to clarify, you want an API with 2 commands: one to transfer a lua binary to an entered IP, and one to receive a lua binary?

Theres ocnetfs!

I can't comprehend your OCR comment... to run OCR you need to run over the base64, but then you managed to transfer that base64 data already, why not just have it be data?

And then I'm not sure what your proposition is in general. If it can download files from somewhere it can connect/send requests to some IP. Which tends to be the main concern of the TCP/HTTP stuff?

From a specific USER! not an arbitrary IP. It would even send files through MC packets instead of TCP or HTTP!

Either way, you can't use arbitrary IP addresses by default, so the user's IP address wouldn't be accessible from in-game anyway. This is why it should be built-in. It should also go through minecraft's own packet system, not HTTP or arbitrary TCP.

@SoniEx2 a specific minecraft user? how would that work?

So you want OC to fetch the user's IP and send a request to it?

I'm still unclear on what "user" is referring to

Do you not know what MC packets are?

The user, the player, the person with the OC terminal open.

I mean... I guess? Seems like a horribly stilted and confusing system though personally... I'd rather use ocnetfs and convince server hosts to be less paranoid...

Ok, so how would blasting an MC player with a binary be helpful? that doesn't get it on the computer

Do you know how modding works? ;_;

I have written a very small mod. You need to elaborate a little more

Also, how would you signal you want to receive a binary from your player, because it's locking on to the MC player not the computer? Unless you can just forcibly install binaries on whatever OC computer a player is looking at. While I could get behind that (:P) it seems like a way to install OC malware

Y'know, I still don't see what benefit this would have over what's
currently implemented

~ Lizzy Green

Ok so, user opens an OC computer, runs receive filename, hits a "send" button on the screen. This send button opens a file selection dialog and the user then selects a file to send.

The file is sent and events are triggered while the file is being sent. A file size is sent to the server as well, so the receive program would have a progress bar.

The transfer speed would be no faster than copypasting a base64ed file and debase64ing it on the OC computer. Except you wouldn't have to split the file into 8192-byte chunks and copy-paste them one at a time.

For OC -> User, it would be the opposite. A send filename command would be run and the user would be presented a file selection dialog for saving the file.

There's a slow and painful mechanism for the former, but there isn't one for the latter. For the latter, you'd have to use print() and OCR or something, which is a lot more painful and harder to setup than the former.

Ok. So, it would only work within the same MC server?

So how does that work? Whats the lua code of that program? It has some call to some function that pops open a "File Selection" Dialog thingy for some user. How's that user determined? I mean you don't always have someone inputting something, could be a script running along on its own?

@MajorGeneralRelativity Yes. There would be no IP addresses involved. Everything would be done through MC's own packet system, just like how copypaste is currently done.

So you want the ability to transfer arbitrary binary data because you can't
find a host that is willing to host said data?

@LizzyTrickster You can pastebin the base64ed data. That's the easiest way to transfer binary data when you have HTTP or TCP.

But if you don't, then you go copypasting.

Go copypaste me a 2MB file, then you can say whether you like this or not >.> (remember it needs to be chunked in 8kB chunks)

Imo that's useless and can be archived easily using say netcat+OC simple tcp client. That's 10 lines of lua on OC + 1 command in bash.

@magik6k You're saying you can achieve that without HTTP/TCP? Have you reported that security exploit to the OC devs yet?

So, how would that lua program look D:

@SoniEx2 why not just physically connect the computers or use Linked Cards or something to transfer the data within the same server?
Edit: or a tablet

@Inari-Whitebear It's event-based. You just wait for file events and filter on file UUID. The user decides when to send a file, the computer decides which files to accept.

If a server host has _specifically_ turned off http/tcp, why would they
continue to allow this potential protocol?

~ Lizzy Green

But it needs a lua command

@MajorGeneralRelativity How do you connect my desktop PC to your in-game OC?

OC runs lua. You still need the same functionality for other languages. Hence you need it to be some command or something

How would you get the file into OC from the first place with your setup?

@Inari-Whitebear just a new event type for receiving files (same way copypaste is currently done), and some function to send file chunks.

Okay. So the event part would probably work I guess, but you still copypaste it then... So no "receive" command?

What about sending? Hows the filename specified? Where does it store it on the player's PC?

@LizzyTrickster You'd turn off HTTP/TCP to avoid getting the host's IP address blacklisted. You'd turn off copypaste if you're a dick.

It's safe to assume copypaste always works.

@Inari-Whitebear No copypaste. It'd display a Swing-based file selection dialog for selecting which file to send or which file to save to. (Ever downloaded a file with a webbrowser? Basically that.)

Sure, but something needs to trigger that dialog? You want a hotkey for that? And then it triggers an event in the PC?

@LizzyTrickster https://github.com/LizzyTrickster You'd turn off
HTTP/TCP to avoid getting the host's IP address blacklisted. You'd turn off
copypaste if you're a dick.

It's safe to assume copypaste always works.

Wat?

@Inari-Whitebear For sending, you'd either use a hotkey (which I don't recommend) or a GUI button with an arrow pointing up (my preferred solution). For receiving, you'd use the button with an arrow pointing down.

@SoniEx2 alright, so you have this awesome 2MB program on your real world PC that you don't want to copypaste into OC. Fine. How do you get it in the OC computer with your system if it all works inside MC?

What does the UI button do if I want to download a file? It opens a dialog where I choose where to store a potential file? And then I run a command to store it?

@Inari-Whitebear Yep. Basically.

I guesssssssssss..... I mean I don't see why not, but I don't see it necessary either. And it introduces potential other issues perhaps..

Still don't know how this file is getting in MC in the first place. Unless OC computers can suddenly manipulate your real PC, which I would have real issues with

@Inari-Whitebear I actually talked about this with Terasology (a MC clone) devs before making this issue (I wanted terasology's computer mods to have file transfers just like I'm proposing here), I've been thinking about this for like a week so I'm pretty sure there are no issues with it. (see here)

@MajorGeneralRelativity This is a proposal for being able to transfer files between the PLAYER and the SERVER, but where the PLAYER has full control over the files being sent - the SERVER never knows the filenames or paths, only file contents and file size (and target OC computer).

Also, in case it wasn't immediately obvious, closing the terminal GUI should halt the file transfer.

IMHO, I can think of some uses of it. Other than it not really being immersive in terms of gameplay (How does the data go from player to the computer?), I'd see some API like fsapi.open(playername: String, mode: String:"r/w/a[b]"): stream, which would trigger file UI to pop up on player screen. Giving streams(like ones from fs.open) to programs would be best solution here.

@magik6k Except then you can spam someone with dialogs :D

Let's talk about the title of this issue

1. File Transfer: wget and pastebin are just tools made on top of existing network card api. pastebin doesn't have to interact with pastebin, you could make your own flavor and upload/download to/from any url
2. Dialogs: We are not going to create in-game dialogs. If you want to create UI effects on an oc screen that look like dialogs with buttons, feel free. We already have support for this using the gpu api and mouse click events.
3. Binary Files: There is no meaningful difference between "text" files and "binary" files in this thread.

@payonel Congrats! You Missed The Point!

Eh. I'm out. I'm sure you won't mind terasology being better than OC.

Soni, I encourage you to go wild with your Lua skills. Since I don't understand how you are connecting your files on a PC to OC, this seems like it could be done with network cards or somesuch. Wrote an APU with all your glorious commands!

First off, I can't edit comments from my phone, so sorry.
The latest sentence should have said "Write an API with all your glorious commands!"

If you can write an APU, that would be even more impressive

Uh. Before I go, this might be a good starting point: https://developer.mozilla.org/en-US/docs/Web/API/File

Giving an OC computer access (even with a dialog) to a user's real personal computer is the breach of security I am not okay with.

I see the benefit of easy access to local files. (Again, "binary" doesn't mean anything special here), and I understand that "copy-pasting" is tedious.

But there is risk and valid concern about giving an oc computer the ability to request a file from a player's computer (again, even with a "dialog" - it doesn't change my position).

The potential value added does not outweigh the cost.

I too would be very against OC being able to access a user's computer. Not unless Snagar spends 4 years in a cave restructuring OpenOS to be the most secure OS since sliced bread.

it isn't about security in oc, it is a breach of protocol

+Edit+ Let me rephrase. Yes, there is concern about security in how we'd implement it in oc. But it isn't only that, my stronger concern is the breach in protocol, the "right" thing oc should do, and oc shouldn't be asking for files from a player's computer.

A player may not expect that, may not know what is appropriate to share.

Forgive my ignorance, but how is it a breach of what protocol?

Ah, well, that does make philosophical sense. I don't really care about that, but I can see how people would

What about drag and drop?

The world wide web is a MMO and it has file selection dialogs btw.

@SoniEx2 I believe the point payonel and I are trying to drive across is that interaction from OC to your real computer in a file transfer method is bad. Because security and "mods shouldn't do that"

@MajorGeneralRelativity Security is not the issue. "Mods shouldn't do that" is just an excuse to not use games to their fullest potential.

@SoniEx2 I love it when an operating system not designed around security can access my computer and mess with my files! I don't care about the "Mods shouldn't do that" btw

@MajorGeneralRelativity Right, except for the part that it can't. _You_ select a file to send, _you_ select a file to save to, _you_ can control whether it has write access or not, and _you cannot_ overwrite the same file twice (the user is forced to re-select it instead). _this is all client side_.

The only file modes are "r" and "w" and no seeking functionality.

@SoniEx2 If the window into a real file system exists, I'm just not comfortable unless I have good proof that it won't be broken. 'w' mode means that it can overwrite stuff, and other l33t hAx0R things
https://goo.gl/photos/BmiqQ6KdMi2htTnd9

Yes, except the button to open a file in "w" mode is separate from the button to open a file in "r" mode.

It can overwrite stuff. If you explicitly tell it to. And only if it has something to overwrite it with. And only once.

@SoniEx2 I'm not exactly talking about intended operation. I'm talking about somebody using it for unintended and unforseen methods

@MajorGeneralRelativity They can't. The API is too limited to be abused.

@SoniEx2 never say never :P

@MajorGeneralRelativity Well try coming up with a way to do it then.

@SoniEx2 A. I'm not at my home computer. B. I have 3 other programming projects that I want to finish first. C. Maybe you should try because you want the API, so prove it's at least reasonably secure

@MajorGeneralRelativity The server can send and receive file contents only when an OC terminal with a keyboard attached is open.

The client can send and receive file _contents_ only when it chooses to. And only when an OC terminal with a keyboard attached is open.

The server knows nothing about the file, and neither does the client. The only thing they both can agree on is that they're sending an array of bytes.

@SoniEx2 Yeah, but still. Not comfortable unless proven

How can it be abused? Social engineering, phishing attacks -- making unexpecting users think they need to provide some file on their computer because "minecraft" is asking for a file. Young or old, educated or not, people are fooled by these attacks everyday.

We're not going to add this functionality, not due to laziness, but because it is outside the scope of this mod.

@payonel How's that any different from what we have now, on the internet and stuff? Ppl are willing to put their minecraft password in the game if asked to (look up some CC and OC programs that use the player's password to check whether they own a valid minecraft account) so I don't see why you should worry about this specifically.

Well If anyone is dumb enough to put their PW into a CC/OC program... Doesn't mean we should support stuff :D

I still think you should support it for UX reasons. Having to hack around the copypaste feature is a pain :/

Soni, how about you write an add on mod for that?

@SoniEx2 i recommend you suggest to the server admin to enable internet.tcp and edit the internet.blacklist and internet.whitelist such that you can only download from "trusted" file sharing sites (I'm referring to the opencomputers config)

@MajorGeneralRelativity How about you find me a way to edit the terminal GUI without making ppl angry?

@SoniEx2 I'm sorry, I'm not sure what you mean by editing the terminal GUI?