this post was submitted on 01 May 2025
118 points (99.2% liked)

Games

18995 readers
393 users here now

Video game news oriented community. No NanoUFO is not a bot :)

Posts.

  1. News oriented content (general reviews, previews or retrospectives allowed).
  2. Broad discussion posts (preferably not only about a specific game).
  3. No humor/memes etc..
  4. No affiliate links
  5. No advertising.
  6. No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
  7. No self promotion.
  8. No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
  9. No politics.

Comments.

  1. No personal attacks.
  2. Obey instance rules.
  3. No low effort comments(one or two words, emoji etc..)
  4. Please use spoiler tags for spoilers.

My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.

Other communities:

Beehaw.org gaming

Lemmy.ml gaming

lemmy.ca pcgaming

founded 2 years ago
MODERATORS
nanoUFO@sh.itjust.works
118
How I Found Malware in a BeamNG Mod (lemonyte.com)
submitted 1 week ago by Thomas2024@feddit.org to c/games@sh.itjust.works
22 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Bezier@suppo.fi 19 points 1 week ago* (last edited 1 week ago) (3 children)

Mods that contain code always feel sketchy to me. How much can I trust whoever made this dll or such?

[–] brsrklf@jlai.lu 28 points 1 week ago (1 children)

If you want extended mod support, you kinda need it though. Stuff like Minecraft and Rimworld come to mind.

Rimworld has very good official mod support that lets you do quite a lot with completely safe XML configuration files. But as soon as you want to deviate a bit from what the vanilla game allows, you'd have to code that and embed it as a DLL in your mod.

Almost all gameplay or UI mods are DLL mods or depend on one. Quick survey : I have about 250 DLLs from my active mod list.

[–] Bezier@suppo.fi 8 points 1 week ago (1 children)

I know, and I hate it. I think the only way to fix this would be to support some limited scripting language, but that also sucks for other reasons.

Open source would also help with trust.

[–] brsrklf@jlai.lu 8 points 1 week ago

I literally have a Rimworld mod that calls an external python script as a feature.

It's a special case, of course said script is not part of the mod package, it has to be installed manually. What it does is allowing generating portraits for characters externally.

I even rewrote the script to use local generation, but the one provided as an example calls an online API.

[–] truthfultemporarily@feddit.org 10 points 1 week ago

Every mod that adds functionality can do everything the User can do, except when its sandboxed (for example factorio, TES without script extender). Its really a huge attack vector.

[–] ArchmageAzor@lemmy.world 10 points 1 week ago (1 children)

That's why I prefer to get mods from trusted sources, like Nexusmods or the Steam Workshop.

[–] bathing_in_bismuth@sh.itjust.works 10 points 1 week ago (1 children)

Does it really help? Not a concern troll, just curious. Do they check code like Play Store's verified?

[–] brsrklf@jlai.lu 9 points 1 week ago

They certainly don't review code, but on those there must be at least a scan for the most obvious malicious stuff. I am not sure it'd detect something hidden like in the article though. After all even on the guy's PC it was only detected once it tried to actually download stuff.

The good thing about workshop is visibility, if someone notices something shady it'll be known fast. Not perfect, but probably better than getting your mods from random sites nobody knows.