Multiplayer model & mod distribution

[mrwonko]

Encourage decentralised peer to peer universe?

Optionally allow auto download of your content to enable seamless drop-in multiplayer. Become public on the metaverse galaxy and spread your mods. Or get a lobby code. NAT punch through.

[mrwonko]

Make ~the universe~ each ~meta-level~ dimension (planet) a decentralised git-style repo that everyone can add commits to locally, e.g. embedding BSPs, with easy to use conflict resolving tools (i.e. world merging). ~In this model, enabling mods is akin to merging, disabling is a rebase.~ Try to find level design operations that merge well.

In other words: mods as event sourcing.

[mrwonko]

Besides game servers, have mod servers participate in the decentralised P2P mod network.

Have a libre flag for mods? Try not to get users in trouble for inadvertently spreading copyrighted ports.

[mrwonko]

Add content warnings to mods (easily editable), filter servers and warn per type. Parental controls?

[mrwonko]

Party system: open direct connection to players you encounter (warn about security implications), follow them automatically or manually, voice chat?

[mrwonko]

Server settings rights management: who can toggle optional features? (Having them hot-toggleable would be cool and potentially enable hilarious trolling.) Allow party, individuals, everyone…

[mrwonko]

With decentralised p2p mod distribution, how can we honour file removal requests? I don't care so much about making it easy for corporate IP lawyers, but it would be nice if an author could remove their files? So maybe have removal requests that need to be signed with the same author's private key?

[mrwonko]

When designing the mod sharing API, refer to https://google.aip.dev/1, which colleagues have recommended to me.

[mrwonko]

Have the equivalent of patch files/diffs. Ultimately, that's what a commit is, too, but compacting a series of changes into a single diff simplifies it slightly, and should reduce storage requirements and the time needed to replay changes.

Reason: I'd rather not redistribute modified original assets, I'm particularly weary of derived bsp and gla files.

I also briefly thought supporting only patches might be less effort, and thus might be more readily embraced by other source mods, but really it should just be a special case of the full system, least it adds complexity on top.

[mrwonko]

Downloads should happen via HTTP for ease of integration and to support web clients (#68). Let clients fetch a pk3 file listing and access individual files inside the pk3s. To support my jk3files mirror, also allow transparent unpacking of zip files.

Then, I can implement direct mounting of remote files for browsing, editing etc. without having to download unused assets. Lazy on-demand downloading with optional local caching.

This puts me in a dilemma, though: if I use plain HTTP for asset downloads, man-in-the-middle attacks can inject malicious assets. I need to protect against truly malicious assets anyway, but some undesirable things will inevitably be possible by design, and would be mitigated by using a trusted, moderated source of mods. But a source can't be trusted if the connection can't be trusted. So I shall use HTTPS. But then I have an SSL stack in my application and that has historically often caused issues.

But I'll need encryption for signing mods anyway, so I'm not getting around that.

[mrwonko]

So it looks like the http mod server could be embedded in the game. A true all-in-one solution. The web UI could then in turn provide an in-engine preview of files, at least those that don't reference vanilla assets. Make it easy to embed such a preview on a website, and build it in such a way that only the necessary code gets loaded on demand to save on bandwidth and improve latency.

[mrwonko]

Encryption (HTTPS etc.) seems like a good opportunity to try out embedded Rust. That should integrate nicely.

[mrwonko]

It might be useful to distinguish clientside-only mods, those can more safely ignore sv_pure and won't break vanilla compat

[mrwonko]

The kind of decentralized mod distribution I envision feels a lot like torrents, maybe I should just adopt that protocol…

[mrwonko]

Announcing new mods being available for download could be done using an RSS/Atom Feed, or maybe push-based using WebSub?