I was looking for a simple plugin to block some commands on my server, and I came across this one. However, I was very disappointed to see that the plugin is obfuscated, meaning that the source code is deliberately made unreadable and hard to understand.
Why would anyone obfuscate such a simple plugin? What are they trying to hide? Is there some malicious code inside that could harm my server or steal my data? The mere fact that the plugin is obfuscated spooks me and makes me suspect that something is fishy.
Obfuscating free software, especially simple plugins, is not necessary and should be avoided. It goes against the spirit of openness and transparency that the Minecraft community values. It also makes it harder for other developers to learn from, improve, or fix the plugin. It also prevents (or makes it really painful) users from verifying that the plugin is safe and does what it claims to do (like in this case).
I would not recommend using this plugin, unless the author provides a clear and reasonable explanation for why they obfuscated it, AND releases an unobfuscated version or the source code. Otherwise, I would look for another plugin that respects the users’ rights and trust.
Why would anyone obfuscate such a simple plugin? What are they trying to hide? Is there some malicious code inside that could harm my server or steal my data? The mere fact that the plugin is obfuscated spooks me and makes me suspect that something is fishy.
Obfuscating free software, especially simple plugins, is not necessary and should be avoided. It goes against the spirit of openness and transparency that the Minecraft community values. It also makes it harder for other developers to learn from, improve, or fix the plugin. It also prevents (or makes it really painful) users from verifying that the plugin is safe and does what it claims to do (like in this case).
I would not recommend using this plugin, unless the author provides a clear and reasonable explanation for why they obfuscated it, AND releases an unobfuscated version or the source code. Otherwise, I would look for another plugin that respects the users’ rights and trust.
Author's response
Are you aware that Java bytecode is open and accessible to anyone, allowing them to examine the code's operations by reading the bytecode? If you suspect that the plugin may have questionable behavior, I would suggest reviewing the bytecode directly. Just because the source code is unavailable to you does not mean you cannot gain insights into its functionality. After all, the JVM itself, being an open platform, reads and executes the code based on bytecode. If the safety of the resources is your concern, the responsible staff members who approve the resources can request access to the source code and verify its security. There is no need for you to assume such a role. Furthermore, the disclosure requirements you're suggesting appear to exceed Polymart's policy and terms of service. It's worth noting that Polymart itself employs obfuscation techniques. Therefore, before posting a review of this nature, it would be appropriate to provide evidence of malicious code. You have the freedom to choose whichever plugin suits your needs, and nobody is coercing you into using this particular resource. If I were to release resources on a platform that mandates readable source code, I would comply with those requirements. As far as I understand, this platform allows resource obfuscation, and the staff already conducts resource checks before approval. Have I missed any updates to the site's terms and conditions, or are you now assuming the authority to impose your own rules on this platform? Or perhaps you are simply exercising your right to freedom of speech or advocating for a cancel culture or social justice warrior movement? It's also rather ironic to demand source code for a resource designed to prevent malicious intent when executing certain commands. However, I acknowledge that this is merely an opinion from someone who lacks trust in the resource.
Are you aware that Java bytecode is open and accessible to anyone, allowing them to examine the code's operations by reading the bytecode? If you suspect that the plugin may have questionable behavior, I would suggest reviewing the bytecode directly. Just because the source code is unavailable to you does not mean you cannot gain insights into its functionality. After all, the JVM itself, being an open platform, reads and executes the code based on bytecode. If the safety of the resources is your concern, the responsible staff members who approve the resources can request access to the source code and verify its security. There is no need for you to assume such a role. Furthermore, the disclosure requirements you're suggesting appear to exceed Polymart's policy and terms of service. It's worth noting that Polymart itself employs obfuscation techniques. Therefore, before posting a review of this nature, it would be appropriate to provide evidence of malicious code. You have the freedom to choose whichever plugin suits your needs, and nobody is coercing you into using this particular resource. If I were to release resources on a platform that mandates readable source code, I would comply with those requirements. As far as I understand, this platform allows resource obfuscation, and the staff already conducts resource checks before approval. Have I missed any updates to the site's terms and conditions, or are you now assuming the authority to impose your own rules on this platform? Or perhaps you are simply exercising your right to freedom of speech or advocating for a cancel culture or social justice warrior movement? It's also rather ironic to demand source code for a resource designed to prevent malicious intent when executing certain commands. However, I acknowledge that this is merely an opinion from someone who lacks trust in the resource.
