You’re right about keep scrolling or we can just get a filter to hide paid content’s that would be good idk that doesn’t matter for me that much just an idea.
3 Likes
Done 
It’s just more a close source community when community members are required to pay to be able to read the source code. I would like to use the payment system only it is not possible (donations like Patreon). Would like to see that donations can be done through Tebex, without having a server or send an empty resource.
1 Like
This whole situation is such a double-edged sword.
On the one hand, officially allowing resources to be sold via a legal method goes directly against the mindset of this platform (as outlined above, “open source” and mutually helpful)
On the other hand, developers do need some sort of incentive to post.
I do, however, strongly disagree with the legal avenue put in place here.
Nobody is “forced” to post their development work, and if you burn out because you dont get any reward for it, it’s on you - this whole community has been built on the “open source” mindset, and anyone is free to either post or not post their work for everyone to use.
Now, with the official support for the paid content, this community is going in the completely opposite direction. The only incentive developers who post for this platform need and used to have is the gratitude of users, and it has been that way for years.
And yes, dont get me wrong, I understand the issue of illegal sales of different scripts, but that is something you cannot enforce (in the case of these scripts being sold, say, on Discord and all communication being done there) nor should you even try to enforce. It’s on the end user / buyer, and as any market, it balances itself out - “developers” who scam people get their reputation known quickly in the circle of people looking to obtain scripts that way. Of course you’ll get some newcomers who fall into the trap, but these cases are really few and far in between.
I feel like I’m going in circles here so I’d better wrap it up. Now I know that I don’t have any releases posted so some of you may not take this message seriously, but I have been in the FiveM “scene” for a long time now (more than 1,5 years of active involvement with different projects, mostly in RP scene) and I know what I’m talking about.
[TL;DR] So, this is my take: the legal way of selling scripts is a bad idea and it should be reverted. The sooner, the better.
I’d love to hear your opinions (I read this thread in full ever since it was made originally).
A small P.S. I really want to add:
There are multiple paid resources on the forum already that are, shall we say, questionable quality-wise. Some people have taken to using free releases as a base, refactoring them and pretending as if it’s their own creation. I wouldn’t have an issue with that if it was free, but the point here is that they are charging money for the adjusted script. That’s outright unfair to the developer of the original resource. I wanted to say that there should be some enforcement regarding situations like these, but it really would not be feasible as it’s a rather subjective decision whether a script is “worth it” or not.
So how does the moderators & Collective enforce such things? How do they combat individuals who scam, screw over, etc community members?
If I’m understanding you correctly, you want the Collective to just turn a blind eye and allow some straight up shady shit? That reflects poorly on the community leadership as a whole…
And what gets churned out? Poorly scripted, poorly optimized regurgitated resources that are commonly half broken or not well receipted. So what happens? Individuals turn to these shady dealers to purchase something similar which thus breaks the Terms of Service.
While you mention no one is forced to post their development work, no one is forced to buy paid content either. You have options…
- Purchase the resource you so desire from the creator that has it available, at the price you agree upon.
- Wait for someone to create a free version or alternatively, suggest the paid author make a free, less featured resource for the masses.
- Spend one hour a day learning to code, create the server of your dreams at the lowest cost associated.
You should have an issue with that… if you created a resource in which was being stolen or directly copied (not so much the concepts but the actual code itself) then you should have an issue with that. You put time and effort into that.
In terms of enforcement, there is. As I’ve started mentioning and making in piss yellow color a notice saying that if it’s stolen, illegitimate or something else flag it and allow the moderators to take a look. However no one reads what is being said to them, as apparent with our Discord chats…
The program is new, the process is new to all of us… we are very much so against just reverting back to a version that didn’t work in the first place. We’re welcome to constructive criticism and things mentioned here have been jotted down for future consideration. Please, as a community, understand that we are listening, we are doing our best to work with you folks but also understand that we will never be able to please everyone.
3 Likes
To start off, there’s a lot of really good resources out there in the releases section that are made well and actually work well enough. Of course I’m not denying there’s bad ones, but there’s bad ones among the paid ones, too, and that presents a much bigger issue.
You can’t change people and there will always be that guy (or girl) who scam and screw people over, it’s just in some people’s nature to do that. There will always be, and I quote “shady shit” going on, especially with a community of this size, and you cannot track and punish every single person involved, there’s just too many to do that. I never asked the Collective to turn “blind eye” to the shady dealings, of course, but what we had before the Tebex thing was introduced worked well enough considering the circumstances, right?
I won’t go ahead and say what I’ve already said in the first post so as to not waste time.
Let me address this point, though:
In this particular case it all depends on the end difference between scripts. If it’s been refactored to, say, accommodate an easier way to make it work with a framework the resource was not originally designed for, that’s good. If it does exactly the same thing as the original one, only the code’s been redone to make it look like it hasn’t been stolen and is now being sold, that’s absolutely horrible - even worse than that happening to a free release.
The issue I have, in particular, is the one I outlined already - people are currently making money on adjusted versions of free releases. I cannot speak how or in what way they are adjusted as I am purposefully refraining from buying any scripts via this system as a form of protest (which is my right) but, judging by the comments of those who bought them and tried, they aren’t that different.
There’s been good points made here already about this being a “smart move” to provide people with a fully legal and trusted way to buy scripts (and I very well see how this decision came to the Collective) and I do understand that they are unlikely to revert such a fresh change and go back to square one.
Still, I really wanted to express my personal opinion on the matter, providing reasoning why I think it should have never been done, and I do thank you for taking time out of your day reading through my post and answering my concerns. This tirade is unlikely to achieve anything, but I needed to get this off my chest. Thanks, again, for listening.
What you see as well on the front end of things, was an actual nightmare on the back end. Obviously the general community member wouldn’t see that and I don’t expect them to understand that to be honest.
As I stated in my post and I will continue to post on each of the paid resources, please, if you see an issue flag it for moderator review. We are asking authors for source code to compare if there is complaints, we are taking action if it is needed.
You’re a member of this community, you’re welcome to express your opinion and feelings. I appreciate you doing it in a well thought out adult manner.
6 Likes
I think I should have a fair point here,
Selling to make extra money or getting paid for working is great and all.
But what if the creators locks the script? What if I can’t see the source code of that script? @TigoDEV also raised this same concern. What if there is a backdoor on server side script that downloads every script that your server has a sends via http request? What if someone has made a script such that you can remotely put in code as they wish? Like I’ve seen a-lot creators do that. You can basically remotely use your script to do anything you would like to do. And FiveM is promoting them to their homepage. This can seriously provoke some law suits if the owners of scripts get this seriously.
I also seen some of the scripts sending your current mysql connection strings to their webservers? Like what the hell is that? You are targeting legit customers that are trying to buy something and respect your work!
I also have seen CodeDesign’s JS encryption. I would simply not install that script thinking it can do a-lot of things that I can’t even imagine!
Lua itself is having a-lot things that can be used to gain a-lot of access.
Encryption is not part of this conversations, but still is a huge concern over “nice looking scripts”
Edit : Code Designs Tabex Store About me page stating they do it. (https://codesign.pro/about)
2 Likes
Every effort is made by the moderators to ensure that these resources are as safe as possible. You as the end user assume the responsibility to ensure that you understand what you are purchasing, using and installing into your computer / server.
If you see something, say something to the moderators by flagging the script, explain the issue and allow us to take the wheel. The big issue we’re running into right now is individuals getting into dick measuring competitions on Paid Resource posts leading to a shit fest instead of doing what we’ve been asking on every single post and flagging it with the issue.
We will be taking swift and strong repercussions for individuals doing this.
1 Like
Thank you for bringing this to our attention, we don’t always have the ability to catch these things. These are the type of things that we need to be flagged on and be properly reported. We’re looking into a few things now, thank you.
As we stated in a reply to TheDestroyer, if you or other FiveM moderators and management do contact us through discord directly, we will happily send you the source code unobfucated to show that it is all completely safe.
But you will fail at the point where you need to show them what you sell.
Example ;
If the unencrypted script says
print("Snail is cool")
and a encrypted script says
XXXXX|||X||S||F|F|F||||X|X|X|X|X|
How will you prove that those are the same version of scripts just in different form? Either you need to show source code of your encryption and how you encrypt scripts or you would need to sell the encrypted versions. You can edit my (bought) script whenever you want? After I have paid for it? Should not be the case in here.
I also found that you have not mentioned anything about Encryption/Remote Loading on any of your FiveM Posts as well as your store page, checkout page or anywhere. You have it well hidden under About page where no one would normally peak into. Let FiveM moderators decide what needs to be done with this type of case.
2 Likes
This. Instead of throwing shade and making claims - let us do our job.
3 Likes
I have noted rather swift actions recently against those who are trying to pass off other peoples work as their own in an effort to make money. Good work with this!
Can we have a firm decision and full clarity on the matter of obfuscated code. I believe at the time of writing free releases are not allowed to be encrypted, however, those selling resources are free to encrypt and IP lock their work. I understand they may only be trying to protect their work, but it isn’t without issue.
- It adds a greater workload on the moderation team who have to check everything.
- IP locks are only as reliable as the system that checks them, they drop, the resources fail.
- The sharing aspect of the community, adding their own spin on things and in lot’s of cases actually making resources better can no longer exist.
- Providing unobfuscated code to a moderator doesn’t mean that that is the code being given to users for download! I can give you a set of files and claim what you are seeing is the full “clean” code only to get back to my other set of files which contain malicious content.
It’s ok saying the end-user has responsibility, but Cfx need to take responsibility too for what is becoming of the forums and the community.
1 Like
Only because revoking this permission before an alternative enforced escrow solution exists would lead to even more complaining. We didn’t expect people to do this and I was informed much too late of moderators’ decisions to keep these topics open, nor was I aware of people’s intent to do such things beforehand.
Once an official solution exists, all existing resources being sold with custom licensing must move to said system.
1 Like
Totally understand these things can creep up, and lack of, or barriers to communication certainly won’t help as you seem to point out.
Just to clarify your point about moving to “said system” is this moving to open source code with copyright licensing in place, or moving everyone to a single security system?
1 Like
A “protection” system, sadly. We would love to be able to enforce auditable open code, but since there’s no way to automatically detect improperly used code (e.g. even detecting if someone renames all variables), and we have to compete with people selling their assets “underground” as well, such a system would have to be based on formal obfuscation (however implemented in less roundabout trashy ways than what is currently possible with sandboxing).
1 Like
I don’t think a obfuscation system in and of itself it a bad idea people should be able to protect their work if they would like, however I believe that that the IP lock should be deeply looked into. It does provide a great deal of hassle for server owners. Just simply due to the fact that there can be locally hosted dev servers, or the IP of a server can change and its a pain to deal with. The whole authentication thing just becomes painful in my experience with it so far.
Perhaps a solution in regards would be some way of tying things into the keymaster? Where you could update “allowed” IP Addresses on the license key itself just an idea but what do I know. Anyway thanks for reading and have a great day!
Looking at them banning all gameservers other than zap, features gated behind Patreon keys and only allowing people to make money on code once they figured out how to get a percentage of the sale, we can safely assume that the object of the project is not what you think it is.
As for the topic, it would be nice to give paid content it’s own category so we could unfollow it and keep it from clouding our latest topics. As it stands, it’s not that hard to ignore, however.