Once again, these are just suggestions and could, likewise, be adjusted.
I’ve seen the issue of legacy addons discussed. It seems there are multiple approaches that could be taken within this suggested UI, whether it is a button amongst those on the left of the panel or as a category and/or sort option in the search filter/sort menus.
I would be curious to hear what others think. Hopefully this is at least a positive contribution to the discussion and perhaps food for thought for a future release. Cheers!
Can I ask developer for logic behind not having a way to list only external/user installed addons (paid or downloaded from other sources that aren’t blender or Extension platform) and not having Install from Disk button instead tucking it inside dropdown list? I posted the feedback some time ago, but I haven’t seen reasoning (sorry if I missed it).
I’ve mocked quick screenshot. These addons marked with green pluses are paid/external addons installed manually from disk. They’re only 5, while there are other 13 addons that weren’t installed externally through files.
It makes harder to find external addons and checking manually if those have updates. I have to scroll and remember which addons were paid/installed and which were enabled inside blender or Extension.
Please add filtering/tag that allows to show those addons - blender 4.1 and older already had this option.
I also just realized now, but what are those icons on right side? Geo-Scatter and Photographer were definitely paid addons that I had to download and install manually, but those have different icons, why?
You can drag and drop .zip files in Blender itself. Need for exposed Install button is pretty low.
I agree that filtering non-Blender add-ons would be useful. But extensions platform isn’t Blender specific, most add-ons there are made by regular users. So filtering that out wouldn’t be helpful. What is needed is filtering by repository, so you can choose which repositories you want to see (i.e. add-ons from extensions, add-ons from BlenderMarket, add-ons from core, local add-ons, etc.). And that is planned, but wasn’t enough time for now.
Icons on the right side mean:
Blender icon (Core add-on, can not be uninstalled)
Users icon (Extension that is from online repository, can receive updates)
Folder icon (Add-on that is installed locally, no connection to internet, will not receive updates)
I hope this is a short-living problem with more and more add-ons moving to the extension system (not the platform per-se) and leveraging the internal check for updates.
I think what it would help you more is to sort/filter the add-ons which were installed from disk.
If you disable the online option for Blender in the settings, will this mean all extensions you already have installed are prevented to go online (if they go online by themselves to download something)?
Because this is the default behavior of Blender: it won’t go online, unless you allow this.
Yes, this is the policy - extensions must respect the online option, however this isn’t enforced.
If an extension disregards an option it’s considered a bug - something that needs to be fixed for the extension to comply with extensions.blender.org, if the extension is hosted elsewhere - it’s up to whoever is hosting them to enforce their own policies.
Oh yeah, me too, I’m horrified by the idea of a UI control that promises something it doesn’t enforce. That’s absolutely terrible UX design bordering on dark patterns.
Python doesn’t have a sandbox, so you can’t actually take privileges away from running code, once addon code runs, it runs and it can do whatever it wants to do.
It’s a bit like speeding, there’s really nothing stopping you from doing 40 in a 20 zone, the police could radar you and punish you for going over the speed limit, but realistically there is nothing actually stopping you from going 40, 60 or 120 in that 20 zone.
I agree with your point though, giving the illusion of security by having permissions in the manifest, with absolutely nothing enforcing those is worse than having no security at all.
I think you’re misunderstanding something here. Add-on developers have always been able to run Python code that can connect to the internet via typical Python functionality. I believe every Python environment is capable of this, and the application running that Python environment has no control over that since the user can run whatever scripts they want.
What’s changing here is adding core Blender functionality to have access to the internet and fetch the latest extensions updates if the user has given Blender access to the internet.
Nothing has changed about Python, so anyone can still write a script that does its own internet connectivity outside of what core Blender understands.
I’m well aware. The problem isn’t that addons can connect to the internet, the problem is that Blender tells the user “you can use this checkbox to turn off internet connections” and this is a lie. It would be far better to not have this checkbox to avoid lying to the user
I see, perhaps a clarification then: The checkbox could say whether it allows core Blender to connect to the internet, and let the user know that add-ons may still contain code that connects to the internet.
I’m happy i’m not the only person having negative thoughts about this!
I want to ask the developers to look at this:
Maybe it’s possible to let Blender run extensions in a Python sandbox that can ONLY go online when the user has give permission? Also other potential dangerous system resources that can be abused should be blocked in this sandbox!
For example: Maya gives a message box if a script wants to run critical code and asks the user “do you want to allow this script to run”.
I think a similar sandbox should be made in Blender that by default respects the online/offline setting and also by default not allows to use dangerous system resources that can be abused in python scripts
I ask this because of following reasons:
the UI must do what it says: BLOCK internet access everywhere if you choose this
many extensions will become malware and try to do things behind your back and who will control this? Nobody… Especially extensions not hosted on official blender.org that are out of control anyway.
Blender can get a bad reputation because of this extension system if it’s not implemented as safe as possible
you can expect people who have bad intentions WILL try to exploit things if the extension system easily allows this
I don’t know because I’m not a Python expert, but Autodesk created their own Python Sandbox and I think this is highly needed to have a safe Blender extensions platform:
I quote: Enable Python Sandbox - Use to enable or disable the Python sandbox. When the sandbox is disabled, no restrictions are in place for script execution. When enabled, creating new network connections in Python scripts, providing file system access through Python IO modules, and starting new processes are blocked.
The sandbox’s internet connection should be turned on/off regarding if the user has enabled or disabled internet access in the settings. (and I also think other dangerous resources that could be abused should be by default blocked)
I don’t know however what this means in development time
But it’s definitely possible as you see a real life example here.
If people are that paranoid about internet access there’s only one thing that helps: block the internet access of the whole application on the firewall/OS level. As the whole xz debacle has shown no app can ever guarantee not to connect to the internet, because you never know what dynamic libraries get pulled in on a user’s machine.
Maybe there is some merit in the idea of clarifying the checkbox label a bit, but much more can’t really be done imo. Creating or using a python sandbox which is really tightly airgapped is hard. It’s not something a project like blender can do. And doing it half baked gives even more of a false sense of security then a maybe not as clearly as possible labeled checkbox.
Personally I’m not really a fan of this project either for other reasons. I like the auto-update part, and I like the ease of use. I just think hosting stuff has a chance to balloon to a costly (both time and money wise) endeavour. But maybe I’m too pessimistic and the smaller default blender download will offset the costs of the extension download and hosting.
