I hope this is a short-living problem with more and more add-ons moving to the extension system (not the platform per-se) and leveraging the internal check for updates.
I think what it would help you more is to sort/filter the add-ons which were installed from disk.
If you disable the online option for Blender in the settings, will this mean all extensions you already have installed are prevented to go online (if they go online by themselves to download something)?
Because this is the default behavior of Blender: it wonât go online, unless you allow this.
Yes, this is the policy - extensions must respect the online option, however this isnât enforced.
If an extension disregards an option itâs considered a bug - something that needs to be fixed for the extension to comply with extensions.blender.org, if the extension is hosted elsewhere - itâs up to whoever is hosting them to enforce their own policies.
Oh yeah, me too, Iâm horrified by the idea of a UI control that promises something it doesnât enforce. Thatâs absolutely terrible UX design bordering on dark patterns.
Python doesnât have a sandbox, so you canât actually take privileges away from running code, once addon code runs, it runs and it can do whatever it wants to do.
Itâs a bit like speeding, thereâs really nothing stopping you from doing 40 in a 20 zone, the police could radar you and punish you for going over the speed limit, but realistically there is nothing actually stopping you from going 40, 60 or 120 in that 20 zone.
I agree with your point though, giving the illusion of security by having permissions in the manifest, with absolutely nothing enforcing those is worse than having no security at all.
So whatâs the plan to update the manifest or checkbox label so the user isnât being deceived by the implication that the checkbox does what it says?
I think youâre misunderstanding something here. Add-on developers have always been able to run Python code that can connect to the internet via typical Python functionality. I believe every Python environment is capable of this, and the application running that Python environment has no control over that since the user can run whatever scripts they want.
Whatâs changing here is adding core Blender functionality to have access to the internet and fetch the latest extensions updates if the user has given Blender access to the internet.
Nothing has changed about Python, so anyone can still write a script that does its own internet connectivity outside of what core Blender understands.
Iâm well aware. The problem isnât that addons can connect to the internet, the problem is that Blender tells the user âyou can use this checkbox to turn off internet connectionsâ and this is a lie. It would be far better to not have this checkbox to avoid lying to the user
I see, perhaps a clarification then: The checkbox could say whether it allows core Blender to connect to the internet, and let the user know that add-ons may still contain code that connects to the internet.
Iâm happy iâm not the only person having negative thoughts about this!
I want to ask the developers to look at this:
Maybe itâs possible to let Blender run extensions in a Python sandbox that can ONLY go online when the user has give permission? Also other potential dangerous system resources that can be abused should be blocked in this sandbox!
For example: Maya gives a message box if a script wants to run critical code and asks the user âdo you want to allow this script to runâ.
I think a similar sandbox should be made in Blender that by default respects the online/offline setting and also by default not allows to use dangerous system resources that can be abused in python scripts
I ask this because of following reasons:
the UI must do what it says: BLOCK internet access everywhere if you choose this
many extensions will become malware and try to do things behind your back and who will control this? Nobody⌠Especially extensions not hosted on official blender.org that are out of control anyway.
Blender can get a bad reputation because of this extension system if itâs not implemented as safe as possible
you can expect people who have bad intentions WILL try to exploit things if the extension system easily allows this
I donât know because Iâm not a Python expert, but Autodesk created their own Python Sandbox and I think this is highly needed to have a safe Blender extensions platform:
I quote: Enable Python Sandbox - Use to enable or disable the Python sandbox. When the sandbox is disabled, no restrictions are in place for script execution. When enabled, creating new network connections in Python scripts, providing file system access through Python IO modules, and starting new processes are blocked.
The sandboxâs internet connection should be turned on/off regarding if the user has enabled or disabled internet access in the settings. (and I also think other dangerous resources that could be abused should be by default blocked)
I donât know however what this means in development time
But itâs definitely possible as you see a real life example here.
If people are that paranoid about internet access thereâs only one thing that helps: block the internet access of the whole application on the firewall/OS level. As the whole xz debacle has shown no app can ever guarantee not to connect to the internet, because you never know what dynamic libraries get pulled in on a userâs machine.
Maybe there is some merit in the idea of clarifying the checkbox label a bit, but much more canât really be done imo. Creating or using a python sandbox which is really tightly airgapped is hard. Itâs not something a project like blender can do. And doing it half baked gives even more of a false sense of security then a maybe not as clearly as possible labeled checkbox.
Personally Iâm not really a fan of this project either for other reasons. I like the auto-update part, and I like the ease of use. I just think hosting stuff has a chance to balloon to a costly (both time and money wise) endeavour. But maybe Iâm too pessimistic and the smaller default blender download will offset the costs of the extension download and hosting.
Iâm assuming here, but will this not be the same as the Python Prompt that has been in Blenderâs settings since the dawn of time? When it is unchecked will it not prompt you like it does currently that an add-on is trying to run a script and needs permission and when checked it runs automatically?
Minor gripe: I wish with the current âAuto Run Python Scriptsâ that the toggle could be set per add-on, like I always will wonât it on for Rigify, which needs it enabled, but would like it to be prompted for others.
Thanks.
I also hope people here realize that add-ons COULD and WERE connecting to internet since forever. 4.2 didnât add that feature. If there were cartoon villains targeting your PC through Blender they could do that already, and even more so when add-ons were downloaded from shady third-party websites.
What 4.2 adds is an attempt to control it, which didnât exist before. And centralized online platform safer than whatever else exists.
You have to be quite good at stretching to see it as a regression in terms of security.
If you werenât worried about security when installing add-ons from GitHub or Gumroad with no clarifications, but get scared when installing from extensions platform which tells you add-ons permissions⌠well thenâŚ