We need to talk about save game practices.
Added 2023-08-06 08:31:49 +0000 UTCSince the public release is very soon to be upon us, here a short little rant about how to properly handle saves in Light of my Life, or any ren'py game for the matter.
Get that chip off my shoulder
Let me start of by saying I never really got why anyone'd want to get a random stranger's save game when starting a new chapter. Unless you care absolutely nothing about all the choices you made in the previous chapters (what are the pet names you are called or call people, what fetish did you encourage or discourage, when you had that heart-to-heart, did you comfort them, or relate to them by you struggle with that too, are you afraid of heights, and the list goes on and on and on), but you know, hey, that's up to you.
If you can't wait to click trough the text as fast as possible to see some lewd, who am I to wag a finger at you over this? Well, actually, it turns out I do have a reason, but more on that later.
But if you're invested in the storyline at all, and you used someone else's save game, just know that all those times something came up that made you scratch your head a little, those weren't continuity errors or wonky writing or the game being weird or buggy, that were choices that other person made that are playing out, and not your choices.
(Don't you care about all the things we talked about?)
It's so much worse though.
But that's not really what this is about. Coming in this version of the ren'py engine, some additional safety features are implemented. Basically what it comes down to is that when you load a save file that was not created on the device you are playing it on now, it'll warn you about it, and you need to confirm that you do.
Why was that added? Well, it turns out that ren'py saves are actually software, and someone can quite easily insert their own payload to execute arbitrary code on your computer (that vid is hilarious btw). I'll wait a sec or two for that to sink in.
(Why's the light on my webcam on?)
So for the love of Macy, don't ever ever ever download and use a save file from a source you don't trust. And let's be honest, do you really trust ilickchihuahuas69 over at that forum you visit sometimes, even if they do post all those funny memes? And do you trust the guys he gets his saves from?
Note: you won't get this "are you sure" question loading external saves with Light of my Life immediately: saves made in chapter 6 will not trigger this in chapter 7. But saves made in the upcoming release of Light of my Life will trigger it, and it's a small step in the right direction.
My personal advice is: don't ever use a ren'py save you did not create yourself. Ever.
Comments
The amount of what seems like "just data" that includes code these days is staggering. I learned to avoid wantonly swapping floppy disks back when they were still a standard data exchange medium (hint: I was using DOS 3.31 at the time), and if files you received had extensions for known document formats (.doc, .xls, .jpg, etc.) they were safe (this was before long file names allowed spoofing past this stuff). These days, even a simple text file can carry a payload, it seems, and anything with any "life" to it surely can.
Silent Observer
2023-08-09 21:06:00 +0000 UTCtacking the response below so more people can see.
Naughty Road
2023-08-09 19:07:54 +0000 UTCIn reply to @Yodasheep, to give it a bit more visibility here: "Interesting, never heard of that one either. Do you have an idea what's the purpose of this feature in renpy? I really can't think of a scenario where I would need to run code from a savegame. I mean a save isn't a mod and shouldn't be able to change anything in the game." I think it was just chosen as a really convenient way to save a complete game state including all instantiated classes and running logic. The process is documented here (https://docs.python.org/3/library/pickle.html) , and it's really quite powerful. It means that you can do pretty complex stuff in your game, and your save will just work without additional effort from you as a dev. That's a plus, as many devs are not experienced software developers (or in fact software developers at all), and would be hard pressed to write serialization/deserializations for their ren'py games, apart from the extra work involved in coding, and testing, and supporting inevitable issues. The downside is that if you go and swap those save files over on the internet, you're really opening yourself up to malicious content, and none but a very few with specific knowledge of the process involved will understand how dangerous this actually is. Even people very aware of safe browsing practices and security will be blindsided by this.
Naughty Road
2023-08-09 18:46:12 +0000 UTCInteresting, never heard of that one either. Do you have an idea what's the purpose of this feature in renpy? I really can't think of a scenario where I would need to run code from a savegame. I mean a save isn't a mod and shouldn't be able to change anything in the game.
Yodasheep
2023-08-09 18:35:43 +0000 UTCYeah, agree. I *guess* the thinking was that those would never leave the device of the user, and when they thought it up they never envisioned people would be sharing saves. The biggest problem there really is that it completely blindsides people. You'd think I was crazy if I sent you a dll and told you to plug that into your software, but a save file sounds like it should be data so no harm. It's not entirely unheard of btw, the Twilight Hack to create a homebrew Wii's been around and that used a doctored save to execute code. It's just that in that case, the closed format of the Wii mitigates the risk there significantly, but stuff like that does happen.
Naughty Road
2023-08-07 15:22:21 +0000 UTCvery soon as in a few days? or is that wishful thinking?
j b
2023-08-07 01:09:39 +0000 UTCIt's still a security flaw from renpy's side. Savegames simply shouldn't contain code. I don't understand who thought this was a good idea especially because most people probably never heard of it.
Yodasheep
2023-08-06 23:41:46 +0000 UTCI will start a new game to come back and enjoy it from start to finish :D
Trucokiki
2023-08-06 21:05:52 +0000 UTCin other words, its only a security flaw if you do something stupid. Like leaving the keys in your car and the doors unlocked in a bad neighborhood...
William Elliott
2023-08-06 16:18:12 +0000 UTCWell, needs to say, your game is maybe the only one, where i stay for the story and the characters. And for most all other games: hit the skip button :)
Sin Art
2023-08-06 15:01:48 +0000 UTCGlad I don't do that then.
Happyninja42
2023-08-06 13:07:54 +0000 UTCRemember, it's not a security flaw as long as you don't get any save files from unknown sources.
Naughty Road
2023-08-06 11:28:24 +0000 UTCWow, I didn't know about this massive security flaw in renpy's saving system. This is both hilarious and terrifying at the same time
darlic
2023-08-06 11:14:43 +0000 UTCWill it be released next week? oh god that's right, give us joy xD
Trucokiki
2023-08-06 11:03:25 +0000 UTCI like 2 play my own saves, but i didn't know it is that bad to get them from others. Much appreciated. Thx =)
Noir
2023-08-06 09:39:55 +0000 UTCThat video is excellent! I've shared it far and wide.
TotesNotThea
2023-08-06 09:22:18 +0000 UTCThat aside, if you really lost your save file don't waste your time asking just skip through the game. You likely will get there faster than if you wait for someone else.
Atixes
2023-08-06 09:14:29 +0000 UTCTo those people who ask for save files on Naughty's Discord server. Rule 7: Don't post or solicit save files, they are an unsafe file format that can execute arbitrary code on your device.
Atixes
2023-08-06 09:12:37 +0000 UTCGood as gold now.
Marcus
2023-08-06 09:02:23 +0000 UTCEdit - Nevermind, you answered this while I was typing.
Marcus
2023-08-06 09:00:15 +0000 UTCSorry about the weird Subscribestar gate in those links. Copy paste error, should work normally now.
Naughty Road
2023-08-06 08:54:45 +0000 UTC
