Now that Wabbajack has had a bit more time to mature and after a fair amount of prodding from a member of the community whom I trust, I finally decided that it was time to do a more technical, less emotional review of their offering. It is undeniable that Wabbajack has had a polarizing effect on our community and, for better or worse, isn’t likely to go anywhere any time soon. But at this point in the game, how much of the flak is justified, and how much is just drama? Before digging into the real review, I want to take a moment to discuss some of my thoughts from the previous article.
Necessary Time Commitments
Maintaining a guide, whether manual or automated, is undeniably a massive undertaking. No matter how you break it down, guides are a colossal timesink that is predominantly under-appreciated. Speaking for myself, I currently spend roughly 45 hours per week working on my guide in some form. To maintain the stable, quality guide users expect, I have to spend a considerable amount of time testing updates, writing patches, and researching the best way to do every little thing that I pass on to my users. Since I maintain private servers for my guide, as the userbase grows, I also have to deal with server stability issues, updates, and constant optimizations.
Many, if not most, users have a full-time job, likely working roughly 40 hours a week. There are only 168 hours in a week. Could you justify working 40 hours at your job, only to spend another 40+ working effectively for free even before taking an automated guide into account? Most people probably couldn’t handle that.
Beyond the time restrictions, one of my most significant issues with Wabbajack has always been control. This issue is a two-part problem. First, if I am not maintaining the guide, I have to rely on a third party to represent my work, goals, and brand faithfully while also providing support for their installer (more on the support issue later). Realistically, this will never happen. Guides are always complicated, but guides like LOTD Plus are especially involved. I will never fully trust a third party to represent that with any degree of accuracy.
The second aspect of control lies in the distribution system itself. In this case, we’re talking about both Wabbajack and how it distributes modlists. In the early days, this was a big sticking point for me. When Wabbajack was distributing each modlist as an executable, I couldn’t justify what I saw as a potential security vulnerability. Thankfully, recent builds of Wabbajack at least partially rectify this issue.
One of the most visible disputes between mod authors and the Wabbajack dev team has been in the viability of an “opt-out” system. For whatever reason, not every author likes the idea of their mods inclusion in a modlist of any kind. While this is an issue that I fundamentally disagree with, I do believe that it should be their choice to opt-out if they wish to do so. Early problems notwithstanding, the Wabbajack team has tried to resolve this issue through the use of a blacklist. While this isn’t a perfect solution and is undoubtedly exploitable, it is a good-faith attempt at fixing the problem. The sad fact is that there’s no such thing as a perfect system that will please everyone every time, but I am satisfied that they have given mod authors the option to the best of their ability at this time.
Much like maintaining a guide, supporting one is a nearly full-time job. This is the single most important reason I initially “opted out” of providing an automated version of my guide; I simply couldn’t justify the extra support load. If a third party makes the modlist, then the support is provided through the Wabbajack Discord server. At face value, this presents another problem that goes back to the “branding” issue I mentioned earlier. Users like to “go to the source” for help, meaning that if I wasn’t providing official support, but a third party had released a modlist for my guide, users seem to gravitate towards the official support channels despite us not providing the modlist or support for it. Thankfully, the Wabbajack team has acknowledged this challenge and their server repeatedly reminds users to ask support questions on their server only.
Conversely, this means that trying to run both a manual and automated version of the same guide doubles the support load. Yes, this can be offset to some extent through “minions” who are trusted to provide help to users, but that requires having trusted users who are knowledgeable enough in the first place. This also falls into the category of “you asked for it” and if a guide author chooses to provide both options, they’re also choosing to accept the responsibility of providing support for both.
When I first started exploring the newer, more mature version of Wabbajack, the same friend who prompted me to do so was kind enough to link me to the Wabbjack GitHub. As a long-time developer and major supporter of the open-source community, the simple fact that Wabbajack is released under an open-source license was a huge plus in my book. But, because Wabbajack is an executable, I wasn’t entirely comfortable with installing it just because someone said it was safe. As such, I spent the last week doing a full audit of the Wabbajack codebase.
Since the majority of the users who care about this post are probably fairly non-technical, I’ll take a moment to explain just what it means to do a code audit. A code audit in its simplest form is a line-by-line review of all of the code that makes up a program looking for anything that is malicious, broken, or in opposition to best practices. In the case of Wabbajack, this meant reading through just under 20K lines of code.
The reality is that no software is perfect, and Wabbajack is no exception. I actually managed to find a technical bug in their contributing documentation for which I provided a fix before I had even successfully run a test build. Ironically, this means that in the strictest sense I contributed to Wabbajack before even using it. That said, my audit revealed a few bugs (all already known and being worked on), a few things that could probably be done better, and a few things that I simply would have done differently; but nothing that I would consider a security risk without user intervention. Sure, it’s possible to modify the source and redistribute a “bad” copy of Wabbajack, but the same is true with any software. Always download software from an officially sanctioned source!
I will say that, in my opinion, the Wabbajack interface is unnecessarily clunky, but that comes down to personal preference and growing pains more than a technical problem.
Perhaps the most important aspect of any open-source endeavor is its community. When I first joined the Wabbajack Discord server, I will readily admit that my expectations were slightly less than ideal. I had my own pre-conceived notions derived from past experience with individuals in the community and the very public issues that Wabbajack experienced in the early days. However, I have tried to keep a relatively open mind since day one despite my personal issues, so I gave them a chance. I was (and continue to be) pleasantly surprised.
Despite the knowledge that I have historically been against Wabbajack, they were welcoming and even the lead dev happily sat down with me and spent a decent chunk of time going over my concerns. Many of the key community members will readily acknowledge that their ideals are, at the moment, a gray area at best and they are walking the razors edge trying to keep everyone happy. This is far from the “my way or the highway” attitude I was expecting. Even better, several people have readily agreed with my opinion that user should, if at all possible, understand how a modlist works under the hood and not just blindly rely on an installer.
So what does this mean for me? I still can’t say that I’m “on the bandwagon,” but I will say that Wabbajack itself has come a long way in a very short period of time. I ended my previous post with a list of decisions I had made regarding installers as a whole, and I see no reason not to do the same for this post.
- I will still not provide official support for any third-party installers for my guide(s)
- I still acknowledge that automated installers are most likely the future of modding, and I do believe that users have the right to do what they wish with anything released under an open-source license
- I will never pull any mod that I have written or am a development lead on solely due to its inclusion or possible inclusion in an installer
Additionally, I’m adding the following new decisions specific to Wabbajack:
- I would politely request that no third party create a modlist for my guide(s)
- There is a reasonable chance that in the future (once my hosting platform is stable) I will choose to provide a modlist for at the very least LOTD Plus itself