Announcement

Collapse
No announcement yet.

Unreal Engine 4 and Linux

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    #76
    How cool is that:
    http://phoronix.com/scan.php?page=ne...VR-Vulkan-GNUX

    I'll try to run the ocean examples with Vulkan once I've finished some other stuff.

    Anyone has set up VS Code for Unreal?
    Last edited by mike444; 04-29-2017, 09:29 AM.

    Comment


      #77
      Epic should provide at least the Launcher with compiled binaries of UE4, or Flatpak package for example will run in any Linux distribution. Sad the lack of support.

      Comment


        #78
        we arent getting a launcher any time soon. Epic replied that they have an interest in making a unified flatpack for all distro's.

        Comment


          #79
          Originally posted by Gwenn View Post
          Well, are you logged in ?
          Returning 404 for every repo behind a login-wall is a real dumb way to trip devs up.
          How does Github distinguish between real 404 errors or a deleted repo / branch etc!

          Comment


            #80
            It's not dumb, it's basic safety. You're not going to give away the existence of a file by outputting a different error if it does exists.
            Helium Rain, a realistic space opera

            Comment


              #81
              I think what he meant was the error should be 'Please login first' instead of 404 error (which doesn't look professional).

              Comment


                #82
                I understand what he meant, I am saying that it would enable attackers to know the existence of a repository without access rights to it. You would be able to try random URLs like "unrealengine5" or "halflife3", and by getting a login prompt, you would know that such a repository exists.

                This isn't dumb at all.
                Helium Rain, a realistic space opera

                Comment


                  #83
                  Originally posted by Gwenn View Post
                  I understand what he meant, I am saying that it would enable attackers to know the existence of a repository without access rights to it. You would be able to try random URLs like "unrealengine5" or "halflife3", and by getting a login prompt, you would know that such a repository exists. This isn't dumb at all.
                  Security wise there's new attack vectors everyday.
                  But are Github paths like probing existing Logins?
                  Its not like malware probing 135 / 445 open ports...
                  What use would that information really be Gwenn?
                  Explain to us where you see the real security risks...

                  Comment


                    #84
                    I just explained it - if it returned a different code than 404, you could automatically generate a list of private repositories for an organization by just probing all possible URLs. While not a real risk in the classical sense, it's still private information. Everyone knows Epic has an UnrealEngine repo, but if Microsoft has a WindowsWithLinuxKernel repo, that's probably not information they want to be public. Private means private.

                    Go to GitHub's issue tracker to see other people say the same thing (one with the same Half-Life 3 example I jokingly gave above) : https://github.com/dear-github/dear-github/issues/162

                    Can we go back to Linux discussions instead of feature requests for GitHub ?
                    Helium Rain, a realistic space opera

                    Comment


                      #85
                      Originally posted by Gwenn View Post
                      but if Microsoft has a WindowsWithLinuxKernel repo, that's probably not information they want to be public. Private means private.
                      The URL check will always fail at 'Valve' anyway not 'Half-Life', no?
                      Plus surely leaks like this put everything else into perspective etc...

                      Originally posted by Gwenn View Post
                      Can we go back to Linux discussions instead of feature requests for GitHub ?
                      No worries...

                      Comment


                        #86
                        Originally posted by Gwenn View Post
                        I understand what he meant, I am saying that it would enable attackers to know the existence of a repository without access rights to it. You would be able to try random URLs like "unrealengine5" or "halflife3", and by getting a login prompt, you would know that such a repository exists.

                        This isn't dumb at all.
                        What github should do is like what I said please login first (which is what most user perplexed when they click the UE4 github link - they found 404 error). And then when they login, they will find the repo. But if the repo doesn't exist or inaccessible (private repo etc), then github can display 404 - it is good enough. No one mentioned about fixing the 404 error by returning a list of repo, even if they are private.

                        Comment


                          #87
                          You can't ever have a different behaviour on a private repo and a non-existing repo because it confirms its existence and can be bruteforced.

                          Are we done on this ? This isn't the place to discuss the secucity and convenience of GitHub, especially for explaining the same thing over and over. Please ?
                          Last edited by StrangerGwenn; 07-11-2017, 01:58 AM.
                          Helium Rain, a realistic space opera

                          Comment


                            #88
                            I have pm-ed someone on this matter.. but basically the fix is just a matter of rewording:-
                            'We cannot find the public repo (note that you have not logged in). If you are accessing a private repo, then please login first'.

                            So this way, if a user want to brute force to check if the repo exist, he/she has no idea whether the brute force actually result in something. So security-wise, it is still good.

                            Comment

                            Working...
                            X