recursive_recursion they/them

🍀Help me help you is my motto💖

Alt Accs:

Please consider donating, as it helps fund moderation and future FOSS projects!🤗

  • 36 Posts
  • 199 Comments
Joined 3 months ago
cake
Cake day: September 14th, 2024

help-circle
  • For Nvidia users:

    Already merged within minutes of the Vulkan 1.4 embargo lift is Vulkan 1.4 support within the open-source NVIDIA “NVK” driver. Faith Ekstrand with engaging in the Vulkan working group was able to provide this same-day support for Vulkan 1.4 within the open-source NVIDIA driver.

    For AMD users:

    There is also a pending merge request for Vulkan 1.4 support with the Radeon RADV driver. RADV driver is Vulkan 1.4 conformant on many AMD GPUs from GFX8 through GFX11.5 (RDNA3.5) hardware. That RADV Vulkan 1.4 support was spearheaded by Samuel Pitoiset of the Valve Linux graphics team. That RADV Vulkan 1.4 support should be merged shortly.















  • From Rémi Verschelde:

    As the Check Point Research report states, the vulnerability is not specific to Godot. The Godot Engine is a programming system with a scripting language. It is akin to, for instance, the Python and Ruby runtimes. It is possible to write malicious programs in any programming language. We do not believe that Godot is particularly more or less suited to do so than other such programs.

    Users who merely have a Godot game or editor installed on their system are not specifically at risk. We encourage people to only execute software from trusted sources.

    For some more technical details:

    Godot does not register a file handler for “.pck” files. This means that a malicious actor always has to ship the Godot runtime together with a .pck file. The user will always have to unpack the runtime together with the .pck to the same location and then execute the runtime. There is no way for a malicious actor to create a “one click exploit”, barring other OS-level vulnerabilities. If such an OS-level vulnerability were used then Godot would not be a particularly attractive option due to the size of the runtime.

    This is similar to writing malicious software in Python or Ruby, the malicious actor will have to ship a python.exe or ruby.exe together with their malicious program.