Tag: client

How does an FPS like Overwatch have client time run ahead of the server?

In watching the GDC talk about Overwatch netcode, it mentions that the client is always ahead of the server, that the "current tick" on the server is behind that of the client.

From their explanation this makes sense. If the client is ahead of the server, then by the time the client messages arrive at the server, the server will have caught up and can handle them when it wants them.

But how does this get setup to begin with? The client connects to the server, the server starts a game… does the client jump ahead of it’s own accord? (Server says "game is starting, I’m at tick 0", and the client is like "okay, well, based on my ping I’m going to be tick 20 then")

  • If the server is in charge of what’s going on in the game, how does the client even know what’s going on in that future tick? I would assume constant extrapolation of game events from the last server update would be bad. Having the client in the past to allow it to interpolate between server updates would make a lot more sense to me.

  • Or am I wrong in assuming that client and server tick times need to remain in sync, and it is instead more loosely based on server updates and the number of client events that happened since that update was received, rather than the client actually caring about what tick they’re on compared to the server?

It’s the time/tick synchronization, despite one or the other having to be in the past, that I can’t wrap my head around…

how to start the native GUI client of pgadmin4?

I don’t like web-based GUI, so I only installed the pgadmin4-desktop package for my Kubuntu 20.04, instead of pgadmin4-web and pgadmin4.

According to the offical web page of pgAdmin4,

A desktop runtime written in C++ with Qt allows it to run standalone for individual users…

I’m expecting that a native qt GUI app can be run, and acts as a pg-client, but I can NOT find it out anywhere, neither startting-menu nor the DESTDIR of the installation, i.e /usr/pgadmin4/bin.

There is only one program file /usr/pgadmin4/bin/pgadmin4, but running it still open a browser window to serve as a pg-client, instead of any NATIVE app!

Would please anyone tell me that:

Is the so called "A desktop runtime written in C++ with Qt" meaning a native GUI client app? or only a management server that resides on the system tray?

If a native GUI client really exists, where to find it or how to start it?

Thanks a lot!

Pls forgive my ugly English.

As a contractor how do I work on multiple client networks without data leakage?

I am a contractor who does development for more than one client. Let’s call them Client A, Client B, and Client X.
I use my own laptop for all 3 clients.
Throughout the day, I have to work on and respond to emails and instant messages about projects for all 3 clients.
In order to work on Client X’s project, I must be connected to their VPN.
Client X performs SSL deep inspection on the traffic on their network. (I get errors from sites/apps that enforce key pinning)

I’m worried that information about Client A and Client B, (not to mention my own sensitive information) might be exposed to Client X. How can I prevent this, but still maintain my ability to communicate with A and B while working on X’s network?

I’ve tried giving each client its own VM on my machine, but the hefty resource requirements of the software I have to use (IDE) makes this prohibitively slow, to say nothing of the licensing difficulties.

Why Signal doesn’t have web client?

I’ve read about E2EE (end to end encryption) of Signal in web clients on a Signal Community discussion forum, and wonder why they say that the browser is insecure for E2EE and native apps are secure.

I think the security issues for clients are the same. It can be harder in various systems based on their security polices, but all of the clients are prone to various attack surfaces like MITM, viruses and rats and other malware. And something more important they emphasise is the delivery for javascript files, but doesn’t that use HTTPS? I guess if anyone could break the HTTPS security they can do anything more dangerous than what we think about.

Actually, we want to develop some chat service like signal with a web client, but this article made us confused. Should we ship a web client or not? Please explain this.

Common Client instead Many of them [closed]

I didn’t find any Appropriate place in stackexchange to ask my question. so sorry if my question is not exactly for this place. I use windows 10 and for gaming I have to use a lot of clients like Steam, origin, Epic ,… . Is any way for centalizing this clients? for eaxmple one common client instead of all of this or some apps to help? working and finding games in many clients are not easy work for me. thanks in advance

Pattern for access controlled client side encryption

How would you design a server/client system where a client is granted a key to encrypt/decrypt data, but the key could be revoked/redistributed by the server? Data encrypted prior must still be readable with the new key.

A simple scenario:

  1. Client wants to send a document to a server
  2. Client encrypts the document with some client-side credentials and sends to server
  3. Server receives document and stores in database
  4. Client requests document, receives, then decrypts. The roundtrip is complete.

Now, suppose the client credentials are compromised and key used to encrypt/decrypt data is stolen. The client changes their password, etc, but the key that can decrypt incoming data is still an issue.

My question is about redistributing an encryption key without having to re-encrypt all of the clients data. Are there any patterns that can help me with this? It feels like a variation of symmetric encryption with a KEK and DEK, but I’m having trouble figuring out how to encrypt something on the client side without exposing the DEK.

Is using Argon2 with a public random on client side a good idea to protect passwords in transit?

Not sure if things belongs in Crypto SE or here but anyway:

I’m building an app and I’m trying to decide whatever is secure to protect user passwords in transit, in addition to TLS we already have.

In server side, we already have bcrypt properly implemented and takes the password as an opaque string, salts and peppers it, and compares/adds to the database.

Even though SSL is deemed secure, I want to stay at the "server never sees plaintext" and "prevent MiTM eavesdropping from sniffing plaintext passwords" side of things. I know this approach doesn’t change anything about authenticating, anyone with whatever hash they sniff can still login, my concern is to protect users’ plaintext passwords before leaving their device.

I think Argon2 is the go-to option here normally but I can’t have a salt with this approach. If I have a random salt at client side that changes every time I hash my plaintext password, because my server just accepts the password as an opaque string, I can’t authenticate. Because of my requirements, I can’t have a deterministic "salt" (not sure if that can even be called a salt in this case) either (e.g. if I used user ID, I don’t have it while registering, I can’t use username or email either because there are places that I don’t have access to them while resetting password etc.) so my only option is using a static key baked into the client. I’m not after security by obscurity by baking a key into the client, I’m just trying to make it harder for an attacker to utilize a hash table for plain text passwords. I think it’s still a better practice than sending the password in plaintext or using no "salt" at all, but I’m not sure.

Bottomline: Compared to sending passwords in plaintext (which is sent over TLS anyway but to mitigate against server seeing plaintext passwords and against MiTM with fake certificates), is that okay to use Argon2 with a public but random value as "salt" to hash passwords, to protect user passwords in transit? Or am I doing something terribly wrong?