Nope, but I just wanted to say if you wanted to add something regarding FFlags It’s better you’d directly say it in that specific thread, not trying to come off as rude but bitdancer already said it
1 Like
As far as I know, fast flags aren’t being removed, but they are going to be limited—meaning there will be a whitelist of fast flags.
I don’t know if that whitelist includes rendering APIs like Vulkan, but hopefully, it does.
Also, there still hasn’t been a clear conclusion about Vulkan layers and the code signing requirements. It’s pretty unfortunate, but I wouldn’t be too worried about fast flags being completely removed since that seems unlikely.
Bitdancer even mentioned that there will likely be a whitelist, though he isn’t allowed to make a solid promise, so I’m not 100% sure either way.
4 Likes
Apologies. I didn’t see that since I don’t actively follow that thread. Thank you for the clarification.
3 Likes
Alright. I honestly think that they should add “advanced settings” for whitelisted fast flags, but that’s just my opinion
There is a solution that could fix the issues users are having with Nvidia Replay and OBS game capture for Vulkan.
Traditional code signing certificates have a static serial number that stays the same throughout the certificate’s lifetime. This applies to Roblox’s modules and executables, Nvidia Replay, or any module that uses a traditional certificate. But this doesn’t apply to Microsoft’s Azure Trusted Signing, which issues short-lived certificates with different serial numbers though those aren’t currently used by Nvidia, the OBS Project, or any major corporations.
I also don’t think there should be any special privileges beyond just allowing the module to load. For example, if OBS game capture doesn’t work with DirectX 11, it shouldn’t be given special treatment; users would just have to use Vulkan instead. As far as I know, Nvidia Replay works with both Vulkan and DirectX, so that shouldn’t be an issue either.
This isn’t anything new. Anti-cheat vendors like Easy Anti-Cheat and BattlEye have implemented similar measures before, and Roblox could consider doing the same. There are also additional metadata checks Roblox can perform alongside this to make it a more secure and robust solution.
It would give Roblox direct control over what modules are allowed to load, and if needed, they could block a specific serial number down the line. Roblox is already planning to whitelist certain fast flags. I don’t see why this can’t also be done for certificates.
Doing this would directly address community concerns since Roblox would retain full control over what’s allowed and what isn’t. I think, at the very least, they should test it first with Nvidia’s certificate. If that goes well, maybe they can expand support to other trusted signatures that use a static serial number and help resolve the issues users are having with things like Nvidia Replay.
Again, this isn’t anything new. Other vendors have done this, and Roblox already has a custom implementation to check code signing certificates so I don’t see any reason why this can’t be done. It shouldn’t pose any major security risk either, since Roblox would have full control over it.
There likely are better solutions to this, but this is just an idea I had, so I felt like sharing it.
8 Likes
tldr: dude just whitelist nvidia/obs certs
i’ve already asked about this and was pretty much ignored
2 Likes
The Nvidia Replay bug report was quietly closed not too long ago. It seems like Roblox is trying to ignore the issue, hoping it will disappear without any real action being taken.
I believe that as the client becomes more restrictive, the overall user experience will continue to decline. This could eventually push more users toward exploits, where they’re able to use OBS Game Capture and shaders, something that is not available to those trying to play legitimately.
Unless Roblox begins terminating accounts more frequently and takes a strong stance against exploiters, this issue will continue to grow.
To those outside of Roblox, it looks like Roblox is just making statements without following up with real action. In the end, this kind of inaction only hurts the community.