Yes, we need a more sophisticated permission system that can be defined by users!
exciting in some areas & alil disappointing in others! the person that did the whole video about the submissions was alot nicer to hear then strasz imo & i hope they do the vrchat update announcement instead
We might increase the file size limit in the future. But we have to be careful, as bigger avatars would increase VRChat’s (average) hardware requirements. We want VRChat to be accessible, and avatars with small file sizes can still look great!
About your second question: Some avatars may not have been uploaded to Android. When you can’t see an avatar, what icon shows up next to their name plate? That might help you find out why you can’t see them.
2 Likes
Provided the group has never had CE setup, and then the new owner goes through the seller onboarding process, then technically the transferred group could be used for CE.
But we may need to clarify that the no CE requirement for a transfer would catch groups which had CE but deleted all their products. Those will still not be able to be transferred.
1 Like
Is this always* greater than the avatar’s expected VRAM usage?
*ok almost nothing is ever truly “always”, but I mean outside degenerate cases such as a single triangle avatar that won’t particularly have a performance impact.
Lmao I have often praised the VRChat devs for how simple and effective the no-runtine-url-generation in udon was as a security feature. Get ready for rampant data exfiltration, user tracking, and even more heinous things I can’t even imagine. Thank gosh it doesn’t allow “allow untrusted urls” or we’d be in for a real doozy.
Does Udon 2 support async/await and Tasks?
For the first part, I can completely agree with that but I had thought with the discontinuing of the original Quest 1 that the file size may improve since older hardware is no longer as common compared to the Quest 2. As well as the low grounds of poor-performing hardware has went up a bit.
For the second, it’s just weird unless there is some weird porting issues that users who would use the Quest 2 could see my avatars that I have ported to the Android platform, however the VRChat client on my device cannot load ANY quest avatars unless it’s one of the fallbacks.
Edit, I apologize a head of time if I am not allowed to post external links but here is a video clip (posted on YouTube) of my issue I’ve mentioned.
As a community of creators, what is needed is freedom of choice rather than absolute isolation
1 Like
Thanks for the update! Super looking forward to seeing what exciting new experiences can be made with Udon 2!
Is there perhaps any news on how soon we’ll be able to get our hands on the new audio state behavior that was teased a few updates ago?
1 Like
This is huge. Big thanks.
I have the feeling there was more then 2% avatars in general that would be impacted by this from experience. Does this data count ALL the avatars uploaded, including the old avatar almost no one use anymore (sdk2 avatars also had at one point lower max poly and weren’t as complex) ? Still not the worst hard limit.
You’re right I can’t wait till someone makes an advertisement service that tracks every world you go to, who you hang out with, how long you spend. Being able to make arbitrary web requests that contain user data is one of God’s given rights.
Definitely agreed. The main problem with the “Allow Untrusted Url’s” option is it being a blanket solution that users are strongly encouraged by other players and incentivized by worlds to enable in order to use certain features, but which then remains in effect for all worlds and requests of all types.
Given the current system is aware of the domain being accessed and knows whether or not it’s on the allowed list, having something similar where worlds have to register/declare in Udon what untrusted domains they intend to access and only allowing them to generate URLs for those domains, and also requiring the user to opt-in to allowing requests to each domain on a per world basis, would be stronger from a security standpoint while simultaneously allowing more flexibility for creators
Insofar as data exfiltration we already know it’s possible as things are, just slowed down a bit by the request limits and how much can be passed out per request. I think VRChat being careful about what’s accessible through Udon helps to limit what can usefully done with that information. Perhaps a reasonable limit on the length of generated urls to hinder things like the base64 snapshotting as was suggested before?
Either way, still glad to have the expanded possibilities as things are. And like you said, revamping the present untrusted url permission handling would be a good future step in general towards improving user privacy and security protections regardless of if anything else changes in the future with the url generation.
8 Likes
Thanks for asking! It should be available in the next major SDK update. It’ll be released next week, maybe sooner!
Super appreciate the update! Super excited to be able to utilize it soon!
2 Likes
That was very soon indeed xD
1 Like
As more and more people get creative with objects (especially escape worlds) and with the permanence features that are planned, please consider improving the way avatars can interact with objects.
1 Like
Yes and no. async/await is supported and technically Tasks can be supported, but threading is not supported at this time.
1 Like
Out of curiosity, will these stop some of the people who use crashers, or does this only effect people who make them now? I spend so much time getting booted off game from a crasher avatar because someone is mad at someone else, that I just get tired and have to hide everyone, and I can’t see the creativity of the community.
It’s so frustrating that I have to hide everyone. I miss out on so many cool avatar ideas that I can use on my own, and people miss out on mine. I was “swimming” on my mermaid avatar with beautiful long red flowing hair and an axolotl pet next to me, and so many people instead saw a fallback of a girl in a hoodie just standing there wiggling her handle back and forth. I truly hope that this limits it because I want to see avatars again, not just grey robots and fallbacks.
I am super excited about the group transfer idea. In cases where people have hundreds or even thousands, this will give them the chance to transfer ownership instead of creating a whole new group. That’s really awesome. Although I don’t care for the group moderation part of things (powers trips… etc), the whole group idea in pulling people together with similar interests is really awesome! Not to mention the cool group tag pictures you can show above your head. Keep up the great work VRChat! I look forward to the new less-laggy days ahead.
Nothing is really going to stop crashers. You can hide a nasty shader on an excellent or good rated avatar still. The only way to really stop crashers is to block shaders.