Shader Compilation on PC: About to become a bigger bottleneck?

Microsoft doesn't care if PC gamers leave the Windows ecosystem?

I'm struggling with that one.
I know plenty of guys (myself included) who learned how to work Windows when they were young for gaming reasons. They went on to become IT professionals who decide what OS (Windows) goes on company PCs and servers which makes it way easier to start using MS services (365, Exchange, Azure AD etc.). Gaming matters more than the numbers might suggest.
 
Just because windows has free upgrades doesn’t mean MS doesn’t make money selling keys. Most PC gamers use prebuilts and they sell the licenses to OEMs.

MS has plenty of incentive to keep gamers on Windows, it’s basically the only reason Xbox exists. Valve is making Linux progressively easier to use.
I'm basically a daily linux user at work. It definitely still has a smoother experience for the most part, but you can get stuck in issues with particular programs that require digging into config files, restarting services etc. And then there are areas like audio that are generally a little more problematic. There are a lot of pc gamers that don't really know much about computers. They just buy a pre-built and play. Linux probably will not be a fit for them unless Valve(or some other game focused company) could really smooth out the experience and make it nearly foolproof.
In general I tend to agree but the trend is definitely there. Valve is doing a lot of good work making the experience on Linux better.

As soon as Ricochet AC is supported on Linux I’m jumping ship.
 
Just because windows has free upgrades doesn’t mean MS doesn’t make money selling keys. Most PC gamers use prebuilts and they sell the licenses to OEMs.

MS has plenty of incentive to keep gamers on Windows, it’s basically the only reason Xbox exists. Valve is making Linux progressively easier to use.

In general I tend to agree but the trend is definitely there. Valve is doing a lot of good work making the experience on Linux better.

As soon as Ricochet AC is supported on Linux I’m jumping ship.

It would be really cool if activision was actively working on steam deck support. Playing cod on a handheld would actually be cool. If that ever happens it would be a really interesting game for benchmarking windows vs linux. It's a game where people tend to want the absolutely best performance possible.
 

Strike against Linux gaming on PC.

The openness of the Linux operating systems makes it an attractive one for cheaters and cheat developers. Linux cheats are indeed harder to detect and the data shows that they are growing at a rate that requires an outsized level of focus and attention from the team for a relatively small platform. There are also cases in which cheats for the Windows OS get emulated as if it’s on Linux in order to increase the difficulty of detection and prevention.

We had to weigh the decision on the number of players who were legitimately playing on Linux/the Steam Deck versus the greater health of the population of players for Apex. While the population of Linux users is small, their impact infected a fair amount of players’ games. This ultimately brought us to our decision today.
 
I don't know how far should we be doing on this issue though. Personally I love open systems (by which I mean I am free to run anything I want, and do whatever I want in a reasonable way), though I now appreciate some "closed" elements more. For example, I love that an iOS app can't access data of other apps. They are deliberately made separate, to protect the user. Generally I don't worry about downloading the "wrong" app because as long as I don't type in my passwords in these apps I should be fine. They can't steal my data. However, the same can't be said for Windows applications. A bad application could steal a whole lot of things, including your passwords. So now I keep most of my most sensitive activities (e.g. financial related) to my phone.

So with this issue, maybe what we should do is to revive the old "trusted computing" thing. It does not have to affect the entire computer, just a virtual machine is fine. It should be possible with a hypervisor. The hypervisor running your normal Windows in a VM that should be completely separated from another "Windows" running your games. This "Windows" can also be running Linux, of course. This could degrade the performance a bit (especially on the IO and GPU side), and I'm not sure if the benefit really worth the trouble, but at least that's possible and it'd be interesting if someone's willing to try it.
 
Windows 11 Pro and Enterprise have a Sandbox feature for running untrusted applications. Docker and VMs are also an option. It's not a realistic solution to expect regular PC users to set that up for every application they can't trust though. Ideally Microsoft would create a new, sandboxed, more secure API for applications to replace Win32. Which is exactly what they did with UWP, but they bungled it so Win32 will continue to reign for the foreseeable future.
 
So with this issue, maybe what we should do is to revive the old "trusted computing" thing. It does not have to affect the entire computer, just a virtual machine is fine. It should be possible with a hypervisor. The hypervisor running your normal Windows in a VM that should be completely separated from another "Windows" running your games. This "Windows" can also be running Linux, of course. This could degrade the performance a bit (especially on the IO and GPU side), and I'm not sure if the benefit really worth the trouble, but at least that's possible and it'd be interesting if someone's willing to try it.
This already exists, it has for years, and in fact Microsoft talked about this end-state two decades ago with their Palladium initiative: https://en.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base

Here's where it actually clicked in my brain and I posted about it in the Windows 10 thread: https://forum.beyond3d.com/threads/windows-10-2014-2017.56128/page-5#post-1833602

If you look at the NGSCB diagram (here: https://en.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base#/media/File:NGSCB.svg) and then look at a modern Hyper-V hypervisor diagram (here: https://en.wikipedia.org/wiki/Hyper-V#/media/File:Hyper-V.png) you'll notice they're almost a direct overlay. Ever since Windows 10, Microsoft has provided the ability to run Windows applications, natively, in a hardware-accelerated Type-1 hypervisor directly alongside and in real time with your "host" Windows 10 operating system. Hyper-V works on the thought model of partitions rather than parent and subordinate (ESXi as an example) where isolation happens as a function of common management and broker bus. You've been able to run Edge in hardware isolated form since I think the first "service pack" of Windows 10, and it does so directly by implementing Hyper-V at the host OS layer.

Along with the native capability to permit only digitally signed applications to run, virtualized and instanced drivers for indirect hardware access, address space layout randomization, and EFS to facilitate certificate-based A&A model for storage, Microsoft has fully achieved what they set out to accomplish. The last remaining challenge is the application work, which of course was always going to be the hardest. Who decides which apps are secure and can be digitally signed? Who decides which digital signatories are to be trusted themselves? Do applications finally make the leap to permit themselves to run in partitioned instances where they can't touch other things and other things cant touch them?

The technology exists and has existed since Win10. We just now have to decide to pressure appdev teams to actually use it.
 
Along with the native capability to permit only digitally signed applications to run, virtualized and instanced drivers for indirect hardware access, address space layout randomization, and EFS to facilitate certificate-based A&A model for storage, Microsoft has fully achieved what they set out to accomplish. The last remaining challenge is the application work, which of course was always going to be the hardest. Who decides which apps are secure and can be digitally signed? Who decides which digital signatories are to be trusted themselves? Do applications finally make the leap to permit themselves to run in partitioned instances where they can't touch other things and other things cant touch them?

The technology exists and has existed since Win10. We just now have to decide to pressure appdev teams to actually use it.

I think the key point here is that the multiplayer games have to be exclusively in this mode. Otherwise, people can reverse engineer the codes and simulate the whole thing, defeating its purpose, as the server can't reliably know what the environment the app is in (a modified app can easily tell the server "I'm currently is secure mode" for example). Therefore, some of the code needs to be encrypted such that they are not available to attackers.

For example, a multiplayer game may keep a secret key in the encrypted data. The key is used only for, say, ranking multiplayer mode. It's important that the code for decoding the key is also encrypted and can only run through the secure and trusted mode. This way, it'd be impossible to make a cheat mod because the communication between the server and the client is completely secure.

Unfortunately this alone can't solve the problem of "external cheating devices". For example, it's no longer that difficult to build a device using a camera to analyze the screen and then send the necessary output to a USB port simulating mouse and keyboard input. Of course it'd be more expensive but cost alone certainly won't deter many cheaters. Therefore it's possible that many people probably think it does not worth chasing down the rabbit hole.
 
I understand the example, however that's all an application issue and not necessarily a function of the partitioning mechanism. Apps can authenticate their runtime environment in the same way the runtime environment can authenticate the application, by way of certificate signing the binaries and drivers. There's nothing stopping a hardware-parititoned ecosystem from validating it's own secure containerized existence, other than the application development team spending the time on it.

Just food for thought. Again, we always knew the application part of this would be the hardest -- not technologically at all, but the human elements of "but now I have to do more work and I don't want to, and in fact if I don't do it at all, I will not be penalized for my choice." And if Microsoft decided to force the issue? Thirty or more years of backwards compatibility gets tossed into the bonfire, and the pitchforks + torches WILL come out.
 
There is Bazzite. It is basically impossible to support an OS for general PCs, but Valve should be open to other manufacturers who want to sell devices with SteamOS and that has been discussed elsewhere.
Yes, that's why we don't have Windows. Oh wait. We do. One might even suspect that supporting the "general PC" has something to do with the compromises Windows has to do and should SteamOS become such "general OS", it would too face compromises it now doesn't have to deal with.
 
There is Bazzite. It is basically impossible to support an OS for general PCs, but Valve should be open to other manufacturers who want to sell devices with SteamOS and that has been discussed elsewhere.
For about a decade Valve supported a general PC OS, the original SteamOS, which ran on Steam Machines. This changed with the new SteamOS based on Arch and the release of the Deck.
 
Back
Top