Loading video...

Video Failed to Load

There was a problem loading this video. This could be due to a temporary network issue or the video might be unavailable.

Server authoritative movement with client prediction and rollback/replay support. In this example, the client exploits by moving a wall out of the way. But the server owns the movement. The client has failed predictions due to the exploit, and rolls back. #RobloxDev

sleitnick

38,066 subscribers

20,016 views • 1 year ago •via X (Twitter)

Gaming #RobloxDev

Anya Rossi• Live Now

Private livecam show

11 Comments

Totsie1 year ago

can't you use raycasting for noclip prevention without server authoritive movement

Soccer Bot™2 years ago

Match Summary 💙 Get an absolute overview of your server several times - with the new Match Summary. Relax and never miss a game again. Activate the new function for your server today. Try Soccer Bot™:

DevGuy1 year ago

If the server owns the movement, wouldn't the movement be laggy? Try adding 1-second replication lag on studio.

sleitnick1 year ago

This IS with replication lag. That's what client prediction is for

Andrew D1 year ago

gameplay loop when :^)

sleitnick1 year ago

Yeah I've gotta still figure that out lol

Cedralian1 year ago

Nice anti cheat!

FaultyScript1 year ago

He’s always cookin

nakiyu1 year ago

I’m not deeply into coding, but I’m really curious about what I'm seeing. Does this mean exploits like moving or spinning unanchored parts (e.g., walls or objects) would be prevented or made unusable?

sleitnick1 year ago

The server auth part makes any exploits pretty much impossible. The rollback (that rubberbanding effect) is just a result of the client "mispredicting" the move, i.e. the client and server disagreed with what the move should be, so the client moved back to the last verified move.

DabidarZ1 year ago

CLEAN ASF

Related Videos

Roblox's server authority beta is almost here! It prevents clientside hacks by making the server the final decider of what actually happened. You have to provide inputs that the server equally consumes or else the client will mispredict and rollback.

Roblox's server authority beta is almost here! It prevents clientside hacks by making the server the final decider of what actually happened. You have to provide inputs that the server equally consumes or else the client will mispredict and rollback.

Max ¯\_(ツ)_/¯

63,064 views • 6 months ago

In LiveView, we keep the state in one place - the server - and it simplifies a lot. But sometimes the state on the client is preferred, or even necessary, and we can't use LiveView for that part. Unless we have a LiveView that runs on the client 👀 Using Popcorn, we managed to run LiveView fully in the browser – here's a POC 🎉 The approach is to have a fully client-side LiveView rendered by a server-side one, and they can communicate with each other. Try it out:

In LiveView, we keep the state in one place - the server - and it simplifies a lot. But sometimes the state on the client is preferred, or even necessary, and we can't use LiveView for that part. Unless we have a LiveView that runs on the client 👀 Using Popcorn, we managed to run LiveView fully in the browser – here's a POC 🎉 The approach is to have a fully client-side LiveView rendered by a server-side one, and they can communicate with each other. Try it out:

Elixir by Software Mansion

13,509 views • 5 months ago

React tip: "use client" misconceptions (2/5) 🚫 "You cannot nest Server Components inside Client Components because "use client" turns everything into Client Components." ✅ We can pass the rendered result of Server Components to Client Components as props. Simple example: (Server Component) (Client Component) (Server Component) is designed for the client. It needs to instantly open and close when clicked. is designed for the server. It uses packages that don't work in the browser and needs to fetch data close to where it's stored without exposing credentials. So, how can we nest a component that uses server APIs inside a component that uses client APIs... without using `import`? React props to the rescue! --- (0:00) 1-4: Reminder: Importing code forms a module dependency graph. Adding dependencies to a server or client bundle. (0:23) 5-6: Reminder: Using components eventually forms a rendered component tree. (0:37) 9: Oh no! We get an error when trying to `import` a client API (useState) into a server module. (0:44) 10: We know the trick by now: Add "use client" to mark `2.js` as a client entry point. This moves the module to the client bundle and allows us to use client APIs like `useState.` (0:51) 11: But we get a new error! "use client" moved all imported dependencies into the client bundle, including our ORM package, which doesn't work in the browser. (0:59) 13: Let's refactor without changing our rendered component hierarchy. First, we move the `Cart` import to the parent file that imports `Modal`. This moves `Cart` outside the "use client" boundary and consequently the client bundle. (1:11) 15: Then, we pass down the rendered result of `Cart` as a prop to `Modal`. This allows `Cart` to be entirely rendered on the server as a Server Component before being passed down. `Modal` has no knowledge of what the `cart` prop is. Its only responsibility is placing whatever it receives into the `{cart}` slot. (1:15) 16: Finally, it's common to use the special `children` prop for a component's primary content. The key insight is that we were able to use props to retain our desired component hierarchy even though we changed our module dependency graph.

React tip: "use client" misconceptions (2/5) 🚫 "You cannot nest Server Components inside Client Components because "use client" turns everything into Client Components." ✅ We can pass the rendered result of Server Components to Client Components as props. Simple example: (Server Component) (Client Component) (Server Component) is designed for the client. It needs to instantly open and close when clicked. is designed for the server. It uses packages that don't work in the browser and needs to fetch data close to where it's stored without exposing credentials. So, how can we nest a component that uses server APIs inside a component that uses client APIs... without using `import`? React props to the rescue! --- (0:00) 1-4: Reminder: Importing code forms a module dependency graph. Adding dependencies to a server or client bundle. (0:23) 5-6: Reminder: Using components eventually forms a rendered component tree. (0:37) 9: Oh no! We get an error when trying to `import` a client API (useState) into a server module. (0:44) 10: We know the trick by now: Add "use client" to mark `2.js` as a client entry point. This moves the module to the client bundle and allows us to use client APIs like `useState.` (0:51) 11: But we get a new error! "use client" moved all imported dependencies into the client bundle, including our ORM package, which doesn't work in the browser. (0:59) 13: Let's refactor without changing our rendered component hierarchy. First, we move the `Cart` import to the parent file that imports `Modal`. This moves `Cart` outside the "use client" boundary and consequently the client bundle. (1:11) 15: Then, we pass down the rendered result of `Cart` as a prop to `Modal`. This allows `Cart` to be entirely rendered on the server as a Server Component before being passed down. `Modal` has no knowledge of what the `cart` prop is. Its only responsibility is placing whatever it receives into the `{cart}` slot. (1:15) 16: Finally, it's common to use the special `children` prop for a component's primary content. The key insight is that we were able to use props to retain our desired component hierarchy even though we changed our module dependency graph.

Delba

43,989 views • 2 years ago

If you’re playing on MonkeyTilt, the outcome might already be decided BEFORE you bet “The cryptography behind every bet has always been sound” We tested it It isn’t... we sent two different client seeds for the same nonce same result both times the server is ignoring the client seed entirely the player has ZERO influence on outcomes — what we did — opened the MonkeyTilt provably fair verifier with a revealed server seed entered nonce 1 → got 3.04x changed the client seed same server seed, same nonce → 3.04x changed it again → 3.04x the client seed has ZERO effect on the outcome — why this matters — in a provably fair system the outcome is derived from: -server seed -client seed -nonce the client seed exists so the player contributes randomness the server CAN’T predict if it’s ignored the server knows every outcome BEFORE you bet the hash commitment proves nothing because the server already controls all the inputs — not a frontend bug — we checked the network traffic the verifier sends a WebSocket request with: -client seed -server seed -nonce the server receives different client seeds and returns the same result anyway request 1 → client_seed “Clientseed123456789” → 3.04x request 2 → client_seed “NEWSEED12345” → 3.04x this is the server ignoring input not a display issue — live bet traffic — placing a Limbo bet returns: -random_multiplier -total_payout -round_closed that’s it no hash no seed reference no nonce no proof seeds are fetched from a separate endpoint game engine and seed system are DISCONNECTED — nonce verification — you can only verify nonces you’ve already played in a real system all outcomes are predetermined once the server seed is committed - they’re deterministic blocking future nonces suggests results don’t exist until you bet — summary — -client seed ignored by server -no cryptographic proof in bet responses -game engine and seed system DISCONNECTED -nonce verification restricted this isn’t provably fair it looks like provably fair UI on top of server side RNG MonkeyTilt should probably address this anyone can verify this themselves in 60 seconds - open the verifier, change the client seed, watch the result stay the same

If you’re playing on MonkeyTilt, the outcome might already be decided BEFORE you bet “The cryptography behind every bet has always been sound” We tested it It isn’t... we sent two different client seeds for the same nonce same result both times the server is ignoring the client seed entirely the player has ZERO influence on outcomes — what we did — opened the MonkeyTilt provably fair verifier with a revealed server seed entered nonce 1 → got 3.04x changed the client seed same server seed, same nonce → 3.04x changed it again → 3.04x the client seed has ZERO effect on the outcome — why this matters — in a provably fair system the outcome is derived from: -server seed -client seed -nonce the client seed exists so the player contributes randomness the server CAN’T predict if it’s ignored the server knows every outcome BEFORE you bet the hash commitment proves nothing because the server already controls all the inputs — not a frontend bug — we checked the network traffic the verifier sends a WebSocket request with: -client seed -server seed -nonce the server receives different client seeds and returns the same result anyway request 1 → client_seed “Clientseed123456789” → 3.04x request 2 → client_seed “NEWSEED12345” → 3.04x this is the server ignoring input not a display issue — live bet traffic — placing a Limbo bet returns: -random_multiplier -total_payout -round_closed that’s it no hash no seed reference no nonce no proof seeds are fetched from a separate endpoint game engine and seed system are DISCONNECTED — nonce verification — you can only verify nonces you’ve already played in a real system all outcomes are predetermined once the server seed is committed - they’re deterministic blocking future nonces suggests results don’t exist until you bet — summary — -client seed ignored by server -no cryptographic proof in bet responses -game engine and seed system DISCONNECTED -nonce verification restricted this isn’t provably fair it looks like provably fair UI on top of server side RNG MonkeyTilt should probably address this anyone can verify this themselves in 60 seconds - open the verifier, change the client seed, watch the result stay the same

CoinBets🔍

20,973 views • 2 months ago

Moving data fetching between client and server with SWR

Moving data fetching between client and server with SWR

Alex Sidorenko

33,430 views • 1 year ago

Your AI stack just stopped being closed. 🔓 TanStack AI now speaks AG-UI client-to-server. - The same client hits any AG-UI server. - Any AG-UI client hits a TanStack server. Zero breaking changes. Migration guide in the tweet below 👇

Your AI stack just stopped being closed. 🔓 TanStack AI now speaks AG-UI client-to-server. - The same client hits any AG-UI server. - Any AG-UI client hits a TanStack server. Zero breaking changes. Migration guide in the tweet below 👇

TANSTACK

78,896 views • 26 days ago

React tip: "use client" misconceptions (1/5) 🚫 You need to mark EVERY individual file with "use client" to ensure it is a Client Component. ✅ You only need to mark each client entry point ONCE. Modules imported into a "use client" file are already part of the client bundle. (0:05) Adding "use client" to `3.js` marks the file as a client entry point, including it in the client bundle. (0:11) Importing `d()` into `3.js` (a client entry point) also includes it in the client bundle. (0:14) Adding "use client" to `4.js` has no additional bundling effect on `d()` because it is already part of the client bundle. (0:23) All modules (and their dependencies) imported to `3.js` are included in the client bundle. (0:26) Removing "use client" from `3.js` moves it and its dependencies into the server bundle.

React tip: "use client" misconceptions (1/5) 🚫 You need to mark EVERY individual file with "use client" to ensure it is a Client Component. ✅ You only need to mark each client entry point ONCE. Modules imported into a "use client" file are already part of the client bundle. (0:05) Adding "use client" to `3.js` marks the file as a client entry point, including it in the client bundle. (0:11) Importing `d()` into `3.js` (a client entry point) also includes it in the client bundle. (0:14) Adding "use client" to `4.js` has no additional bundling effect on `d()` because it is already part of the client bundle. (0:23) All modules (and their dependencies) imported to `3.js` are included in the client bundle. (0:26) Removing "use client" from `3.js` moves it and its dependencies into the server bundle.

Delba

157,319 views • 2 years ago

❌ Avoid resolving a promise in a server component and block rendering. ✅ Resolve the promise in the client side with `Reac.use()`

❌ Avoid resolving a promise in a server component and block rendering. ✅ Resolve the promise in the client side with `Reac.use()`

George Moller

47,187 views • 1 year ago

If you want to be able to call server functions from the client, RPC is often the move. The Bun + Better Call combo gets you a fullstack solution in very little code. Server, Client, bundling and HMR 👌 had to record a little video showing the setup

If you want to be able to call server functions from the client, RPC is often the move. The Bun + Better Call combo gets you a fullstack solution in very little code. Server, Client, bundling and HMR 👌 had to record a little video showing the setup

Wes Bos

103,552 views • 7 months ago

Built a procedural open world with SpacetimeDB as the backend. Every terrain chunk, tree, and stone is server-authoritative. The client subscribes and the world just appears, consistent across every connected player, no REST endpoints, no polling, no manual sync logic. The database is the game server. Now to fill it with agents!

Built a procedural open world with SpacetimeDB as the backend. Every terrain chunk, tree, and stone is server-authoritative. The client subscribes and the world just appears, consistent across every connected player, no REST endpoints, no polling, no manual sync logic. The database is the game server. Now to fill it with agents!

Martin Erlić

30,206 views • 3 months ago

Demo of forms with React 19 and Next.js. If you've wondered... "Why does the form clear out my input values?" "How do I pass data from my server action → client?" "How do I handle client / server validation?" "How do I display inline errors next to inputs?" This should help!

Demo of forms with React 19 and Next.js. If you've wondered... "Why does the form clear out my input values?" "How do I pass data from my server action → client?" "How do I handle client / server validation?" "How do I display inline errors next to inputs?" This should help!

Lee Robinson

42,736 views • 1 year ago

I've finally published a new version of next-international, my fully typesafe i18n library for Next.js This release adds initial support for the App Router, with both Client and Server Components:

I've finally published a new version of next-international, my fully typesafe i18n library for Next.js This release adds initial support for the App Router, with both Client and Server Components:

Tom Lienard

42,459 views • 2 years ago

New Expo example: graphQL server and client with ✨automatic type generation✨! 🧘‍♀️ GraphQL Yoga - server 💜 URQL - client 🎉 gql.tada - type generation ☁️ EAS Hosting - for API & web deployments

New Expo example: graphQL server and client with ✨automatic type generation✨! 🧘‍♀️ GraphQL Yoga - server 💜 URQL - client 🎉 gql.tada - type generation ☁️ EAS Hosting - for API & web deployments

Kadi Kraman 💚

17,462 views • 10 months ago

Next.js security tip: Use "server only" for the code that should never be exposed to the client.

Next.js security tip: Use "server only" for the code that should never be exposed to the client.

Alex Sidorenko

109,311 views • 1 year ago

New: Another immigration attorney walks out of the EOIR Courtroom with his client and a “Continuation of Proceedings” COP. His client is from Cameroon, Africa and surrendered himself at the southern border in 2023. The DOJ prosecutors failed to get the case dismissed and the alien removed. The judge granted the foreigner an extension to stay in the country till 2027. This is happening all across the country. Why am I the only journalist reporting this??

New: Another immigration attorney walks out of the EOIR Courtroom with his client and a “Continuation of Proceedings” COP. His client is from Cameroon, Africa and surrendered himself at the southern border in 2023. The DOJ prosecutors failed to get the case dismissed and the alien removed. The judge granted the foreigner an extension to stay in the country till 2027. This is happening all across the country. Why am I the only journalist reporting this??

hernando arce

163,632 views • 11 months ago

𝗪𝗪 𝟯.𝟮 Leaks New Event: Soar to the Beat Gameplay Minor lag may occur due to private server environments. This is not a technical issue on the official client. Via: Seele #WutheringWaves

𝗪𝗪 𝟯.𝟮 Leaks New Event: Soar to the Beat Gameplay Minor lag may occur due to private server environments. This is not a technical issue on the official client. Via: Seele #WutheringWaves

About Wuwa

161,467 views • 3 months ago

The big Minecraft client launch time battle! Oh, and by the way, who has the best launch animation? 🤔🤓

The big Minecraft client launch time battle! Oh, and by the way, who has the best launch animation? 🤔🤓

LabyMod

202,788 views • 2 years ago

The difference between a $1m client and a $25,000 client

The difference between a $1m client and a $25,000 client

Financial Dystopia

849,540 views • 7 months ago

Introducing: Akash MCP Server Create a deployment on the Akash Supercloud directly from any MCP client — including Claude and Cursor.

Introducing: Akash MCP Server Create a deployment on the Akash Supercloud directly from any MCP client — including Claude and Cursor.

Akash Network

29,333 views • 1 year ago