Matthew Fricker (frikkr)

6 replies · posted

Very worrying Sheep-it issue

I am fairly new to Sheep-it , and I have been doing a LOT of rendering on it over the past month. However today I have just discovered something very concerning : I have a rogue folder in one of my hard drives that I have never seen before and can only be a project of somebodys that has been rendered in Sheep-it. 

The strangest , and most concerning thing is that it is on a Hard Disk that has NEVER been associated with Sheep-It. 

The screenshots below show the folder, and each subfolder in it (apart from any sensitive info that whoever this belongs to would get upset over. 

What concerns me , is not just the fact that my computer is being invaded by folders that I have no idea about - on Hard Disks that Sheep-it should never have had access or permission to be in , but also the fact that I have access to some poor individuals work ... It makes me wonder how many other peoples projects are being left on random HDD's across the world. 

I know that I have two very large , personal projects (both that I was planning to use Sheep-It for help with rendering in the future) and I would hate it if my project files were getting distributed across other peoples computers. 

Anybody know anything about this? I have of course, emailed Sheep-It to let them know about this but I wanted to see if others have had any similar experiences? 

  • crew

    Interesting! I've honestly never used Sheep-it, and now I'm curious how secure the system is. 

    • That's what is worrying me , for both those using their computer to render other peoples projects , and also those people having their projects rendered.....

    • I suppose in a sense there's no way for Sheep-It to work without doing this.  My impression was, Sheep-It basically launches an instance of Blender with no UI on your computer, and I suppose that logically that Blender instance would need to have access to the project files in order to render the image.  Come to think of it, I'm not 100% sure than any cloud-based render farm would be able to work without doing this.  But perhaps I'm wrong?

      ETA: Also, when did the forum get nested comments?  Nice!

    • jjakeblended , yes I agree, and there is actually a dedicated file in the drive that you select in Sheep-it where it caches the render files as they are used. But I checked that out and all the files are zipped, with only the actual Blender file inside that can't be opened without a password. 

      The files I showed above are actual finished renders of somebody project , that I can open and see and edit. Whats more , they are in a project folder in a drive that has never been associated with Sheep-it. 

      The point I was making is that Sheep-it has accessed and saved into a drive that I never allowed it to , and the files that it has saved are somebodys private files that are not encrypted and I can do as I wish with. 

    • I hope people can't access my computer. I mean for the moment if the issue is that my files are left in someone else's computer I don't mind that much, the stuff I would render is all personal silly stuff anyways. What is creepy is Sheepit being where non of his business is at. 

      Does that kind of thing happen in payed render farms? I mean the functionality is probably the same way Sheepit works, you have to send all your files to a remote place I assume.

    • crew

      Does that kind of thing happen in payed render farms?

      I can't speak for how other render farms work, but I know that with Barista you're launching your own AWS instance that is very well encrypted, so there's absolutely no way for anyone to access your files let alone your computer.