Slashdot Mirror
Microsoft Brands WebGL a 'Harmful' Technology
An anonymous reader writes "Microsoft has announced that it has no plans to support WebGL — a cross-platform low-level 3D graphics API designed for web use — in its future browsers, citing numerous security concerns over the technology and branding the basic principles as 'harmful.'"
a dangerous web idea when they see one. They created ActiveX.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
I am relieved that sliverlight will never support such harmful technology!
"Although mitigatinos such as ARB_robustness [...]"
Nice Microsoft, nice.
Whilst I believe that WebGL _could_ become a vector for attack, I think this is actually "We want to push DX not GL, let's stick to NIH by saying it's dangerous instead"
The business world keeps Microsoft in power, not gamers.
Gone!
The security issue is a valid question.
In one of the links in the summary it shows that the video memory can be read and get a snapshot of the user's desktop (in the example a confidential document is viewable) - exceptionally bad. Use an exploit like this with something else means their is potential for a severe security breach.
Then again it's early stages and I'm sure the security issues will be resolved in time.
It's an exciting techology especially with regard to streaming games over the internet.
Who remembers VRML???
If WebGL takes off, they'll have no choice but to support it. If it doesn't, then no-one will care that they don't support it.
Microsoft has no business building browsers. The open architecture of the web will always conflict with IE being closed source and the EEE tactics Microsoft is constantly trying on various web technologies. In the past, Microsoft's hegemony over computer technology gave them enough influence that they might actually have a chance at "de-commoditizing" (as they say) some popular open web technologies, but that's over, they aren't the 800lb gorilla in the room anymore, they're just another dog in a fight with at least 2 other dogs (the Open dog and the Apple dog - and no they're not the same. Look at Safari's special HTML5 rendering. Familiar? Don't forget that an open web also poses a threat to Apple's mobile apps).
By continuing to work on browsers, Microsoft is fighting a war they can't win, but like all wars this one is still harmful to the other combatants and various innocent bystanders.
"When information is power, privacy is freedom" - Jah-Wren Ryel
You really want websites to be able to freeze and possibly crash your graphics subsystem, possibly overheat reboot your machine?
Besides that, it's just sloppy, just like WebSQL is sloppy. It's just "hey lets compile opengl ES into our browser" or "lets compile SQLite into our browser" and neither are even half-hearted attempts at a proper standard. I originally said this as a joke, but it makes more sense to just link in the quake engine and support a "quake" tag, that takes a link to a PAK file as its .src attribute. That'd at least solve the (very real) security problems. Executing arbitrary shader code from random websites isn't a good idea.
Aside: apparently noone else supports WebGL either. The implementations in both FF and Chrome are broken. I've had problems with multiple textures, framebuffers, the list goes on. It's simply not working yet.
Of course, webGL would be trivial to reimplement in IE with a partial trust Silverlight plugin, which could just execute the GL natively, though that would be a much bigger security hole.
It is hard to argue with the thesis that allowing a webpage to run OpenGL code on the system GPU is less secure(and places security in more hands) than not doing so. However, that seems to throw us back on the more basic problem:
Allowing the internet to do things to your machine is dangerous. It is also among the top reasons why most people bother to own a computer. Letting pages run Javascript opens you up to vulnerabilities in your JS engine. Support for images in webpages means that a bug in any of your image format renderers(and there have been a few of these) will allow the attacker to own you. Even HTML rendering isn't safe. People from the internet are running code on your CPU, through assorted layers of indirection, virtually continually... We put up with this blatantly dangerous situation because we want the functionality.
Other than the (im)maturity of OpenGL as something that is subject to maliciously crafted input, rather than just error by well-meaning application designers, I'm not seeing a fundamental difference. Everything that happens in your browser happens because filthy, possibly dangerous, 3rd party instructions are executed, through some number of intermediate interpreters and libraries and codecs, right on your hardware.
Now, I can definitely see the case to be made for "You really shouldn't enable WebGL, except for websites that you would also trust enough to download and execute with admin permissions executables from, until the OpenGL ecosystem has had time to finish wetting itself from pure fear and start improving things", it is quite likely the case that the large, complex, more-focused-on-speed-than-security, mass that is GPU firmware, GPU drivers, etc is a mass of potentially serious issues, having historically been sheltered from the more hostile side of things. However, that doesn't seem fundamentally different from the state of the stack sitting on top of the CPU that was inherited from a more innocent time before widespread network malice. Ultimately, we just had to fix that; because the alternative involved not being able to do what we wanted to do.
WebGL won't deliver that. It's just going to deliver the next generation of what are currently Flash games, that run on Linux anyway (just not RMS' GNU/Linux because the player isn't free as in beards).
Microsoft claims competitor's technology harmful and everyone should use their safe & secure version :)
Tune in at 11 for more news from the No Shit, Sherlock dept
Considering that most accelerated 3D drivers for video controllers are utter crap full security flaws, or “optimizations“, as some call them, and that a video controller has full access to the system bus, and therefore to the RAM, drives, etc., I tend to agree that letting anyone on the web transparently send possibly crafted data to the 3D driver is, from a security point of view, a rather dubious idea.
Don't underestimate gamers or the gaming industry.
If every gamer switched to Linux, you'd see Windows become as irrelevant as OS/2, which also had a sizeable installed base in the corporate world, or Mac OS, which had a huge installed base in education. Corporate users hardly ever upgrade, and many of their biggest apps have already been ported to at least one other OS, if not more. In the corporate world, they cater to the customer's needs and desires. In the home market, they dictate to the market.
The question is what is harmed. In this it looks like it is harmful to Microsoft's market share and profits.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
What they mean by "security" is not what everyone else means. Security is just the biggest argument in the FUD arsenal. They mean control, to secure their bottom line.
For 25 plus years, that's been MS's real goal. They tried to kill off Ogg Vorbis over "insecurity"-- the supposed insecurity of no built in DRM. Security was probably one of the arguments they used to push OOXML over ODF when they were trying to maintain their file format lockdown. Talk about an outdated tactic, but then, MS has been slipping for some time now. They would have tried the old line suggesting no one would maintain the software without a large company backing it, another FUD favorite, but even they must see no one would buy that any more. And yet, they can't see the uselessness of the entire Windows Genuine Advantage program.
What specifically could they be trying to promote in place of webGL? Silverlight?
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
Context Information Security has already tested WebGL implementations and demonstrated the sorts of bugs Microsoft warns about. In fact, it looks like maybe they got a tip about it from Redmond, but they do demonstrate it, and Mozilla has acknowledged the bugs for Firefox 4.
An essential factor in security is trust. You cannot trust a website you have never seen before to load code of its choosing to be executed on a driver supplied to you by third-party which may or may not have a stellar security record themselves. Especially when "modern" operating systems like Linux run drivers as part of their monolithic kernel and so probably WILL crash when the website code messes up the driver runtime. Windows is heading in all the right directions moving their graphics driver supporing infrastracture out of the kernel into userspace. At least that way, your entire OS won't crash bringing everything down with it. At worst, smart people will figure out doing their favourite things - injecting their code through good old buffer overflows and what not.
This is what you get when you pair three poorly isolating systems to eachother. Microsoft may have done a lot of their own mess during the years with their products' security, but for once, they are right. Not the least, becaue they probably have gotten so much flak for it they finally decided enough is enough and started going by security checklist documets and automated programs that eliminate all the obvious bugs. I sincerely hope they're getting it, for I for one am tired of hearing everyone bash them. Look into your own backyard when you get 20 million lines of code running wildly on a several hundred million computers around the globe, thanks. Or reduce your SLOC, but that, again, is another discussion.
maybe one solution would be to create an intermediary WebGL driver in userland with lots of security checks. Would that still be worth it, performance-wise
The Cloud - because you don't care if your apps and data are up in the air.
Don't you just hate it when Microsoft takes the high road on security and raises some valid points. We've been through this scenario a bunch of times where some class of programs that used to only be used by local programs became accessible on the web and suddenly there is a rash of exploits (jpeg and pdf come to mind), I'd rather not go through it again.
That said, I think Microsoft laid out the problems with enough specificity that they could be addressed.
End of story.
Linux gaming is a niche idea for a niche OS (-Linux on desktops for the masses. I know Linux in the enterprise is big). Microsoft isn't losing any sleep over the idea of Linux gaming going mainstream.
Good recommending!!!
"If I have been able to see so far, It is because I went out and bought a damn binoculars" - Ze da Esquina
Hypothetical:
Developer: I'm going to make a great game for Linux, it's closed source.
Linux Community: closed source? BAH! No thank you, Linux is about Freedom man,
Result: Game does not become the widely adopted killer game converting people to Linux
Developer: I'm going to make a great game for Linux, it's open source.
Windows Community: Open source? Cool! *ports game to Windows*
Result: Game does not become the widely adopted killer game converting people to Linux
Can you explain to me, from your security point of view, how this is any different than using flash or silverlight on the web? Using those technologies, you're loading code form a website to be executed on a driver supplied to you by a third party which does NOT have a stellar security record.
There are two types of people in the world: Those who crave closure
You're right. Microsoft has done lots for the information security industry by selling a desktop and desktop derived server OS that has an security model that is insecure by default.
Just because we're Microsoft bashing, doesn't mean we don't have a point.
:. Ultimate Control Dedicated/VM Servers
You are flat wrong on a few points:
It's not the access to high performance video drivers, as they don't exist.
Bullshit. The nVidia drivers benchmark comparably on Linux and Windows. ATI might still be worse.
And this is where I think the Linux community missed an opportunity. Back when Quake 3 was the hot new shit, and was how benchmarks were done, someone benchmarked Windows vs Wine vs native Linux. They found the performance went roughly in that order -- Quake 3 was faster under Wine on Linux than it was on Windows, and the native Linux port was faster still.
So you're right that gamers need something better -- but we had that. We had a significant performance advantage for awhile, and that was out of the box. This was also back when desktop GUI environments were still fairly resource-intensive things, so you could get even more performance out of killing off your entire GUI and running just that game in its own X server (with no other X apps) -- and PC gamers were always looking for little tweaks like that to give them an edge.
None of these things are true anymore. Linux is no longer a performance edge by itself, and whatever performance there is to be gained isn't really going to make your framerate go up. That's where it's even comparable, because since then, Direct3D got better and much more popular. There was a point where OpenGL was just faster and better, when games would ship with multiple renderers (OpenGL, D3D, and software) in case one happened to be faster or better supported on your machine, but as I remember, after a certain point, Half-Life always ran faster under OpenGL. But again, things just aren't comparable anymore -- too many games are D3D only.
That, and there are so many new features (all of them high-performance) that you're not likely to get the best experience out of open source drivers, so if you're stuck with ATI, Linux is going to be significantly worse than Windows, even for an identical OpenGL game.
I feel like if we'd kept that edge just a bit longer, we might've seen a lot more start to change. I played an MMO with a friend, and aside from his Norton Anti-Virus always interrupting his game, I could run it windowed (via Wine hacks) while he couldn't -- and eventually, when the game's auto-patching system not only worked on Wine but not his Windows, but we "patched" his copy by pulling files out of my Wine copy, he was convinced -- a few months later, I set him up with Linux. That kind of thing happens much less often these days.
Anyway...
It's not the access to ubiquitous and non-finicky audio systems, as they don't exist.
I don't know, ALSA pretty much met that goal, and I haven't had issues with Pulse since I switched to it, though I did wait awhile before making that switch. For a gamer, though, I don't see needing anything more than ALSA. For that matter, I also don't see a game developer needing to use anything more than OpenAL.
You are, however, almost right about this:
The gamers need something better than what they have if they are going to move away from their current situation and negate their library of games... The majority of game companies won't make games on Linux until there is a market, which doesn't exist.
Linux support is still a very good idea for a new indie game. And if anything, I'd expect it to be easier to build a portable game than other kinds of applications -- the game's entire interface with the OS can be reduced to OpenAL, OpenGL, the filesystem, and the network. OpenAL and OpenGL are already ported, and the filesystem is almost automatically portable if you don't assume stupid things (don't add a bunch of backslashes; forward slashes work on Windows, too).
But then, indie developers can't really afford to exclusively support Linux, which means the game itself isn't an inc
Don't thank God, thank a doctor!
Sure, gladly. You have half a point - indeed systems that communicate invariably affect and potentially may compromise each other. That's a fact, which can also be seen in any other field of engineering. Like they say, the only secure system is the one that is not connected [to the Internet]. But since we do connect systems, the factor here is the interface cross-section. Flash Player and Silverlight, ok I won't speak for Silverlight because I never said it is much better than WebGL, so yeah - Flash Player uses fewer and more benign interfaces than WebGL - it certainly does not execute that much GPU code, in fact most of the SWF code interpreted by it is run on your average CPU eventually, and the parts that are abstracted by Windows, again, run in USER MODE - font rendering, printer, mouse, sound etc - hence my choosing of the word "more benign". If Flash Player crashes, your OS doesn't (hopefully this includes Linux based OSes.)
Granted, Flash Player DOES now expose the GPU indirectly through its that-3d-rendering-api-codename-i-dont-remember-the-name-of, and indeed it's much of the same dilemma as with WebGL - untrusted code programming your graphic driver has the same chance of crashing your box as those fancy desktop 3d games that give you BSOD or Linux kernel panic.
To sum it all up: it's the interface cross-section that matters and the domain of the code the interfaces abstract.
Anything that gets drawn in a browser is controlled by the browser. After 10 years of failure that part mosty is sandboxed into safety. The Code of web gl has almost complete access to the video driver. The video driver was never written for security. Speed and picture quality were the number one priorities. Since the application that ran them was alrady a local application that had a lot of access security was not really an issue. The application that access the drivers did not have to be checked extra, because they had already full access to the machine.
Display drivers are complex software, that might show the same level of vulnerabilities that plagues the browser.
However a subset of WEBGL that is more easy check could be implemented safely i think.
Actually, lack of games on Linux is one of the driving forces for keeping a large swath of people from switching.
Solution: Stop using the browser for things that are not browsing. Stop using the browser as an OS inside an OS. If your website needs OpenGL, you are doing it wrong.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Seriously, why is it needed? Why don't developers just write their own UI instead of trying to push everything into the browser?
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
I don't know you from Adam and therefore don't care that you're having a bad day and feeling a bit grumpy with the rest of the world either.
But just for the record, my computer knowledge started with programming on Commodore Amigas and doing system support work during mid- to late-80s on DEC PDP-11s running RSX-11 and IBM x86 servers running SCO UNIX - so I actually worked on UNIX before I ever even touched a Windows PC. And by the immaturity of your comments, that was probably around the time you were in nappies...
I've also run Linux for nigh-on 18 years, I was a Red Hat Certified Engineer in 2000 and my full-time job is doing security analysis and hardening of Linux-based telecoms servers - believe it or don't believe it, I don't care.
But I'm not a zealot. A computer is a tool and you use the best tool for the job. Period.
Gentoo Linux - another day, another USE flag.