Slashdot Mirror
Microsoft Brands WebGL a 'Harmful' Technology
An anonymous reader writes "Microsoft has announced that it has no plans to support WebGL — a cross-platform low-level 3D graphics API designed for web use — in its future browsers, citing numerous security concerns over the technology and branding the basic principles as 'harmful.'"
a dangerous web idea when they see one. They created ActiveX.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
The security issue is a valid question.
In one of the links in the summary it shows that the video memory can be read and get a snapshot of the user's desktop (in the example a confidential document is viewable) - exceptionally bad. Use an exploit like this with something else means their is potential for a severe security breach.
Then again it's early stages and I'm sure the security issues will be resolved in time.
It's an exciting techology especially with regard to streaming games over the internet.
Who remembers VRML???
You really want websites to be able to freeze and possibly crash your graphics subsystem, possibly overheat reboot your machine?
Besides that, it's just sloppy, just like WebSQL is sloppy. It's just "hey lets compile opengl ES into our browser" or "lets compile SQLite into our browser" and neither are even half-hearted attempts at a proper standard. I originally said this as a joke, but it makes more sense to just link in the quake engine and support a "quake" tag, that takes a link to a PAK file as its .src attribute. That'd at least solve the (very real) security problems. Executing arbitrary shader code from random websites isn't a good idea.
Aside: apparently noone else supports WebGL either. The implementations in both FF and Chrome are broken. I've had problems with multiple textures, framebuffers, the list goes on. It's simply not working yet.
Of course, webGL would be trivial to reimplement in IE with a partial trust Silverlight plugin, which could just execute the GL natively, though that would be a much bigger security hole.
It is hard to argue with the thesis that allowing a webpage to run OpenGL code on the system GPU is less secure(and places security in more hands) than not doing so. However, that seems to throw us back on the more basic problem:
Allowing the internet to do things to your machine is dangerous. It is also among the top reasons why most people bother to own a computer. Letting pages run Javascript opens you up to vulnerabilities in your JS engine. Support for images in webpages means that a bug in any of your image format renderers(and there have been a few of these) will allow the attacker to own you. Even HTML rendering isn't safe. People from the internet are running code on your CPU, through assorted layers of indirection, virtually continually... We put up with this blatantly dangerous situation because we want the functionality.
Other than the (im)maturity of OpenGL as something that is subject to maliciously crafted input, rather than just error by well-meaning application designers, I'm not seeing a fundamental difference. Everything that happens in your browser happens because filthy, possibly dangerous, 3rd party instructions are executed, through some number of intermediate interpreters and libraries and codecs, right on your hardware.
Now, I can definitely see the case to be made for "You really shouldn't enable WebGL, except for websites that you would also trust enough to download and execute with admin permissions executables from, until the OpenGL ecosystem has had time to finish wetting itself from pure fear and start improving things", it is quite likely the case that the large, complex, more-focused-on-speed-than-security, mass that is GPU firmware, GPU drivers, etc is a mass of potentially serious issues, having historically been sheltered from the more hostile side of things. However, that doesn't seem fundamentally different from the state of the stack sitting on top of the CPU that was inherited from a more innocent time before widespread network malice. Ultimately, we just had to fix that; because the alternative involved not being able to do what we wanted to do.
What they mean by "security" is not what everyone else means. Security is just the biggest argument in the FUD arsenal. They mean control, to secure their bottom line.
For 25 plus years, that's been MS's real goal. They tried to kill off Ogg Vorbis over "insecurity"-- the supposed insecurity of no built in DRM. Security was probably one of the arguments they used to push OOXML over ODF when they were trying to maintain their file format lockdown. Talk about an outdated tactic, but then, MS has been slipping for some time now. They would have tried the old line suggesting no one would maintain the software without a large company backing it, another FUD favorite, but even they must see no one would buy that any more. And yet, they can't see the uselessness of the entire Windows Genuine Advantage program.
What specifically could they be trying to promote in place of webGL? Silverlight?
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
An essential factor in security is trust. You cannot trust a website you have never seen before to load code of its choosing to be executed on a driver supplied to you by third-party which may or may not have a stellar security record themselves. Especially when "modern" operating systems like Linux run drivers as part of their monolithic kernel and so probably WILL crash when the website code messes up the driver runtime. Windows is heading in all the right directions moving their graphics driver supporing infrastracture out of the kernel into userspace. At least that way, your entire OS won't crash bringing everything down with it. At worst, smart people will figure out doing their favourite things - injecting their code through good old buffer overflows and what not.
This is what you get when you pair three poorly isolating systems to eachother. Microsoft may have done a lot of their own mess during the years with their products' security, but for once, they are right. Not the least, becaue they probably have gotten so much flak for it they finally decided enough is enough and started going by security checklist documets and automated programs that eliminate all the obvious bugs. I sincerely hope they're getting it, for I for one am tired of hearing everyone bash them. Look into your own backyard when you get 20 million lines of code running wildly on a several hundred million computers around the globe, thanks. Or reduce your SLOC, but that, again, is another discussion.
Can you explain to me, from your security point of view, how this is any different than using flash or silverlight on the web? Using those technologies, you're loading code form a website to be executed on a driver supplied to you by a third party which does NOT have a stellar security record.
There are two types of people in the world: Those who crave closure
Anything that gets drawn in a browser is controlled by the browser. After 10 years of failure that part mosty is sandboxed into safety. The Code of web gl has almost complete access to the video driver. The video driver was never written for security. Speed and picture quality were the number one priorities. Since the application that ran them was alrady a local application that had a lot of access security was not really an issue. The application that access the drivers did not have to be checked extra, because they had already full access to the machine.
Display drivers are complex software, that might show the same level of vulnerabilities that plagues the browser.
However a subset of WEBGL that is more easy check could be implemented safely i think.