
Microsoft: no way to support WebGL and meet our security needs - shawndumas
http://arstechnica.com/microsoft/news/2011/06/microsoft-no-way-to-support-webgl-and-meet-our-security-needs.ars
======
Ruudjah
Every new web technology will be littered with security vulnerabilities.
That's inherent to new technologies. The article does not make it clear for me
what _inherent_ problems exist with regarding to security and WebGL.

Web workers can be silently used for data crunching. WebSockets can be used
for DDoS attacks. CSS visited links could be used to know what history you
have. But as the web progresses, these problems will be smoothed out. As such,
the security problems with WebGL probably will be solved too.

Is it very far fetched to think Microsoft sees WebGL as a big threat to their
Xbox/PC gaming/DirectX/Silverlight establishment?

~~~
jameskilton
I thought the article was pretty clear. It's not a browser security problem,
but the fact that WebGL exposes the ability for malicious code to attack bugs
and issues with graphics drivers (of which there are many).

For those that don't know, WebGL follows the OpenGL ES 2.0 spec, which doesn't
have a fixed function pipeline. This means that you're doing two things:
defining vertex information in buffers that get sent to the graphics card, and
then writing shader programs to define how those vertices are rendered. IIRC
It's the shader programs and how the drivers work with sending these programs
to the cards that are the biggest issue (you are writing code that gets
compiled and runs _directly on the hardware_ ).

Given that the Windows 8 preview made such a huge mention of HTML5 / JS / CSS
for making desktop apps, I don't think competition w/ DirectX is a part of the
issue here.

Add to the article that there are already a significant number of research
attacks using WebGL to take full control of a computer, I have to say that MS
isn't crazy and in this case has a pretty good hold on things.

