Hacker News new | past | comments | ask | show | jobs | submit login

This particular conversation is precisely about AAA titles dominating on Windows.

Otherwise, the web is becoming a more viable target for small and indie devs. But as another commentator pointed out, without a overhaul in how video driver developers approach their work, WebGL as a concept cannot be made secure. Either browser vendors will wake up to this fact and at least start disabling WebGL by default, or enterprising black-hatters will start taking advantage of WebGL exploits, forcing browser vendors' hands.

High performance graphics on the web is a tough pickle :\




Apologies, I didn't realize this was just about AAA games, I saw Quake 3 in there... ;)

I don't think a major overhaul is necessary to make WebGL secure. There is really just one remaining issue, which is DOS attacks from slow shaders. This is not an issue on recent Windows releases which can almost seamlessly restart the GPU.

Aside from that, yes, there will be GPU driver exploits. There are also browser exploits and network stack exploits - we don't stop making browsers and network-connected applications though.

WebGL-ready browsers have very good capabilities to work around such exploits, either by simply blacklisting known bad drivers, or adding things like bounds checks to shaders etc. (which is currently done). Otherwise, exploits will happen and browsers will prevent them, just like browsers already do for non-WebGL content.


There aren't any serious WebGL attacks that have actually been demonstrated. Just a lot of FUD and some laughable Hollywood-style mock-ups designed to scare people.

On the other hand, there are many demonstrated usable attacks against Internet Explorer.

The entire conversation is ridiculous.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: