Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

503 comments

Sorry! There are no comments related to the filter you selected.

Microsoft should know... (5, Informative)

Bill_the_Engineer (772575) | more than 3 years ago | (#36473122)

a dangerous web idea when they see one. They created ActiveX.

Re:Microsoft should know... (1)

Noughmad (1044096) | more than 3 years ago | (#36473164)

Didn't they use to claim how Firefox and Linux are insecure?

Re:Microsoft should know... (1, Offtopic)

jjetson (2041488) | more than 3 years ago | (#36473180)

Isn't Android Linux?

Re:Microsoft should know... (0)

Anonymous Coward | more than 3 years ago | (#36473290)

Isn't Android Linux?

Yes, but why's that relevant?

Re:Microsoft should know... (-1, Troll)

Anonymous Coward | more than 3 years ago | (#36473178)

I mark this the first of many "Microsoft have shit security durhurhur" comments. Probably no point reading the rest of the comments for this one, there's going to be very little useful commentary in amongst the complete fucking dross.

Re:Microsoft should know... (0)

Anonymous Coward | more than 3 years ago | (#36473192)

and auto-run, scripting in E-Mails/Documents etc.

Re:Microsoft should know... (4, Insightful)

Anonymous Coward | more than 3 years ago | (#36473268)

To this day it is still easy to make Word Documents that phone home to a server with user info every time they are opened. But WebGL is harmful.

Re:Microsoft should know... (0)

sorak (246725) | more than 3 years ago | (#36473526)

And the number of zero day flash exploits isn't a problem, but webGL is.

Re:Microsoft should know... (5, Interesting)

Anonymous Coward | more than 3 years ago | (#36473354)

Maybe Processing [processing.org] has them scared as shit. Not only does it do OpenGL acceleration in a browser, but it's also open source and nearly a drop-in replacement for Flash or Silverlight.

Re:Microsoft should know... (5, Insightful)

cygnwolf (601176) | more than 3 years ago | (#36473422)

I think you hit the nail on the head there with the Silverlight comment. M$ could probably care less about Flash but they're not fond of any new players in that market.

Re:Microsoft should know... (0)

xednieht (1117791) | more than 3 years ago | (#36473392)

Amen brother!!!!

Re:Microsoft should know... (0)

Anonymous Coward | more than 3 years ago | (#36473410)

And I'm sure this has nothing to do with them hampering the use of OpenGL over Direct3D in general.

Re:Microsoft should know... (2)

jasmusic (786052) | more than 3 years ago | (#36473426)

...and are adding P/Invoke to Silverlight last I heard.

Re:Microsoft should know... (5, Insightful)

beelsebob (529313) | more than 3 years ago | (#36473514)

I'm really surprised that everyone is jumping on the "lawl microsoft security" bandwagon here, rather than the "well of course it's dangerous tech – it's OpenGL based, not D3D based... it's dangerous for MS's market share" bandwagon.

Good advise! (1)

VincenzoRomano (881055) | more than 3 years ago | (#36473126)

From a security centric company!

Re:Good advise! (2)

Nickodeimus (1263214) | more than 3 years ago | (#36473454)

I should probably advise you not to use the word advise when you mean to use the word advice. Just my advice, I'd advise you to take it for what its worth.

Re:Good advise! (2)

balbord (447248) | more than 3 years ago | (#36473542)

Good recommending!!!

Microsoft has no security credibility. (0)

Anonymous Coward | more than 3 years ago | (#36473146)

If they did they would do an apple and ban all plugins from their browser.

Re:Microsoft has no security credibility. (1)

_merlin (160982) | more than 3 years ago | (#36473186)

Are you referring to Mobile Safari for iPhone/iPad? In that case, I think Microsoft have "pulled an Apple" already and failed to provide a plugin API for the Windows Phone 7 browser. If OTOH you're referring to IE for Windows, Apple's equivalent Safari for OSX supports plugins anyway. I don't see your point.

Games on Linux means the end of the MS Empire (1)

alienoide (2277338) | more than 3 years ago | (#36473160)

End of story.

Re:Games on Linux means the end of the MS Empire (2, Informative)

schnikies79 (788746) | more than 3 years ago | (#36473196)

The business world keeps Microsoft in power, not gamers.

Re:Games on Linux means the end of the MS Empire (2)

cb88 (1410145) | more than 3 years ago | (#36473284)

Eh... RedHat is taking care of that bit..

Re:Games on Linux means the end of the MS Empire (1)

Dog-Cow (21281) | more than 3 years ago | (#36473420)

Funny. I work at a fairly large Auto manufacturer (in the US) and RedHat isn't visible here at all. I know there are some one-offs, but nothing supported by global IT. Lots of Linux here, though, but on any desktops.

Re:Games on Linux means the end of the MS Empire (1)

peterbye (708092) | more than 3 years ago | (#36473442)

Not on the desktop yet, unfortunately.

Re:Games on Linux means the end of the MS Empire (1)

camperdave (969942) | more than 3 years ago | (#36473502)

Eh... RedHat is taking care of that bit..

Oh? Are they releasing 100% compatible versions of Windows XP, IE6, and Microsoft Office? I ask because these are the only things the business world uses.

Re:Games on Linux means the end of the MS Empire (1)

mistiry (1845474) | more than 3 years ago | (#36473548)

Oh? Are they releasing 100% compatible versions of Windows XP, IE6, and Microsoft Office? I ask because these are the only things the business world uses.

I've worked at several places in the last 2 years where I saw no installations of XP or IE6, and I've also worked at several places where XP and IE6 were used. I've seen installations of OpenOffice, Firefox, and even Linux desktops.

The point, though, is that your statement that XP/IE6/MSO is the only things the business world uses may have been true ~5 years ago, but not anymore.

Re:Games on Linux means the end of the MS Empire (2)

Elbereth (58257) | more than 3 years ago | (#36473302)

Don't underestimate gamers or the gaming industry.

If every gamer switched to Linux, you'd see Windows become as irrelevant as OS/2, which also had a sizeable installed base in the corporate world, or Mac OS, which had a huge installed base in education. Corporate users hardly ever upgrade, and many of their biggest apps have already been ported to at least one other OS, if not more. In the corporate world, they cater to the customer's needs and desires. In the home market, they dictate to the market.

Re:Games on Linux means the end of the MS Empire (1)

mcgrew (92797) | more than 3 years ago | (#36473414)

You may be right, but I'm not so sure. When OS/2 first came out, the motto was "nobody ever got fired for buying IBM". Now it's "nobody ever got fired for buying Microsoft". MS is entrenched in the business and government worlds and has been for decades, while OS/2 was mostly just toyed with for a short time.

Plus, almost every desktop computer made has Windows factory-installed. Only a tiny percentage of home PCs are used for serious aming. Then there are other programs, like TurboTax, that have no Linux equivalent.

As a kubuntu user, though, I hope you're right and I'm wrong.

Re:Games on Linux means the end of the MS Empire (1)

Marc Madness (2205586) | more than 3 years ago | (#36473510)

Then there are other programs, like TurboTax, that have no Linux equivalent.

As a kubuntu user, though, I hope you're right and I'm wrong.

TurboTax in Canada is a web-app that works with Linux. However, the security/privacy implications of compiling your tax return in the cloud are not to be overlooked.

Re:Games on Linux means the end of the MS Empire (1)

Quarters (18322) | more than 3 years ago | (#36473586)

Don't underestimate the power of Linux users to delude themselves into thinking that "If everyone did..." is the same as "any day now everyone will..." Ask yourself this...what would compel any, let alone every gamer to switch to Linux? It's not the games, as they don't exist. It's not the access to high performance video drivers, as they don't exist. It's not the access to ubiquitous and non-finicky audio systems, as they don't exist. The gamers need something better than what they have if they are going to move away from their current situation and negate their library of games. With regards to Linux that doesn't and probably will never exist. The majority of game companies won't make games on Linux until there is a market, which doesn't exist. Catch-22. For this to ever even have a possibility of happening there needs to be a killer-game-app on Linux and a Linux distribution that is as easy to setup and configure, along with always offering access to current quality video card drivers, as Windows offers. So where is the killer game and perfect gaming Linux distro? Instead of wishing for ponies and utopian group-think you might want to dig in and get to work.

Re:Games on Linux means the end of the MS Empire (1)

ron_ivi (607351) | more than 3 years ago | (#36473314)

And the business world uses Microsoft because that's what the CEO and CFO is familiar with.

And they're familiar with Windows because that's what their kid uses to play games.

The technical departments in the business world have been heavy unix users for a very long time.

Re:Games on Linux means the end of the MS Empire (0)

Anonymous Coward | more than 3 years ago | (#36473316)

and they rule the business world because employees are comfortable with a windows interface, a win in the home market would certainly bleed through to the office market

Games? (0)

headkase (533448) | more than 3 years ago | (#36473318)

The business world keeps Microsoft in power, not gamers.

I don't doubt you overall, but: for my home computers, the only reason the machine I'm typing this on has Windows 7 installed is because of games. My laptop doesn't have Windows, only my desktop which has the hardware to run the games.

Re:Games on Linux means the end of the MS Empire (1)

wisnoskij (1206448) | more than 3 years ago | (#36473576)

Well Linux is already a heavy weight in the server department but it is because most people still have a MS box at home that they know MS and therefore want a MS box to work at at work. If Linux was the king of gaming then they would buy Linux boxes for personal (and for their kids) gaming and then would ask for them to work on.

Gaming is the only reason they are not winning in my opinion.

Not that I agree with the general consensus that the Linux OS is better then Windows. MS because they are a company dedicated to making money need to make Windows usable and enjoyable from back to front, while Linux seems to have used their free product designed for expert users as a reason to not really polish some of their features and at least in the case of Ubuntu, release versions that are far from ready for use.

Re:Games on Linux means the end of the MS Empire (1)

GameboyRMH (1153867) | more than 3 years ago | (#36473270)

At home, yes, in business, not so much. Legacy apps and textophobe-friendly administration are MS' bread and butter in business. But they are slowly killing off their legacy compatibility (and looking at going muliti-arch with closed source code), and since Win Server 2008 they've switched to a Linux-like "CLI before GUI" design, so it'll be interesting to see what happens...

Re:Games on Linux means the end of the MS Empire (2)

_merlin (160982) | more than 3 years ago | (#36473276)

WebGL won't deliver that. It's just going to deliver the next generation of what are currently Flash games, that run on Linux anyway (just not RMS' GNU/Linux because the player isn't free as in beards).

Re:Games on Linux means the end of the MS Empire (2)

Quarters (18322) | more than 3 years ago | (#36473504)

End of story.

Linux gaming is a niche idea for a niche OS (-Linux on desktops for the masses. I know Linux in the enterprise is big). Microsoft isn't losing any sleep over the idea of Linux gaming going mainstream.

Surprise (1)

Anonymous Coward | more than 3 years ago | (#36473170)

Yeah, a cross platform solution that is in competition with a Microsoft proprietary solution; being applied to the Web; and Microsoft is against it. Personally I am shocked, just shocked. They've been spending a lot of money trying to optimize IE9 for use with DirectX, and care a whole lot less about security or empowering Web developers, than they do about preventing competition on a level playing field.

MSFT to be at $20.00 (0)

Anonymous Coward | more than 3 years ago | (#36473172)

Pot, meet kettle.

At least silverlight is save! (4, Interesting)

cccc828 (740705) | more than 3 years ago | (#36473174)

I am relieved that sliverlight will never support such harmful technology [microsoft.com] !

Re:At least silverlight is save! (2, Interesting)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#36473394)

Under "Extended Features":

"Access devices and other system capabilities by calling into application COM components."

"Call existing unmanaged code directly from within Silverlight with PInvoke."

"Read and write files to the user’s My Documents folder, making it easier to find media files or create local copies of reports. Launch Microsoft Office and other desktop programs. Users can open Microsoft Outlook and create an e-mail message, or send a report to Word utilizing the power of Office."

They just couldn't stay away from the convenience that ActiveX plugins' "me casa es tu casa" security model provided...

Re:At least silverlight is save! (0)

Anonymous Coward | more than 3 years ago | (#36473626)

This is squarely aimed at businesses, who are demanding these features. Note that:

  • You have to opt-in to this via group policy.
  • Applications have to be signed, and I suspect the trusted roots will also be specified in group policy (i.e. it won't use the default list in the browser)

I'd also be surprised if this feature was exposed in home versions of Windows.

Microsoft were badly burned by ActiveX and they have learned many lessons.

They can't even spell (3, Insightful)

DavidR1991 (1047748) | more than 3 years ago | (#36473176)

"Although mitigatinos such as ARB_robustness [...]"

Nice Microsoft, nice.

Whilst I believe that WebGL _could_ become a vector for attack, I think this is actually "We want to push DX not GL, let's stick to NIH by saying it's dangerous instead"

Oooor... (0)

Anonymous Coward | more than 3 years ago | (#36473190)

or because it sounds like opengl which is eeeeviiiiiiiil

It has no plans to support WebGL... (0)

Anonymous Coward | more than 3 years ago | (#36473200)

Until it can come up with it own proprietary version that IE only.

Hate to Say This... (5, Informative)

mrpacmanjel (38218) | more than 3 years ago | (#36473224)

The security issue is a valid question.

In one of the links in the summary it shows that the video memory can be read and get a snapshot of the user's desktop (in the example a confidential document is viewable) - exceptionally bad. Use an exploit like this with something else means their is potential for a severe security breach.

Then again it's early stages and I'm sure the security issues will be resolved in time.

It's an exciting techology especially with regard to streaming games over the internet.

Who remembers VRML???

Mod parent up (1)

elrous0 (869638) | more than 3 years ago | (#36473280)

I really wish we could have more discussions where MS is mentioned that don't immediately devolve into "MS is teh E V I L !!! Anything they say or do is wrong!"

Re:Mod parent up (0)

imric (6240) | more than 3 years ago | (#36473492)

*shrug* Those comments are depressingly accurate though.

Re:Hate to Say This... (1)

Anonymous Coward | more than 3 years ago | (#36473488)

the video memory can be read and get a snapshot of the user's desktop (in the example a confidential document is viewable)

This could get even worse, in light of the fact that AMD plans to unify the video, and system RAM address space.

Re:Hate to Say This... (2)

royallthefourth (1564389) | more than 3 years ago | (#36473610)

It will be better since it should mean that video memory will exist in protected mode instead of real mode (since it will be part of the same protected address space as system memory), thus proscribing programs from reading data not belonging to them.

No news (2)

The MAZZTer (911996) | more than 3 years ago | (#36473226)

If WebGL takes off, they'll have no choice but to support it. If it doesn't, then no-one will care that they don't support it.

Re:No news (0)

Anonymous Coward | more than 3 years ago | (#36473320)

Kinda like Flash?

Re:No news (1)

royallthefourth (1564389) | more than 3 years ago | (#36473338)

Ha! If only that was true for CSS

Re:No news (2)

Bengie (1121981) | more than 3 years ago | (#36473356)

WebGL is as bad or worse than ActiveX ever was. Should be interesting.

I've already read security blogs from reputable security professionals about how WebGL is flawed from the ground up and can allow for kernel level security issues. ActiveX at least ran as the current user, not kernel.

I really think MS could get away with no implementing it.

Re:No news (0)

Anonymous Coward | more than 3 years ago | (#36473590)

It may be bad, but it can't possibly be anywhere near as bad as ActiveX.

Re:No news (1)

camperdave (969942) | more than 3 years ago | (#36473556)

If WebGL takes off, they'll have no choice but to support it. If it doesn't, then no-one will care that they don't support it.

If it takes off, Microsoft will pull its standard Embrace, Extend, Extinguish strategy on it.

Microsoft should get out of browsers ASAP (3, Insightful)

GameboyRMH (1153867) | more than 3 years ago | (#36473232)

Microsoft has no business building browsers. The open architecture of the web will always conflict with IE being closed source and the EEE tactics Microsoft is constantly trying on various web technologies. In the past, Microsoft's hegemony over computer technology gave them enough influence that they might actually have a chance at "de-commoditizing" (as they say) some popular open web technologies, but that's over, they aren't the 800lb gorilla in the room anymore, they're just another dog in a fight with at least 2 other dogs (the Open dog and the Apple dog - and no they're not the same. Look at Safari's special HTML5 rendering. Familiar? Don't forget that an open web also poses a threat to Apple's mobile apps).

By continuing to work on browsers, Microsoft is fighting a war they can't win, but like all wars this one is still harmful to the other combatants and various innocent bystanders.

Re:Microsoft should get out of browsers ASAP (0)

Anonymous Coward | more than 3 years ago | (#36473262)

Except for the fact that the web sucks. Hopefully we will move beyond browsers soon.

Re:Microsoft should get out of browsers ASAP (1)

JBMcB (73720) | more than 3 years ago | (#36473346)

The web sucks, except for everything else.

The biggest hurdle in designing something like the web is to get everybody to agree on standards. HTTP/HTML - that's 90% of the battle, and infinitely better than 30% of websites only working on flash, 20% only working on silverlight, 15% on XML/XSLT, 15% on PDF...

Re:Microsoft should get out of browsers ASAP (1)

GameboyRMH (1153867) | more than 3 years ago | (#36473352)

If we move "beyond" browsers to client apps we'll be moving backwards (not that it can't happen, that seem to be the direction we're moving in these days).

Re:Microsoft should get out of browsers ASAP (1)

Anonymous Coward | more than 3 years ago | (#36473624)

Why is that backwards? Most 'real' software is still client based and will continue to be. It just works better. Browsers are great for reading stuff, but they suck as an application development environment. They are not designed for it - all these technologies (AJAX, etc) are compete hacks to mimic what's been around for years in client app development.

Re:Microsoft should get out of browsers ASAP (2)

pinpuke (2194896) | more than 3 years ago | (#36473406)

RE: "Microsoft has no business building browsers." Well, maybe that should read... "Microsoft has only to build browsers for big business." Firefox is a pain to manage in large corporate settings. Luckily someone out there made the CCK for Firefox but it can still be a pain to manage once deployed. If you take away IE then when you make calls to businesses that serve you don't complain about the extra long call queues and slow account services. Corporate infrastructures that utilize web apps will come to a crawl while internal devs, and third party devs, scramble for fixes.

Re:Microsoft should get out of browsers ASAP (0)

Anonymous Coward | more than 3 years ago | (#36473532)

How are we supposed to download firefox?

Re:Microsoft should get out of browsers ASAP (1)

GameboyRMH (1153867) | more than 3 years ago | (#36473596)

The same way you do on their browser-less European versions?

They're right (5, Insightful)

Anonymous Coward | more than 3 years ago | (#36473234)

You really want websites to be able to freeze and possibly crash your graphics subsystem, possibly overheat reboot your machine?

Besides that, it's just sloppy, just like WebSQL is sloppy. It's just "hey lets compile opengl ES into our browser" or "lets compile SQLite into our browser" and neither are even half-hearted attempts at a proper standard. I originally said this as a joke, but it makes more sense to just link in the quake engine and support a "quake" tag, that takes a link to a PAK file as its .src attribute. That'd at least solve the (very real) security problems. Executing arbitrary shader code from random websites isn't a good idea.

Aside: apparently noone else supports WebGL either. The implementations in both FF and Chrome are broken. I've had problems with multiple textures, framebuffers, the list goes on. It's simply not working yet.

Of course, webGL would be trivial to reimplement in IE with a partial trust Silverlight plugin, which could just execute the GL natively, though that would be a much bigger security hole.

Re:They're right (2)

kyz (225372) | more than 3 years ago | (#36473400)

it makes more sense to just link in the quake engine and support a "quake" tag

Yesterday's news, my good man - haven't you heard of Quake Live [quakelive.com] ? Serve up the .pak with MIME type "application/x-id-quakelive" and Bob's your uncle!

THEN I KNOW IT'S THE FUTURE !! (0)

Anonymous Coward | more than 3 years ago | (#36473236)

If Microsoft hates it, I LIKES IT !! I like everything !! Except Mikey !!

AMAZING BLOG! (-1, Offtopic)

Baby Groovy (2277386) | more than 3 years ago | (#36473240)

Amazing! Your article has a ton of viewers. How did you get all of these bloggers to see your blog I’m very jealous! I’m still studying all about posting information on the web. I’m going to look around on your site to get a better understanding how to get more visible. Top Music Charts [groovybaby.us]

Harmful... (1)

ATMAvatar (648864) | more than 3 years ago | (#36473244)

...to their business model. Let's face it: if WebGL really took off and brought about it a myriad web-based games, the Microsoft stranglehold on PC gaming would be in jeopardy.

Re:Harmful... (1)

MemoryDragon (544441) | more than 3 years ago | (#36473298)

The strangelhold is over anyway, given the current markets. You have the Xbox and the PC which are DirectX, the rest uses OpenGL or OpenGL derivates. Almost 100% of all game makers use an existing engine, which is optimized for cross platform development anyway.
It is just a matter of time til those engines also have their webgl ports one way or the other.
Whatever Microsoft does in this area is only to the degree relevant that if they dont support it it wont be used in a corporate environment.

Not the first time (1)

Millennium (2451) | more than 3 years ago | (#36473264)

Microsoft has rejected interoperable technologies based on spurious "security concerns" before, only to release later a competing yet non-interoperable technology with far worse security problems than ever showed up on what they rejected. Remember browser plugins, passed over in favor of the steaming pile of fail that is ActiveX?

Look for WebDirect3D in the next version of IE, likely with every problem MS claims WebGL has and a few new ones.

Re:Not the first time (1)

MemoryDragon (544441) | more than 3 years ago | (#36473312)

I am almost 100% sure about that WebGL will be the point where Microsoft again will fork away. I have been expecting that for months now.
Also so far all their efforts towards html5 are pretty half assed, even IE9 can be barely described as html5 compliant, but given the state of the current specs only time will tell if Microsoft again will be a burden on the web developing world.

It is a problem; but... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#36473272)

It is hard to argue with the thesis that allowing a webpage to run OpenGL code on the system GPU is less secure(and places security in more hands) than not doing so. However, that seems to throw us back on the more basic problem:

Allowing the internet to do things to your machine is dangerous. It is also among the top reasons why most people bother to own a computer. Letting pages run Javascript opens you up to vulnerabilities in your JS engine. Support for images in webpages means that a bug in any of your image format renderers(and there have been a few of these) will allow the attacker to own you. Even HTML rendering isn't safe. People from the internet are running code on your CPU, through assorted layers of indirection, virtually continually... We put up with this blatantly dangerous situation because we want the functionality.

Other than the (im)maturity of OpenGL as something that is subject to maliciously crafted input, rather than just error by well-meaning application designers, I'm not seeing a fundamental difference. Everything that happens in your browser happens because filthy, possibly dangerous, 3rd party instructions are executed, through some number of intermediate interpreters and libraries and codecs, right on your hardware.

Now, I can definitely see the case to be made for "You really shouldn't enable WebGL, except for websites that you would also trust enough to download and execute with admin permissions executables from, until the OpenGL ecosystem has had time to finish wetting itself from pure fear and start improving things", it is quite likely the case that the large, complex, more-focused-on-speed-than-security, mass that is GPU firmware, GPU drivers, etc is a mass of potentially serious issues, having historically been sheltered from the more hostile side of things. However, that doesn't seem fundamentally different from the state of the stack sitting on top of the CPU that was inherited from a more innocent time before widespread network malice. Ultimately, we just had to fix that; because the alternative involved not being able to do what we wanted to do.

Crap. (0)

Anonymous Coward | more than 3 years ago | (#36473278)

This is bad news.

Yes, everyone hates IE, blah blah blah. This makes webmasters job significantly more difficult in using WebGL as a platform... Flash fallbacks? Alternative browser plug-in? Canvas3d? Uuuugggghhhh....

Amazing! (2, Funny)

Anonymous Coward | more than 3 years ago | (#36473282)

Microsoft claims competitor's technology harmful and everyone should use their safe & secure version :)

Tune in at 11 for more news from the No Shit, Sherlock dept

Freedom is dangerous (0)

Anonymous Coward | more than 3 years ago | (#36473286)

WebGL + fast Javascript gives developers a very powerful duo, games and apps on WebGL could rival normal applications (meaning non-Live-AppStore stuff) and endanger their revenue streams. This is exactly why Apple stopped further develop web editors and that is why IE was such a drag all the time... MS is not going to backup WebGL. You have other venues for more advanced stuff like Windows Marketplace or Apple AppStore, web should remain minimalist. A venue without 40% cut? No deal.

Microsoft Announces Next Product (0)

simm_s (11519) | more than 3 years ago | (#36473292)

In other news Microsoft is releasing DirectAzureX exclusively for Internet Explorer bringing secure 3D content to the Web. Innovation at work people! Microsoft the true king of standards fragmentation.

Re:Microsoft Announces Next Product (1)

Shados (741919) | more than 3 years ago | (#36473350)

When the standard sucks, it needs to be done.

I tend to agree (4, Insightful)

Cigaes (714444) | more than 3 years ago | (#36473294)

Considering that most accelerated 3D drivers for video controllers are utter crap full security flaws, or “optimizations“, as some call them, and that a video controller has full access to the system bus, and therefore to the RAM, drives, etc., I tend to agree that letting anyone on the web transparently send possibly crafted data to the 3D driver is, from a security point of view, a rather dubious idea.

They're right. (1)

John Hasler (414242) | more than 3 years ago | (#36473334)

n/t

It is true. It is harmful. (2, Informative)

140Mandak262Jamuna (970587) | more than 3 years ago | (#36473344)

The question is what is harmed. In this it looks like it is harmful to Microsoft's market share and profits.

Can't trust MS's opinions (5, Interesting)

bzipitidoo (647217) | more than 3 years ago | (#36473372)

What they mean by "security" is not what everyone else means. Security is just the biggest argument in the FUD arsenal. They mean control, to secure their bottom line.

For 25 plus years, that's been MS's real goal. They tried to kill off Ogg Vorbis over "insecurity"-- the supposed insecurity of no built in DRM. Security was probably one of the arguments they used to push OOXML over ODF when they were trying to maintain their file format lockdown. Talk about an outdated tactic, but then, MS has been slipping for some time now. They would have tried the old line suggesting no one would maintain the software without a large company backing it, another FUD favorite, but even they must see no one would buy that any more. And yet, they can't see the uselessness of the entire Windows Genuine Advantage program.

What specifically could they be trying to promote in place of webGL? Silverlight?

WebGL bugs already demonstrated (4, Informative)

lseltzer (311306) | more than 3 years ago | (#36473378)

Context Information Security has already tested WebGL implementations and demonstrated the sorts of bugs Microsoft warns about [pcmag.com] . In fact, it looks like maybe they got a tip about it from Redmond, but they do demonstrate it, and Mozilla has acknowledged the bugs for Firefox 4 [mozilla.com] .

For once don't bash M$, read the article instead (5, Insightful)

amn108 (1231606) | more than 3 years ago | (#36473382)

An essential factor in security is trust. You cannot trust a website you have never seen before to load code of its choosing to be executed on a driver supplied to you by third-party which may or may not have a stellar security record themselves. Especially when "modern" operating systems like Linux run drivers as part of their monolithic kernel and so probably WILL crash when the website code messes up the driver runtime. Windows is heading in all the right directions moving their graphics driver supporing infrastracture out of the kernel into userspace. At least that way, your entire OS won't crash bringing everything down with it. At worst, smart people will figure out doing their favourite things - injecting their code through good old buffer overflows and what not.

This is what you get when you pair three poorly isolating systems to eachother. Microsoft may have done a lot of their own mess during the years with their products' security, but for once, they are right. Not the least, becaue they probably have gotten so much flak for it they finally decided enough is enough and started going by security checklist documets and automated programs that eliminate all the obvious bugs. I sincerely hope they're getting it, for I for one am tired of hearing everyone bash them. Look into your own backyard when you get 20 million lines of code running wildly on a several hundred million computers around the globe, thanks. Or reduce your SLOC, but that, again, is another discussion.

I say, use DirectX instead. (0)

Anonymous Coward | more than 3 years ago | (#36473402)

That's rock solid. No security problems whatsoever.

They are experts in the field (1)

omfg-no (1848750) | more than 3 years ago | (#36473428)

Given they created ActiveX, windows, direct X, IIS, IE and many other technologies that screw up the web and the internet in general.

hello webmaster (1)

formation (2241238) | more than 3 years ago | (#36473446)

We offer all our clients a simple and straightforward way to register their companies and get their business off the ground: http://bit.ly/m2IHF4 [bit.ly]

Me Too (0)

Anonymous Coward | more than 3 years ago | (#36473448)

Microsoft has been a me-too company since it's last killer product: Windows XP SP2

This FUD against WebGL is just another one of the death throes from a company that hasn't been able to compete since August 25, 2004.

Microsoft has innovated exactly one good product: Kinect ... yet, it took Linux hackers to force them to capitalize on it.
It reminds me of the old Toll Booth Willie [youtube.com] skit ... does Microsoft actually want the money, or do we have to shove it up Microsoft's ass??
I feel sorry for Microsoft shareholders, and thank god I don't own any of their stock.

If Microsoft would stop with the me-too "standards" (all stillborn) and put 1/10th of that money and effort into applications for the Kinect, and the other 9/10th into innovating things their customers want, they could be the premier tech company again. Sadly, that's not gonna happen.

Their concerns do make sense (1)

obarthelemy (160321) | more than 3 years ago | (#36473468)

the graphics there sums it up nicely: http://www.contextis.com/resources/blog/webgl/ [contextis.com] Web > Browser > graphics driver > kernel, and we all know graphics drivers are full of bugs/holes, and that even killing and restarting them is not a solution if the browser keeps bombarding them with spurious request. DOS and intrusion must be very easy that way.

It's also true that MS are picking an argument they like, and that they have, in the past and even now, created plenty of exploit avenues.

I think we need to move from a mindset where performance and features reign supreme, to one where security is a major concern. That's bad news, cause security is much harder to evaluate than MIPS or texels/s (and reviewers/commentators like easy work). And people need to be educated: assuming Intel/ATI/nVdia chose to devote resources to creating a "safer" driver, with 30% lower performance (I pulled that figure out of a dark and smelly place), who would choose that safer one, over the faster one ? In a sense, MS can't be totally blamed: they have been giving us what we wanted: perfs and features.

Re:Their concerns do make sense (2)

obarthelemy (160321) | more than 3 years ago | (#36473480)

maybe one solution would be to create an intermediary WebGL driver in userland with lots of security checks. Would that still be worth it, performance-wise

Don't you just hate it (4, Interesting)

lorax (2988) | more than 3 years ago | (#36473498)

Don't you just hate it when Microsoft takes the high road on security and raises some valid points. We've been through this scenario a bunch of times where some class of programs that used to only be used by local programs became accessible on the web and suddenly there is a rash of exploits (jpeg and pdf come to mind), I'd rather not go through it again.

That said, I think Microsoft laid out the problems with enough specificity that they could be addressed.

and yet... (0)

Anonymous Coward | more than 3 years ago | (#36473500)

And yet Silverlight will get all those "harmfull" Features.

Christ, you people are stupid. (0)

Anonymous Coward | more than 3 years ago | (#36473516)

It's a Microsoft article, which means that a few dozen unfunny chuckleheads will chime in with the easy jokes about "ACTIVEX LOL".

Here's a hint: real life is complicated. OSS is not white and MS is not black.

Slashdot is hopeless.

Just an excuse (0)

Anonymous Coward | more than 3 years ago | (#36473546)

Ie is the only main browser which never had plans for webgl.
It's unlikely for security reasons, just that directX is still battling opengl, they're not about to give an edge to the alternative product, right?
They just jumped on the first opportunity to pin their decision on the first flaw that came out of webgl.

Re:Just an excuse (1)

GameboyRMH (1153867) | more than 3 years ago | (#36473584)

It's unlikely for security reasons, just that directX is still battling opengl, they're not about to give an edge to the alternative product, right?

Exactly, that's the best part. After saying that the basic principle is harmful and so on, Microsoft will come out with a proprietary clone called DirectGL or Silverlight3D, which will have the same inherent security problems, but on top of that, the typical Microsoft shoddy security and slow patching.

WebGL x GPU Accelerated Flash (1)

Parker Lewis (999165) | more than 3 years ago | (#36473560)

This is a serious question: how different is run WebGL on GPU than run GPU accelerated Flash content? Are those different issues?

Ugh, M$ (0)

MacGyver2210 (1053110) | more than 3 years ago | (#36473574)

Why don't they just stop fucking with customers' machines and actually join the ARB? Then they can help develop some open-source interoperable standards instead of their broken closed-everything type browsers/plugins/systems. Knowing Microsoft they'd probably do everything they could to shoot the process in the foot and then try to make their own competing technology... ...oh wait...

WebGL is not that usefull yet for... (1)

McNihil (612243) | more than 3 years ago | (#36473604)

Games. No joystick and other input handling, no feedback and such. Now if the browsers would have this functionality possible as standard then I would say Microsoft would have a valid concern painting the devil on the wall that they think WebGL is. However without those crucial components its more likely not a valid concern... I argue that their own supposed IE9 3D accelerated rendered pages for 2D panes is already doing something they are now stating is inherently insecure... Microsoft is really now just saying "this shi*t is no way of doing it." In any event it is my honest opinion that Microsoft should not quip anything regarding this nor anyother security whatsoever because it really shows how out of touch they ultimately are.

Sure, if vid drivers are in ring 0... (1)

DdJ (10790) | more than 3 years ago | (#36473616)

I am reminded of the day when Microsoft's server OS was changed so that unverified third-party video card drivers were run in ring 0. It didn't used to be that way, and it doesn't make sense in a server OS, but they did it anyway.

It's one of the reasons I consider Windows NT 3.51 to be the last decent server OS to come out of Microsoft.

I Brand Microsoft Windows A 'Harmful' Technology (1)

QuietLagoon (813062) | more than 3 years ago | (#36473620)

Just look at all of the security issues that Microsoft Windows has, and all of the security problems that Microsoft Windows has caused globally.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>