My OperaMicrosoft tries to step on WebGL, stumbles on its own feet
Wednesday, June 22, 2011 1:30:00 PM
The other day, Microsoft decided to speak out against WebGL. It's harmful to the web, they said.
To be more specific, they are worried about security.
Microsoft's position is not entirely unreasonable. There are always possible security concerns with new technologies. It is important to highlight these, and fix any problems (such as the recent WebGL vulnerability in Firefox).
But since when did a security flaw mean that we throw the entire piece of technology out? Operating systems and web browsers have been dealing with security problems for many years. It's not like this is new to Microsoft, so their criticism sounds more like FUD than anything else.
Indeed, Microsoft's criticism would sound a little less hollow if they weren't doing the exact same thing with Silverlight that they are criticizing WebGL over.
And lo and behold, a Denial of Service vulnerability in Silverlight 5 of the same type that Microsoft was overly concerned about with WebGL recently surfaced.
I'll quote the report here:
Ouch.
Double ouch.
To be clear, WebGL doesn't allow you to simply pass things directly to the driver. The browser "compiles" the source before it reaches the OpenGL (or Direct3D) driver. This seems to be similar to what Silverlight is doing. Even Flash 11 will be doing these things.
So when it all comes down to it, Microsoft looked at a problem, wrote a text on it, and made it sound like it was specific to WebGL. But the problem also exists in other 3D APIs, and yet Microsoft seems to think that WebGL is "harmful to the web" while Silverlight isn't?
Even people at Microsoft do not buy it. That's how convincing their "WebGL Considered Harmful" article is.
So, Microsoft, does this mean you are going to kill 3D support in Silverlight, or does it mean you will add WebGL support to Internet Explorer?
A little consistency would be nice, you know?
To be more specific, they are worried about security.
Microsoft's position is not entirely unreasonable. There are always possible security concerns with new technologies. It is important to highlight these, and fix any problems (such as the recent WebGL vulnerability in Firefox).
But since when did a security flaw mean that we throw the entire piece of technology out? Operating systems and web browsers have been dealing with security problems for many years. It's not like this is new to Microsoft, so their criticism sounds more like FUD than anything else.
Indeed, Microsoft's criticism would sound a little less hollow if they weren't doing the exact same thing with Silverlight that they are criticizing WebGL over.
And lo and behold, a Denial of Service vulnerability in Silverlight 5 of the same type that Microsoft was overly concerned about with WebGL recently surfaced.
I'll quote the report here:
Recently Microsoft published an article about a WebGL DOS vulnerability:
http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx
The same vulnerability exists in Silverlight 5, here's a proof of concept (warning, crashes your system)
http://people.mozilla.org/~bjacob/SilverLight5DOSJustLikeWebGL/HelloWorld3D/Bin/Debug/HelloWorld3DTestPage.html
Normally I wouldn't file a Silverlight bug report about that since this really isn't specific to Silverlight (or WebGL, or any particular 3D API), but the above-mentioned Microsoft security article suggests that Microsoft thought that it would be WebGL-specific.
Ouch.
Double ouch.
To be clear, WebGL doesn't allow you to simply pass things directly to the driver. The browser "compiles" the source before it reaches the OpenGL (or Direct3D) driver. This seems to be similar to what Silverlight is doing. Even Flash 11 will be doing these things.
So when it all comes down to it, Microsoft looked at a problem, wrote a text on it, and made it sound like it was specific to WebGL. But the problem also exists in other 3D APIs, and yet Microsoft seems to think that WebGL is "harmful to the web" while Silverlight isn't?
Even people at Microsoft do not buy it. That's how convincing their "WebGL Considered Harmful" article is.
So, Microsoft, does this mean you are going to kill 3D support in Silverlight, or does it mean you will add WebGL support to Internet Explorer?
A little consistency would be nice, you know?
(32%)
