Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It would be crazy to ignore MS on this point, yes. It would also be crazy, though, to take them at face value. While there are avenues for attacks via WebGL, I think it's clear that MS is being at least somewhat disingenous about the implications one can draw from the existence of such attacks. I am not enough of an expert to tell lies and facts apart in MS's statements, and so I cannot derive any real value from what they say. I am hence forced to derive my opinions on the matter from other, more trustworthy sources, such as the Mozilla blog that you linked to.


Mozilla and Google have their own agendas and biases around WebGL. If you want an independent opinion, look to security experts and low level graphics programmers who don't have a big stake in the browser vs native platform controversy.


You're going to find that security researchers are going to agree with Microsoft's take on this. People have been finding actual flaws in this stuff. Web browsers are the hardest piece of software we have to secure in 2011. Coupling them directly to video drivers is disquieting.


There's a big difference between saying that something is presently insecure and that it is by nature not securable. I understand and agree that WebGL is not presently secure at all, but Microsoft is making a set of claims far beyond this: that not only is WebGL insecure, it can never be made secure, and moreover, that Silverlight is somehow immune to the problems facing WebGL. That additional set of claims is why I say that MS is being disingenuous, if not outright lying. More than a good-intentioned warning about insecure software (which would be exceedingly ironic, given the source), MS's statement comes off as opportunism.


I see WebGL people saying essentially the same thing: that there is a reasonable degree of security that can only be assured by obtaining cooperation from driver vendors; that, in other words, the security of WebGL is not entirely under their control.


That is definitely the "secure" answer. Allow me to make a prediction, though: WebGL will happen. Browsers have always largely ignored security concerns ("what do you mean, twenty-year old crufty font rendering code perhaps shouldn't be directly exposed to the internet?"), and they are not going to stop now.


I don't want an independent opinion so much as I want one from a party that isn't being disingenuous.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: