As part of WebGL’s ongoing growing pains, Web engineers have gotten into a war of words that finds even some Microsoft engineers squaring off against other Microsoft engineers. Look closely, though, and you’ll see some real progress on making WebGL a wider reality – and, behind the headlines, promise we may still see it in Microsoft’s flagship browser.
In a recent, widely-disseminated post, Microsoft’s security engineering blog recently called WebGL “harmful.” The post didn’t mince words, referring to two reports by Context Information Security, a UK consultancy, which have been critical of WebGL technology, and predicting WebGL will become “an ongoing source of hard-to-fix vulnerabilities” that Microsoft cannot endorse.
WebGL Considered Harmful [ Microsoft Security Research & Defense ]
In fact, Microsoft’s MSRC engineering criticisms appear to be copied and pasted directly from the CIS report. There are three points Microsoft’s SRD blog makes:
1. Browser support for WebGL directly exposes hardware functionality to the web in a way that we consider to be overly permissive.
2. Browser support for WebGL security servicing responsibility relies too heavily on third parties to secure the web experience.
3. Problematic system DoS scenarios.
These are all reasonable concerns. The distinction to make is this: are these individual implementation bugs, specific to certain browsers and drivers, or fundamental problems with the WebGL standard that make WebGL itself untenable?
Mozilla’s Mike Shaver lines that up nicely:
[WebGL] exposes the same capabilities used by games like Doom 3 and (optionally) World of Warcraft, and virtually every game that runs on the iPhone, OS X, Android or Linux.
Security professionals, including Context IS, have discovered bugs in the specification (related to cross-domain image loading) and in Firefox’s specific implementation. Both are being addressed, as with security problems in any other technology we ship, but recently the conversation has turned to inherent security characteristics of WebGL and whether it should be supported at all by browsers, ever.
He also points to an Adobe effort for Flash that Adobe themselves say is similar to Adobe’s, as well as Microsoft’s XNA-in-Silverlight work, both of which he argues would face similar problems. Well worth reading his whole post:
a three-dimensional platform [Noise from Signal]
Multi-dimensional, indeed — that sums up the problem. He gets to what may be the core of the situation in closing:
It may be that we’re more comfortable living on top of a stack we don’t control all the way to the metal than are OS vendors, but our conversations with the developers of the drivers in question make us confident that they’re as committed as us and Microsoft to a robust and secure experience for our shared users.
So far, I’ve been unable to find any evidence in the original report that suggests these are fundamental, unfixable problems, nor do security analysts elsewhere seem to be backing the sweeping generalizations in the Microsoft security blog post.
Likewise, it’s all too easy to look at this as Microsoft striking back at cross-platform standards, when in fact that appears to be misreading the situation. Pundits and bloggers like to view big technology vendors as monolithic entities – something of which I’m sure I’m personally guilty, though I try to do my best to understand the internal dialog that happens at vendors.
The Rebuttal from … Microsoft?
Screaming headlines on the Web say “Mozilla” is sparring with “Microsoft” on WebGL.
That’s simply inaccurate and misleading. Microsoft has separate teams working on security and browser engineering. This post came from a security team, but was not an official, companywide statement.
Then, there’s this rebuttal:
Is WebGL actually harming your computer in any way? I doubt that’s a serious or credible claim. And, frankly, if Microsoft has taken a formal position against WebGL, no one I know got the memo.
It would be an unfortunate position for Microsoft to take, IMO, because it gives the impression that Microsoft runs away from security issues that require some modest technical mitigation.
After all, what is an operating system but a series of security apparatuses coupled with Hardware Access Layers and useful software development APIs on top?
That author also looks deeper at this issue, arguing WebGL is vital to the Web’s future and is essential to Microsoft:
The kind of experiences we want to deploy are nothing short of revolutionary – 3D for the masses, tying the real world to the information space that surrounds us in our everyday lives. This means phones, PCs, and the like will require the kinds of rich, real-time interactive 3D interfaces that right now only WebGL can offer in a cross-platform, stable, browser-based way.
There is clearly only one direction forward for Microsoft and 3D on the web.
WebGL is the way.
So, take a guess at who wrote the top two quotes: someone at Mozilla? Kronos? Google, maybe?
Nope: that’ll be Avi Bar-Zeev, Principal Architect at Microsoft. Avi is sadly not the person charged with WebGL implementation, but he does work across multiple Microsoft groups. He’s also more likely to know, internally, whether the company is taking such a stand. As the inventor of KML, founder of Keyhole (predecessor to Google Earth), and creator of core tech for Second Life, he’s also one of the people on the planet most invested in seeing the worlds of 3D and Web merge.
Why Microsoft and Internet Explorer need WebGL (and vice-versa) [RealityPrime]
For their part, the Khronos Group, who publish the specification for WebGL, say that implementation of the WebGL standard is still in progress, and will include fixes for the above issues, and has in the past defended the security of the standard’s architecture against these security concerns.
InformationWeek’s Thomas Claburn outlines some of those issues and conflicts, including noting that Google sandboxes its WebGL implementation and avoids problematic “cross-origin” textures:
Microsoft, Apple Dis WebGL
That’s a good argue, but it also represents some mic-characterization. The headline would lead you to believe that Apple, uh, “dissed” WebGL. In fact, the author can point only to a one line email on a developer mailing list in which Chris Marrin says that iOS 5 won’t include a publicly-available WebGL implementation. There’s no explanation of why, or whether the same will be true on Mac, let alone any kind of criticism from any Apple engineer that matches the developer blog. Yet Claburn goes on to say:
Even so, conspiracy theorists could frame Apple’s caution as a way to sustain the native iOS app market at a time when there’s talk about web apps finally mounting a serious challenge to native apps.
Absent from the article: any supporting evidence that this is what Apple’s doing, that it’d benefit from such a strategy, that WebGL is imminent in other mobile implementations (I haven’t seen it anywhere beyond desktop), that WebGL is a viable option for mobile application delivery, that mobile graphics chips even yet support WebGL as implemented on the desktop, or even so much as a single conspiracy theorist is making this argument. (In fact, if we’re speculating about conspiracy theorists, I’d say generally “conspiracy theorists” might have all sorts of explanations.)
The bottom line is this: don’t believe everything you read. That includes everything you read on CDM. Often, there are discussions that go on internally that aren’t seen by the public. Since us bloggers and tech journalists like to report on tech as though it’s team sports, we lump together “Microsoft” and “Apple” and pretend they’re taking clear sides. Sometimes, they are, and that’s responsible. Here, it’s unclear.
But do keep on reading. There’s added reason to watch this issue on Create Digital Motion. Some of the openness we desire out of working with video is naturally at odds with security concerns. Look no further than the screenshot in CIS’ report:
It shows just the sort of texture stealing we actually like to do as visual artists. Syphon, an inter-app video texture sharing API for the Mac, is one such practical application:
Syphon on CDM [report from last fall]
I remain hopeful that WebGL will get over its teething pains and resolve these security issues. In the meantime, really looking into the details of the debates – the actual technical bugs and challenges – is illuminating. And in their defense against these security concerns, engineers like Avi Bar-Zeev provide deeply compelling arguments for why all of this work is so important in the first place.
I hope companies like Microsoft continue to allow engineers the kind of freedom to share this information publicly. The debate may sometimes be messy, but in the long run, we learn more, and the tech moves forward.