Announcement

Collapse
No announcement yet.

WebCL: OpenCL For The Browser

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Security Nightmare!!

    I really don't get all this excitement about WebGL and now WebCL. Its a totally insane, at least when viewed from a security standpoint. Allowing a website/server direct access to your gpu, be it for webgl or webcl or whatever, means giving it full read/write access over your main memory (something everybody agrees on is bad), opening the door wide open for exploits and other malicious code. There's an ongoing discussion about this, and especially Microsoft's decision not to support hw-acceleration in their browser is often seen as FUD and as an attack against there competition; I believe that they've gathered enough experience in battling ie's and window's security flaws the past decade to know when something is a bad idea on the conceptual level. I know that by writing this, I can't stop the title-wave. but I find it important to voice my concern over something that on a purely technological-level is really neat, but when brought out into the harsh reality will cause so many headaches (and maybe worse..) in the future.

    Comment


    • #12
      Originally posted by hungerfish View Post
      I really don't get all this excitement about WebGL and now WebCL. Its a totally insane, at least when viewed from a security standpoint. Allowing a website/server direct access to your gpu, be it for webgl or webcl or whatever, means giving it full read/write access over your main memory (something everybody agrees on is bad), opening the door wide open for exploits and other malicious code. There's an ongoing discussion about this, and especially Microsoft's decision not to support hw-acceleration in their browser is often seen as FUD and as an attack against there competition; I believe that they've gathered enough experience in battling ie's and window's security flaws the past decade to know when something is a bad idea on the conceptual level. I know that by writing this, I can't stop the title-wave. but I find it important to voice my concern over something that on a purely technological-level is really neat, but when brought out into the harsh reality will cause so many headaches (and maybe worse..) in the future.
      You've got a point here, but I believe that at least the Open Source stack has some of this taken care of. The CS checker that resides in the kernel DRM (at least for Radeon) does memory access checking (or at least I'm pretty sure it does). This is actually an improvement over Nvidia's OpenCL run-time, which doesn't do access checking.

      I'm not sure if AMD's GPU OpenCL run-time checks for memory access violations. The CPU-based OpenCL run-times all are subject to the standard memory access rules for a program, so they should be restricted to the current process's memory space.

      Comment


      • #13
        Originally posted by deanjo View Post
        It would actually be kind of cool. Upload a data set to your webbrowser and let it crunch away instead of having to install an application on your system first. Also I could also see distributed projects liking this as well. Open up your browser, navigate to a page, and bamm you have another client on the swarm crunching away.
        This is nothing that a Java Applet could not do, given the proper libraries were built.

        The sooner we stop trying to make an HTML parser and viewer a full blown operating system the more sanity we will preserve.

        Comment


        • #14
          Originally posted by locovaca View Post
          This is nothing that a Java Applet could not do, given the proper libraries were built.
          True enough. You know what else could be done in a Java Applet? This entire forum, and the Phoronix website. "Could" isn't a good reason for why it "should".

          Comment


          • #15
            Originally posted by smitty3268 View Post
            "Could" isn't a good reason for why it "should".
            Which is exactly why we do not need OpenCL extensions for Javascript. Just because you can Fold or RC5 within a browser context doesn't mean you should.

            Comment


            • #16
              Originally posted by locovaca View Post
              Which is exactly why we do not need OpenCL extensions for Javascript. Just because you can Fold or RC5 within a browser context doesn't mean you should.
              Physics for a browser-based game? I guess that's one reason to want OpenCL. Browser-based GPU-accelerated transcoding of videos for upload to YouTube would be another.

              I'm not saying that WebCL is absolutely necessary, but there's cases where it could be useful, as long as the security built around it is solid. As long as the video card drivers don't do memory access checking, there's HUGE potential for nastiness.

              Comment


              • #17
                Samsung's demo & code release

                Hi, haven't seen this mentioned yet- Samsung released a demo of WebCL vs non-WebCL
                and accompanying source code.

                Also, not totally related, here's using Facebook to render images for Blender 3D.

                Comment


                • #18
                  Originally posted by locovaca View Post
                  Which is exactly why we do not need OpenCL extensions for Javascript. Just because you can Fold or RC5 within a browser context doesn't mean you should.
                  Yep, this is a much better reason to be against this than your previous post gave.

                  It looks like the mobile device companies are largely behind this. No doubt they have certain tasks in mind that smart phones can do more efficiently on the GPU rather than the CPU, although i'm still not entirely sure what they are particularly concerned about.

                  I guess I think this is largely a good thing, it just seems like there could have been a lot of other more pressing issues to work on first.

                  Comment


                  • #19
                    Originally posted by locovaca View Post
                    The sooner we stop trying to make an HTML parser and viewer a full blown operating system the more sanity we will preserve.
                    That was web 1.0. People want interactivity on the web now (eg. Google Bodybrowser at http://bodybrowser.googlelabs.com ). Welcome to web 2.0.

                    Comment


                    • #20
                      ???

                      Originally posted by hungerfish View Post
                      I really don't get all this excitement about WebGL and now WebCL. Its a totally insane, at least when viewed from a security standpoint. Allowing a website/server direct access to your gpu, be it for webgl or webcl or whatever, means giving it full read/write access over your main memory (something everybody agrees on is bad), opening the door wide open for exploits and other malicious code. There's an ongoing discussion about this, and especially Microsoft's decision not to support hw-acceleration in their browser is often seen as FUD and as an attack against there competition; I believe that they've gathered enough experience in battling ie's and window's security flaws the past decade to know when something is a bad idea on the conceptual level. I know that by writing this, I can't stop the title-wave. but I find it important to voice my concern over something that on a purely technological-level is really neat, but when brought out into the harsh reality will cause so many headaches (and maybe worse..) in the future.
                      What "main memory"? EVERY app in your system do acces your main memory. I have advise for you! Unplug your PC from power source, and be safe.

                      PS really, WebCL can not steall any data from not its own memory than any other app/api. And if some implementations do not check if GPU memory is owned someone who acces it, it is easily fixable.

                      And NONE waries about it in case of WebGL nor WebCL.

                      Comment

                      Working...
                      X