Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: WebCL: OpenCL For The Browser

  1. #11
    Join Date
    Sep 2007
    Posts
    28

    Angry Security Nightmare!!

    I really don't get all this excitement about WebGL and now WebCL. Its a totally insane, at least when viewed from a security standpoint. Allowing a website/server direct access to your gpu, be it for webgl or webcl or whatever, means giving it full read/write access over your main memory (something everybody agrees on is bad), opening the door wide open for exploits and other malicious code. There's an ongoing discussion about this, and especially Microsoft's decision not to support hw-acceleration in their browser is often seen as FUD and as an attack against there competition; I believe that they've gathered enough experience in battling ie's and window's security flaws the past decade to know when something is a bad idea on the conceptual level. I know that by writing this, I can't stop the title-wave. but I find it important to voice my concern over something that on a purely technological-level is really neat, but when brought out into the harsh reality will cause so many headaches (and maybe worse..) in the future.

  2. #12
    Join Date
    Nov 2008
    Location
    Madison, WI, USA
    Posts
    862

    Default

    Quote Originally Posted by hungerfish View Post
    I really don't get all this excitement about WebGL and now WebCL. Its a totally insane, at least when viewed from a security standpoint. Allowing a website/server direct access to your gpu, be it for webgl or webcl or whatever, means giving it full read/write access over your main memory (something everybody agrees on is bad), opening the door wide open for exploits and other malicious code. There's an ongoing discussion about this, and especially Microsoft's decision not to support hw-acceleration in their browser is often seen as FUD and as an attack against there competition; I believe that they've gathered enough experience in battling ie's and window's security flaws the past decade to know when something is a bad idea on the conceptual level. I know that by writing this, I can't stop the title-wave. but I find it important to voice my concern over something that on a purely technological-level is really neat, but when brought out into the harsh reality will cause so many headaches (and maybe worse..) in the future.
    You've got a point here, but I believe that at least the Open Source stack has some of this taken care of. The CS checker that resides in the kernel DRM (at least for Radeon) does memory access checking (or at least I'm pretty sure it does). This is actually an improvement over Nvidia's OpenCL run-time, which doesn't do access checking.

    I'm not sure if AMD's GPU OpenCL run-time checks for memory access violations. The CPU-based OpenCL run-times all are subject to the standard memory access rules for a program, so they should be restricted to the current process's memory space.

  3. #13
    Join Date
    Nov 2008
    Location
    Germany
    Posts
    5,411

    Default

    Quote Originally Posted by deanjo View Post
    It would actually be kind of cool. Upload a data set to your webbrowser and let it crunch away instead of having to install an application on your system first. Also I could also see distributed projects liking this as well. Open up your browser, navigate to a page, and bamm you have another client on the swarm crunching away.
    the dream of a bitcoin farmer

  4. #14
    Join Date
    Apr 2010
    Posts
    271

    Default

    Quote Originally Posted by deanjo View Post
    It would actually be kind of cool. Upload a data set to your webbrowser and let it crunch away instead of having to install an application on your system first. Also I could also see distributed projects liking this as well. Open up your browser, navigate to a page, and bamm you have another client on the swarm crunching away.
    This is nothing that a Java Applet could not do, given the proper libraries were built.

    The sooner we stop trying to make an HTML parser and viewer a full blown operating system the more sanity we will preserve.

  5. #15
    Join Date
    Oct 2008
    Posts
    3,038

    Default

    Quote Originally Posted by locovaca View Post
    This is nothing that a Java Applet could not do, given the proper libraries were built.
    True enough. You know what else could be done in a Java Applet? This entire forum, and the Phoronix website. "Could" isn't a good reason for why it "should".

  6. #16
    Join Date
    Apr 2010
    Posts
    271

    Default

    Quote Originally Posted by smitty3268 View Post
    "Could" isn't a good reason for why it "should".
    Which is exactly why we do not need OpenCL extensions for Javascript. Just because you can Fold or RC5 within a browser context doesn't mean you should.

  7. #17
    Join Date
    Nov 2008
    Location
    Madison, WI, USA
    Posts
    862

    Default

    Quote Originally Posted by locovaca View Post
    Which is exactly why we do not need OpenCL extensions for Javascript. Just because you can Fold or RC5 within a browser context doesn't mean you should.
    Physics for a browser-based game? I guess that's one reason to want OpenCL. Browser-based GPU-accelerated transcoding of videos for upload to YouTube would be another.

    I'm not saying that WebCL is absolutely necessary, but there's cases where it could be useful, as long as the security built around it is solid. As long as the video card drivers don't do memory access checking, there's HUGE potential for nastiness.

  8. #18
    Join Date
    May 2008
    Posts
    208

    Arrow Samsung's demo & code release

    Hi, haven't seen this mentioned yet- Samsung released a demo of WebCL vs non-WebCL
    and accompanying source code.

    Also, not totally related, here's using Facebook to render images for Blender 3D.

  9. #19
    Join Date
    Oct 2008
    Posts
    3,038

    Default

    Quote Originally Posted by locovaca View Post
    Which is exactly why we do not need OpenCL extensions for Javascript. Just because you can Fold or RC5 within a browser context doesn't mean you should.
    Yep, this is a much better reason to be against this than your previous post gave.

    It looks like the mobile device companies are largely behind this. No doubt they have certain tasks in mind that smart phones can do more efficiently on the GPU rather than the CPU, although i'm still not entirely sure what they are particularly concerned about.

    I guess I think this is largely a good thing, it just seems like there could have been a lot of other more pressing issues to work on first.

  10. #20
    Join Date
    Oct 2009
    Location
    Brisbane, Queensland, Australia
    Posts
    154

    Default

    Quote Originally Posted by locovaca View Post
    The sooner we stop trying to make an HTML parser and viewer a full blown operating system the more sanity we will preserve.
    That was web 1.0. People want interactivity on the web now (eg. Google Bodybrowser at http://bodybrowser.googlelabs.com ). Welcome to web 2.0.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •