Search Unity

  1. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
  2. Unity is excited to announce that we will be collaborating with TheXPlace for a summer game jam from June 13 - June 19. Learn more.
    Dismiss Notice

Discussion Bad news for WebGPU ^^

Discussion in 'Web' started by roka, Mar 21, 2024.

  1. roka

    roka

    Joined:
    Sep 12, 2010
    Posts:
    601
    Hello everybody !

    When you are waitting since many years for a good solution after the unity web player deprecation (almost 10 years ago ^^) and when you see this :https://www.cyberkendra.com/2024/03/new-research-exposes-privacy-risks-of.html ^^

    Many years ago everybody tell us that "Webgl" will be the best solution for web game but with the SharedArrayBuffer exploit, everything was gone.

    Now they tell us "come on, WebGPU is the best solution now" and there you go,the same again and again : https://www.cyberkendra.com/2024/03/new-research-exposes-privacy-risks-of.html

    I have started to move my games on unity 2032.x.x to be ready for the release of the WebGPU in the next unity versions but i think that it was not a good idea now ^^

    Well, for doing that, just keep the old stuff that was working fine for everybody and still work on it, the result will be the same at the end :(

    Have a good day.
     
    Last edited: Mar 21, 2024
  2. CodeSmile

    CodeSmile

    Joined:
    Apr 10, 2014
    Posts:
    6,467
    I quote:
    There will ALWAYS be security risks with any technology. Part of why web technology in particular takes AGES to be standardized and implemented are the security concerns around every corner.

    Yet here we are, yesterday's thread was about getting gamers to download random executables from itch.io where anyone can upload, where nothing gets reviewed manually unless flagged by their automated virus scanner, which naturally can only scan for known malware and not those specifically targeted not to get caught by their scanner.

    Yet you're like "that's the end of WebGPU" .... please, look at this in perspective. ;)

    We had critical CPU exploits in the past years that made the news, and that's CPUs that most every computer is using. Did it bother people much? Not really.
    Has it been used to attack people? Have not heard anything like that. These kind of security leaks really are for high profile, targeted attacks that national intelligence agents pursue.

    This WebGPU exploit is merely a proof of concept, a theoretical application. Sure, hackers will come up with far worse. But they really needn't. It's simply too much work compared to simply hosting a WebGL app (or any website) that exploits a known security issue, or even unknown ones, or just getting people to download and run an untrusted executable.

    In that sense we should be shutting down the web. :p
     
    Armynator, KamilCSPS and DevDunk like this.
  3. Armynator

    Armynator

    Joined:
    Feb 15, 2013
    Posts:
    68
    "everything was gone"? I can't remember WebGL suddenly being unsupported in all major browsers? Only the SharedArrayBuffer feature was removed from some browsers, and only for a while until it was fixed.
    Today we have a 4gb RAM limit and even multithreading for WebGL games (support for it in Unity is experimental, but working very well for me). But sure, WebGL must be a horrible and useless solution because of some doom-mongering a few years ago.

    I'm wondering why you think it's a bad idea because of that. WebGPU in Unity is still nowhere near production-ready and the target audience is very small as most browsers and operating systems haven't adopted it so far. Yet your biggest concern is that security risk?
     
  4. roka

    roka

    Joined:
    Sep 12, 2010
    Posts:
    601
    No, my biggest concern is that i'm currently using Unity 2019.4.38f1 wich is really stable for me but i have to move foward and to upgrade my unity version to be able to use SIMD,multithreading and coming WebGPU.

    I'm just scared that again, one day, we get a news that WebGPU gonna work at 50/75% because of an memory exploit like we got for WebGL in the past.
     
  5. brendanduncan_u3d

    brendanduncan_u3d

    Unity Technologies

    Joined:
    Jul 30, 2019
    Posts:
    458
    Take that article with a grain of salt, nothing claimed there has been substantiated. WebGPU is not exposing anything in the GPU that couldn't be done with WebGL. Sure it has compute shaders, but most things there could be emulated with fragment shaders. Yes it's a new API, but built by the people that have been building WebGL for years, with all of the lessons learned from that. Security has always been foremost on the browsers minds with WebGL/WebGPU. They already do a lot of things to mitigate security risk, including limiting certain options (it's why we don't have synchronous GPU readback on WebGPU), limiting resources, significantly more validation checking than native APIs, and limiting the precision of timers so you can't get a true reading of GPU times, just approximate readings. It makes my job a lot harder dealing with the security factors when all I want is raw access to the GPU, but I'm happy the security factors are there.

    Security is vitally important for the web and people are constantly finding exploits that browsers are having to protect against. The Meltdown and Spectre exploits that caused sharedarraybuffers (and WASM threading) to disappear for a while is an example of that. But the web is too important of a platform to not keep pushing it forward, while improving the safety of browsers against exploits.

    Not much I can do to help with 2019 being locked down vs adding new features to new versions of Unity. That's how software is developed. All anyone can do is try to make each version as stable and feature rich as we can.
     
    GCatz, MousePods, Armynator and 3 others like this.