Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Firefox Mozilla

Mozilla Enables WebRender By Default On Firefox Nightly 101

RoccamOccam writes: WebRender, an experimental GPU-based renderer for web content, written in Rust, is now enabled by default for Firefox Nightly users on desktop Windows 10 with Nvidia GPUs. The announcement was made on the mailing list.

Lin Clark provides an excellent overview of WebRender and, states, "with WebRender, we want apps to run at a silky smooth 60 frames per second (FPS) or better no matter how big the display is or how much of the page is changing from frame to frame. And it works. Pages that chug along at 15 FPS in Chrome or today's Firefox run at 60 FPS with WebRender.

In describing the WebRender approach Clark, asks, "what if we removed this boundary between painting and compositing and just went back to painting every pixel on every frame? This may sound like a ridiculous idea, but it actually has some precedent. Modern day video games repaint every pixel, and they maintain 60 frames per second more reliably than browsers do. And they do it in an unexpected way instead of creating these invalidation rectangles and layers to minimize what they need to paint, they just repaint the whole screen."
This discussion has been archived. No new comments can be posted.

Mozilla Enables WebRender By Default On Firefox Nightly

Comments Filter:
  • âoeThis site requires an nVidia 2080Ti or better." - the new york times soon probably
  • by Anonymous Coward

    Only LUDDITES use WebRender. Modern app appers use AppApper!

    Apps!

  • What are the security implications of letting web sites run arbitrary code on your GPU?

    I bet they're more significant than you're expecting.

    https://lib.dr.iastate.edu/cgi... [iastate.edu]

    https://ieeexplore.ieee.org/st... [ieee.org]

    • Good thing they're not running the javascript vm on the gpu then.

    • by AHuxley ( 892839 )
      About the same as any 2018 OS or CPU :)
    • What are the security implications of letting web sites run arbitrary code on your GPU?

      This article is about the web browser using the GPU for rendering, not about web sites running arbitrary code on the GPU.

      • by llamalad ( 12917 )

        Because it's impossible to have arbitrary code execution vulnerability in rendering software, and nor has anyone in history ever chained exploits together to achieve a desired outcome?

        Oh, wait-
        https://security.stackexchange... [stackexchange.com]

        And chaining vulnerabilities is very common.

        • Nice strawman but that's a very different thing to "letting web sites run arbitrary code on your GPU" which is absolutely not the goal here but if that's really the way that you're framing it then the answer is the implications are much less severe than letting web sites run arbitrary code on your CPU.
          • by llamalad ( 12917 )

            Orly?

            https://www.digitaltrends.com/... [digitaltrends.com]

            • Again, this is not about "letting web sites run arbitrary code on your GPU". But more to the point you obviously didn't even read that paper. In order to do that you need to first compromise the system at the root level so you can get access to the memory holding the keyboard buffer then run a CUDA program with admin privileges to map that memory to the GPU and execute the compute kernel to read that memory. i.e. to do this you need to have completely compromised the operating system already.

              • by llamalad ( 12917 )

                You're driving a car down the road.

                Do you make decisions solely based on what's directly in front of your bumper?

                Or do you make decisions drawing from years of experience driving cars and what you see to either side and in the rearview mirror and your side mirrors and what you see further down the road and, dare I say it, common sense?

                • Or do you make decisions drawing from years of experience driving cars and what you see to either side and in the rearview mirror and your side mirrors and what you see further down the road and, dare I say it, common sense?

                  You seem very confused, you've posted links demonstrating that a privileged application can map kernel memory and run a CUDA program that can then access that memory, we already know that, that's not news (well actually it does seem to be news to you). Whether the browser uses the GPU to render something (which also has been done for a long time and is not a new thing) or not has no bearing whatsoever on that at all.

                  There's nothing fundamentally about Firefox's Web Render that makes it any more or less vuln

                  • by llamalad ( 12917 )

                    While walking along in desert sand, you suddenly look down and see a tortoise crawling toward you. You reach down and flip it over onto its back. The tortoise lies there, its belly baking in the hot sun, beating its legs, trying to turn itself over, but it cannot do so without your help.

                    You are not helping.

                    Why?

                    • If you can posit why a CUDA application executed via a privilege escalation bug is a risk to Web Render feature of Mozilla any more than to any other application then, or indeed what about Web Render makes it particularly prone to some unspecified GPU-based attack then I'm willing to listen but I'm afraid it's pretty clear you don't - and likely lack the capacity to - understand. I'm afraid I can't fix your stupid, sorry.

                      Privilege escalation bugs that allow arbitrary execution of code on the GPU or any othe

    • by DrXym ( 126579 )
      That's an issue for WebGL, not the mechanism by which a browser renders standard HTML content. For WebGL, most browsers would maintain a driver whitelist / blacklist although IMO it is still sailing dangerously close to the wind - a driver could declare itself WebGL capable (basically OpenGL ES 2/3 with the ability to reset state) and still be vulnerable in some way. Reminiscent of ActiveX controls self declaring themselves safe for scripting.
  • by BrendaEM ( 871664 ) on Thursday September 13, 2018 @03:04PM (#57308998) Homepage
    It's not your computer.
  • Imagine how wonderful /. will look!

  • Apping apps to the app so you can app the app!

    Okay, now that THAT'S out of the way, looks okay, but I think Randall should sue.
  • I'd like to get a Beowulf Cluster of these!

  • by UnknownSoldier ( 67820 ) on Thursday September 13, 2018 @03:12PM (#57309076)

    Any plans to target 120 Hz?

    • I'm sure marketing has plans. 120 FPS is snake oil until either improved input methods exist, or the increased cost in bandwidth for the minimal visible benefit is solved. It can be done, but it's not worth customers paying for... for now.
    • by Waffle Iron ( 339739 ) on Thursday September 13, 2018 @05:21PM (#57310022)

      I want a plugin to limit the browser to 24 FPS to make it look more cinematic.

      • Amen, brother.

        *lazily sips coffee from fresh-roasted beans*

        I watch all of my browsing as shot on 35mm film, it's the only way I surf the internet nowadays.

        *pushes black-rimmed glasses further up my hipster nose*
        *adjusts suspenders*
        *checks 4th gen. Apple watch*

  • if you took out all the damn javascript!
    • Even better, take out the Google spyware links. (Google is far from the only culprit, they just waste the most total time.)

  • by RoccamOccam ( 953524 ) on Thursday September 13, 2018 @03:49PM (#57309348)

    Lin Clark provides an excellent overview of WebRender and, states, "with WebRender...."

    I have no idea why I typed all of those commas.

  • by Tough Love ( 215404 ) on Thursday September 13, 2018 @04:07PM (#57309458)

    Firefox is my main browser for a lot of reasons, not just that Google doesn't dominate it. Great to see the Mozilla team leading the way on this, and it's a big validation for Rust. Any serious systems programmer ought to take a close look methinks.

  • by DarkRookie ( 5030953 ) on Thursday September 13, 2018 @04:28PM (#57309616)
    Don't program for a web browser.
    Or stop people from filling up their sites with bullshit JS and media.
    • Don't program for a web browser.

      Don't want to succeed, don't program for a popular platform.

      • Popular does not equal good.
        The top 40 radio stations prove that.
        • That depends on what you want to achieve. A "good" provider for their family would like to run a successful business that makes money. In software if your popularity is zero so is your income. Your wife may not think you're very "good" for your idealistic choices of programming platform.

          Also turning your comment around, popular likewise doesn't mean bad. And as per TFA quite clearly if you want to achieve 60fps whatever that boiler plate statement may imply you could just fine program for a web browser.

  • This is extremely old news. It would be interesting to know if that tech has been enabled for more than Win10 and Nvidia GPUs by now.

Technology is dominated by those who manage what they do not understand.

Working...