pedantic, negative, and closed minded

Insult much? I mean... just because I have an opinion that disagrees with the use of HTML to display whatever in FSX, that makes me pedantic, negative and closed minded? I can only imagine how horribly insulting you must be to yourself for having an opinion!!!

 

There's a reason everyone runs MSE, MalwareBytes, Norton, McAfee, et cetera.

 

 

There's a reason everyone runs MSE, MalwareBytes, Norton, McAfee, et cetera.

 

Yes, but those are typically to prevent against malicious or otherwise infected websites.  Even if someone was to code a full fledged browser based on this code to use within FSX (and why??), it's still only as dangerous as your browsing habits.

 

Of course, everyone is entitled to their opinion, but claiming this is a security risk simply due to the fact that it could possibly be used to browse the internet isn't one that I personally agree with.

 

Now, the more correct concern (in my opinion) is that within every browser exists security flaws; these are most often patched as soon as they are discovered by the developers.  Without knowing how Chrome is being used to display the HTML5 content, there may exist a concern, but only if this was somehow separate from a regularly updated version of Chrome.  If it simply has a dependency of Chrome being installed, then it's no more dangerous than using Chrome itself.

 

I suppose another concern, since it's claimed that this program can access local resources, is that if it would potentially allow an attacker to target the local computer through a malicious website or download.  However, such an attack would require the attacker to think that this avenue would be a worthwhile target; such is the (extremely) niche use of this code, that I'm personally not concerned at all about that possibility.

 

I still think that this is an amazing development, and I've already started mapping out an idea... ^_^

I'm sure his implementation contains Chromium's XSS-auditor, which should reduce most of the risks associated with malicious code, so I don't see this as much of a threat as Ed Wilson does.

 

Nice tool, thanks!

 

cheers

-E

 

 

I suppose another concern, since it's claimed that this program can access local resources, is that if it would potentially allow an attacker to target the local computer through a malicious website or download.

 

Like I eluded to early, HTML5 is supposed to be 100% sandbox, so local resource access would require user approval (this is usually via some type of prompt).  Silverlight 5 is similar however it has the option to go outside the sandbox and have "almost" full access (there is a single user acceptance prompt to elevate it's privileges) ... I believe HTML5 will always have a user prompt on any and every local resource access attempt.  HTML5 is designed to be less flexible in this regard, but is also less of a security threat.  

 

Anyway, it's a very cool idea, possibilities are tremendous.

 

Cheers, Rob.

HTML5 is HTML (on steroids)... the same base text formatting that is used to display every single web page we see on the internet. This means that to display something in FSX using HTML5, you are in all essence using a web page to display in FSX.

 

Web pages can be used for good, or bad. The devil's in the details, which means that you have to be fluent in HTML to be able to understand what someone's HTML5 code is going to do if you run it on your local system.

 

Just like it doesn't take a great deal of effort to create a web page that for the internet that does something bad (like install Trojans without needing user permissions), it is not going to be any more difficult for someone to do the same using this approach in the sim.

 

As for 'niche'... tell Tom Allensworth how 'niche' AVSIM is in regards to people trying to 'break in'. We're niche, not ignored and in fact flight sim forums had a serious rash of being hacked in the past year or so.

 

There's a guy that posted here at AVSIM about how Navigraph closed his account claiming he had shared his navdata with the internet... only it turned out he'd been hacked and that was what they had taken. Now that's definitely 'niche'!

 

I see using HTML to run gauges and such as a security risk because web pages, be they local or remote are indeed a security risk.

On a funny note, one has taken Entertainment medium and brought it to the virtual planes...

 

Seriously, this is very cool.  I really liked on how Google satellite images come up on a panel.  I will play with this by end of this month.

Yay, inflight movies!

Bob,

 

 

Will HTML5 content influence VAS footprint?

 

Good news is, the rendering in memory is done in separate process (using multi-core if available) which is not in FSX and what was introduced in Prepar3d to some extent. The gauges code just communicate with separate rendering process and paint. Unless I made a bug in my code, there should not be any VAS increase to my best knowledge, but to be honest I have not done such detailed testing the limits exercise.... The bad news is, I cannot make use of hardware GPU rendering :( It could change in the future. What I have in mind is to optimize FSX rendering of the gauge. I could still save some extra milisec ... especially for mouse hovering operations. I will work on that to make it even better.

 

Ed,

 

 

Web pages can be used for good, or bad. The devil's in the details, which means that you have to be fluent in HTML to be able to understand what someone's HTML5 code is going to do if you run it on your local system.

I see using HTML to run gauges and such as a security risk because web pages, be they local or remote are indeed a security risk.

 

I understand your concers, I do not take it personally, no hard feelings at all

 

Now, the security risk you are taking is the same as choosing the web site you browse with your normal interner browser. Nothing more. You need to trust the software you are installing or a web page you are browsing. It is always your call. Moreover, when installing FSX add-ons you are taking much higher risk. You need to trust the publisher. Signing DLLs introduced by MS in FSX did not solve the problem, LM with Prepar3d skipped the idea.

With the HTML pages you want to use for FSX, first you need to trust the publisher, then security built behind sandbox, that Bob is reffering to is few levels higher. HTML page cannot access you win folder while DLL can, so I'd say security risk equals to the trust with the pages you browse using normal browser. If you have AV soft that is monitoring your HTTP traffic, you might be right. Most probably AV will not detect Chromium code, but I will double check it. If you're not sure about the risk, you could still browse the "FSX page" with your standalone browser in the first place.

 

Installing web browser does not constitute a risk as such, it is still the address you type in the browser that matters. As it is you who control the page you are surfing. WSB can be used for local page browsing with the FSX related pages. It is only you who have access to this pages. If you receive nice HTML5 page for FSX, you need to trust the source as you need to trust the source with any DLL add-on. 

 

So I agree, there is some potential really "niche" for a leak as with any software, but it still you to control it. I do not recommend WSB for google searching in PDF panel )

 

Jimmy,

 

 

Without knowing how Chrome is being used to display the HTML5 content, there may exist a concern, but only if this was somehow separate from a regularly updated version of Chrome.  If it simply has a dependency of Chrome being installed, then it's no more dangerous than using Chrome itself.

 

WSB is not linked to Chrome updates. As I explained earlier it is not linked to any browser. As it contains Chromium libraries, there are some regular relases, which in fact are synchronised with major Chrome releases. I could built online version checking, but it is not my top priority for the moment.

 

Thank you all for kind words. I hope to see some day some piece of your work with WSB and WSC. I will do PDF chart viewer example as n4gix pointed so you could save $

Thank you all for kind words. I hope to see some day some piece of your work with WSB and WSC. I will do PDF chart viewer example as n4gix pointed so you could save $

Here are some example charts that are freely available. This link is for all of the current ones available for KORD:

http://aeronav.faa.gov//digital_tpp_search.asp?ver=1404&eff=04-03-2014&end=05-01-2014&fldIdent=kord&fld_ident_type=ICAO&st=&fldCityName=&fldAPName=&fldVol=&submit1=Search

 

 

As for 'niche'... tell Tom Allensworth how 'niche' AVSIM is in regards to people trying to 'break in'. We're niche, not ignored and in fact flight sim forums had a serious rash of being hacked in the past year or so.

There's a guy that posted here at AVSIM about how Navigraph closed his account claiming he had shared his navdata with the internet... only it turned out he'd been hacked and that was what they had taken. Now that's definitely 'niche'!

I see using HTML to run gauges and such as a security risk because web pages, be they local or remote are indeed a security risk.

 

My meaning of niche wasn't intended to marginalize the constant attacks against such as Avsim; it was more meant that in order for an attacker to develop an exploit against this particular program / code, and then disguise a website to contain that malicious code in order to carry out the attack in the very slim hopes that someone is using the code to view a specific internet resource, is very, very unlikely.  Magnitudes more unlikely then, say, a malicious fake banking website, or a malware infected wordpress blog.

 

Also, if one was to worry about HTML gauges running locally being a security risk, then one should be concerned about possibly any flight simulator add-on downloaded from the internet.  It would be just as, if not more plausible, that a 3rd party developer could have their website hacked and their offered product replaced with one laden with malware.

 

The internet is always going to be a risk, in any form.  My view is only that this implementation of HTML rendering does not pose any greater risk than anything else done on an internet connected computer.

Good news is, the rendering in memory is done in separate process (using multi-core if available) which is not in FSX and what was introduced in Prepar3d to some extent.

 

If that tests out true, that is indeed great news!

 

 

 

The bad news is, I cannot make use of hardware GPU rendering

 

Silverlight 5 supports hardware GPU rendering http://msdn.microsoft.com/en-us/library/ee309563(v=vs.95).aspx  -- sorry, still miffed at seeing a superior technology killed off (by Microsoft) in favor of a lesser technology (HTML5) just because of "Sandbox" and Apple ... grrr.

 

But possibilities are nice, I could load up flightview while I'm flying and see all the real world aircraft ... very neat!  Even load up ATC chatter channel and listen to them ... even more neat!

 

Keeping an eye on this and how it develops.  Many thanks for posting.

 

Cheers, Rob.

Here are some example charts that are freely available. This link is for all of the current ones available for KORD:

http://aeronav.faa.gov//digital_tpp_search.asp?ver=1404&eff=04-03-2014&end=05-01-2014&fldIdent=kord&fld_ident_type=ICAO&st=&fldCityName=&fldAPName=&fldVol=&submit1=Search

 

I did a POC today. FireFox has HTML5 extension that renders PDF files. Can be used in Chromium and Opera. I took one of the chart and it rendered correctly. The only drawback is when a web page points to PDF file like the one you presented, it will not invoke autmatically the HTML5 viewer. JS extenstions are not supported by my browser. It means, the user will have three options:

1) have open file dialog to browse a local PDF file (will not work in FULL SCREEN, just windowed version)

2) build a web page that will list all PDFs charts and redirect them to use HTML5 browser instead of built-in PDF.dll viewer

3) modyfy viewer code so you could type in directly the URL address of the pdf chart.

 

 

below a screenshot:

 

 

 

Who think about in-flight entertainment system for passengers cabin?  :lol:  Seriously, maybe vatsim client can be made with this?

 

below a screenshot:

 

looks like my scrennshot was not attached. Anyway, I'll do a short YT video. Consider PDF chart rendering as solved

 

 

Silverlight 5 supports hardware GPU rendering

 

Chromium engine renders HTML5 with GPU as well, however it cannot be used for in memory rendering. That's a pity as some WebGL 3d features would impact FPS. But I will look for some nice WebGL example rendered within FSX.

 

I will also try to use 3d map like http://cesiumjs.org/ that would be much cool than 2d map. It could be rendered in remote device like tablet to free some your CPU. As you noticed, the potential is huge.

some more examples

 

1) a gift for n4gix - PDF Chart viewer

 

 

2) a gift for Rob, Silverlight example

 

 

3) WebGL example for All

 

 

enjoy, cheers

 

Marcin