The proper solution, of course, i for GPU drivers not to suck but it was still a legitimate point and this article seems to validate that.
Whereas Chrome implemented a WebGL compiler that reduced the amount of attack surface WebGL could reach and audited a bunch of popular drivers to fix the exposed bits.
I think the fact that this blog shows that these vulnerabilities are not reachable from WebGL is a validation of Chrome's approach there, though it clearly shows the issues these drivers present for escaping Chrome's sandbox.
GPUs are both really complex and highly secretive about their implementations. The incentive for GPU vendors is to write fast drivers. Security is pretty far down on the list, esp when it competes directly against performance.
MS's security side may have been against WebGL and the IE team either agreeing or using it as an excuse (and really, from this point of view, it doesn't matter!), but other parts of the company were exposing the web to the exact same problems.
They make cards w/ 4x DisplayPort connectors, but apparently multiple monitors isn't part of their quality assurance process? That seems a mite silly to me.
Wasn't too terribly impressed with the team (and a couple of them were definitely giving off that "I hate my job/life" vibe, one disgruntled fellow was even trying to drop little thinly-veiled "run away!" hints at me). I figure either the cream of the crop at Nvidia doesn't work in QA, or they don't get proper support from upper management.
P.S. Didn't get an offer anyway, probably for the best - I was desperate for work at the time and would have taken it :)
You can try to remove all the NV kernelmode driver files manually, at which point it should just fallback on the default VGA driver. Then you can use the DDU[1] tool to cleanup any remaining files, and do a clean install with a driver from nvidia.com.
Do you perhaps remember what the bugcheck code was, and which driver was listed as the offender? If you have a kernel minidump still available, that'd be helpful as well.
[1]: http://www.guru3d.com/files-details/display-driver-uninstall...
Link to DDU: http://www.guru3d.com/files-details/display-driver-uninstall...
Right now my graphics driver carries a boatload of "utilities" of questionable utility - especially "hand written artisanal shaders" to improve quality in AAA titles, where NV or ATI optimize the game's original shaders. NVIDIA ships stuff for 3D glasses.
How about that the driver packages only load these when asked to do so, e.g. when a game that can be optimized is installed / launched, or when a 3D glass is added?
One thing that certainly blows up the size is that the NV driver installer bundles support for everything from the old NV 8600M - which IIRC was released in 2007.
If there's one thing I certainly can't whine about in times where phones carry less than 2 years updateability, then it is that NVidia still provides up-to-date drivers for a GPU chipset nearing a decade of life time.
Edit: a quick google search turns up CVEs for the old catalyst driver, but none for the newer crimson drivers.
https://technet.microsoft.com/en-us/library/cc730606(v=ws.10...
Or, I finally got it to appear to work. Details on how it really works, the documentation didn't really say. Why it works now, I don't really know. I never understood it well and, instead, just threw it against the wall in various ways until it appeared to stick.
Another point is, after such a remote Microsoft change, I no longer really know what went into my system or relevant boot partition or how to rebuild it starting with what I already have. That is, when I built the system, I took careful notes on just what I did so that I could retrace if necessary; with remote changes from Microsoft, my notes are now inaccurate. My system is no longer reproducible. So, if next week I make a change that ruins my boot partition, then I can't rebuild to just before the change -- unless I have backed up that boot partition with, say, NTBACKUP which I do use. Indeed, with the system I am building now, I'm planning a boot drive with several bootable partitions and a second drive with backups via NTBACKUP (if that is still the best approach on Windows) of various increments of the boot partitions.
That is, in general I very much want to know just what, and quite generally and in as much detail as possible, (A) the heck is on my system and (B) how to get back to some earlier state.
All this skeptical caution is a special case of rules:
(1) If it ain't broke, don't fix it.
(2) If anything can go wrong, then it will.
(3) There is no independence; if you change one thing, then no telling what else may be affected.
(4) The fundamental perversity of material objects.
etc.
I very well remember, from when I was at IBM's Watson lab and we visited some high end customers, how when IBM came out with a fix, update, change, or new version, the site would run the change for months just on a test system before they permitted it on-line for production work. Part of this was, if the system crashed for an hour, then the CIO could lose his bonus. Two such in one year, and he could lose his job. They very much did not want systems that crashed. They were very clear about that.
Once, out of IBM, I visited the main NASDAQ site in Trumbull, CT: They were doing their core work on Non-Stop systems. IIRC, their attitude was that their Non-Stop systems didn't stop and didn't need updates.
Here is some irony: First the vendor sells their system as the greatest. Second, the vendor says they have an update.
Hmm .... If their greatest needs an update, then how about the update?
To borrow from the movie The Treasure of the Sierra Madre, "Updates? What updates? We don't need no stink'n updates."
I want to say Microsoft will push them out a little later, but I can't be entirely sure since I've always used the nVidia path.
EDIT: Unfortunately the GeForce Experience is getting, as is typical, super invasive. Access to even basic settings requires an account (nVidia or Facebook account, etc).
Considering that computer configuration is unique enough to enable fingerprinting across different browsers, I can't even see why it's required.
At least Experience tells you it's being creepy so you can remove it.
Bear in mind that the system call ABI changes slowly and with much difficulty: once a version of a kernel is in production, it can stay in use for a long time; it can take a long time for new functionality to be broadly available, and breaking back-compat with applications compiled against older ABIs is Not Done. Dynamically loadable kernel modules and ioctl-like system calls make it much easier to bring new functionality to all the various kernels running around in the real world.
Given the complexity and rate of change in graphics tech, it makes perfect sense for there to be a general-purpose arbitrary functional-call mechanism for interaction between user-mode and kernel-mode graphics driver components. Microsoft (or the linux graphics subsystem maintainers, etc) just doesn't know enough about Nvidia/AMD's current and future requirements to nail down a more rigorously defined API.
You can imagine the usermode interface as:
void escape(int command, void *param);
void escape(int command, void *param)
{
switch (command)
{
case COMMAND_FOO:
do_foo((foo_param_t *)param);
return;
case COMMAND_BAR:
do_bar((bar_param_t *)param);
return;
}
}
Does that help?
I'm currently selecting parts for my next computer, to be used for continued development of the Windows .NET software for the Web site for my startup and also for my first Web server available to beta testers and then to the public on the Internet.
So, sure, I need a video card. Of course, I will do some routine Web browsing, maybe watch a movie at YouTube or Netflix. But I have never played a video game and, trying to get my business going, have no intention of playing a video game.
So, looking at information on video cards, it appears that maybe the card should support hardware acceleration of Microsoft's DirectX version 12 and also maybe some recent version of OpenGL.
Question 1: Why should I move from just VGA, that is, get just a VGA card and not even get a graphics card? What will I get from a graphics card I really need and can't get from just VGA?
Question 2: If I get a graphics card, will DirectX 12 hardware acceleration on a graphics card help for some of Web browsing or movie watching?
Question 3: Same as Question 2 but for OpenGL?
Some people on this tread may have some good answers. As far as I can tell, good answers on the Internet are like hen's teeth -- it looks like everyone wants to sell graphics cards for the latest gaming experience.
Thanks!
First of all, if your CPU has an integrated GPU, and you don't need more monitors than it supports (usually it's 3x1080p), that will be more than enough.
> Why should I move from just VGA, that is, get just a VGA card and not even get a graphics card?
I don't quite understand what you mean by VGA card. You mean something that has a VGA adapter and framebuffer(s), but the rendering is done on the CPU?
I wasn't aware those still exist outside some niche markets. I'd guess it'd cost about as much as an entry level GPU, which will take the load off your CPU.
My advice, if you don't have any iGPU on your CPU, is to just get the lowest tier graphics card. Those are <$100 new for the latest generation. You don't need latest, and probably don't need new.
When it comes to web browsing and watching videos, any remotely recent card will work fine. You may have issues with some fancy WebGL pages (i.e. browser games) but that hardly counts as everyday browsing.
Be sure to read a review of the card before purchasing!
The CPU I plan is the AMD FX-8350 with 8 cores running at 4.0 GHz and 125 Watts. So, no it has no integrated graphics support.
For a "VGA card", I just meant a video card supporting all the old VGA standards but without a graphics processor. So, there would be no "hardware acceleration" of OpenGL 4.5 (or some such) or DirectX 12 (some version of). Yes, there would be a standard VGA plug (socket, connector, etc.) for the signal connection to the monitor, but many high end graphics cards also have that.
Yes, looking, it's possible to find just a VGA card, that uses an old PCI slot, for about $20. But, a low end graphics card can go for about $30 or $36 with 1 GB of memory of its own, a graphics processor, and "support", likely hardware acceleration, of OpenGL and DirectX.
Apparently by Windows 10, DirectX 12 is regarded as a standard part of Windows.
In my old computer, I assembled in 2007, which apparently due to motherboard hardware problems, does blue screen of death (BSOD), really, the screen goes black instead of blue, about five times a day, has an old nVIDIA GX 4000 with 64 MB of memory. As far as I know, the card has been fine. I never knew that the card had any graphics capabilities until two weeks ago when I ran the standard Windows utility DXDIAG which showed that the card supports DirectX 9 and the card put up a nice rotating cube of the DirectX logo. Okay. So, maybe the graphics processor in the card can accept a gazillion triangles in 3D from the CPU, motherboard, and applications software, do rotations, hidden line removal, shading, maybe texturing, etc. Okay, but since 2007 that is the first time I ever saw such a thing!
I have been concerned about statements, e.g., that some graphics card needed for the PC's power supply to have capacity 300 Watts or more. Gads! That's a lot of power! Looking in more detail, apparently such graphics cards actually draw a maximum of only 25-40 Watts at 12 Volts, that is, <= 3.3 Amperes, which seems acceptable enough for the 650 Watt power supply I'm planning, the case cooling I'm planning, etc. I will be sure to use some of the standard ASUS software to monitor the 12 Volt lines from the power supply -- I doubt that the voltage will ever fall significantly below 12 Volts. The 12 Volts lines from the power supply are used for what, just the cooling fans, the hard disk drives, maybe the power on the USB ports, and, apparently, power to the PCI-Express slots? Gee, the pulse width modulation (PWM) of three of the cooling fans will put some fluctuation on the 12 Volt lines that will mess up a graphics card? I doubt that!
You are correct about WebGL -- I doubt I will be visiting Web sites that use that. I'm less clear about scalable vector graphics (SVG). I don't see even from 50,000 feet up how ordinary Web browsing, say, displaying JPG or PNG still images or playing MPG4, YouTube or Netflix, or DVD videos could be helped by having a graphics processor -- tough to find such explanations. Do graphics processors routinely help display fonts faster?
I will have a 2 TB hard drive for bootable partitions. I will install Windows 7 Professional 64 bit on two boot drive partitions, say, drive letters C and D, and use one of those for my remaining software development for my Web site. Using likely the standard Windows utility NTBACKUP, which I like (e.g., it will backup a bootable partition while it is running, likely much like how relational database does a backup of a database while it is executing transactions and I can save it to any disk drive I want just by an ordinary copy operation) I will save both bootable partitions to a second hard drive. Then if, say, partiton D gets sick and the usual Windows restore is not good enough, I will boot partition C and restore the sick partition D from one of my NTBACKUPs on the second drive.
Some years ago when I was trying to install an Express (free) version of Microsoft's SQL Server, my boot partition contents were corrupted, really, destroyed, and I had to reinstall everything starting with an empty partition. Bummer. I want NEVER to have to do that again: Before I do any possibly dangerous maintenance, installations, or upgrades to a bootable partition, I will just save the whole partition with NTBACKUP. Then, if the partition gets messed up, I will just boot another bootable partition and restore the backup from NTBACKUP and try again.
Then I will install, again on two partitions, some version of Windows Server, likely 2012, and SQL Server of about the same vintage, and that will be the basis of my Web site as I go for beta testing and live on the Internet.
The Web site HTML sent to my users will be only just dirt simple HTML, say, up to date as of about 10 years ago, with just a little, simple CSS and nearly no JavaScript, no pop-ups, roll-overs, pull-downs, over-lays, or icons and no HTML <div> elements (tags?) -- dirt simple. I will have a simple logo graphics PNG I developed with just Microsoft's PhotoDraw, and that will be the only use of graphics. Net, for the Web site, I see no need for any graphics hardware, for development, server, or clients.
I see from both nVIDIA and ATI graphics cards $30-$40 with 1 GB memory, OpenGL, DirectX 12 that use a PCI-Express x16 version 2.1 slot. The Asus motherboard I have in mind has a PCI Express x16 2.0 slot which I suspect one way or another will work well enough with a card that wants version 2.1. I suspect I will make a decision today.
I'm still not very clear on just why I need a graphics card instead of just an old VGA card, but for just another $16 I'm going to spend the money, accept whatever system management mud wrestling I have to do to get an appropriate device driver working, quit worrying about the card, and get on with the more important work.
Thanks for the info.
It's not just Windows drivers with these problems...
The patches from Tuesday fixed a total of 16 CVEs. 11 are Windows only, 4 are Windows+Unix[1], 1 is Unix only. 3 of those (Windows) CVEs were reported externally.
http://nvidia.custhelp.com/app/answers/detail/a_id/4398
Older bulletins: http://www.nvidia.com/object/product-security.html
[1]: Unix in NVIDIA-speak generally means Linux+Solaris+FreeBSD