Babylon.js 3.0 announced

New version of JavaScript framework provides new interesting features
14 July 2017   1684
JavaScript

Lightweight interpreted or JIT-compiled programming language with first-class functions

According to the Windows Developer Blog, the 3.0 version of Babylon.js, an open-source, complete JavaScript framework for building 3D games with HTML5, WebGL, WebVR and Web Audio, had been recently announed. 

Over 120 external contributors took part in the developing of this framework. 

So, what are the main features of Babylon 3.0? 

  • Support for WebGL 2

    WebGL 2 allows more control over the GPU. The support for WebGL 2 is completely transparent with Babylon.js 3.0. This means that the engine will automatically use WebGL 2 if available, and it will fall back to WebGL 1 if not. Mode details can be found here.

  • Support for WebVR 1.1

    Babylon.js 3.0 supports all VR devices, including the newest. Babylon.js can also transparently use WebVR 1.0 if your device does not support the latest version of the specification (Gear VR for instance). It also supports using device orientation events to provide virtual reality on mobile.

  • Support for glTF 2.0

    Full support for GL API files is added to new version.

  • Improved physically based rendering (PBR)

    PBRMaterial, that is used for rendering of physically based objects, was completely rewritten. It is now more accurate and better aligned with GLTF2.0 specifications. This material can be used to simulate real life lighting and provide photorealistic scenes.

  • Babylon.GUI

    Babylon.js GUI library extension can be used to generate interactive user interface. It relies on hardware acceleration to produce a fast and light way to deal with user interaction. The Babylon.GUI is helpful with VR scenarios when you cannot display HTML elements. It can also be used to project your UI in 3D.

  • Morph targets

    • Great way to animate objects is to use morphing between different targets. This technique is widely used to animate character heads, for instance. 
  • Support for live textures using WebCam

    • You can now create project webcam content to any textures in your world. This could be used to simulate mixed reality experience or apply some fun effects.

Additionally, developers launched new version of documentation, where coders can find a lot of useful inforamtion.  

Also, a playground is now available too. This is great tool for learning with live code editor.

New Versions of Spectre Vulnerability Found

Chrome / Chromium, Edge, Safari and other browsers based on WebKit and Blink are under the thread
13 July 2018   102

The information about new vulnerabilities in the mechanism of work of processors is published. The attack is based on the principles of the Spectre operation and consists in restoring the data in the processor cache when the instructions are speculative. Chrome introduces strict isolation of sites.

How it works

Specter 1.1
It is based on the principles of the Specter 1. Unlike the previously identified vulnerability, the code is executed, not read. This causes the buffer to overflow and cache the results. This method of attacks allow to restore the contents of the cache and send information to third-party channels that analyze the access time to the cached and not pro-cached data.

Specter 1.2.
The principle of operation is similar to the execution of Spectra 1 scenarios, but memory areas with a "read only" flag are used. In doing so, Specter 1.2 only achieves the definition of pointer and metadata values ​​to bypass the constraints of sandbox environments.

Solution

The available methods for eliminating vulnerabilities require further development and modernization. One of the many scenarios involves adding LFENCE instructions to the application compilation process or at the hardware level. In addition, existing buffer overflow modes can also be an effective protection against vulnerabilities.

Browsers

Chrome / Chromium, Edge, Safari and other browsers based on WebKit and Blink are under the thread. It is based on opening a page with a decorated JavaScript code and forms in JIT the necessary set of instructions for the attacker. This code execution script allows to read the contents of the process address space and get information about stored keys and passwords.

In this regard, Google introduces strict isolation of sites for 99% of users of Chrome 67. The mechanism is to place different pages of sites in the memory of different processors using a personal safe execution environment. The introduction of the strict isolation mode will increase the processor's memory consumption by the browser by 10-13%.