Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Is Grooming Chrome As a Game Platform

Posted by timothy on from the ok-you'll-need-these-special-dice dept.

An anonymous reader writes with this snippet from Conceivably Tech: "On Friday I noticed that Google is heavily pushing New Game, a game developer conference that is focused on HTML5-based gaming content — and, of course, content that runs in web browsers. The fact that such an event already exists and that there is game content being developed in HTML5, is quite stunning by itself. However, Google also noted that a sandboxed native client (NaCl) with 3D (in addition to 2D) will be available in Chrome soon, which will allow the browser to connect to traditional C and C++ code via its integrated Pepper API."

3 of 127 comments (clear)

  1. Does anyone by phantomfive · · Score: 3, Insightful

    Does anyone else see this as a giant security hole? As in, various schemes like this have been tried since the days of ActiveX, and the only reason ActiveX has the worst reputation is because it's the only one that gained widespread use?

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Does anyone by ninetyninebottles · · Score: 2, Insightful

      That's damn wrong. ActiveX's widespread usage is NOT the only reason. The most significant reason is that ActiveX had basically NO security - one wrong decision by the user and their whole system is compromised. There is no "sandbox filesystem actions" like in Java model for instance. The second glaring issue is that the user does not always gets to decide - lots of objects were marked "safe for scripting" - that is for use from JavaScript, when in fact their interfaces never meant to be secure.

      I would add that being a closed source, single vendor project, there was no competition. If MS's implementation was insecure, well you're SOL. With an open standard implementation of NaCl with an open source reference implementation you have a different beast. If Google doesn't fix a problematic hole MS or Apple or Nokia or Canonical or Adobe can and will. Competition drives improvement, including security improvements.

  2. Re:Cats shit in sandboxes all the time. by ninetyninebottles · · Score: 3, Insightful

    They're [sandboxes] a theoretical concept that have never worked well in the real world. They've been tried time and time and time and time again. They aren't a new concept, but nobody ever seems able to implement them properly, even when some of the biggest names in the field are involved, and even when they have nearly unlimited resources and people to throw at the problem.

    Well, except Apple with iOS, Google with Android, the NSA with their SELinux improvements, a crap-ton of people who worked on and use TrustedBSD, Bitfrost in the OLPC, and every security researcher for the last 20 years who has relied heavily on VMs. But yeah aside from those and probably a bunch more I don't know about, no one has successfully implemented sandboxes.

    Maybe what you meant to say was that Microsoft hasn't been able to implement them properly.