Google Demonstrates Chrome Native Client With Bastion

Multiple readers sent word that Bastion, an action RPG from indie developer Supergiant Games originally made for Xbox Live Arcade, has shown up in the Chrome Web Store. The purpose of the move is to showcase the browser's Native Client technology. From the article: "Ian Ellison-Taylor, Google's director of product management for the open Web platform, said that Native Client, also called NaCl, can currently improve browser performance by 1 to 10 times. 'What would it be like if we could run native code inside the browser,' he asked the crowd, and he enumerated two goals for the Native Client project. He said Google wants to bring native applications to the Web for performance and security reasons, and it wants to enrich the Web ecosystem by bringing popular, long-in-use programming languages to the Web."

Wow, this is so innovative.

This is so revolutionary. Now we can run native applications on our computers! Just imagine the possibilities! Oh, wait. We already can. And they aren't inhibited by some horrid browser-based sandbox.

Re:Wow, this is so innovative.

[AmiMoJo]

Considering the difficulty that many users seem to have with noticing those big scary warning messages about how the free screensaver they just downloaded can rape their PC I think offering a sandboxed environment might be a good idea. Microsoft seems to think so too as that is exactly what Windows 8 will offer.

improving performance by 1 to 10 times

[roman_mir]

can currently improve browser performance by 1 to 10 times

- this reminds me of the quote from the historical documents:

-Good Lord! That's over 5000 atmospheres of pressure!
-How many atmospheres can the ship withstand?
-Well, it was built for space travel, so anywhere between zero and one.

Re:improving performance by 1 to 10 times

[donscarletti]

It's best to take all figures, especially those concerning NaCl with a grain of salt.

Re:improving performance by 1 to 10 times

[burni2]

Yes, even an improvement by "1" time is great.

I got a promotion last week, all what I said to my boss was I will do the things in the same way I do them like in the past, nothing less, and well he said then I will promote you to nothing less than in the past and I will increase your sallary by a factor of 1.

bad idea

[locopuyo]

How would that be more secure? I can only think of things that make it less secure. It is also Satan's anus poised over web standardization.

Re:bad idea

[Qwavel]

I'm guessing they mean that you are more secure now that you can run apps in your browser which you previously had to install into your OS. The privileges enjoyed by an NaCl browser app are really minimal compared to the same app installed with admin on Windows (which is how most users do it).

Regarding web standardization, note that NaCl is nothing like Flash or Silverlight: rather then replacing standard web technologies with proprietary technologies, it is primarily a way to optimize pieces of web technology. You take your bundle of HTML/CSS/Javascript and replace pieces of the javascript with native code. And you don't do it with some proprietary google language - you do it (eventually) with whatever language you want.

To me it seems like a reasonable way to move the web forward without subverting it (or even altering it much).

Re:bad idea

[AaronLS]

Since NaCl == Sodium Chloride == Salt, let's make this discussion more interesting by replacing all instances of "NaCl" with "salt".

"note that [salt] is nothing like Flash or Silverlight". The first consistently taste great, while the others vary in flavor from one OS to the next. I kid, I kid :)

Re:bad idea

[chrb]

Implementing something your own way is evil and proprietary.

Native client is open source. So is chromium.

Re:bad idea

[kripkenstein]

To me [NaCl] seems like a reasonable way to move the web forward without subverting it (or even altering it much).

There are a few big problems with that:

• NaCl is not portable. NaCl apps only run on x86 and x86_64, not ARM or PowerPC or anything else.
• NaCl is not a standard or even a proposed standard, and all other browser vendors are opposed to it (because of the previous issue, and because it is controlled by Google). As a consequence, NaCl apps only run on Chrome (and on x86 and x86_64).

The web is all about open standards, viewing the same web from any browser or any OS, and so forth. So NaCl, that only runs on two archs and on one browser, is a step backwards.

Re:bad idea

[BitZtream]

You have a really fucked up definition of evil if 'doing your own thing' qualifies as evil.

Re:bad idea

[suy]

NaCl is not portable. NaCl apps only run on x86 and x86_64, not ARM or PowerPC or anything else.

NaCL binaries are not portable in the same way I can't install the FireFox's Windows binaries on Linux (or the armel ".deb" from packages.debian.org on my amd64 computer), but honestly, who cares? Mozilla and Debian guys just compile it for each supported platform. There is also the possibility of creating a "fat nexe" that supports all platforms.

As a consequence, NaCl apps only run on Chrome (and on x86 and x86_64).

Is open source code on an open source browser. I would prefer it being a plugin (I think at some point there was one) so I can run it in all my browsers. But this is no different than any other proprietary feature on other browsers. I'm currently using Mozilla's proprietary "crypto" JavaScript API for an application, and it only runs on Mozilla's browsers. Not convenient, for sure, but what should I do? Not use the feature at all? Or try to make something valuable from it, so other developers might consider incorporating it?

Re:bad idea

[gsnedders]

See http://lists.cs.uiuc.edu/pipermail/llvmdev/2011-October/043719.html: LLVM bitcode isn't stable between releases, is still undocumented in sufficient detail to do a clean-room implementation, and is fundamentally designed to be a compiler IR and not a generic interchange IR. Trying to use it as the latter will only lead to pain.

Re:bad idea

[gsnedders]

NaCL binaries are not portable in the same way I can't install the FireFox's Windows binaries on Linux (or the armel ".deb" from packages.debian.org on my amd64 computer), but honestly, who cares? Mozilla and Debian guys just compile it for each supported platform. There is also the possibility of creating a "fat nexe" that supports all platforms.

And what happens when I'm browsing the web on my MIPS-based TV? I'm at the mercy of the website author to specifically support my architecture. Today, I can visit any website and it will work. There is no dependency on any architecture specific stuff. Most developers will only bother compiling for x86 and ARM in all probability, which will hurt anyone else.

Is open source code on an open source browser. I would prefer it being a plugin (I think at some point there was one) so I can run it in all my browsers. But this is no different than any other proprietary feature on other browsers. I'm currently using Mozilla's proprietary "crypto" JavaScript API for an application, and it only runs on Mozilla's browsers. Not convenient, for sure, but what should I do? Not use the feature at all? Or try to make something valuable from it, so other developers might consider incorporating it?

It is a plugin... using a non-standard, non-documented plugin API, which nobody apart from Chrome supports or has any intention of supporting (it's a huge amount of badly documented, totally web irrelevant, anti-Open-Web chunk of code --- why should anyone take it in?). If they had used the standard plugin API (NPAPI), it would work today in every browser.

And I'm sorry, but this is fundamentally different to a lot of proprietary functionality in other browsers. Most of browser vendors are putting in large amounts of effort into removing old proprietary behaviour and specifying anything they wish to keep. Even Apple when it adds new proprietary behaviour to WebKit typically specifies it. Writing a spec is a big deal: it allows anyone else to write a clean-room implementation, which is often desirable (especially for CSS/DOM extensions: it's practically impossible to share much code without all moving to a single engine). Google hasn't released any spec for NaCl (and neither for the Pepper plugin API it relies upon), the spec it has released for Dart is nowhere near complete enough to allow a new implementation (and it had a several year headstart on implementing --- something that makes their implementation very hard to compete with), the spec for WebM is mostly just a dump of the code of the implementation (it's not really a spec: it's just code and the spec just says "match this").

Re:bad idea

[kripkenstein]

It's open source, but it still is not portable not standardized.

Re:bad idea

[kripkenstein]

There is a fat nexe for x64 and x64_64, but nothing else. That still isn't portable.

Portability is important on the web. People expect to visit websites from their web browser, and for them to work regardless of their OS and CPU. NaCl doesn't work like that.

Re:bad idea

[suy]

And what happens when I'm browsing the web on my MIPS-based TV? I'm at the mercy of the website author to specifically support my architecture. Today, I can visit any website and it will work. There is no dependency on any architecture specific stuff. Most developers will only bother compiling for x86 and ARM in all probability, which will hurt anyone else.

First, MIPS (or any other architecture) is not left out by design, just by implementation. The sandbox requires a deep study of the assembler language of the architecture to avoid all kinds of holes, so there aren't much implementations available because the technology is quite young, but if it ends up being useful, the MIPS manufacturers will be interested in supporting it. If you have a really minor architecture, chances are high that you will have little support for other kinds of hardware accelerated products (e.g. Flash comes to my mind), which are the kind of products that NaCl is aimed to.

And second, the kind of websites that you can browse right now in a low powered TV, will still be coded using technologies available on all browsers.

It is a plugin... using a non-standard, non-documented plugin API, which nobody apart from Chrome supports or has any intention of supporting (it's a huge amount of badly documented, totally web irrelevant, anti-Open-Web chunk of code --- why should anyone take it in?). If they had used the standard plugin API (NPAPI), it would work today in every browser.

OK, that's something I could agree with you. I'm not a browser developer, so I don't know which is the state of this. I certainly don't like Google's attitude in general with respect the way the release technology without some consensus with other parties. If NaCl ends up being a de facto proprietary technology, I will not see it as encouraging. I just think that, as a technology by itself, is quite interesting.

Re:bad idea

[kripkenstein]

NaCl is not portable. NaCl apps only run on x86 and x86_64, not ARM or PowerPC or anything else.

Which is why there is PNaCl

Which is an interesting research project, but it's too early to say if it will achieve the goals of complete portability and full performance.

Re:bad idea

[kripkenstein]

PNaCl is portable because they'll use llvm.

LLVM is not portable, see for example http://thread.gmane.org/gmane.comp.compilers.llvm.devel/43769/focus=43770

It is very hard to try to make LLVM portable, which is what PNaCl is attempting. Maybe they will succeed, we will see in time.

How do I turn this off?

[orn]

Like I really want anyone and their uncle to be running native code on my machine. We went to a sandbox model for a reason! If this is active now, how do we shut it off?

Re:How do I turn this off?

You should read up on how NaCl works. It is in a sandbox. One based on software fault isolationi.

Re:How do I turn this off?

[TheGratefulNet]

yeah, right; I'm going to trust italian software!?

Re:How do I turn this off?

[swillden]

Like I really want anyone and their uncle to be running native code on my machine. We went to a sandbox model for a reason! If this is active now, how do we shut it off?

It's not active by default, yet, and it is sandboxed. Native sandboxing is possible.

It's SLLOOOOWWWW

[Mr.+McGibby]

I tried Bastion this morning on my arguable beefy 8-core 8 GB machine. SLOW AS SNOT. So either it's slow or I need to change some configuration setting. Maybe I'm missing something, but wasn't doing this crap in the browser supposed to make it "just work" (tm)?

Re:It's SLLOOOOWWWW

[0123456]

Maybe I'm missing something, but wasn't doing this crap in the browser supposed to make it "just work" (tm)?

They said it would 'just work' (so long as you're using a supported browser), they didn't say it would be usable.

Re:It's SLLOOOOWWWW

[SadButTrue]

Not sure what issue you had but I just gave it a go and it was quite smooth. The game it's self isn't my cup of tea but it ran just fine. Narration was funny, if I could have use my controller I prob would have played at least to the end of the demo..

Re:It's SLLOOOOWWWW

[errandum]

It just worked for me, and I'm running a Core 2 Duo 3 year old processor with a medium range graphics card. I'm running Chrome 15

Re:It's SLLOOOOWWWW

[Ambvai]

Low end i5, 4gb with onboard video. The first stage was about as smooth as the downloaded version with the exception of a periodic tiny skip about every two seconds. Chrome 15.0.874.121 m.

Re:It's SLLOOOOWWWW

[VortexCortex]

Single core code... You bought more cores thinking coders (especially poor indie ones) were going to support all of them at once?
My 7 year old 3ghz single core machine, w/ 3GB RAM and a crappy $50 Nvidia GeForec FX 5200 runs this fantastically.

As a coder myself I take great pains to ensure my software can take advantage of as many cores as you throw at it, but in reality, most programs do not. What's the individual cycle speed of one of your cores? Less than my 6 year old laptop? Yeah, don't expect low quality software to run well on your high quality rig.

I wish Erlang wasn't crap when it comes to games -- it was a step in the right direction.

Re:1 -10 times

[roman_mir]

May I suggest one to ten pinches?

Reminds me of IE 6

[Billly+Gates]

I am a little uneasy of making a web browser a proprietary platform. PcMag had an article about Chrome being the next IE 6 of the browser wars 2.0.

IE 6 was a great browser in 2001 regardless of its security shortcomings found years later. Everyone on slashdot back then admitted to using it but were scared and assumed the WWW would die soon because of it. Everyone seems to be oblivious that Google is another evil big corporation no different than Microsoft. Actually synergy is behind Google now, like it was with MS a decade ago.

Dart is chrome only, the javascript libraries are Chrome only or particulary run much better on Chrome (google ones like V8), this and many other proprietary HTML 5 code like that site with the band a few months ago that only work in Chrome. This game will use HTML 5 but has other proprietary hooks to make sure it wont run in any browser.

Google is making it clear they look at the browser as an operating system. At least Microsoft today is running away from ActiveX and trying to do good with IE 10 which will be the most open and standards compliant browser to date. Firefox is dying and is losing popularity. In a year or two from now it will be a IE vs Chrome world.

Anyone else bugged or am I just paranoid? I just want a great browser and not a simple fast one, but with the real goodies underneath it that are dependent on Chrome.

Re:Reminds me of IE 6

[Qwavel]

I agree that Google is just another big evil corp and should be watched closely - I'm a fan of much of what they have done, but I still try to remain critical.

But this is nothing like what MS tried to do to the web. I'll repeat some of what I posted above: with NaCl, Dart, WebM, and SPDY, Google is not replacing web technologies with proprietary technologies - they are optimizing pieces of web technologies.

Even when you use these technologies you are still writing a standard web app and it still runs on all browsers - just without the Chrome optimizations. For NaCl for example, the primary use case (according to Google) is that you take your bundle of HTML/CSS/Javascript and replace pieces of the javascript with native code. When deployed to other browsers your app uses the original javascript instead of the optimized NaCl alternative.

More importantly, these technologies are all open source and restriction and royalty free. So, for example, Amazon is now using Google's SPDY technology in their browser without any royalties or advantage to Google.

To me these seem like reasonable ways to move the web forward without subverting it.

So, if you want to be pissed at Google then note that a couple of weeks ago they cancelled their project to make Green technologies competitive with coal. That didn't get nearly enough press. But when it comes to the web they (for now) still appear to be behaving themselves.

Re:Reminds me of IE 6

[DragonWriter]

I am a little uneasy of making a web browser a proprietary platform.

There's two different uses of "proprietary" that are common, one is in contrast to FOSS (which Native Client is), and one is in contrast to "standard" (with regard to which, per the Native Client FAQ, Google thinks Native Client is too immature to consider trying to standardize at this time.)

Lots of technology gets integrated into browsers to be proven before being submitted for standardization.

Dart is chrome only

No, its not. The VM isn't integrated into Chrome yet, the only way to run it in a browser is compiling to JS that runs on any modern browser, so its not even runs-better-on-Chrome, much less Chrome-only.

Its possible that the when the VM is integrated in Chrome it will be runs-better-on-Chrome.

the javascript libraries are Chrome only or particulary run much better on Chrome (google ones like V8)

V8 isn't a javascript library, its the JavaScript engine that Chrome uses, parallel to SpiderMonkey or whatever the engine is that Firefox uses now.

[...] proprietary HTML 5 code [...]

You are misusing either "proprietary" or "HTML 5" here.

Re:Reminds me of IE 6

[cmburns69]

Even when you use these technologies you are still writing a standard web app and it still runs on all browsers - just without the Chrome optimizations. For NaCl for example, the primary use case (according to Google) is that you take your bundle of HTML/CSS/Javascript and replace pieces of the javascript with native code. When deployed to other browsers your app uses the original javascript instead of the optimized NaCl alternative.

So I have to write my stuff twice? I barely have enough time to write what's needed once!

No thanks, I'd rather continue to write once and run everywhere-- That's what javascript + existing cross platform libraries provide.

I'll start using these, though, If any of these solutions (thanks to their open specifications) get picked up by a majority of browsers.

Re:Reminds me of IE 6

[kangsterizer]

SPDY and WebM are not the same as Dart and NaCl.
WebM is just plain good, no doubt.
SPDY gave them an advantage since they had it first and others were shy to make such a hack (because it is a hack), however, its getting adopted since SCTP would be a pain.

Dart and NaCl received a strong push back from half or more of the community so I don't need to bore you with details you have already read.

So they enforce it - and they can, due to Chrome's grow rate and their hand over a lot of things. They buy out companies to develop for it. Microsoft style.

Re:Reminds me of IE 6

[10101001+10101001]

So I have to write my stuff twice? I barely have enough time to write what's needed once!

Or three or four times. ARM needs the boost more than x86, anyways, but honestly given that Javascript still doesn't seem suited for more than twirling fobs, I'm not sure what the real point is. I mean, if the performance does become high enough that it's feasible to push games into the browser, I can only see that as a combination of annoying users--just like flash does--while offering an inferior experience to a stand-alone client--since it's enough of a hassle worrying if the game itself will crash without also having to worry about the browser crashing as well. Of course, perhaps I'd feel a bit differently if web browsers didn't still crash, hang, become generally unresponsive, and/or have regularly security concerns. But, then, OS kernels have all those problems as well, even Linux, so I'm not exactly getting my hopes up. It's just that adding another layer doesn't seem to improve things.

Re:Reminds me of IE 6

[FrangoAssado]

Google's JavaScript libraries are purposefully written to run faster on V8 specifically, often at the expense of performance in other browsers. And at the same time, V8 is written to run the code patterns those libraries use faster, often at the expense of other code patterns used elsewhere.

That might be a problem if V8 wasn't open source, or if Google was preventing anyone from seeing how it works. As it stands, your argument makes about as much sense as saying that Linux and GCC were evil because earlier versions of Linux couldn't be compiled on anything but GCC. The thing is, nothing prevented anyone from changing Linux to compile in other compilers, or studying GCC to learn how to make other compilers compile Linux (and, indeed, today it's possible to compile Linux with other compilers).

So, if Google's libraries do indeed run that much faster in V8, what's preventing anyone from implementing these optimizations in other javascript engines, or writing their libraries to run fast on V8? Is it reasonable to prevent Google from optimizing anything just because other browsers and libraries would then be slower?

Re:Reminds me of IE 6

For NaCl for example, the primary use case (according to Google) is that you take your bundle of HTML/CSS/Javascript and replace pieces of the javascript with native code. When deployed to other browsers your app uses the original javascript instead of the optimized NaCl alternative.

So does that mean there's a version of Bastion written in javascript that runs everywhere, and a native version that works better in chrome?

Re:Reminds me of IE 6

[BZ]

> what's preventing anyone from implementing these
> optimizations in other javascript engines

They make other (non-Google) sites run slower?

> Is it reasonable to prevent Google from optimizing
> anything just because other browsers and libraries
> would then be slower?

I didn't say anything about preventing Google from doing whatever they want. I'm not sure where you got that.

I'm also not sure where you got your "evil" bit from. I made a factual statement, with no value judgments attached to it.

Re:Reminds me of IE 6

[FrangoAssado]

They make other (non-Google) sites run slower?

That would be bad, but I find it hard to believe. Do you have an example of an optimization in V8 that makes some code run *slower* than it would without that optimization? It seems more likely that other engines are just better than V8 for some types of code; it's hardly surprising that V8's optimizations are focused on the type of code that appears in Google's libraries.

I didn't say anything about preventing Google from doing whatever they want. I'm not sure where you got that.

I'm also not sure where you got your "evil" bit from. I made a factual statement, with no value judgments attached to it.

Sorry, I misunderstood you. I thought you were supporting the argument that Google is trying to do something similar to what Microsoft did back in the days of Netscape vs. IE, like the thread's parent comment (the "evil" bit came from there).

Re:Reminds me of IE 6

[BZ]

> It seems more likely that other engines are just
> better than V8 for some types of code

Well, yes. But some optimizations are just mutually exclusive because they require different design tradeoffs.

As for the rest... Google is definitely being evil in various ways, and is in fact much like Microsoft in the late 90s, in my opinion, but what they're doing with V8 is just self-interested, not so much evil.

Re:Reminds me of IE 6

[FrangoAssado]

So, the fact that V8 runs better some javascript in the wild has nothing to do with Google being evil. And "self-interested" seems a little uncharitable, seeing that V8 has a BSD license -- in other words, they're going out of their way to make the javascript engine they develop and use available to anyone interested, not even requiring modifications to be given back to them.

Google might be evil in other ways, but can we agree that the original point of this thread -- comparing what Google is doing with Chrome (which, by the way, ALSO has an open-source version) with what MS did with IE6 -- is ludicrous?

Re:Reminds me of IE 6

[BZ]

Actually, I agree with the original point of the thread. What Google is doing with Chrome is:

1) Explicitly authoring its own web properties to specifically work better with Chrome, in hopes that its high market share for things like search and webmail will increase Chrome adoption.

2) Authoring its own web properties to only work with WebKit (e.g. a number of Google's sites sniff UAs and send WebKit-only content to any mobile UA).

3) Urging authors to create Chrome-only content (and more generally, together with Apple, encouraging WebKit-only content).

4) Paying other companies to bundle Chrome with their software so that people end up using it whether they want to or not. This part Microsoft didn't have to do because they just bundled with Windows, of course.

They're not _quite_ as bad as Microsoft was because a lot of this is in fact open source (though they don't exactly take contributions much or plan to share control, so most of what you can do with the source is fork). This does mean that some other project could import some part of Chrome or V8 if desired. But given that none of this code is static (security fixes, spec changes, etc), it's not like a one-time import is useful. You have to keep importing (and hoping that Google doesn't change something you care about) or as I said fork and take over maintenance. In practice, for most situations, both options suck to a good extent. http://3.bp.blogspot.com/-GBSGBbc9UtA/TmexwLaJN9I/AAAAAAAAAKs/06OaexCT5Ms/s1600/Lead%2Bdevice%2Bconcept.png is a good look into Google's general thinking on open in this context, for what it's worth.

One other important note is that Google is a bit better at participating in the standards process than Microsoft was in 2001 (though not than Microsoft in 1998, say). That's a net plus for them.

So no, comparing what Google is doing with what Microsoft was doing with IE6 is not at all ludicrous. There are some important differences, and Google doesn't have a browser monopoly, so they have to play a bit nicer so far, but the overall strategy looks similar to me. The key to frustrating it, of course, is for them to not end up with said browser monopoly.

Re:Reminds me of IE 6

[FrangoAssado]

Your points 1-4 seem valid to some extent (even though, for example, I have never seen any difference in google search or gmail between Firefox and Chrome, and I use all combinations), but I think saying that's even remotely similar to what MS did is blowing things out of proportion. I think (2) and (3) are somewhat natural for anyone developing a web browser. For example, Mozilla did essentially (3) and allowed people to do (2) with Mozilla (now Seamonkey) and then Firefox for the longest time, in the form of easy-to-write extensions -- for instance, there are a *lot* of site-specific extensions for Firefox that completely change the way a site appears and behaves. Maybe no one cares because the amount of users of these extensions is minimal? And (4) is indeed worrying; this is the first I hear of it (I don't come even close to using any of the software that bundles Chrome). I looked around, and this actually changes my mind about some things; I'll have start following these kinds of thing and see what comes out of it.

To the next point, it would indeed be nicer if Google allowed more participation from the community in V8, but I don't think too much of it. As long as there's a workable option to fork the code *and* keep receiving updates, I don't think anyone who is serious about developing a web browser should have too much difficulty in merging updates from Google or other sources. Things like these happen a lot in other contexts -- for example, most Linux distributions do that in some form or another in a much larger scale (but I can see that it takes a lot of people to do it).

The link you posted seems related specifically to Android, not Chrome, so I'll take that with a grain of salt. It *might* give an insight into Google's general thinking, or just their strategy regarding Android.

With all that said, in the end, I can't shake the feeling that most of these arguments are a tad paranoid, and there's a lot of speculation involved. Maybe the writing is on the wall and I simply can not see it. I guess I'll find out in the next few years.

And I agree that a browser monopoly in the hands of Google (or anyone else) would be bad. I just wish the Mozilla people would stop making Firefox increasingly unlikable :)

Re:Reminds me of IE 6

[BZ]

> I have never seen any difference in google search or
> gmail between Firefox and Chrome

Offline gmail only works in WebKit, by design.

> For example, Mozilla did essentially (3)

Mozilla has consistently tried to convince people to author pages that work in all browsers, in my experience. But I'm not omnicient, of course. ;)

The extensions thing you raise is interesting. I have to admit I'd never thought of it that way before, if only because I'd never used any such extensions. But yes, the number of users of such extensions is minimal in general.

Let's hope that you're right and in a few years my worries here will in fact seem like paranoia...

Good question

[0123456]

What would it be like if we could run native code inside the browser?

The massive swamp of security vulnerabilities that was ActiveX?

Re:Good question

[BitZtream]

Ironic, every modern browser supports something like ActiveX.

I love when ignorant people such as yourself talk about shit you don't understand at all.

ActiveX is nothing more than a plugin system. It just happens to be system wide in Windows, and IE takes advantage of that ... IE6 and its ancestors had a lot of issues because OTHER developers marked ActiveX controls as SAFE FOR INTERNET USE and SAFE FOR SCRIPTING ON THE INTERNET when they were not and had no reason at all to be used.

The IE implementation errors didn't help as it made it far to easy for ActiveX controls to be installed without approval

In the end however, Firefox XPCOM objects not written in Javascript (so all the ones that do real work) are no different than ActiveX controls.

The difference is that other browser vendors got to watch someone else be the big most popular browser getting abused to all hell and back.

Re:Good question

[VortexCortex]

I think you're missing something important. Every bit of JavaScript you run on modern browsers is compiled into machine code in memory, marked as executable, then executed -- right on the metal.

This is why mistakes in the compiler and/or buffer overflows in JS supporting code can so easily cause remote code execution. All the "sandboxing" NaCl provides is the same as what JS provides -- NONE! Do you actually think that there are Zero buffer overflow vulnerabilities in any of your favorite softwares?

The only way to sand box this stuff is to have a secure Hardware supported VM, or use an interpreted language. We traded speed for security with WEB BROWSERS!?!? Yeah, the whole web is held together with duct-tape bubble gum and twine. I'm out. The native vetted application market is the way to go, except they all made the same SNAFUBAR, compiling bytecode to machine code and calling that a sandbox.

Re:Good question

[dkf]

What would it be like if we could run native code inside the browser?

The massive swamp of security vulnerabilities that was ActiveX?

I'd agree, except that Google actually appear to have made real progress on the problem of sandboxing native code. I'm not 100% sure that they've solved it — alas, I've not had the time to study it in enough depth — but it at least looks quite likely. Key things that are restricted include access to the parts of the OS that read and write files, with much of the sandboxing focusing on ensuring that nothing can jump to a bad instruction. Without unrestricted access to the OS, a process really can't do that much that's harmful (except chew CPU cycles until something shoots it in the head).

Very clever. Conceptually portable to other platforms too, but I don't know how much work that would be.

Increasing performance 1 times!

[karmicoder]

Hey... I have some great proprietary technology that can increase the performance of any program by at least 1 times. Please send $1 to Happy Dude, at 742 Evergreen Terrace...

Re:Increasing performance 1 times!

[DragonWriter]

Hey... I have some great proprietary technology that can increase the performance of any program by at least 1 times.

You do realize that improving by 1 time is doubling, right?

Re:Increasing performance 1 times!

[AaronLS]

Thanks for the payment. Attached is the program that improves your performance by 1x a hundred times. 1*1*1*1....

Active X?

[The+Raven]

Can someone describe the differences between NaCl (Salt?) and ActiveX? They both seem to be methods to run native code inside a browser sandbox. What are the ways Google's offering is superior? Is it better at all than the current implementation of ActiveX? I like Google, but this particular initiative seems kind of backwards thinking.

Re:Active X?

[should_be_linear]

ActiveX, once you (or BFU) enabled it, can do anything user account is allowed to do. NaCl program is sandboxed, so even when you allowed it to run, it cannot do anything harmful.

Re:Active X?

[0123456]

NaCl program is sandboxed, so even when you allowed it to run, it cannot do anything harmful.

I remember people saying that about Java.

Re:Active X?

[DragonWriter]

Can someone describe the differences between NaCl (Salt?) and ActiveX?

Native Client (NaCl) is a sandboxed environment that verifies and then executes a safe subset of x86 code. It is an open source technology integrated into Chrome that works pretty much everywhere Chrome does, and is a bridge to the real goal, which is Portable Native Client, which does similar things but uses LLVM bit code and client-side compilation so it isn't dependent on actually running on an x86 machine (opening it up to ARM-based devices, particularly.)

What are the ways Google's offering is superior?

Its not proprietary (in the non-open sense), it doesn't rely on the client running Windows.

Re:Active X?

[Gaygirlie]

it cannot do anything harmful.

Or atleast that's the claim.

Re:Active X?

[PwnzerDragoon]

(opening it up to ARM-based devices, particularly.)

Actually, NaCl already works on ARM. Though PNaCl will make it easier to develop for, as you won't need to maintain different builds for each platform.

Re:Enough with the "sandboxing is perfect" bullshi

[grumbel]

Why do you insist that sandboxes are the only solution to security problems?

So how exactly do you propose to run native code securely without some kind of sandbox?

Re:Enough with the "sandboxing is perfect" bullshi

[tepples]

Why do you get so excited about a technique that's actually quite ancient?

Because we're making fun of mainstream PC operating system developers who can't figure out application sandboxing by themselves.

A type-safe subset of x86 instructions

[tepples]

NaCl defines a subset of x86 instructions that are verifiably type-safe, just as .NET IL and JVM bytecode are verifiably type-safe. The browser verifies the binary before executing it.

Re:A type-safe subset of x86 instructions

[shutdown+-p+now]

It's not type-safe (there are no types as such on assembly level, it's all just bytes and words), it's memory-safe.

More importantly, the subset of instructions available in NaCl allows one to do lower-level stuff than verifiable CIL instructions (JVM is always memory-safe). For example, NaCl permits pointer arithmetic.

Re:A type-safe subset of x86 instructions

[Cajun+Hell]

People are going to be in for such a surprise, when the all-male population of dinosaurs start laying eggs. Life finds a way.

Re:Enough with the "sandboxing is perfect" bullshi

For crying out loud, what is it with you wheel freaks? Why do you insist that wheels are the only solution to transportation problems? Why do you get so excited about a technique that's actually quite ancient?

Fuck, I first remember using wheels back in the 1970s on some Ford pintos, and it probably wasn't even a new technique then. All through the 1980s, 1990s and 2000s it became a pretty common feature of most land yachts. Hell, even Chrysler and GM have excellent wheel rotating support, and have had it for a long time. That's not even considering Hyundai, Kia, and the other existing and well-established platforms that have wheels! These days we've also got Saab, BMW and many other systems we can run on roads.

Look, wheel rotation is one transportation technique among many. If getting rid of wheels causes you that much of a problem, THEN YOU'RE DOING TRANSPORTATION REALLY FUCKING WRONG!

FTFY

Or You Could... You Know...

[Greyfox]

Run native code WITHOUT the browser. Revolutionary idea, I know. You could pass on all the frameworks required to shoe-horn procedural programming onto a stateless protocol, give HTML and XML markup a miss, not write any javascript, and... just... write an application. And maybe it won't need 34MB to run in, and maybe it'll actually be instantly responsive. Maybe... just maybe... that's what you really need to do.

Re:Or You Could... You Know...

[ceoyoyo]

Heavens. You could use some other port than 80 and a protocol other than HTTP for communication too.

Re:Or You Could... You Know...

[mrnobo1024]

And if you don't want that application to put your security at risk via the arbitrary code execution exploit du jour, all you have to do is run that application in a separate limited user account. And make sure all your important files' ACLs prohibit access from that account. And don't use runas, use an actual separate login session, because of window shatter attacks. It's so easy, I bet everyone runs their applications this way. I'm sure you do. ...Right?

Re:Or You Could... You Know...

[goruka]

And lose the ease of deployment that web based apps have and the multiplatform goodness of Native Client? No thanks.

Re:Or You Could... You Know...

[celle]

"And lose the ease of deployment that web based apps have and the multiplatform goodness of Native Client? No thanks."

What, get off you lazy ass and do real work for real pay. Who would have of thought?

Re:Enough with the "sandboxing is perfect" bullshi

Your Shitty Car Analogy is quite shitty, even for a Shitty Car Analogy. In fact, you actually proved the GP's point in your perverse attempt to ridicule it.

You're totally missing the fact that wheels are basically the only thing that'll allow most cars today to move. You take the wheels off, and your car isn't going anywhere. That's exactly the problem that the GP is describing with these sandboxing afficionados. They think of sandboxing as their only option, and thus it's the only option they employ. You take it away, and they're shit out of luck.

Sensible people, on the other hand, see sandboxing as just one more tool in the toolbox. It's not the only approach they use to ensure the security of their systems, so taking it away causes little to no harm. They have employed multiple other techniques to help ensure the security and the safety of their systems.

Re:NaCl!

[cmv1087]

Yes, I'm curious if there'll be a complementary technology named Pepper.

Pepper

[DragonWriter]

Yes, I'm curious if there'll be a complementary technology named Pepper.

Pepper is the plug-in API that NaCl modules use to communicate with browser-managed resource, JS, etc.

Re:Pepper

[cmv1087]

Oh wow, you're right. Silly me, not reading the article.

Re:NaCl!

[AaronLS]

If I utilize both technologies, will my browser rap for me?

I guess you could call it...

[pipeep]

... rubbing salt in Adobe's wound.

A plugin to rule them all!

[goruka]

Native Client is like a plugin that makes all other plugins obsolete.

-It can do everything you can do with Flash, Unity, Silverlight, etc.
-You can use any language to develop for it, C, C++, ObjC, Python, C#, you name it.
-Can access everything JS can (using the Pepper plugin API).
-It's from a trusted vendor (Google), so most people will not be afraid to install it.
-Will come pre-installed in the soon to be most popular web browser.
-It's open source
-It's much more secure than existing plugins due to sandboxing.

And, yes, I can understand HTML5 purists, but the truth is that:

1) Not everything can be made into a web application using HTML5+JS.
2) There's way too much code and applications written in other languages..
3) Cross-Platform web deployment is very attractive. Compile for x86 and ARM and 99.999% of the devices on the planet can be supported.

So, disable it if you don't want it, but this is a very attractive idea with a lot of potential for us developers, and even Adobe is trying somehting similar with Alchemy on Flash. It's a much more realistic way to bring actual real applications to the web than the dream that HTML5+JavaScript is.

Re:Firefox could easily avoid dying.

[I(rispee_I(reme]

In the meantime, use Firefox 3.6.

I was surprised to find that it still gets updates (3.6.x) and all the newest versions of my extensions still work with it. Your mileage may vary.

Maybe if netcraft reports that enough users are refusing to run their painted whore of a browser, the Firefox devs will see the light.

Re:Firefox could easily avoid dying.

[Luckyo]

The reason it's still getting updates is because someone in mozilla still has enough sanity to understand that 4+ are failures that will never be adopted by corporate world, and that users want to have same browser at work and at home.

I would expect that 3.6 will continue to get upgrades for a very long time, or at least until they stop the insane release schedule they have now and default back to old one. Which will probably happen once they have enough head start on chrome to last them a year or so.

Re:If this was microsoft

Ehm, microsoft did exactly this and called it 'ActiveX'. Unfortunately it had all kind of security flaws, and was restricted to one platform. Those were the main reasons it got burned down, not because of the name stamp per se.

Silverlight, although strictly speaking not native but close enough, was given all chances, but Redmond decided to screw it - i mean - stop the project themselves.

NaCl gets frowned upon a lot, too, but might be worth giving a chance as anything is better than flash. First see, only then burn, please.

Re:Some "current info." 4U to read then

[PwnzerDragoon]

You realize the JVM and a Java application are not the same thing, right? And I'm not saying the Register article is wrong, but I would take with a grain of salt anything Microsoft has to say about Java.

Re:A plugin to rule them all..you for got the rest

[bussdriver]

One plugin to rule them all, one plugin to find them,
One plugin to bring them all and in the "sandbox" hack them.

It is surprising no one thinks of bytecode.

[master_p]

It is quite surprising that, up until now, no one has thought of using a bytecode solution, that guarrantees portability and performance.

We have gone from the one extreme, i.e. an interpreted dynamic language, to the other extreme, i.e. native code. There is a sweet spot in between, that of bytecode, that offers portability and good performance on par with native code, and also better security than native code.

Re:It is surprising no one thinks of bytecode.

[Guspaz]

Haven't they sort of? Google plans to use LLVM to make it portable (an intermediate form that can be translated to different instruction sets as needed), Microsoft uses CIL with Silverlight (which as much as the Linux community might not like it, is opensource and supported by the two top desktop platforms), Java has their own thing going...

Re:It is surprising no one thinks of bytecode.

[master_p]

But there is not a web bytecode standard. And I think LLVM cannot be used for JIT.

Re:It is surprising no one thinks of bytecode.

[Guspaz]

If you can natively execute LLVM after an initial translation step, why would you want to JIT it?

Re:Enough with the "sandboxing is perfect" bullshi

[grumbel]

Sensible people, on the other hand, see sandboxing as just one more tool in the toolbox.

So please enlighten us. How do you run untrusted code on your machine without some kind of sandbox?

Broken on XP for me

[Cato]

Unfortunately I get the message "requires an OpenGL card" on Windows XP SP3 with an NVidia GTX260, which definitely has working OpenGL. I've seen reports of this problem on MacOS too.

Hope Supergiant Games can fix this - since this is a web-delivered application, I'd hope they can grab hardware/OS details, with user permission, to help in resolving the issue.

It's actually a good idea

[TobiX]

Think of how most developers are using Javascript nowadays: it's a target language for their compilers.

Whether the source was Java (GWT compiler) or Javascript itself (YUI compressor, Google closure compiler) the fact remains that what browsers are given to run is not what the developers wrote. Which is standard practice in the software business (it's called compilation) and for good reasons.

Now, JS makes for a poor machine language. So we could either beat around the bush with an intermediate bytecode language (Java went there, and Python and all the others too, with varying results) or go for the real thing and come up with a good x86 sandboxing and code verification standard.

Remember, x86 is currently in use by 99% of desktop machines. When other architectures will gain momentum, websites will just offer two or more compiled versions of their code. In the mean time, they will just have to emulate or translate the x86 instruction set, a task for which a large open source code base has already been developed, and which would still be more efficient than parsing plain Javascript, by several orders of magnitude.

So what's the problem with that, again?

... security reasons

[Lazy+Jones]

He said Google wants to bring native applications to the Web for performance and security reasons,

Perhaps it's just me and the security advantages of running native code instead of JS or anything on the JVM are immediately obvious to everyone else, but this sounds like Google is somewhat out of touch nowdays and lets marketing people "sell" the technology decisions to geeks...

Re:Some "current info." 4U to read then

[swillden]

Java tops for hackers, warns Microsoft:

Umm, yeah, like there's no bias there. Find me a reputable source for those statements.

Java Apps Have the Most Flaws, Cobol the Least:

Complete red herring. That article isn't about security flaws in the JVM, it's about programmer errors in apps written in Java. It's also a really, really poorly done study.

Some "Food 4 Thought" in regards to your statement requoted here next

Nope. Try again. But see if you can find something *real* this time (you can't).

Re:Broken

[thePowerOfGrayskull]

I own Bastion already on Steam. It works perfectly fine. I thought I'd give the Chrome demo a shot. Nothing but a black screen in-game. Don't waste your time for now.

I do not think this word means what you think it means.

Infinity

[iliketrash]

'What would it be like if we could run native code inside the browser..."

This sounds awesome. Maybe I will finally be able to run a browser inside my browser.

Re:Broken

[Guspaz]

Truly, you have a dizzying intellect.

Re:Broken

[thePowerOfGrayskull]

How perceptive of you! My good sir, I often make myself dizzy in mere contemplation of the vastness of it!

Re:Less more "biased" than Google's

[swillden]

THUS, it wouldn't matter WHERE THE ERRORS COME FROM, they cause hassles for END USERS... period!

The subject of the discussion was whether or not sandboxes work. Programming errors in code running in the sandbox are irrelevant to that topic; what matters is whether or not malicious software can break out of the sandbox.

This is as "real" as it gets (though I prefer posting real-world practice findings as I did above & in my initial post you replied to) -> http://secunia.com/advisories/product/12878/ [secunia.com]

Wow a total of four vulnerabilities discovered in 2011. Thank you for making my point.

Re:Enough with the "sandboxing is perfect" bullshi

[MadKeithV]

Sensible people, on the other hand, see sandboxing as just one more tool in the toolbox.

So please enlighten us. How do you run untrusted code on your machine without some kind of sandbox?

Root someone else's machine and run it there.

Re:A plugin to rule them all..you for got the rest

[MadKeithV]

Like Tolkien wrote years ago: Ash NaCl durbatulûk, ash NaCl gimbatul, Ash NaCl thrakatulûk agh burzum-ishi krimpatulgoogle.

Technology Technology is too strong

[Taylorz1]

They are really strong technological strength,Envy ah!cheap ugg boots