Emscripten and New Javascript Engine Bring Unreal Engine To Firefox

MojoKid writes "There's no doubt that gaming on the Web has improved dramatically in recent years, but Mozilla believes it has developed new technology that will deliver a big leap in what browser-based gaming can become. The company developed a highly-optimized version of Javascript that's designed to 'supercharge' a game's code to deliver near-native performance. And now that innovation has enabled Mozilla to bring Epic's Unreal Engine 3 to the browser. As a sort of proof of concept, Mozilla debuted this BananaBread game demo that was built using WebGL, Emscripten, and the new JavaScript version called 'asm.js.' Mozilla says that it's working with the likes of EA, Disney, and ZeptoLab to optimize games for the mobile Web, as well." Emscripten was previously used to port Doom to the browser.

Javascript engine evolution

[buchner.johannes]

What's the average lifetime of a Javascript engine in Firefox?
Are they all forks of each others?
I like it.

Re:Javascript engine evolution

[K.+S.+Kyosuke]

What's the average lifetime of a Javascript engine in Firefox? Are they all forks of each others? I like it.

I think it's obvious what the Mozilla folks are trying to do: They're attempting to recreate the collected works of William Shakespeare using genetic algorithms. Four monkeys done, an infinite number of monkeys to go...

Re:Javascript engine evolution

[hairyfeet]

Considering the fact that Windows has had low rights mode for 6 years now and Firefox STILL doesn't support it? I don't know how much I'd trust running GPU code on their browser. Heck I don't know if I'd trust it on ANY browser but at least the Chromium based do sandboxing and use low rights mode to help minimize the risk.

Just see my "Yahoo porn bug" to see why supporting low rights mode is good and not supporting it is bad, that trick that allows spammers to send spam to every address in someone's Yahoo email ONLY works on Firefox, not on Chromium based nor IE, because in those browsers the browser has less rights than the user.

Lets face it we really only have 3 major GPU vendors now and modern GPUs have processors, memory, and firmware, so they are just ripe for being the next big attack vector. Running code from any old website straight onto the GPU is just asking for it IMHO, just as Flash games were often used as an attack vector in the past anything that lets you get close enough to bare metal to get "near native" speeds is gonna be a nasty security risk.

Re:Javascript engine evolution

I suspect the security concerns about WebGL are overblown. The code that runs on the GPU are vertex and fragment shaders. The shader language is very limited and exposes only a small surface between the host and the GPU. You can load/compile shader code, assign uniforms/attributes, share frame buffers and textures and that's about it. It's not as though the coder gets unfettered access to the entire DirectX stack.

Both firefox and chrome sanitize shader code so shaders can't play with whatever unsafe features some GPU might implement. One strength of WebGL (and OpenGL ES that's it's based on) is that the fixed function OpenGL API is gone; everything is done with shaders. That means the huge user-land fixed function API is gone and you're left with a simple API that just loads shader code and data (vectors, textures etc.) So the user-land attack surface is relatively small.

Vulnerabilities have been found in individual drivers but they've been few and fixed quickly. WebGL exploits are highly unlikely to be portable; they'll attack certain versions of GPU+drivers on certain OSs... broadly successful exploits won't be feasible.

Re:Javascript engine evolution

[buchner.johannes]

Ah, my mistake. "use asm" is a proposed Javascript feature:

... asm.js, a strict subset of JavaScript that can be used as a low-level, efficient target language for compilers. The asm.js language provides an abstraction similar to the C/C++ virtual machine: a large binary heap with efficient loads and stores, integer and floating-point arithmetic, first-order function definitions, and function pointers.

http://asmjs.org/spec/latest/
Also interesting:

You could write your programs in Asm.js, but the idea is that you will use other languages that compile to Asm.js. This opens up the possibility of converting existing desktop apps to run in the browser. Emscripten, for example, is a compiler that converts the LLVM bitcode intermediate language to either JavaScript or the asm.js subset.

http://www.i-programmer.info/news/167-javascript/5694-firefox-runs-javascript-games-at-native-speed.html

Re:Javascript engine evolution

[hairyfeet]

And how many times have we heard those EXACT SAME WORDS said about everything from browsers to sandboxes like the JVM? This isn't like the old days ya know, they don't have to take over the system, hell they don't even have to make a permanent anything on the host PC for what they want to do, again see the Yahoo Porn Bug I wrote about. With that there isn't a drop of code left on the victim's PC which is why it took me awhile to figure out what they were doing, but all they cared about was sending spam through as many address books as they could and this bug allows that without having to do much of anything, much less actually get to bare metal.

And finally don't forget that both Nvidia and AMD are rallying around GP-GPU and OpenCL so that you will be able to use that hardware for pretty much anything, heck a $45 HD4850 has something like 800 stream processors on it, the $100 HD7770 has 640 plus a GB of GDDR 5, so with GP-GPU code there really isn't any reason why they couldn't be playing the game WHILE doing something nasty in the background, hell any slowdowns and the user will blame it on the game or the system anyway.

So I wouldn't be so quick to poo poo this if I were you, malware is a billion dollar business and this will open up access to a LOT of GPUs with a LOT of processing power just ripe to be used...somebody is gonna crack this, the only question in my mind is when. Hell with Google and MSFT pouring mountains of cash into it we still haven't solved the problem of how to run net code on CPUs without getting malware, you think GPUs are gonna get a free pass?

Re:Javascript engine evolution

I suspect the security concerns about WebGL are overblown. The code that runs on the GPU are vertex and fragment shaders.

And that's enough. I went to an opengl class where we would write vertex/fragment shaders. You know what? Most of the times I locked my machine was because I carelessly wrote an infinite loop. The code runs at the GPU so everything comes to a standstill, it seems macosx at least is unable to interrupt badly behaved GPU code.

So at least you can trigger a DOS attack. And I'm sure you can do funnier stuff given the attacks the previous year were malware flashed video cards to stay persistant accross reboots.

Conclusion: if you can't imagine where's the problem, don't worry, you simply lack imagination. Other more clever people will fill in the gaps for you.

Re:Javascript engine evolution

[alihm]

Seriously, who uses Javascript to write a game? It's nearly impossible to maintain +10K lines of Javascript let alone writing a game with it.

Re:Javascript engine evolution

So at least you can trigger a DOS attack

Automatically detected and stopped on Windows 7+. Intel drivers on Linux also deal with this. Eventually all hosts will do this.

The DOS problem is well known and the solution is obvious.

Other more clever people will fill in the gaps for you.

And those problems will be obviated. GPUs aren't going to be isolated from the Internet forever.

Re:Javascript engine evolution

we still haven't solved the problem of how to run net code on CPUs without getting malware

And yet we continue to run "net code" despite this. The value of that code is apparently greater than the the risk of using systems that permit it to run.

When a killer 3D web application appears it will be the same; we'll run it, risking exploitation, and the vendors will harden their products.

We're integrating GPUs onto CPUs such that it's getting difficult to buy a CPU without one and we're writing GP-GPU frameworks to exploit these powerful devices. There is exactly zero possibility these capabilities will remain isolated from content on the Internet.

The fact that GPUs add a new attack surface does not automatically preclude their use.

Re:Javascript engine evolution

[hairyfeet]

And THIS is why ACs need to be banned or at least heavily downmodded by default, as pretty much all AC is used for is flamebait or trying to stir up shit.

But if you can show me a single place where I said this shouldn't be used? You can't because that is not what i said, you are trying to twist my words to serve YOUR agenda. All I said is that caution should be used and security should be job #1, something that was NOT done with JavaScript and look at where we are now, nearly a million infected Android phones, who knows how many millions of infected PCs, infected servers, both windows and Linux, and what is the common attack vector? JavaScript, why?

Because nobody seriously thought about JavaScript security until after it had already become widely adopted so any attempts to fix the problems had to take into account all that already deployed JavaScript...that's a bad way to go about security, easier to fix things BEFORE its widely deployed than after, its just common sense. But you go back to flaming AC, meanwhile those with common sense will see what I'm saying is simply logical, this needs to be extensively tested and battle hardened BEFORE being baked into tens of millions of browsers worldwide.

But considering we are talking about Mozilla, a company that has had SIX YEARS to incorporate low rights mode into their browser, a move which would benefit Linux users as well as Windows users because low rights mode would work just as well with SELinux as it does with Windows, yet they STILL haven't added it? I seriously doubt security is very high on their "to do" list.

Re:Javascript engine evolution

nearly a million infected Android phones, who knows how many millions of infected PCs, infected servers, both windows and Linux, and what is the common attack vector? JavaScript

Wow. All that on JavaScript. Not the JVM, Flash, Acrobat, email attachments, Silverlight, same origin policy flaws, browser plug-ins, extensions or signed app store malware. In 2012 alone there were two stack smashing vulnerabilities discovered just decoding images in Firefox. But according to you it's somehow all JavaScript.

You are clearly indulging hang-ups about JavaScript. JavaScript is just one attack surface among many. Note that all the others are also in heavy use by millions.

Next to all that WebGL doesn't amount to squat. As this capability appears on devices and clients it will be used. This fantasy world were all the bugs are eradicated before public consumption exists exclusively inside your head. Along with a lot of other chaos, evidently.

But considering we are talking about Mozilla, a company that has had SIX YEARS to incorporate low rights mode

WebGL first appeared in Chrome 9 (Feb 8, 2011) and Google has been the greater advocate for years. You barely know what you're talking about.

Chrome

[The+MAZZTer]

Looks like Chrome is looking to do this as well.

Re:Chrome

It's a shame that they didn't do this, actually, instead of NaCL. I can understand the need to some extent, but after investing all of this work into Javascript, it's a bit strange to see them splitting their effort on NaCL, Dart, and V8. Guess that's just the way Google rolls.. they have too many resources and conflicts, and thus lack of direction. I can't imagine how amazing WebKit/Chromium would be like if they focused on it instead of all of these disjoint projects.

Re:Chrome

[Lennie]

Their idea was Javascript without strong typing will never be as fast or close to C.

When WebGL was added to the browser, they added some strong types for storing all the graphics data.

So the developers at Mozilla figured out they can leverage those strong types when doing CPU-intense operations and optimize the Javascript engine to take advantage of that. Then they figured out you can use a compiler to target those strong types and recompile existing C-code that way.

So that is what is going on.

Interesting.

[DRAGONWEEZEL]

The unreal Engine is quite the powerhouse, running games like Bioshock and Tribes. This could be a web based game changer... (Pun intended).

-DW

Re:Interesting.

[Intrepid+imaginaut]

Mix this up with the decentralised P2P browsers thing and I present to you, ladies and gentlemen, the future!

I can't see anywhere to stick the meter though.

Re:Interesting.

[Anubis+IV]

Perhaps, but what's the application for something like this? The biggest one I can think of is cross-platform compatibility, since if you built something to run in the browser, it'd instantly work in Windows, Mac, and Linux. Assuming such a thing was possible, I doubt it'd be long before someone essentially used WebKit, Gecko, or whatever else to create a wrapper that could be applied to games using UE3, effectively creating a universal executable that would be little more than a chrome-less browser, somewhat similarly to how Fluid functions for Mac.

But as far as the level of technology, this puts browsers on par with four year-old smartphones, since the iPhone 3GS is capable of running Infinity Blade, which also uses Unreal Engine 3, and no one is suggesting that such a phone is on-par with the current level of PC gaming.

Re:Interesting.

Finally, a real Metaverse!

Re:Interesting.

Add oculus rift to the mix to spice it up too.

Re:Interesting.

[drinkypoo]

Perhaps, but what's the application for something like this?

Turning WildTangent into a smoking hole in the ground, and about time, too.

Re:Interesting.

[locopuyo]

The demo they showed is actually the Epic Citadel demo that is available on iOS and Android. It easily runs 60 frames per second at 1280x720 in full quality on my Galaxy S3 so it isn't impressive they are running it on a PC, only that it is running in javascript
Since they are claiming the javascript is running like it is native code they should show something more impressive

Re:Interesting.

We can finally be 1980s internet?!

Where can I throw my money? Screw that, no time for money, buying gold bar and launching it, it is the only way!

Re:Interesting.

[Lennie]

Actually the CPU-performance of Javscript is about twice as slow as a C-program. So "only" 18 months behind according to moore's law.

The GPU-performance might be even better then twice because they use WebGL to tell the GPU what to do.

future of firefox

To the average Slashdot user, it is apparent that Firefox fans who are turned off by frequent browser updates aren’t alone. Pushing out updates with asinine and confusing chances to the UI every six weeks or so because it shows users that Mozilla developers were always working to improve the browser doesn't go over well with us. But at some point Mozilla began simply pushing out updates for the sake of having updates, which started to really grate on the browser’s core user base.

"Ironically, by doing rapid releases poorly, we just made Firefox look like an inferior version of Chrome," a developer writes. "And by pushing a never-ending stream of updates on people who didn’t want them, we drove a lot of those people to Chrome; exactly what we were trying to prevent. And Chrome has a reputation for being the browser of choice for homosexuals, the really rowdy and nasty ones. "

While users loved Firefox as a browser, they found the constant request for updates to be invasive, especially since Mozilla implemented them using “queer and fucking stupid intrusive dialog boxes” rather than coming up with a system to install them automatically and without interrupting users’ experience with the browser as Google Chrome has done.

Re:future of firefox

I still don't understand comments like this. Mozilla provides an extended support release version of Firefox [1] that's only updated once a year with the exception of out-of-band security updates for exactly this reason.

If you don't like rapid release, just don't use it. It's really, really simple.

[1] - http://www.mozilla.org/en-US/firefox/organizations/faq/

Re:future of firefox

[Lennie]

I believe the comment you refered to from a Firefox developer was from one of the developers that helped solve the problems.

AKA it has already been solved.

Re:I don't care

[The+MAZZTer]

A lot of plugins are only built for 32-bit browsers. It is a lot more work to get 32-bit plugins working in a 64-bit browser than in a 32-bit browser. Plus, there is no real advantage to using a 64-bit browser unless you want it to use more than 2gb of memory, and I thought one of the common complaints was that Firefox uses too much memory?

I'm not sure what you think the big deal is.

"new JavaScript version called 'asm.js.'"

[K.+S.+Kyosuke]

Asm.js is *not* a "new JavaScript version". Asm.js is to JavaScript what Squeak Slang is to Smalltalk, what Richard Kelsey's Pre-Scheme is to RxRS Scheme, and, more remotely, what RPython is to Python (although RPython is much richer in comparison with the other restricted languages, and really not all that JITtable - the translation process is very slow).

Re:"new JavaScript version called 'asm.js.'"

[dinfinity]

What what is to what, now?

It could be me, but I'm not sure your analogies are helping!

Re:I don't care

[wierd_w]

I've ued 64bit builds of nightly for some time now.

The issue is getting plugins to play nice.

You can't really blame Mozilla for not wanting to jump the shark, when they will catch all the flames for plugin makers who refuse to make their plugins 64bit friendly.

Right now, it's "whaaaaaa! I want 64bit builds!"

They offer a 64bit build, and then its "whaaaa! Flash plugin doesn't work! Noscript doesn't work! Adblock Plus doesn't work! Its horrible, and it crashes to boot!"

The market has to build up enough pressure to push out the colonic obstructions in the way of 64bit adoption as the new standard. It will take awhile.

Remember the good old days?

[StoatBringer]

When "browsers" were used for "browsing" the web, instead of being crappy application platforms with endless non-browsing-related features shoehorned into them? What happened to just browsing well instead of doing everything else poorly?

Re:Remember the good old days?

[Pieroxy]

What happened to seeing a grid of 80x25 characters on a black background? Progress.

Re:Remember the good old days?

Microsoft killed it by not following the Posix standard, making cross platform application development a royal pain in the ass.

HTML/CSS/Javascript is the only platform agnostic platform.

Alas, its all we got.

Re:Remember the good old days?

I think the bigger problem is that we still call them "browsers" and rely on something called HTTP in order to transmit things that aren't text. Google has seen where this is taking us: web browsers are an operating system unto themselves (they even operate inside a sandbox, how much more abstracted from an OS can you get), and SaaS apps are their programs. ChromeOS and FirefoxOS, are signs that other people are starting to catch on. They're the next logical step into abstracting the Internet on top of OSes.

Eventually we will reach the point where you will be unable to differentiate the Internet from your computer unless you become disconnected.

Re:Remember the good old days?

Yeah, now instead of just floppies as a virus transmission medium, they're really write-once run everywhere.

No more customizing ASM for elf/win32. Better yet, because it's delivered over HTTP in a browser that's already authenticated to a proxy server if there is one, we have an instant authenticated outbound tunnel which can utilize json-p to establish a backchannel as long as the browser is open to any other HTTP service!

But best of all, the new and improved technology ships in with built-in advertising frameworks, remote execution tracking, user analytics, the ability to sniff platform information, and built-in DRM -- if I unplug my server nobody can run the app ever again.

Look -- you can call it progress because the UX is improved, because the system is faster than the old ones (the same way my phone is faster than an old TI or the ENIAC ...)

But I dispute your use of the word progress, as do many other wholly reasonable individuals. The system runs are fractions of native speed on poorly specified, highly ambiguous platforms. It strips away my control of local execution, and 'just happens to' hand over information that was traditionally not reported to all types of unidentified third parties.

Beyond that, a lot of this completely and utterly circumvents the traditional IT process. What used to involve testing, specification has been replaced with "requires chrome 21+" -- except it will import three different scripts, which will load 20 more remote scripts (all anonymously namespaced to avoid conflict/collision), load 4 different versions of jQuery between them (CDN will speed it up if done properly) -- any single one of which *might* be swapped out at any time without notification to IT.

And any single one of which is technically capable of doing all of the horrible things I mentioned above -- in addition to delivering the traditional problems in the form of a real exploit.

You can keep your damned progress, and I'll keep my computer.

Re:Remember the good old days?

[Darinbob]

They couldn't shove in enough unwanted advertisements with 80x25 on black background.

Re:Remember the good old days?

[Pieroxy]

You realize that all the complaints you have were also true in the good old days of IE3 and NS3? Since then, lots have changed, but all that has changed is irrelevant to all of your points.

Re:Remember the good old days?

[steelfood]

The terminal is still incredibly useful. In fact, things that might take ten minutes to do via a GUI takes maybe half a minute, if that much. This doesn't sound like much, until you start repeating the things you do (like constantly toggling an option). This is why keyboard shortcuts on a GUI are't going anywhere. Besides which, don't forget that every text editor is pretty much a neutered terminal window with color.

Progress does not mean the next new thing, it means the next better thing.

Now, I'm not sure running games on the browser specifically wouldn't constitute progress, but if running an application on the browser means using twice the memory and at a significantly reduced speed that the same program in native code would otherwise use (not compensating for increasing resource availability), then there'd be a strong case for it. Actually, considering the overhead of the browser itself, I'm pretty sure there is already a case for it.

Re:Remember the good old days?

[shutdown+-p+now]

If it lets me do more than I could do ten years ago, that's progress by any meaningful definition of the word.

Re:Remember the good old days?

This was because M$ had something better than the Posix standard.

Re:Remember the good old days?

[Hentes]

This. The web is popular because it's a simple way to deploy something that works across different OSes and different devices. On the users' part, no installation isrequired, and web apps are safely sandboxed. The web is thriving because of the shortcomings of native platforms.

Re:Remember the good old days?

Barely. I don't think I actually recall IE3, although I do recall IE4, and I have a copy of NS2 on a cd somewhere...

Webpages weren't using DHTML & Ajax, and nobody would have tried to deliver a damned game in the browser.

Even a crappy app would've at least been done in VB.

All this is is the same old damned problems returning unsolved, and with less performance than native apps.

The same AC stands by his original opinion, and agrees:

"All that has changed is irrelevant to your [my] points"

The web and browsers have the exact same problems they had ten years ago, and it hasn't gotten any better.

Re:Remember the good old days?

[bryonak]

I think his point was that the improved UX and hardware let you do more, which is called progress.

But having it run wholly inside a web browser, instead of a native GUI that has optional (clearly interfaced) internet storage support but can be controlled by my own firewall... this does not really enable you to do more (but it enables "them" to do more, e.g. built-in app obsolescence via DRM, profiling via tracking, etc.) and therefore is not progress.

Re:Remember the good old days?

[fsterman]

This sounds like Grace Hoppers rant about hanging 1K feet of optical cable (speed of light @ 1 microsecond) around the necks of programmers that wasted microseconds of compute time.

Computing requires exponential gains so that we can compute additional layers of abstraction. It makes it possible to program what we do. The reason usability has gotten better is because we don't need to write hand-tuned machine code just to get UI widgets working.

And do not tell me that the IT department are that much better than users, usability IS security. Make super secure passwords, users will write them down. Make it hard to install apps, and they will disable security. As Kevin Mitnick has shown time and again, people are the weakest link, not the technology.

Don't worry, we will get encryption and other privacy enhancing products into the hands of end-users soon. Just look at Chromebooks and the iPhone, both have lock-down capabilities that far surpass the average corporate desktop.

Re:Remember the good old days?

[fsterman]

Oh, and please think back to security in the old days of paper checks and manual accounting. It's much hard to forge an SSL cert than it is to fake a doctors prescription.

Re:Remember the good old days?

[tibman]

You must have forgotten VRML and ActiveX.

Re:Remember the good old days?

[tibman]

"them" could be anyone, including you. Spinning up Apache is something any beginner developer can work through. Or even better, just pay 3$ a month for a place to host your stuff. Now you are one of "them". I understand your argument but it's like saying we shouldn't use wikipedia because they could nuke the website tomorrow to spite us. I don't want to go back to Encarta on a CD.

Re:Remember the good old days?

Windows isn't UNIX. It doesn't even pretend not to be with a stupid recursive acronym. Different platforms are different.

Re:Remember the good old days?

It's called get back to Links and stop annoying everyone else with your old.

The web in the 90s was god-awful, newsgroups were boring as sin.
This, this here, the "mess" we have now? Far better than that mind-numbingly boring crap we used to have.

The big problem is people pushing everything under HTTP.
Not only should this have not been done, it also shouldn't have even needed to be exposed on every damn page ever.
Even HTTPS shouldn't have been shown. It should have been a simple Lock icon.
Protocols should be invisible to the end user unless they very specifically want it enabled.
And protocols should also have been separated.
RSS should be a protocol, not a file.
Gopher should still be around and be in version 3 or whatever, which is a more advanced version where there is limited support for dynamic content that is filled in using the current templating system we have in HTML5 now, which RSS could have been used for.
So many other things.

But instead we are building a house on sand with no supports.
HTTP is crap for so much, and extending it is pointless.
SPDY is far better for a lot of things, which was good to see. But support for it is low at best currently. Shame, it could sort a lot of websites out for the better.

Re:Remember the good old days?

God, yes, all of this so much.

Uses are the problem with a LOT of security.
And worse so, managers and "security" types, AKA the retards who think having at least 1 of every character type is more secure than a huge ass easily remembered sentence with some words changed and throw in a date of birth while you are at it.
They do this AND they also limit your character to a MAX size, even worse. What the hell is the point?
Don't get me started on stupid websites that don't even tell you about max password sizes, let you type past the password max, silently accept it, truncate to max, then FAIL TO £&*&^£)" LOGIN WHEN YOU TYPE THE PASSWORD YOU GAVE IT BECAUSE YOU WENT OVER THE PASSWORD MAX.

Sometimes I think I could kill people.
I really wish there was a licence to use computers or the internet, maybe then so much crap wouldn't happen like brothers trying to open hardcore-trannys.exe from bloody limewire.

Re:Remember the good old days?

[Lennie]

HTTP/2.0 will be mostly based on SPDY. That is what the 'wait' is all about. There will be no SPDY RFC, there are just drafts.

Basically SPDY is the testing ground for HTTP/2.0.

HTTP/2.0 will most likely only use TLS.

Re:Remember the good old days?

[bryonak]

Hmm, you're placing me inside "them" because I stated it's progress for "them". If we're talking about service providers in general (i.e. my local apache server), there are two points I'd like to highlight:

1. This enables "all of them", not just "the part of them that is me". When it comes to my security, I prefer the exclusive approach.

2. The typical situation is that you're not really a part of "them". "Them" is for example G+/Facebook, and you can try to play along and run a Diaspora node, but... well, we're witnessing how well that's going. "Them" is Dropbox, and you can try to play along and share stuff over your http home server, or (what I'm doing) make accounts for people and ask them to install sftp (or SparkleShare etc.), but sadly some people don't accept that in Dropbox' stead, which in turn requires me to use it.

Good point about Encarta, but this (GGPs comment) is about the technicalities of running random binaries fully within the browser, not where we store the data... which would be perfectly fine with a Wikipedia App that runs natively and obeys the OS... let's call it Firefox.

DMCA "takedown" notice?

The link : https://developer.mozilla.org/en-US/demos/detail/doom-on-the-web/

Gives me a DMCA "takedown" notice...

Re: DOOM on browser available on Mozilla website - Cease and Desist Notice - DMCA Notice of Copyright Infringement

Re:DMCA "takedown" notice?

[Phrogman]

Yeah, how does that gibe with the fact that the source code was apparently released to the public under the GPL in 1999?
http://en.wikipedia.org/wiki/Doom_source_ports

If its GPLed can someone still claim IP rights to the code? or does it mean the code itself but not the content is released to the public?

Re:DMCA "takedown" notice?

[gbjbaanb]

all the code is open source, the textures and levels and other game content were not.

Re:DMCA "takedown" notice?

and the 'DOOM' trademark wasn't free-to-plaster-onto-whatever-i-want either

making the engine open source didn't give away the whole store

Re:DMCA "takedown" notice?

Sent by Agent Smith!

Re:DMCA "takedown" notice?

[HarrySquatter]

If its GPLed can someone still claim IP rights to the code?

Yes. Putting something under the GPL does not relinquish your rights to that code.

Not at all, Features hit users faster

[tuppe666]

To the average Slashdot user, it is apparent that Firefox fans who are turned off by frequent browser updates

I'm sorry, as a [I like to think better ;)] than average Slashdot User...or at least not an AC. I have to say Users love the silent background updating of Mozilla, [Business Users less so], as it allows large features to hit users sooner [I'm loving the new PDF reader]. In fact most users here prefer *release often* strategy its part of their culture [it is mine]. Hell my whole OS gets updated every six months, perhaps you live on a stagnant platform, with occasional releases [read years apart].

Anyone notice ...

Did anyone notice the takedown notice posted where "Doom-on-the-web" used to be in the previous Slashdot article linked above? That's a shame ... Is it available anywhere else, or is it just gone now? (The linked source tar ball doesn't seem to be working for me at the moment either ...)

Not me

[JustNiz]

I for one won't ever buy any games that run in the cloud and/or you have to play through a browser.

Re:Not me

You won't have to. They're all free-to-play! But if you're lost, you can buy a map for your current area for only 0.25 USD on sale this hour only! (required compass is 0.50 USD) Saving your progress will cost you 2.50 USD, so better load up on the 0.25 USD armor upgrades 15 times. After every 5 upgrades, we'll throw one in for FREE.

Re:Not me

[Mr.+McGibby]

That's fine. Plenty of people are doing it already. So nobody that matters really cares what you think.

Re:Not me

[Thwacht]

Why not? Out of spite?

Re:Not me

When you can't tell them apart you will.

Re:Not me

[squiggleslash]

I, for one, will buy (good) games that run on a standards based platform that eschew DRM, running on any computer I want, and has the added advantage of not needing to be "installed".

Re:Not me

I for one will eschew the word "eschew" except for satirical purposes.

Re:Not me

[JustNiz]

The main reason why is that I dont want to have a dependency on the internet.

Partly its about just not wanting to have to be connected to play. What if I want to play where there is no internet, such as on an airplane or while camping etc. Also now you are subject to issues like available bandwidth, latency etc.

Also if the game is running in the cloud, it means I relinquish all control about what they do with the game, i.e. direction they take it in with patches etc,

Also with a local copy I am insulated if the parent company just suddenly goes out of business or even just decides to turn off the master server one day for business reasons.

Companies like Microsoft have already proven they will do that at the drop of the hat, and that they absolutely dont care about how many users it inconveneinces. I guess mostly because there are always people like you that will forget and come right back.

There's also privacy issues. I really dont want some company collectiing and marketing any stats the game can collect about me.

None of this is a problem if you have a binary running locally that doesnt need to use the internet.

I dont see any advantage of having a single user game running in the cloud. It seems all the advantages work for the benefit of the gaming company, and none for me.

Re:Not me

[JustNiz]

wow you being a dick was totally uncalled for.

Re:Not me

[JustNiz]

Also.. as for running in a brower, its another layer of abstraction that can be avoided by running a local app.

Compared to running a native binary, running through a browser can't help but to cost something extra in terms of computer resources, so ultimately cant help but to impact gaming performance at some level.

The inconvenience of having to go through a browser (a window in a window, browser toolbar etc ) is also enough to put me off.
   

Hot Dog!

[rmdingler]

I wouldn't use Java to download so much as an email... even if it came from the Nigerian royal family.

Re:Hot Dog!

Javascript is to Java as a smart person is to you.

Re:Hot Dog!

Javascript is to Java as a smart person is to you.

It's interesting that so many on a presumed tech savvy site like Slashdot don't understand such basic things as the difference between Java and Javascript. It explains some of the discussions happening here.

Re:Hot Dog!

[rmdingler]

I take it anonymous is latin for Whoosh.

Re:Hot Dog!

[HarrySquatter]

They do. It's called "trollbait" and all of the "smart" people who are so quick to correct it fall for it every time.

Re:I don't care

[dyingtolive]

You're wrong! 64 bit is better because the number is bigger! It has more bits! AC learned this when he got his MBA.

64-bit gives better security

[pavon]

Plus, there is no real advantage to using a 64-bit browser unless you want it to use more than 2gb of memory

ASLR (Address Space Layout Randomization) is far more effective in a 64-bit address space than in a 32-bit address space. Browsers need all the layers of protection they can get from exploits.

On the other hand, WebGL gives any website in the world nearly direct access to exploit bugs in GPU drivers, significantly increasing the attack surface of the browser. I say nearly, because the browser does check all parameters for possible buffer overflow conditions before passing them onto OpenGL calls, but any other type of exploit is still possible.

I would definitely prefer that Firefox prioritize features that increase security over those that decrease it.

Re:64-bit gives better security

[UnknownSoldier]

> WebGL gives any website in the world nearly direct access to exploit bugs in GPU drivers, significantly increasing the attack surface of the browser.

You are stating overblown past issues with zero evidence about future possible ones.

Exactly _how_ many bugs and exploits in WebGL has there been? Aside from _THREE_ issues about:

1. CORS / Cross-domain textures (fixed),
2. GPU VRAM reading using as WebGL texture (OSX only!), and
3. DoS

I am not aware of any other code "exploiting bugs in the GPU drivers". Frankly , this is not primarily a GPU driver's issues but an OS and Browser issue. The fact that VRAM is not cleared when a WebGL program starts up is the bug, not unfettered access. This is like complaining a program can be run as 'admin/root' and read the memory of ALL processes. I say "like", because there is no concept of separate memory spaces on the GPU's VRAM.

Of course the bigger problem is why the browsers don't pass the Khronos security conformance tests. I am not sure what the _current_ status of modern browsers are.

Anytime "exploits" are mentioned the year/month should be included so we can gauge if we are discussing issues already fixed or relatively new ones.

References:
  * http://www.contextis.co.uk/research/blog/webgl-new-dimension-browser-exploitation/
  * http://www.contextis.co.uk/research/blog/webgl-more-webgl-security-flaws/
  * https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/

Re:I don't care

[Enderandrew]

Adobe had a 64-bit version of Flash.

There is a 64-bit version of Java.

There is a 64-bit version of Silverlight.

What plugin is exactly stopping Firefox from making a 64-bit browser build? They started the 64-bit build project in 2003. Ten years later they apparently struggle to figure it out, even though community members roll their own 64-bit builds all the time.

Re:I don't care

[Enderandrew]

64-bit browsers are inherently more secure, and can access more memory. Native 64-bit apps also run faster. You're trying to call someone an idiot without realizing that you don't know what you're talking about in claiming there are no advantages.

http://arstechnica.com/information-technology/2012/11/64-bit-firefox-for-windows-should-be-prioritized-not-suspended/

PNaCl

[GeLeTo]

The Mozilla folks didn't speak kindly of Google Native Client, but asm.js is not much different than PNaCl (portable native client)
PNaCl compiles LLVM bitcode to native code
asm.js uses code generated with Emscripten from ..... LLVM bitcode
Devs can easily target both platforms. If somebody ports the Pepper API to asm.js, converting a PNaCl application to asm.js can be an automated task.

Re:PNaCl

[robmv]

asm.js JavaScript subset runs on the same VM, only one VM to secure, it can access DOM APIs directly. NaCl is just another VM like technology, more the p variant that uses an intermediary bytecode, with new APIs made for it, it is a new kind of Java or Flash plugin, probably a lot more secure but a plugin like technology nonetheless

Re:PNaCl

[BZ]

Porting Pepper is a huge undertaking, comparable to reimplementing large parts of a web browser from scratch. Oh, and without real specs, so you have to do a bunch of reverse-engineering.

Re:PNaCl

asm.js is just normal javascript with some backwards-compatible notations. Therefore it will run (more slowly) on any browser, including IE.

for example: "var i = 10 | 0;" informs the runtime you want an integer instead of a normal javascript floating-point number.

As of right now, Nacl is a google-proprietary thing and isn't even enabled in Chrome yet.

Re:I don't care

[dyingtolive]

OP was bitching for the sake of bitching. He did not appear concerned for improvements in ASLR (which might not even be that effective according to some papers I've seen), and, as was already stated, if anything, Firefox should use LESS memory than it does, not more.

I'm calling OP an idiot because not for his position, but for his delivery.

Doom Mozilla and DMCA Notice

[dgharmon]

"this is to notify you of activity occurring on the Mozilla site listed below which infringes on the exclusive intellectual property rights of Id Software LLC .. The copyrighted work at issue is .. DOOM

The link below offers an unauthorized derivation or version of Id Software's DOOM game". link

Re:Doom Mozilla and DMCA Notice

[terrab0t]

I noticed that too. They should have ported PrBoom to the browser.

Re:I don't care

[Enderandrew]

Firefox these days uses less memory than Chrome.

http://www.ghacks.net/2012/06/21/chrome-uses-way-more-memory-than-firefox-opera-or-internet-explorer/

Mind you, Chrome is still my everyday browser, but Firefox has gotten really good at being efficient with memory.

But will it help you to try the demo?

Will it be quicker to play throught the browser, compared to downloading the demo and installing? I think it will take on but needs to be quicker and easier than traditional methods. At least, I can see it encouraging people to play more demos.

Generally from a maintenance / scaling point of view, it seens like a good idea... gaming as a service has been on the cards for some time. The fact that so many updates are required as gaming companies kep releasing beta versions, then running a series of 'updates' means it's better for general internet traffic to reduce the data used when millions of clients download updates (as opposed to 3 / 4 server updates). Also, not testing properly saves a lot of time and effort. Gamers will do it for free!

Re:I don't care

[shia84]

Flash, Noscript and Adblock have been available in 64bit browsers for "ages".
I've been using Firefox exclusively compiled to 64bit for 3-4 years now (the default in the Debian sid repo) and never had came across incompatible plugin after they released Flash for 64bit. Though... I need only around 15 plugins, so heavier user may have a legitimate reason to use a 32bit browser.

Could you point out some of the plugins that actually don't support a 64bit binary? Windows is 64bit per default now too, isn't it... so you'd expect vendors to keep up.

"near-native performance"?

[edxwelch]

It says that it's twice as slow as native c code. This must be a new definition of the word "near".

Re:"near-native performance"?

In the computing world that's close enough that noone really cares. With a traditional interpreted language (like javascript interpreters used to be) you're looking at something more in the range of 100-10000x slowdown.

Re:"near-native performance"?

[edxwelch]

That's simple not true. There are parts of a graphic engine that are quite slow, even in c (like fustrum culling). If you implement those algorithms in a language that is twice as slow you will have problems

RMS is right, we must demand free javascript

[ciaran_o_riordan]

The distinction between installed-software and software that's being run from your browser cache is becoming subtle.

RMS's views on the problem: The JavaScript Trap
https://www.gnu.org/philosophy/javascript-trap.en.html

A solution: The LibreJS plugin for IceCat, Firefox etc. disables javascript if it is non-trivial and doesn't have a notice about using a free software licence:
https://www.gnu.org/software/librejs/

("trivial" is defined as "defines functions")

Re:RMS is right, we must demand free javascript

Why stop there? Why not make the plugin block all content from the web that is not free? What is special about non-free javascript that makes it different than non-free text and images?

Re:RMS is right, we must demand free javascript

When people realize it'll be too late. :|

Re:RMS is right, we must demand free javascript

You should probably demand the source code to every piece of equipment between you and the website in question. Unplugging your network connection would be easier.

Re:RMS is right, we must demand free javascript

[Lennie]

It's code, code is programs people use. And the goal of RMS is for people to be able to have control over the programs they use.

WHY?!?

Why do we continue to try and make 3D games run in the web browser when these games lack the required controls? Where's the controller/joystick API for the web browser?

WebGL is just VRML version 2. We have too many layers of cruft/abstraction layers/API's to deal with. I'm not saying WebGL is a problem (though it has problems like how to run untrusted shader code on the GPU) but we really should not be doing this.

A properly designed "world browser" that actually starts in the 3D environment and perhaps renders flat 2D web pages as such would make a lot more sense instead of trying to shoehorn 3D into a 2D "web page"

Re:WHY?!?

[spage]

Why? Because you're in a browser right now and it's the most popular software platform ever.

Where's the controller/joystick API for the web browser?

https://wiki.mozilla.org/GamepadAPI

WebGL is just VRML version 2.

No it isn't.

We have too many layers of cruft/abstraction layers/API's to deal with.

WebGL sends shader programs to the GPU which executes them. There isn't a layer underneath it.

A properly designed "world browser" that actually starts in the 3D environment and perhaps renders flat 2D web pages as such would make a lot more sense instead of trying to shoehorn 3D into a 2D "web page"

People had no interest in such world browsers, several companies including Microsoft offered them in the 90s and they all died. Microsoft's 1997 technology was called Chrome (yes, really), and they promised "Chromeffects would turn a web browser into a rippling, 3D space with audio and video playback".

Meanwhile people do like 3D games, they do love running things in their browser, and the fullscreen API lets the game canvas go fullscreen. Enjoy your lawn.

Re:WHY?!?

Firefox and Chrome already support joystick and gamepad inputs. The direct APIs may not be quite standardized, but there are several wrapper APIs out there you can download that give you a uniform interface across browsers.

Google is interested in asm.js

"At least some at Google want to embrace a Mozilla-backed project to speed up Web apps written with JavaScript -- even though it competes directly with Google's own Native Client and Dart programming technology. "

Re:Google is interested in asm.js

[spage]

Mod AC parent up! Here it is again

"At least some at Google [cnet.com] want to embrace a Mozilla-backed project to speed up Web apps written with JavaScript -- even though it competes directly with Google's own Native Client and Dart programming technology. "

Asm.js being used to tune Firefox's JS engine

[caspy7]

Perhaps equally exciting to me is that asm is going to be used to speed up Firefox's Ionmonkey JIT.
Devs will compile asm code and compare it to native to find inefficiencies, thereby learning where to optimize the compiler.
So even if you don't use asm.js, we all get faster Javascript.

Re:I don't care

Relax, you are an AC. It's not like your honor and reputation will be tarnished.

Re:I don't care

[jkflying]

No, x86 is clearly bigger and better than x64!

You are forgiven

For such a blatantly erroneous equation.

WTF? Link now goes to takedown notice?

[Bearhouse]

https://wiki.mozilla.org/Legal/Infringement_Notices/3_June_2011

So, that's it then...

A different context to approach GPU processing in

I like oatmeal but it gives me gas.

Re:I don't care

[Lennie]

I'm sure they can supply you a list of some examples if you ask them nicely.

Re:I don't care

[dgatwood]

A lot of plugins are only built for 32-bit browsers. It is a lot more work to get 32-bit plugins working in a 64-bit browser than in a 32-bit browser. Plus, there is no real advantage to using a 64-bit browser unless you want it to use more than 2gb of memory, and I thought one of the common complaints was that Firefox uses too much memory?

Except that if you're running a 64-bit OS, odds are most or all of the 64-bit library code is already loaded into RAM, but when you launch the first 32-bit app, the operating system has to page in an entire 32-bit library stack.

So by being 32-bit-only in an increasingly 64-bit world, Firefox is, in fact, using too much memory.

Re:I don't care

[stanlyb]

Actually, you are saying that you do prefer to have sex with 70year old woman without the need of all these fancy protection (AdBlock)......

Re:I don't care

[dyingtolive]

Bored, mostly, I guess?

WTF?

[Bryan+Bytehead]

Flash works. No Script works. Adblock Plus works.

Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130329 Firefox/22.0 ID:20130329030904 CSet: 8693d1d4c86d

Now, if you want to crash 64-bit Nightly, this is the way to do it.

http://deshommesetdeschatons.tumblr.com/

Keep scrolling. And it's nice that the crash reports are null and invalid.

Re:I don't care

Right now, it's "whaaaaaa! I want 64bit builds!"

They offer a 64bit build, and then its "whaaaa! Flash plugin doesn't work! Noscript doesn't work! Adblock Plus doesn't work! Its horrible, and it crashes to boot!"

But that is not Mozilla's problem, it is the plugin maker's problem. Mozilla needs to change. Now. (and yes, I want my noscript plugin to work but if it does not, I will blame the noscript author, not Mozilla).

Soccer Team Uniforms

[allsocceruniform]

nice post Soccer Team Uniforms