Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Dropping Netscape Plugin API Support In Chrome/Blink

Posted by ryuzaki0 on from the wither-portability dept.

An anonymous reader writes "Google today announced it is dropping Netscape Plugin Application Programming Interface support in Chrome. The company will be phasing out support over the coming year, starting with blocking webpage-instantiated plugins in January 2014. Google has looked at anonymous Chrome usage data and estimates that just six NPAPI plug-ins were used by more than 5 percent of users in the last month. To 'avoid disruption' (read: attempt to minimize the confusion) for users, Google will temporarily whitelist the most popular NPAPI plugins: Silverlight, Unity, Google Earth, Google Talk, and Facebook Video." Google offers NaCl as an alternative, and "Moving forward, our goal is to evolve the standards-based web platform to cover the use cases once served by NPAPI."

116 of 170 comments (clear)

  1. "standards-based web platform" by Daniel+Dvorkin · · Score: 5, Funny

    Standards are wonderful, and everyone should have their very own!

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    1. Re:"standards-based web platform" by XanC · · Score: 4, Insightful

      That may be, but why don't we "evolve" this other thing to cover all the existing use cases BEFORE disabling NPAPI?

    2. Re:"standards-based web platform" by am+2k · · Score: 3, Informative

      However, NaCl is definitely not a standard if it's only implemented in a single browser.

      Btw, Unity3D already supports NaCl with the same license that supports the web plugin. Silverlight needs to die anyways, and two of those plugins are Google services.

    3. Re:"standards-based web platform" by KiloByte · · Score: 1

      NaCl supports only a tiny subset of NPAPI functionality, it's also not portable beyond i386 and armel.

      NPAPI is just as secure (or more often, insecure) as the browser itself. Some sandboxing is in theory good, but NaCl hardly brings anything you can't already do, at a speed and sanity penalty, in javascript.

      At the moment I have only two plugins installed: Flash and DNSSEC Validator. Tell me how would you implement the latter without either arbitrary network access or calling out to the OS.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    4. Re:"standards-based web platform" by gl4ss · · Score: 1

      can you sell properiaty.. because I sure can't!

      why not sandbox npapi?(yeah yeah, full of problems to do that. but not that much more than nacl).

      also where does this leave say, unity web player? is nacl available as feasible route for other browsers? is nacl even ready?

      --
      world was created 5 seconds before this post as it is.
    5. Re:"standards-based web platform" by tepples · · Score: 1, Insightful

      NaCl supports only a tiny subset of NPAPI functionality, it's also not portable beyond i386 and armel.

      To which still-manufacturer-supported platforms is NPAPI portable?

    6. Re:"standards-based web platform" by Anonymous Coward · · Score: 1

      Our company uses a NPAPI (and activex on IE) plugin to bridge between our website and users' TWAIN scanners/cameras.

      It's a fucking shame that after all the *chans and flickrs and reddit over the last decade that none of the browsers (even on the pads) have an "acquire" button to go with their "browse" button on the file upload box.

      Oh wait, there's now a javascript API that will work on about three phones to get video. Whoop de fuck you I'm out.

    7. Re:"standards-based web platform" by Anonymous Coward · · Score: 1

      The N stands for Netscape!

      The same company that invented SSL and JavaScript? Yeah, no-one uses any of their stuff anymore, that's a perfectly good reason to get rid of it all by itself.

    8. Re:"standards-based web platform" by binarylarry · · Score: 1

      I think you mean "Standard-esque"

      --
      Mod me down, my New Earth Global Warmingist friends!
    9. Re:"standards-based web platform" by oPless · · Score: 1

      Last I looked, NaCl is moving to llvm bytecode, allowing on the fly JITting to x86, Arm, etc.

      The only thing that'll be really annoying is there will be no way to access hardware directly. I wrote a PC/SC plugin ages ago to do just this.

      I guess the only way there now would be writing a signed Java applet...

      But wait ... I can't do that on OSX, because ... Chrome is a 32bit app!

    10. Re:"standards-based web platform" by Bobakitoo · · Score: 1

      They will never update their NPAPI plugin while it is still working. Because if it work, don't fix it.

      The NPAPI is only depreciate at this point; the summary state that the most common used ones are white-listed. It is therefore probably not impossible to custom white-list any if your specific need.

    11. Re:"standards-based web platform" by LordLimecat · · Score: 2, Insightful

      Isnt NPAPI just another "de facto" standard anyways? Pretty sure the "N" stands for "netscape", not "W3C" or "IETF" or "RFC".

    12. Re:"standards-based web platform" by manu0601 · · Score: 1

      Tell me how would you implement [DNSSEC Validator] without either arbitrary network access or calling out to the OS

      It could be done at the level of the OS' DNS resolver, for the good of all applications, including browsers.

    13. Re:"standards-based web platform" by Gwala · · Score: 1

      Unity3d may support NaCl; but it has a couple of glaring deficiencies - like a lack of network support (this is apparently a issue with the Pepper API not supporting it). The webplayer (NPAPI) version is unfortunately also a bit faster at runtime.

      --
      #!/bin/csh cat $0
    14. Re:"standards-based web platform" by Blaskowicz · · Score: 1

      Manufacturer of what?
      There's flash plugin for sparc, but they stopped at version 11.2.202.223 while the current one on linux is 11.2.202.310
      But surely there are other NPAPI plugins than Adobe ones, like the totem or mplayer plugins.

      For a web browser, let's see iceweasel 17.0.9 :
      amd64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390 s390x sparc

    15. Re:"standards-based web platform" by michelcolman · · Score: 1

      You know, NPAPI is dinosaur technology, everyone should have stopped using it years ago. Really, all the major companies have ported their stuff long ago, except for a few lazy holdouts who haven't bothered to do the work, like... errr... Google itself?

    16. Re:"standards-based web platform" by hobarrera · · Score: 1

      Things can be de-facto standard, or formalized by an organization (like the ones you mentioned).
      NPAPI is a de facto standard.
      NaCl is not a standard at all, just a protocol a single vendor designed themselves and implemented.

    17. Re:"standards-based web platform" by Ash-Fox · · Score: 1

      Really, all the major companies have ported their stuff long ago

      I don't know. Most firm specific systems were never ported, they were always direct x. Popular plugins like Adobe Acrobat reader, Silverlight, Unity, Google Earth, Google Talk, Facebook Video and Adobe Shockwave still use NPAPI.

      Can you even name as many just as popular or more popular plugins that have been ported?

      --
      Change is certain; progress is not obligatory.
    18. Re:"standards-based web platform" by Elbart · · Score: 1

      And completely under Google's control. Coincidence?

    19. Re:"standards-based web platform" by TheRaven64 · · Score: 1

      Yup. It's a pretty horrible API to and has completely insane integration with both event delivery and drawing, which made sense when you were trying to squeeze the last possible bit of performance out of a 33MHz machine without double-buffered graphics but make absolutely no sense now. It definitely does need to be replaced, the problem is getting people to agree on what. Microsoft tried to make ActiveX a replacement, but no one else adopted it. The only reason NPAPI still survives is that it's the only way of making a plugin that all of the major browsers support. Maybe now Chrome market share is enough that they can make all of the plugin makers implement a new API. Or maybe plugins just aren't as important anymore...

      --
      I am TheRaven on Soylent News
    20. Re:"standards-based web platform" by michelcolman · · Score: 1

      I was being ironic. Google is saying that the technology is obsolete, yet they are still using it themselves for Google Earth and Google Talk.

    21. Re:"standards-based web platform" by StripedCow · · Score: 1

      http://xkcd.com/927/

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    22. Re:"standards-based web platform" by fa2k · · Score: 1

      NaCl is definitely better than NPAPI. Can you spell "sandbox"?

      Unfortunately, the major purpose of plugins is to break out of the sandbox, to access things like sockets, webcams, local files, hardware information, etc. I haven't seen many plugins for the purpose of running speedy code.

    23. Re:"standards-based web platform" by fast+turtle · · Score: 1

      Plug-ins make no sense in light of HTML5 so even Googles NaCL isn't going to be useful for very long.

      --
      Mod me up/Mod me down: I wont frown as I've no crown
    24. Re:"standards-based web platform" by slash.jit · · Score: 1

      So Google is the new Microsoft ?

  2. No More Amazon music :-( by greggman · · Score: 3, Insightful

    I use the AmazonMP3Downloader plugin so when I purchase music from Amazon it gets added to my music library immediately.

    AFAIK PPAPI (and NaCl) can't implement that because they need to save the music to places outside the sandbox.

    Maybe Google can help define a "download to music library" HTML5 API?

    1. Re:No More Amazon music :-( by GigaplexNZ · · Score: 1

      No. The music library is outside the sandbox.

    2. Re:No More Amazon music :-( by AmiMoJo · · Score: 1

      If AmazonMP3Downloader ever gets popular enough to attract black hats who use vulnerabilities in it to pwn your computer you might change your mind about the value of giving plugins that level of access.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:No More Amazon music :-( by greggman · · Score: 1

      Agreed, Which is why I suggested there should be an HTML API for it. Then there will be no need for a plugin.

  3. A pox on both houses. by RamiKro · · Score: 3, Interesting

    NaCl is a good implementation of a terrible idea: i.e Running software in the browser is all kinds of wrong.

    1. Re:A pox on both houses. by Blaskowicz · · Score: 1

      Great idea, let's serve a html renderer in javascript to render a website in the browser in a consistent way and without extraneous features.

    2. Re:A pox on both houses. by TheRaven64 · · Score: 2

      No it isn't. NaCl is a great proof of concept. It shows that you can sandbox x86 apps using some static analysis of the binaries and a few other constraints (it also showed that segmentation support on modern x86 chips is pretty poor and terrible on Atom). The problem is that it only works on x86 binaries. What proportion of Web use these days is (ARM-based) phones and tablets? 20%? If you make something that only works for 80% (and falling) of your customers, then that's a problem.

      PNaCl is promising, but it's currently in early draft stage. It hard-codes some things into the ABI too early and misses other important things (e.g. no mechanism for exceptions, and they're very difficult to implement correctly in a PNaCl model). And, unlike NaCl, PNaCl relies on a complex compiler being bug free for security, and we all know how well that worked out for Java...

      --
      I am TheRaven on Soylent News
  4. If not NaCl or JS, then what? by tepples · · Score: 1, Troll

    NaCl is "running software in the browser". JavaScript is likewise "running software in the browser", so it appears you'd be against that too. Would you rather require every developer of an Internet-connected application to develop an app for Windows, develop an app for Windows RT, develop an app for OS X, develop an app for GNU/Linux, develop an app for iOS, develop an app for Android, develop an app for Windows Phone, develop an app for Wii U, develop an app for Nintendo 3DS, develop an app for PlayStation 3, develop an app for PlayStation Vita, and develop an app for Xbox 360?

    1. Re:If not NaCl or JS, then what? by Mitchell314 · · Score: 2

      Yes. More work to do / less efficient task making = more manpower needed to get jobs done = more demand for software development labor = better job prospects for me. :)

      --
      I read TFA and all I got was this lousy cookie
    2. Re:If not NaCl or JS, then what? by RamiKro · · Score: 4, Insightful

      Yes. I am against both. Cross platform programming as an Interpreter running in a sandbox (JavaScript) or a bytecode VM (Java, NaCl...) shouldn't be done through the browser.
      The Internet should be slightly expanded HTML1 and CGI as far as I'm concerned. Maybe with an exception for audio\video if we can agree on a codec...

      Keep application development and serving to the likes of Android's Play Store + Dalvik.

    3. Re:If not NaCl or JS, then what? by Anonymous Coward · · Score: 1

      and don't even get me started on the horseless carriages...

    4. Re:If not NaCl or JS, then what? by dreamchaser · · Score: 2

      The Internet should be slightly expanded HTML1 and CGI as far as I'm concerned.

      "No one will need more than 637 kB of memory for a personal computer..."

      Apples and oranges. Having more RAM doesn't create a huge security risk like running code in a browser does.

    5. Re:If not NaCl or JS, then what? by LordLimecat · · Score: 4, Insightful

      Nothing stops you from only writing a webpage thats HTML1 with no JS; just dont be surprised when noone wants to visit it.

    6. Re:If not NaCl or JS, then what? by swillden · · Score: 2

      LOL... You were going along fine until you said "develop an app for GNU/Linux". Yeah, right - like any web developer is going to create an app specially for that 1.3% market...

      Unlike the blockbuster that is Windows RT.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    7. Re:If not NaCl or JS, then what? by RamiKro · · Score: 2

      Even if the security issues could be put to rest, there's no justification for running applications in a document viewer.
      If Google is so concerned with serving up cross platform applications, they can package a VM and an App Store along with their browser. They can even conceive of their own URI scheme that will pass requests to the App Store to download and initialize Apps on the VM.

      Is it really too much to expect something better then serving GUIs the likes of Facebook and Gmail inside the browser?

    8. Re:If not NaCl or JS, then what? by tepples · · Score: 1

      Yeah, right - like any web developer is going to create an app specially for that 1.3% market...

      Some web browsers Launchpad.net (the Ubuntu bug tracker) is made for a fraction of that 1.3% market. Besides, for which free (as in at least beer) operating system should developers of client-server applications create the client side of said applications? Or why is it desirable that purchasing a copy of a Microsoft brand operating system or an Apple brand computer be a prerequisite to participation in the public sphere?

    9. Re:If not NaCl or JS, then what? by hairyfeet · · Score: 3, Insightful

      Exactly and for an example of what can happen look at the "Yahoo Porn Bug" in my journal, I had customers spamming the living hell out of everyone in their address books and all that took was a little code, a hidden iFrame, and a browser that runs the same permission level as the user, in that case Firefox.

      Frankly the whole current system is just fucked up, you can have code from as many as a dozen different servers, splattered all over the planet, all just to load a single page. And as more and more websites go "Web 3.0 apps apps apps...did we mention we have apps?" the ability to block all that crap from God knows where diminishes. I think the problem is that JavaScript was just never built with security in mind, it was back in the day when organized cybercrime and the like was the realm of sci/fi and instead of starting over when the thing started getting unsafe we just put bandaids on the bullet wounds.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    10. Re:If not NaCl or JS, then what? by CommanderK · · Score: 1

      Two words: Java applets. This is exactly how they work, and it's a mess. You have to start the JVM every time you load an applet (or load it with the browser and keep it around), and then the UI is a mess. JavaScript inside a browser (with access to the DOM) is so much cleaner and faster (relatively) than the previous mess that were applets. Also similar is Flash, but Adobe got Flash performance to a decent level. However, both Flash and Java applets are going away (for good reason), and the future is probably HTML5 + JavaScript.

    11. Re:If not NaCl or JS, then what? by RamiKro · · Score: 1

      JavaScript was executed* over the course of two weekends so it was never built with much of anything in mind let alone security...

      To be fair, the person in charge has repeatedly apologized and EcmaScript board members has explained both in public and in private that they all in agreement that JavaScript should be phased out and replaced completely.

      Sadly, narrow business interests and squabbling amongst Microsoft, Mozilla and Google have been preventing any progress in the matter. Microsoft is pushing TypeScript, Google is pushing Dart, Mozilla is sticking to a EcmaScript for now... Mind you this is nothing new. Adobe's ActionScript is a JavaScript derivative born under similar conditions.

      *designed would be a stretch...

    12. Re:If not NaCl or JS, then what? by _merlin · · Score: 2, Informative

      Actually, the fact that HTML1 doesn't exist stops you. HTML2 was an attempt to document what browsers of the time rendered (i.e. it was descriptive, as opposed to the prescriptive HTML3 and later), but there was no HTML1.

    13. Re:If not NaCl or JS, then what? by RamiKro · · Score: 2

      Why should I care about visits? I don't live off advertisements and page hits.
      I'm interested in delivering information. A company's portfolio... A product's specifications... A personal contact page... A data sheet... Wikipedia with NoScript is done right as far as I'm concerned.

    14. Re:If not NaCl or JS, then what? by dark_glaive · · Score: 1

      Web browsers may have one been document browsers but that isn't true anymore. Welcome to life. Stuff changes constantly.

    15. Re:If not NaCl or JS, then what? by sharklasers · · Score: 2

      Presentation is highly important in this business. Like it or not, an attractive web site does wonders for the opinion of those who might stumble upon it. It does not have to be laden with graphics and other whiz-bang features that slow down the browser, but a boring page suggests a lack of bother and care by the company, which might translate into related opinions from those who browse the page.

      Geeks continually misunderstand and downplay the significance of image. Humans are visual creatures - ignore this facet at your peril.

    16. Re:If not NaCl or JS, then what? by washort · · Score: 3, Insightful

      So you think the platform for useful apps should be owned by Google instead of being open to everyone?

    17. Re:If not NaCl or JS, then what? by Blaskowicz · · Score: 1

      uh?
      I ran a few java applets a few years ago, mostly one yahoo game. What was striking is how smooth the game's little 2D effects were, and it did not use a shit ton of CPU like flash and javascript do. Java is more akin to using a native app, UI can be anything non standard just like flash or elaborate websites. Starting the JVM was slow in 1997, but that long ago, plus we had mode PIO 16 hard drives and 120MHz CPUs.

      A shame that Java was plagued with updating/installation and security issues.

    18. Re:If not NaCl or JS, then what? by khellendros1984 · · Score: 3, Insightful

      there's no justification for running applications in a document viewer.

      Except that most of the world finds it pretty convenient, and anything we've called a web browser in the last 15 years or so has been much more than a document viewer.

      If Google is so concerned with serving up cross platform applications, they can package a VM and an App Store along with their browser.

      They do. The V8 Javascript Engine is implemented as a VM. They include the Chrome Web Store in the desktop version of their browser as well. That doesn't mean that it's not beneficial to run apps delivered over the web in the browser, the way that every other vendor does.

      Is it really too much to expect something better then serving GUIs the likes of Facebook and Gmail inside the browser?

      And what's wrong with it? A sandboxed plugin API and Javascript VM makes more sense to me than downloading a native app to handle the same thing, and I down see a benefit to having a some kind of Net-VM app, separate from the browser, to run web apps in. Either way, you're still talking about running someone else's code. From that perspective, keeping the browser integrated with a sandboxed scripting and plugin environment makes more sense than any alternatives I've heard anyone propose.

      --
      It is pitch black. You are likely to be eaten by a grue.
    19. Re:If not NaCl or JS, then what? by K.+S.+Kyosuke · · Score: 1

      Having more RAM doesn't create a huge security risk like running code in a browser does.

      Why would running code in a browser create a huger security risk than running code outside of a browser? If anything, the latter is more dangerous. The browser at least is expected to expose only a limited interface for the downloaded code to manipulate the state of your machine. Anything else is a bug.

      --
      Ezekiel 23:20
    20. Re:If not NaCl or JS, then what? by K.+S.+Kyosuke · · Score: 1

      there's no justification for running applications in a document viewer.

      I'd violently disagree with the idea that the web should be a repository of documents for document viewers. Your comment essentially embodies all that is wrong with the web and the people who developed it. Alan Kay got it right and you didn't, deal with it.

      --
      Ezekiel 23:20
    21. Re:If not NaCl or JS, then what? by K.+S.+Kyosuke · · Score: 1

      Two words: Java applets. This is exactly how they work, and it's a mess. You have to start the JVM every time you load an applet (or load it with the browser and keep it around), and then the UI is a mess.

      Aren't you confusing a good idea with a bad implementation here?

      --
      Ezekiel 23:20
    22. Re:If not NaCl or JS, then what? by K.+S.+Kyosuke · · Score: 1

      To be fair, the person in charge has repeatedly apologized

      ...which he even sort of didn't have to, because the management was to blame for the most part of the outcome.

      --
      Ezekiel 23:20
    23. Re:If not NaCl or JS, then what? by FauxReal · · Score: 3, Funny

      We should probably just go back to Gopher.

      --
      Deltron 3030 - Virus (music video)
    24. Re:If not NaCl or JS, then what? by TheLink · · Score: 1

      The real problem is everyone has been coming up with "Go buttons" but there was no decent "Stop button". So to stop some stuff but not others you have to make sure ALL the unwanted Go buttons" are not pressed. And that is not easy to do. Some people say "Use a library" the problem is how do you make sure future "Go buttons" that haven't been invented yet are not pressed either? And how about different browsers behaving differently?

      So more than 10 years ago I proposed that a "Stop" "button" be created: http://lists.w3.org/Archives/Public/www-html/2002May/0021.html
      http://www.mail-archive.com/mozilla-security@mozilla.org/msg01448.html

      But there was no interest in such a thing till recent years with CSP: https://developer.mozilla.org/en/docs/Security/CSP

      If the major browsers had implemented my simple suggestion years ago it would have been harder for the Yahoo, MySpace and other worms.

      --
    25. Re:If not NaCl or JS, then what? by fast+turtle · · Score: 1

      because the god damn browser wasn't expected or designed to run code originally. Just like PDF and all the extra crap Adobe keeps adding to Acrobat. The browser was designed as a Page Rendering/Document Veiwing Engine, not a god damn Turing complete OS like it is now.

      Try running something like Dillo or Elinks that handles things properly - The browser is just a fscking document viewer and you'll see just how badly designed the web is.

      It's the reason I use NoScript in Firefox and have it configured to Deny All by default plus I've gone through and un-trusted every fscking Certificate that's installed int the browser store (especially after the Diginotar incident). Hell I've only got a dozen certs I need to trust anyhow so why have the damn trust model that's being pushed down our throats by the Governments? Root CA's are no more trusted then any other by me. All they do is provide a chain of trust indicating that each company below Verisign has paid their "Dane Geld"

      --
      Mod me up/Mod me down: I wont frown as I've no crown
    26. Re:If not NaCl or JS, then what? by jones_supa · · Score: 1

      Nothing stops you from only writing a webpage thats HTML1 with no JS; just dont be surprised when noone wants to visit it.

      If it contained interesting stuff, HTML1 wouldn't stop me visiting it. Actually it might provide nicer experience than a modern web page which is surrounded with advertisement banners and various menus from every side.

    27. Re:If not NaCl or JS, then what? by CommanderK · · Score: 1

      I also mentioned Flash, which was the same bad idea with a good implementation.

    28. Re:If not NaCl or JS, then what? by hairyfeet · · Score: 1

      I didn't know that but after working corporate for several years it honestly doesn't surprise me. If the average person only knew how many major corps have just insane amounts of risky data, CC numbers, addresses and SSNs for example, being manipulated on some creaky as hell VB into Access DB cooked up over a couple of days by some guy that hasn't been with the corp in the better part of a decade? Or how many transmit the same risky data over the net to the main branch using some God Awful IE 6 ActiveX mess? Well I bet a LOT of folks wouldn't trust these companies as far as they could throw them.

      But your post just supports what I've been saying for years, that JavaScript should have went the way of Gopher and somebody better, something designed from the ground up with security in mind, should have taken its place. I mean its insane the way websites are set up now, I have even seen CHECK OUT PAGES that had calls to third party ad servers! Talk about just asking for CC theft! But I have a feeling as long as the big three look at EVERYTHING as an excuse to try to get some lock in? we'll just keep putting bandaids on bullet wounds.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    29. Re:If not NaCl or JS, then what? by K.+S.+Kyosuke · · Score: 1

      The browser was designed as a Page Rendering/Document Veiwing Engine

      Uh...what? Have you actually seen WorldWideWeb? The only reason why virtually all later browsers were viewers-only was because the new guys found it "too difficult" to support the advanced features.

      --
      Ezekiel 23:20
  5. "anonymous Chrome usage data" by oldhack · · Score: 1

    That's why I don't use chrome. But firefox probably does the same.

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  6. If Google can offer NaCl, they... by EzInKy · · Score: 1

    ...can also offer pepper. Seriously, this is crazy. Everyone knows Google won't do no evil.

    --
    Time is what keeps everything from happening all at once.
    1. Re:If Google can offer NaCl, they... by Carewolf · · Score: 1

      Well NaCl it is one small corner of the bloated corpse of that is PPAPI.

    2. Re:If Google can offer NaCl, they... by jones_supa · · Score: 1

      Nowhere in the article does it say that pepper (ie. PPAPI) is going anywhere. You'll note that the built in flash and PDF viewer don't use NPAPI

      I think he was making a salt & pepper joke.

  7. Chrome native messaging by tepples · · Score: 1

    I use the AmazonMP3Downloader plugin so when I purchase music from Amazon it gets added to my music library immediately.

    AFAIK PPAPI (and NaCl) can't implement that because they need to save the music to places outside the sandbox.

    AmazonMP3Downloader could be split into a part that runs inside Chrome and a separate process that downloads the file, and the two parts would communicate with Chrome native messaging. It's like when Windows Vista came out: applications that needed to run in the background with administrative privileges needed to be split into an elevated service and a not-elevated GUI.

    1. Re:Chrome native messaging by greggman · · Score: 1

      Yea, that would work. So would a little local server (scary).

      I still think I'd prefer an HTML5 Media Library API. Every piece of native code you ask users to install is yet another vector for trojans and viruses. If Amazon has to write one so will Barnes and Noble, Beatport and any other site that wants to let you download music, videos, books, etc directly into your OS's folders for those things.

    2. Re:Chrome native messaging by tepples · · Score: 1

      Every piece of native code you ask users to install is yet another vector for trojans and viruses.

      This is true whether Amazon MP3 Downloader/Cloud Player is an NPAPI plug-in or a separate process, so I don't see the difference.

  8. Embrace, Extend, Extinguish? by Anonymous Coward · · Score: 3, Interesting

    Mark my words: Chrome is going to end up being a second IE 6-like millstone around the IT industrys neck. We are already seeing web sites that only work in Chrome (and Safari, if you're lucky). Firefox, IE (!), and whichever intrepid fourth party browser engines still exist on the periphery, will be reduced to second-class citizens..

    1. Re:Embrace, Extend, Extinguish? by LordLimecat · · Score: 1

      Chrome renders with Webkit, which is used by multiple browsers. Its also one of the most standards-compliant engines out there; if Firefox / IE arent rendering a page and Chrome (webkit) is, thats probably a deficiency in those browsers' engines' standards support.

    2. Re:Embrace, Extend, Extinguish? by mrbester · · Score: 1

      Chrome uses Blink nowadays, unless you're on iOS

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    3. Re:Embrace, Extend, Extinguish? by BZ · · Score: 2

      Actually, WebKit cuts corners on standards a lot more than Firefox and IE do. For example, the official CSS 2.1 test suite from when the standard was finalized two years ago shows WebKit passing about 89% of the tests (for comparison, Firefox passed about 97%).

      If Firefox/IE aren't rendering a page and WebKit is, it's almost always because the page author has written WebKit-specific code (e.g. used -webkit CSS prefixes on properties that are supported without a prefix in other browsers).

      What WebKit and especially Chrome _does_ have is much better marketing. Not least because they have a much larger marketing budget than, say, Mozilla. Sadly, their marketing is working well on you.

    4. Re:Embrace, Extend, Extinguish? by Lehk228 · · Score: 1

      I have not seen a page that firefox doesn't render correctly since it was called firebird.

      my fiance insists on using chrome despite constantly having weird issues with it.

      --
      Snowden and Manning are heroes.
    5. Re:Embrace, Extend, Extinguish? by dkf · · Score: 1

      If Firefox/IE aren't rendering a page and WebKit is, it's almost always because the page author has written WebKit-specific code (e.g. used -webkit CSS prefixes on properties that are supported without a prefix in other browsers).

      The problem isn't using browser-specific extensions. The problem is that the page doesn't work without them. What's really wanted is a way to tell a browser to disable all vendor-specific extensions and to have everything be according to standard (or disabled) so that authors can check their stuff ahead of time.

      Checking stuff ahead of time? Hah! I can dream...

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
  9. The new IE is here by Billly+Gates · · Score: 4, Interesting

    More and more Chrome is reminding me of IE from the humble IE 4 which was the best browser to the jaguarnut of IE 6 which still has not completely died off yet in China and some corporate portals.

    Chrome rushes to throw HTML 5 and CSS 3 features not standardized on W3C so they can pass HTML5test and calls them HTML 5 and CSS 3 but really are made just like box model and CSS were invented by IE. The W3C in the end decided to make it a little different which is why when Firefox went one way the corps hung onto IE 6 instead.

    This NACL and plugins is all 21st activeX to me. If MS did this for IE 11 everyone would be screaming bloody murder.

    --
    http://saveie6.com/
    1. Re:The new IE is here by gQuigs · · Score: 1

      Are you sure that's your sig (Save IE6), or was that the end of your argument :)

    2. Re:The new IE is here by VortexCortex · · Score: 1

      More and more Chrome is reminding me of IE from the humble IE 4 which was the best browser to the jaguarnut of IE 6 which still has not completely died off yet

      I see we are not letting a mere lack of knowledge be any impediment to voicing opinions tonight.

      Well, I've been developing "web services" since before the web existed (BBS networks), all the way up to HTML5 and beyond, with bleeding edge browser features pre-standardization, so let me weigh in on the issue:
      /me shudders.

    3. Re:The new IE is here by pentadecagon · · Score: 1

      Except that Google makes everything free and open, everybody is invited to copy it. There is nothing else they can do, short of bribing standard bodies.

    4. Re:The new IE is here by StripedCow · · Score: 3, Informative

      From the NaCl FAQ:

      Is Native Client open? Is it a standard?
      Native Client is completely open: the executable format is open and the source code is open. Right now the Native Client project is in its early stages, so it's premature to consider Native Client for standardization.

      You think that NaCl might lock you in to some proprietary standard, but the complete opposite is true: if you want, you can build your own version of HTML and CSS in NaCl, or build your own programming language. Hell, you can build a browser in NaCl.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    5. Re:The new IE is here by Richard_at_work · · Score: 1

      Where is the patent waiver?

    6. Re:The new IE is here by knarf · · Score: 1

      the jaguarnut of IE 6

      Elephant bollocks. I guess you meant juggernaut? No nuts there but more to the point.

      --
      --frank[at]unternet.org
    7. Re:The new IE is here by dave420 · · Score: 1

      Then you're aware that there have been plenty of "standards" which have been adopted before standardisation, which varied across browsers. Waiting for standardisation would keep the web years behind where it otherwise could be, with the only headache being cross-compatibility shims, which are getting more and more powerful and easy to use with each generation of browser.

  10. Does this mean I will lose LASTPASS? by mlawrence · · Score: 1

    I simply cannot function without that browser add-on. Why is Google doing this? I will be forced to switch browsers. :(

    1. Re:Does this mean I will lose LASTPASS? by gl4ss · · Score: 1

      dunno why lastpass would need npapi. I don't use it, but I would guess lastpass acts more as a browser plugin, in the sense that it is a plugin for the browser and not a plugin for handling elements on the page that the page creator declared that plugin would handle(like a box on the page that's supposed to show a flash animation).

      --
      world was created 5 seconds before this post as it is.
    2. Re:Does this mean I will lose LASTPASS? by Anonymous Coward · · Score: 1

      No, it doesn't. LastPass does not use NPAPI.

    3. Re:Does this mean I will lose LASTPASS? by Anonymous Coward · · Score: 1

      So either LastPass will need to make a NaCl plugin or Google should add LastPass to their whitelist to avoid a backlash.

      Or do nothing, since, you know, they don't use NPAPI.

  11. I find it telling by msobkow · · Score: 1

    I find it telling that even Google Earth doesn't use NaCl yet.

    --
    I do not fail; I succeed at finding out what does not work.
  12. Chrome Web Store by tepples · · Score: 1

    If Google is so concerned with serving up cross platform applications, they can package a VM and an App Store along with their browser.

    Chrome Web Store already exists on desktop versions of Chrome.

    1. Re:Chrome Web Store by RamiKro · · Score: 1

      As part of Chrome. Using the browser's own APIs.
      Similarly, you can use Mozilla's Marketplace in the desktop version of Firefox... Like I said earlier, a pox on both houses.

  13. A round-trip and full reload for each click by tepples · · Score: 2

    The Internet should be slightly expanded HTML1 and CGI as far as I'm concerned.

    Usability would be horrible. For example, web-based paint programs can currently use HTML5 Canvas, SWF, or Java. But without any sort of client-side scripting, they would have to use a server-side image map and make a round-trip for each click on the image. And imagine how much longer Slashdot comment pages would take to update if every time you expanded or collapsed a comment, the server had to resend the full text of all other comments.

    1. Re:A round-trip and full reload for each click by RamiKro · · Score: 1

      I'll ignore the web-based X programs issue since I've already mentioned I'm against serving application inside the browser.

      As for the Slashdot comments, Slashdot should be an App. In fact, Slashdot is a prototype for apps like feedly.
      Though the comments could still be served as read only on the html side... Somewhat like email lists archives.

    2. Re:A round-trip and full reload for each click by tepples · · Score: 2

      As for the Slashdot comments, Slashdot should be an App.

      There already was an app: the NNTP news reader. But no ISPs provide NNTP service anymore. So for which platforms would the Slashdot app be made available?

    3. Re:A round-trip and full reload for each click by RamiKro · · Score: 1

      What's wrong with using a simple, RESTful, HTTP API? You can even support a JavaScript client using the same client.

    4. Re:A round-trip and full reload for each click by RamiKro · · Score: 1

      same client's API...

    5. Re:A round-trip and full reload for each click by AmiMoJo · · Score: 1

      My ISP provides usenet servers. Keeps some major bandwidth inside their network.

      The problem with usenet is that it's a free-for-all, no moderation. Slashdot is actually a really good example of how the web improved internet based discussion groups.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:A round-trip and full reload for each click by tepples · · Score: 1

      What's wrong with using a simple, RESTful, HTTP API?

      What's wrong is the difficulty of getting your application approved by Apple, Microsoft, Nintendo, and Sony.

    7. Re:A round-trip and full reload for each click by tepples · · Score: 1

      Paint chat, or virtual whiteboard, is the multi-user evolution of oekaki. If the web is not for long-distance visual collaboration, then what is?

    8. Re:A round-trip and full reload for each click by tepples · · Score: 1

      We're taling about HTTP and HTML, not the web.

      What's the difference between the HTTP and HTML on one hand and the web on the other?

  14. Quake Live by DudemanX · · Score: 1

    Quake Live runs their engine through a NPAPI plugin. They're supposed to port that to NaCl just for Chrome users? More likely they'll just not support it and ask people to switch to Firefox.

    1. Re:Quake Live by msobkow · · Score: 1

      You still play Quake?

      How... quaint.

      --
      I do not fail; I succeed at finding out what does not work.
    2. Re:Quake Live by jones_supa · · Score: 1

      You still play Quake?

      How... quaint.

      Hey, why not! I support the idea that games from any era can be played at any time. BTW Quake 3 Arena was still the game used for tournaments held at QuakeCon 2013. Playing both old and new stuff makes a nice mix of entertainment.

  15. Torture.... by wbr1 · · Score: 5, Funny

    Google once again shuts down a service/feature, but this time they have the audacity to rub NaCl in the wound. That burns, it really does.

    --
    Silence is a state of mime.
    1. Re:Torture.... by phantomfive · · Score: 1

      What's wrong with NaCl? Serious question.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Torture.... by wbr1 · · Score: 1

      Um.. NaCl == Table Salt. Salt in a wound?

      --
      Silence is a state of mime.
  16. Lost Years of My Life to NPAPI by glennrrr · · Score: 1

    I used to have a programming job which involved maintaining a large C++ codebase which was shipped as a Windows desktop app, a Mac desktop app, NPAPI plugins on both Windows and Mac, and an Active X control. As it was written before 'modern' Mac NPAPI, you can imagine how ridiculously convoluted it was converting the Mac plugin to support such necessities as Core Animation layer rendering, and the sandboxed event handling that Safari moved to as an attempt to make NPAPI plugins secure. So I spent literally years trying to keep that sinking boat afloat when it was obvious we needed a Javascript/web app replacement product.

  17. 5% by Hypotensive · · Score: 1

    "I know, we'll just throw away 5% of our installed users."

    You would have thought that Google would have heard of the long tail...

  18. "standards" by hobarrera · · Score: 1

    It's not a standard just because you publish the documentation. Or can I make the Hugo-Plugin-Standard now?

    Google is just being a bully because of it's position. "Adopt our made-up standards, or don't interact with us."

  19. Re:Google is best avoided, period. by jones_supa · · Score: 1

    I think it's the "many people would give up their civil rights for a pint of beer" problem. We use Google products because they are nice and get the job done. Same reason why people use Facebook despite the datamining. Same reason why people get games from Steam despite the DRM. It's not a good thing, but I believe this is the reason. You don't feel the wrath of the evil parts in the typical day-to-day user experience.

  20. VMWare by brunes69 · · Score: 1

    This is going to make the VMWare browser-based console not functional, which was the only way to manage your VMWare instances in linux.... super.

    1. Re:VMWare by afidel · · Score: 1

      Linux isn't supported in 5.5 anyways since they upped the flash version requirement to greater than the last version available for Linux.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  21. Re:Next Page Google can take from MS by bussdriver · · Score: 1

    How do you think MS was able to fast track Office XML into an ISO standard?

    Some "standards" don't happen without force.

    --
    Democracy Now! - uncensored, anti-establishment news
  22. I meant "not PowerPC Macs" by tepples · · Score: 1

    Manufacturer of what?

    Manufacturer of the computer. Mostly I was trying to exclude PowerPC Macs from a discussion of the future direction of NPAPI.

    amd64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390 s390x sparc

    Now let me rephrase my question: For which of these platforms are NPAPI plug-ins still released?

  23. Scanning was Re:"standards-based web platform" by bsmedberg · · Score: 2

    Scanner support for is on my short list of things to implement in Firefox, along with webcrypto so that sites stop using Java for its crypto library. I'd love help with it for anyone who is interested.

  24. Appeal to tradition fallacy by tepples · · Score: 1

    Why would running code in a browser create a huger security risk than running code outside of a browser?

    because the god damn browser wasn't expected or designed to run code originally

    Expecting the current version of a computer program to be no larger in scope than the first version is a form of the appeal to tradition fallacy.

    1. Re:Appeal to tradition fallacy by K.+S.+Kyosuke · · Score: 1

      Expecting the current version of a computer program to be no larger in scope than the first version is a form of the appeal to tradition fallacy.

      It gets worse: the old version was much better.

      --
      Ezekiel 23:20