Slashdot Mirror
Ask Slashdot: Options After Google Chrome Discontinues NPAPI Support?
An anonymous reader writes: I've been using Google Chrome almost exclusively for more than 3 years. I stopped using Mozilla Firefox because it was becoming bloated and slow, and I migrated all my bookmarks etc. to Chrome. Now Chrome plans to end NPAPI support — which means that I will not be able to access any sites that use Java, and I need this for work. I tried going back to Firefox for a couple of days but it still seems slow — starting it takes time, even the time taken to load a page seems more than Chrome. So what are my options now? Export all my bookmarks and go back to Mozilla Firefox and just learn to live with the performance drop? Or can I tweak Firefox performance in any way? FWIW, I am on a Windows 7 machine at work.
Have a question for Slashdot's readers? Take a look at other recent questions first to see if someone else has had a similar question. And if not, ask away! The more details and context you include, the more likely your question will be selected.
that'll fix it
It is a mistake to discontinue the NPAPI: there are *lots* of commercial/corporate/etc. plugins using it (!)
Keep an older copy of Chrome around?
Manual installs always offer this as an option, if you have disabled the autoupdate (which sucks a ton of bandwidth anyway).
you should do a malware scan dude. Failing that, you can also use internet explorer.
If your Firefox install and profile are reasonably old, you'll probably have a bunch of cruft. Start fresh (reinstall and start a new profile), import bookmarks, install only the addons you need. Should be plenty fast after that.
Only problem is that it seems for every new version that comes out, you have to install more and more addons just to keep the browser the same. You could always just use Firefox only when accessing a site that requires java, and use another browser for everything else.
auto-disable and minute long startup times, I haven't seen a java web page in years.
It's interesting to note that while CS departments are pushing ever more extreme forms of static typing, javascript has won in the most used platform. They never seem to notice that.
http://lifehacker.com/turn-on-... I've noticed a speed bump doing that, and the usual addons for ad blocking etc.
http://chimpbox.us
While it's a good idea to push the discontinuation of NPAPI, I think Google are being too aggressive in their phase out. There are a tremendous number of websites that will be disabled if NPAPI is dropped altogether. It's going to take a long time for them to all be brought up to modern standards, especially if they're not well funded.
It's important to push the conversation and give developers motivation to do the necessary work but if they push too hard, the web will push back and they'll end up shooting themselves in the foot.
Use firefox for your java site and chrome for all the rest ...
This may have been in jest, but it is the correct answer for those few sites that he needs Java on. Keep using Chrome for almost everything, then use Internet Explorer for the one off site that needs Java. Done. No need to fiddle around.
From the Chromium Blog:
In April 2015 NPAPI support will be disabled by default in Chrome and we will unpublish extensions requiring NPAPI plugins from the Chrome Web Store. Although plugin vendors are working hard to move to alternate technologies, a small number of users still rely on plugins that haven’t completed the transition yet. We will provide an override for advanced users (via chrome://flags/#enable-npapi) and enterprises (via Enterprise Policy) to temporarily re-enable NPAPI while they wait for mission-critical plugins to make the transition.
Internet Explorer? I mostly use Chrome, but when I access my company's internal website I have to use Internet Explorer. I think version 10 was the most recent for Windows 7.
Yet people are happily using insecure bug-ridden flash crap every day.
Tweak firefox with:
new tab, type "about:config" into the address bar.
find "network.http.pipelining" and set it to "true"
find "network.http.pipelining.max-optimistic-requests" and set it to 8
find "network.http.pipelining.max.requests" and set it to 32 if it isn't that already. Don't take this one too high.
They sentenced me to twenty years of boredom
Hell must have frozen over. People on Slashdot are actually *recommending* Internet Explorer.
Too bad you don't have enough storage space to have multiple browsers installed. I use Opera, but can also use IE, Firefox or Chrome if I run into any compatibility issues. How hard is it to copy/paste a URL?
"National Security is the chief cause of national insecurity." - Celine's First Law
What slows down firefox are the nested javascript ads and sometimes the pointless ad movies that are in the corners of screens.
Use NoScript and make a point of only having javascript enabled for domains that you WANT to run javascript from.
And then firefox is actually quite fast. Added bonus... less bullshit cluttering up your pages.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Don't believe me?
Go to peacemaker benchmarks? Firefox uses less ram and cpu bloat. On my atom surface chrome is twice as slow and borderline unusable.
FYI you could ... gulp use IE for your work sites? You won't continue your cpu with that filth of IE 6. IE 11 is bug free and us ok. Not awesome but usable and standards compliant now.
EDGE in Windows 10 will be the best browser from what I see so far so if you're willing to upgrade next year that may solve your problem
http://saveie6.com/
Per the Java support site, go here: chrome://flags/#enable-npapi
They probably won't support enabling it forever, but for now it's a workaround.
This is only a problem because you insist that everything happen in one piece of software. That is not a requirement, or at least not one you shared with us.
If you want to complete a task that requires a particular piece of software, use the required software for that task. Then use whatever software you want for all other tasks. This will not only let you use the browser you want for most things, but will let you optimize the NPAPI browser for that particular use without worrying about security and updates and whatnot.
If you enable pipelining, firefox can be MUCH faster.
...then why not complement your end-of-life Windows 7 with an older version of Chrome or FF.
Windows 7 end-of-life is January 14, 2020.
You can turn the NPAPI back on. Go "About:flags" in your address bar, do a Find for "NPAPI" and enable.
Firefox nightly with E10S , 64 bit is my go-to browser now.
You're confusing "extended support" (2020) with end of life - Jan 2015
http://windows.microsoft.com/e...
E
Firefox is NOT an option. I tried going back to it a few times too, but NOPE. Ever since Firefox 3.6 it has been utter garbage.
As for NPAPI... its the ye olde Netscape Plugin API from the 90s. It HAS to go. Chrome actually dropped NPAPI a long time ago on other OS's (Linux, anyway, I think OSX too) but kept it around quite a bit longer on WIndows but it really is time for it to go.
I actually did have some pain when Chrome dropped NPAPI support on Linux (we use Linux as our desktops the last 3 employers I've had) but eh, managed to survive without it.
Good riddance to Chrome and Java browser plugins. Really.
You can tell how powerful someone is by the magnitude of the crime they can commit and be able to get away with.
I don't remember where I spotted it first, but PaleMoon is a FF fork that's dumped a lot of the stupid design decisions and supports 64-bit. I've been quite happy with it since I discovered it, and it can't be worse than the newest FF versions.
http://www.palemoon.org/
Available for advanced / enterprise users.
// -- http://www.BRAD-X.com/ --
... but are you seriously complaining about a little bit more load time? Does your job require absolutely no multi-tasking where you can't do something else on the side? (Assuming this load time is so much worse)
If your only issue with switching browsers is a slight difference in load times then you sir are experiencing what a lot of us call a 'first world problem'. If it's such a problem for you, Firefox happens to be open source. Enjoy.
/shyly raises hand
Is using IE simply too inconceivable and ridiculous to think about?
So 2015 to 2020 is the zombie period?
This space intentionally left blank
why do you have to use just one browser for everything?
there's nothing stopping you from using chrome for most sites, and firefox (or whatever) for the handful of sites that require java.
in fact, IMO, you're better off using multiple browsers to minimise the tracking that can be done of you. e.g. i have one browser (midori) that i use ONLY for facebook and nothing else; my main general purpose browser is iceweasel with adblock plus and noscript and other privacy-enhancing plugins; i use chrome to view youtube and other videos; and iceape gets used solely for my online banking and nothing else (usually in a separate login session unless i'm being lazy or in a hurry - ctrl-alt-Fn to get to a new tty, login and startx, run the browser, do my banking, quit the browser and logout).
Bug your vendor(s) for modern HTML5 applications. Java has no place in the browser anymore - not now, not anytime in the past 5 years.
We've been at the point for a couple years where JavaScript alone could do everything that plugins once did. ActiveX is pretty much dead. Acrobat Reader and Java (as a browser plugin) are in their death throes, Flash isn't far behind. Little by little, the major browser vendors are doing what they should have done some time ago and pulling the plug so that the last holdouts could die off too.
I have no sympathy for the enterprise here. It's not like you haven't had time to prepare - the major browser vendors have been saying this was coming for years. The only things left still using it are malware authors and the handful of applications that are so outdated and neglected that they may as well be considered malware themselves
Now. As for practical answers. You do what every other enterprise that holds on to software from beyond the grave does. You stick those applications in a Citrix farm sitting on hardened servers. You create an environment for each individual one of those applications, and you configure outbound network access in a whitelist-only fashion. so that the browsers on these citrix environments each access one specific mission-critical Java application. And you pay out the nose to do so, because you didn't plan ahead for the future.
Or, you stick with an outdated, insecure browser on your desktops and get owned. Those are pretty much the only options at this point.
That's the "if you're in an organization that pays for extended support you can pretend it's still alive" period :)
For everybody else, g'luck, you're EOLd and no more update soup for you.
On behalf of all the black hats and script kiddies out there: I applaud your advice, sir.
Give me a break!
The guy has already said he's going to be using it to run Java, so whatever bugs are in an older versions of Chrome, kept around to be used exclusively to run the Java plugin, are no worse than the fact that he's using Java in the first place. He obviously doesn't care about security, if the Java lumps I've analyzed being downloaded from pirate video sites are any example, since I've counted no less than 17 unpatched Java plugin exploits being used (before I gave up and quit counting).
But it's great that Oracle is endorsing Firefox like this, by not making a standalone Java-based browser for talking to Java-requiring sites...
use the noscript plugin to speed up page loads... only allow the scripting that is required, leave all the other nonsense blocked.
we had the same whining when Active X was all the rage and every corporation had craptastic webapps that used that digital abortion.
The world did not end then, it wont end now. use what works and ask the office to stop being cheapskates and upgrade your ram to 16gig and the hard drive to a 1TB SSD drive.
You're confusing "extended support" (2020) with end of life - Jan 2015 http://windows.microsoft.com/e...
E
Hmm... Doesn't say "End of Life" anywhere on that page. And they still have not set a date for "End of Sales." So, nope...
We had been using google as our landing page and chrome as the default browser. Online testing requires what google took out, so now we are back to bing and msn and IE. Many other school districts have had to do the same.
When schools are mandated to do testing and testing worked with chrome before, did google not think about the required shift back to IE for hundreds of thousands of school computers? They had the kids attention and then lost it in 1 dumb move.
Really sounds like some major whining for the minor annoyance of free stuff screwing you, and not being able tolerate a slight slow down in using your other free program.
If you feel there is a issue with Firefoxe's performance than you are showing a high level case of Ignorance, the difference inspeed is negligible if there is any at all. Try running a clean updated copy of fire fox possibly remove any bloated addons that you have added to the software that are un needed.
Over all between Firefox and chrome, Firefox has always ran faster and taken less memory to run than Chrome has on my box.
You have to accept the security issues of java, while installing it, Now if javascript would lose it's following.
I'd suggest giving Opera a try but it will update itself with no warning it will or has.
the work site.
There is a REASON browsers are slowly eliminating support for this sort of crap.
I always wondered what people were talking about when they said firefox was slow. Thinking about it every time I've touched a Windows machine over the past several years (ie since Vista) I've felt that everything was god-awful slow. I think your problem is the OS and not the software.
You did get the part where he's talking about using Java for work, in a secure environment, yes? You aren't seriously claiming that everyone that uses SuperMicro servers doesn't care about security because their IPMI interface is a Java webstart application, are you?
I mean, for my own part, I have two choices when doing hardware tests of our appliance builds: I can drive across the Twin Cities from my home office and stand at the R&D rack in a cold and noisy staging area for several kickstart/chef bootstrap/chef converge cycles. Conversely I, as a professional, can assume the risk of using a Java IPMI interface to access a server I physically took from a box and placed in the rack of a secured staging room over a secured subnet accessed over a secured VPN connection on my development VM (with a weekly maintenance snapshot, taken every Monday morning, which I don't hesitate reverting to 'cause SystemD, but that's another story), using HTTPS with the SSL cert from that box I physically placed in the rack.
If you are somehow cracking past all those barriers into the imaging subnet of our R&D department's subnet, you've already got half a dozen usernames and passwords and have changed a cert that lives on a box whose OS has an average lifespan on the order of an hour (that is, owning that box isn't incredibly useful in and of itself). Even at that point, the new SSL cert is going to tip me off. But if somehow you managed to get past all that, with all that knowledge just to infect my desktop VM, it seems to me that you already have the keys to the kingdom, so to speak.
That is all to say, just because someone has, or even chooses, to use Java doesn't mean they don't care about security. I'm sure I don't need to explain to you of all people (I read your username and it immediately rang a bell; a quick Google search confirmed my suspicion - I run a lot of code you wrote, and most likely vice versa but to a much lesser degree)that security is about defense in layers, attack surface, vectors and risk/reward. I'm sure there are plenty of other people that use Java in their professional lives that understand and accept the risk of how and where they use it.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
How about users of enterprise software, managed switches, Cisco gear, and embedded appliances for whom their shiny Windows 7/8/10 (for those corps that would run 8 or 10 - I'm sure they exist somewhere), Fedora 22, Mac OSX-latest still can't access said software, hardware, appliances? You do understand that I didn't write SuperMicro's Java interface and I'm not at will to upgrade to software that doesn't exist on something I didn't make regardless of how shiny my frakkin' operating system is, right?
You are correct, however about not being "forced" to do anything. What is going to happen is that when all of our stuff stops working on Chrome, we'll all use Internet Explorer because that's all that will work and IT will start enforcing it. Meaning I can count on the day where IT officially won't support my Linux laptop even though they turn a blind eye right now because I can operate without Windows. Same goes for my boss that runs a Mac.
It's a win for management who have been taking a political beating/PR hit for the move from Google Accounts for Domains (or whichever the enterprise suite is) to strictly Microsoft though. Which is a bit troubling since prior to acquisition there was hushed talk about the new management not being too keen on us in the R&D department using, writing and contributing to open source projects.
In summary, breaking an interface to other things breaks stuff on ALL supported platforms, because end users can't upgrade software they didn't write or compel their upstream provider to care what Chrome does; it doesn't matter what version of which operating system you're running. There are also unintended consequences for breaking stuff that corporate customers use, and those of us that have a foothold with Open Source in the company are collateral damage.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
Visit: http://www.saveie6.com/
Enjoy the freedom and speed!
Okay, I'm saying this with almost no knowledge of the fundamental differences between npapi and pepper, but wouldn't it be possible to write a pepper plugin that implement npapi, and can load "legacy" plugins? :(
Sure, it might be some work, but I have the feeling that a handful of people would be hapy to help maintain this. Of course, the best solution would be to move on and adopt a new standard, but that won't happen as long as there is a possibility to use another browser/use an old version of the browser... That's why there were some IE6 live for so long
Seriously, what the fuck kind of submission is this?
Pweeeassse help me! I don't know how to use a bwowser!
You can do this by following instructions online. It does help significantly.
Happy, NPAPI?
- First they ignore you, then they laugh at you, then ???, then profit.
...bloated? And you don't talk about how Chrome is bloated? lolol.
you migrated from Firefox to Google's ad platform... Gz?
C has untyped data with statically typed _variables_... combining low productivity with billions if not trillions of dollars in damages from buffer overruns and other easily catchable bugs.
I wonder if the reason so many programmers cling so tenaciously to C is not job security and to make work for themselves. CSS seems to inspire something similar - an inefficient, unintuitive, error-prone, bureaucratic thing; yet loved by it's adherents because there is such a barrier to entry to learn it well.
Get better equipment, like a SSD.
Enabling NPAPI in Chrome Version 42 and later As of Chrome Version 42, an additional configuration step is required to continue using NPAPI plugins. In your URL bar, enter: chrome://flags/#enable-npapi Click the Enable link for the Enable NPAPI configuration option. Click the Relaunch button that now appears at the bottom of the configuration page.
Google picked on Linux first to disable NPAPI support with version 35 on the platform just over a year ago. This immediately disabled all Java applets including browser-based VNC clients used for server management (e.g. HP's iLO, Proxmox etc.). Yes, noVNC is around and the latest Proxmox supports that, but it was poor for Google to do this without any JVM having PPAPI support for its browser plugin.
Bizarrely, Google Chrome on Linux has gone the other way with Flash support. It's been baked into the browser via a sneaky Adobe deal who only supply the latest Linux Flash plugin (17.0.0.188 at the time of writing) as a PPAPI plugin to Google and have left their NPAPI plugin for non-Chrome browsers at version 11.X (equally strangely, they are actually updating it periodically for security issues, even though it's 6 major releases behind).
Well, we, who send rockets to outer space, fly aircraft with millions of passengers every day, and route billions of $ worth of financial transactions on any given afternoon, we know these things. That guy who thinks code is 'shitty' because it is explicit and well-documented and perhaps a little more wordy than is convenient for him or faddish? He's probably building some of those web sites you hear about in security bulletins, or the ones that just aren't working every 3rd day.
Doing right is HARD, 'shitty' is thinking that spitting out a bunch of code is all there is to the job.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
Honestly, IE11 ain't at all bad. Now, the OS that it runs on OTOH is giant festering...
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
The error is the presence of both transfrom (RO) and transform (OR) variables due to a typo.
That is true in Python, for example: "z = x + y" always and only completes if the operation "+" is defined for the types of the values held by "x" and "y".
So how can a Python developer certify at packaging time (which is prior to runtime) that by a particular point in a program, x and y will always have types amenable to operator +? A static type system has the effect of embedding a set of test cases for value types in the variable declarations.
"End of life" is a term used outside Microsoft to refer to what Microsoft refers to as the "end of extended support" for a particular version of Windows. "Extended support" for Windows means public availability of newly created security patches. And for Windows 7, this ends on January 14, 2020.
So if Slimjet is Chromelike, will it follow suit?
Tracy Johnson
Old fashioned text games hosted below:
http://empire.openmpe.com/
BT
http://www.palemoon.org/ . It's an optimized x64 version of Firefox, ridden of many of its nonsense and some of the less useful features (activeX support, UI quirks, parental control, accessibility etc.) Maybe it's just what you need.
Not true. Windows XP received security updates even after the April 2014 range (mostly to fix Heartbleed). The extended support period is the "you're only getting security updates" period and then after that, you get no more unless you pay the $$$ for updates organizationally.
http://www.computerworld.com/article/2484165/microsoft-windows/microsoft-will-craft-xp-patches-after-april--14--but-not-for-you.html
No doubt the top three browsers are Chrome, IE, Firefox. However, they aren't the only ones on the market. You remember Opera and Safari?
There's also a new guy in town, Vivaldi (from the former CEO of Opera).
Since I put no effort in the research, I'd say download all of them and see if they meet your needs.
All except PNaCL, which most npapi plugins could be recompiled to within a few days work...
Not exactly. PNaCl plugin run in a restricted sandbox, they are severly limited into what they can execute and which API they can call.
That's not the case with NPAPI: an NPAPI plugin can basically call any API it whishes (e.g.: call the OS's media API).
The closest thing to PNaCl in the Firefox world isn't NPAPI, but ASM.js, that two only runs a very limited set of API (e.g: only use WebGL) and is restricted to what it can do.
Saddly, a lot of the Java applet aren't actually "write-once run everywhere" as Java was intended to be, but rely on native libraries that are packaged together.
(This is also is the reason why some popular Java applet won't run easily on Linux 64bits without some tweaking).
These external DLL/so are clearly out of what the PNaCl model authorises. You can't do a PNaCl-port of Java instead of NPAPI and keep such functionality.
And such thing are really popular in the corporate world: .so) for all media access.
- Cisco's WebEx conferencing platform - which is immensely popular in the corporate world - relies on native libraries (.DLL or IA32
Without it, all you're left with is using a phone connection to the conference, and you miss screen sharing/webcams.
- Several VNC plug-ins use similar native libraries for low-level access - (including popular ones to remotely admin servers from the lights-out web console)
etc.
All these won't require a simple recompile. .so files gets rewritten from scratch to be able to used from within the restricted context of PNaCl.
They would require that :
- Java gets ported to PNaCl (or the apps themselves get re-compiled targetting PNaCl instead of JVM).
- Extra functionality that the applets pack into external
(That would be great. It means less risks of hacking as everything fits within the PNaCl restrictions, and also as PNaCl is bytecoded, you get tweak-less support for x86_64, ARM, etc.)
Or:
- rewrite the whole functionality from scratch using HTML5/Javascript and using modern API.
(Even better in my taste).
What will probably happen:
- Internet is back as the corporate standard, because 2/3 of all the used business App (like most of the things running on Java in the corporate world) aren't straight recompiles.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]