Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Options After Google Chrome Discontinues NPAPI Support?

Posted by timothy on from the singularity-not-yet-here dept.

An anonymous reader writes: I've been using Google Chrome almost exclusively for more than 3 years. I stopped using Mozilla Firefox because it was becoming bloated and slow, and I migrated all my bookmarks etc. to Chrome. Now Chrome plans to end NPAPI support — which means that I will not be able to access any sites that use Java, and I need this for work. I tried going back to Firefox for a couple of days but it still seems slow — starting it takes time, even the time taken to load a page seems more than Chrome. So what are my options now? Export all my bookmarks and go back to Mozilla Firefox and just learn to live with the performance drop? Or can I tweak Firefox performance in any way? FWIW, I am on a Windows 7 machine at work. Have a question for Slashdot's readers? Take a look at other recent questions first to see if someone else has had a similar question. And if not, ask away! The more details and context you include, the more likely your question will be selected.

24 of 208 comments (clear)

  1. Google should revert that decission by faragon · · Score: 4, Interesting

    It is a mistake to discontinue the NPAPI: there are *lots* of commercial/corporate/etc. plugins using it (!)

    1. Re:Google should revert that decission by squiggleslash · · Score: 4, Insightful

      Everyone get ready for IE becoming the corporate standard again.

      All of which said, I was under the impression Chrome ultimately was going to implement another API instead, rather than abandoning the concept of plug-ins altogether. It seems hard to believe that Chrome is completely closed.

      --
      You are not alone. This is not normal. None of this is normal.
    2. Re:Google should revert that decission by binarylarry · · Score: 3, Interesting

      Google created a much better replacement, Pepper.

      But the assholes at the Mozilla Foundation won't implement it because they prefer shitty insecure APIs like NPAPI. Microsoft won't implement it (which is probably a good thing, they'd just fuck it up like everything else they do).

      Mozilla created NPAPI BTW, Netscape Plugin API.

      --
      Mod me down, my New Earth Global Warmingist friends!
    3. Re:Google should revert that decission by binarylarry · · Score: 3, Informative

      Here's the Firefox bug: https://bugzilla.mozilla.org/s...

      --
      Mod me down, my New Earth Global Warmingist friends!
    4. Re:Google should revert that decission by tlambert · · Score: 3, Informative

      Surely it's not because Pepper is designed first and foremost for Chrome, rather than being easy to adopt, like NPAPI was?

      Actually, the reason is that it would require widespread adoption of the Chrome sandbox model, which is integral to the implementation.

    5. Re:Google should revert that decission by PIBM · · Score: 3, Insightful

      Where were you for the last year and a half??

    6. Re:Google should revert that decission by Zombie+Ryushu · · Score: 3, Informative

      This has been Addressed by FreshPlayerPlugin allowing FireFox to use PPAPI

  2. Keep an older copy of Chrome around? by tlambert · · Score: 3, Interesting

    Keep an older copy of Chrome around?

    Manual installs always offer this as an option, if you have disabled the autoupdate (which sucks a ton of bandwidth anyway).

    1. Re:Keep an older copy of Chrome around? by binarylarry · · Score: 4, Funny

      On behalf of all the black hats and script kiddies out there: I applaud your advice, sir.

      --
      Mod me down, my New Earth Global Warmingist friends!
    2. Re:Keep an older copy of Chrome around? by ArmoredDragon · · Score: 3, Insightful

      I've never coded in Java before so I can't comment on the language itself, but I am always seeing security vulnerabilities related to it all the time. Furthermore, new versions of Java seem to break older applications (for example, when I was taking a CCNA Security course, we had to use Cisco SDM, which broke with newer versions of Java, and required that we install insecure and older copies (which in itself is a major chore as they are often hard to find and in many cases refuse to install properly.)

      That said, I think that if Java (at least, the one maintained by Oracle) finally dies, then the world will be better off.

      Same with Flash too.

    3. Re:Keep an older copy of Chrome around? by fustakrakich · · Score: 3, Informative

      Use Seamonkey.. It looks old, and it's at least as fast as Firefox, and with better security options. It has an email client, and an HTML editor, it'll play all the latest videos, and make popcorn. It's the browser that does everything, and it only weighs a few meg more than Firefox. It's a *Full Figured* browser.

      --
      “He’s not deformed, he’s just drunk!”
  3. Reset firefox entirely by mattventura · · Score: 4, Interesting

    If your Firefox install and profile are reasonably old, you'll probably have a bunch of cruft. Start fresh (reinstall and start a new profile), import bookmarks, install only the addons you need. Should be plenty fast after that.

    Only problem is that it seems for every new version that comes out, you have to install more and more addons just to keep the browser the same. You could always just use Firefox only when accessing a site that requires java, and use another browser for everything else.

  4. this will speed firefox up by present_arms · · Score: 3, Informative

    http://lifehacker.com/turn-on-... I've noticed a speed bump doing that, and the usual addons for ad blocking etc.

    --
    http://chimpbox.us
  5. Googles Answer... by Anonymous Coward · · Score: 5, Informative

    From the Chromium Blog:
    In April 2015 NPAPI support will be disabled by default in Chrome and we will unpublish extensions requiring NPAPI plugins from the Chrome Web Store. Although plugin vendors are working hard to move to alternate technologies, a small number of users still rely on plugins that haven’t completed the transition yet. We will provide an override for advanced users (via chrome://flags/#enable-npapi) and enterprises (via Enterprise Policy) to temporarily re-enable NPAPI while they wait for mission-critical plugins to make the transition.

  6. things that seem to help by dwywit · · Score: 4, Informative

    Tweak firefox with:

    new tab, type "about:config" into the address bar.

    find "network.http.pipelining" and set it to "true"
    find "network.http.pipelining.max-optimistic-requests" and set it to 8
    find "network.http.pipelining.max.requests" and set it to 32 if it isn't that already. Don't take this one too high.

    --
    They sentenced me to twenty years of boredom
  7. Re: Obviously by blockhouse · · Score: 4, Funny

    Hell must have frozen over. People on Slashdot are actually *recommending* Internet Explorer.

  8. Re:Due to stupid security warnings, security by Alomex · · Score: 3, Insightful

    This is demonstrably false. While one can write good/bad applications in any language, the set of insecure programs in an untyped language is a superset of the set of insecure programs in a typed language of similar syntax.

  9. Re:I'm betting the full phase out will be delayed by fateblossom · · Score: 5, Informative

    Google announced in September 2013 that it would phase out NPAPI support in Chrome during 2014.
    NPAPI support is disabled by default since April 2015 (version 42) for Windows and OS X, but can be turned on in the settings.
    Google plans to drop Chrome NPAPI support from all platforms in September 2015.

    I wont call 2 years warning aggressive. I would call it more then a fair warning.
    And if web-apps or plug-in's are not up to modern standards by now. Then extending to time they have to fix it wont help. Because the only things that's not updated by now wont be as long as they do not have to.
    Now they are being forced to do it. And it comes as a chock for some that they only got 2 years warning.

  10. Just go enable it again yourself by grilled-cheese · · Score: 4, Informative

    Per the Java support site, go here: chrome://flags/#enable-npapi

    They probably won't support enabling it forever, but for now it's a workaround.

    1. Re:Just go enable it again yourself by djbckr · · Score: 4, Informative

      They probably won't support enabling it forever, but for now it's a workaround.

      Yes, that's exactly what the OP was saying: They are discontinuing support for this.

  11. Re:Due to stupid security warnings, security by Cafe+Alpha · · Score: 3, Interesting

    There are uses for static typing and other S&M limitations on programming.
    If I had a medical appliance or anything my life depends on, I'd prefer it not even do any memory management - all memory should be pre-assigned.

    In academia they're emphasizing proofs of correctness too - they're all mathematicians not engineers.

    And a language like Java that not only lacks dynamic types but also lacks all abstraction that could obscure what code does, such as macros or templates or overloading - it's horrible to program in, but it saves companies from the effects of having truly stupid engineers and even more incompetent managers who don't allow programmers to document their code let alone require it.

    So horrible Java code has the advantage that it never does anything that can't be understood by reading the code long enough...

    It's the "I can't hire competent people to save my life" department's friend. But a good programmer can accomplish a lot more in a more powerful language.

    On the positive side Java and .net have better garbage collection, more scalable gc more scaleable multithread support than their competition, so there's a niche in hugeness.

  12. Re:Due to stupid security warnings, security by Cafe+Alpha · · Score: 3, Funny

    This is demonstrably false. While one can write good/bad applications in any language, the set of insecure programs in an untyped language is a superset of the set of insecure programs in a typed language of similar syntax.

    You really have to be a math nerd to think you've just said anything meaningful about software engineering. You haven't. My God, you haven't!

  13. No, give me a break. by Gazzonyx · · Score: 4, Interesting

    You did get the part where he's talking about using Java for work, in a secure environment, yes? You aren't seriously claiming that everyone that uses SuperMicro servers doesn't care about security because their IPMI interface is a Java webstart application, are you?

    I mean, for my own part, I have two choices when doing hardware tests of our appliance builds: I can drive across the Twin Cities from my home office and stand at the R&D rack in a cold and noisy staging area for several kickstart/chef bootstrap/chef converge cycles. Conversely I, as a professional, can assume the risk of using a Java IPMI interface to access a server I physically took from a box and placed in the rack of a secured staging room over a secured subnet accessed over a secured VPN connection on my development VM (with a weekly maintenance snapshot, taken every Monday morning, which I don't hesitate reverting to 'cause SystemD, but that's another story), using HTTPS with the SSL cert from that box I physically placed in the rack.

    If you are somehow cracking past all those barriers into the imaging subnet of our R&D department's subnet, you've already got half a dozen usernames and passwords and have changed a cert that lives on a box whose OS has an average lifespan on the order of an hour (that is, owning that box isn't incredibly useful in and of itself). Even at that point, the new SSL cert is going to tip me off. But if somehow you managed to get past all that, with all that knowledge just to infect my desktop VM, it seems to me that you already have the keys to the kingdom, so to speak.

    That is all to say, just because someone has, or even chooses, to use Java doesn't mean they don't care about security. I'm sure I don't need to explain to you of all people (I read your username and it immediately rang a bell; a quick Google search confirmed my suspicion - I run a lot of code you wrote, and most likely vice versa but to a much lesser degree)that security is about defense in layers, attack surface, vectors and risk/reward. I'm sure there are plenty of other people that use Java in their professional lives that understand and accept the risk of how and where they use it.

    --

    If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.

  14. Re:Due to stupid security warnings, security by NostalgiaForInfinity · · Score: 3, Informative

    We declare the name and type so that the compiler/interpreter, can let us know if either one is different later on, because we sure didn't mean that.

    That is the intent of static typing and static declarations. However, just because that may be a good thing doesn't mean it's the only way to make a language type safe. Dynamically typed languages are (usually) type safe, just like statically typed languages; they simply detect type errors at runtime.

    In reality, it's a good thing to have both static and dynamic typing available in your programming language, and that's what programming languages increasingly are doing (C++, Java, C#, Swift, Objective-C, CommonLisp, etc.). The addition of dynamic typing doesn't make a statically typed language type-unsafe. Some of those languages choose dynamic typing as the default for variables without a type, others require dynamic types to be declared explicitly; that, too, doesn't affect type safety.