In case you didn't hear about it yet. Google Native Client is a way to run x86 native code in web applications, in a secure way.
The concept and idea is quite opposite to the others(Java, .NET and Flash), bytecode + Just-in-time.
+1
A:
If the rendering framerate of the applications is at least adequate, when run in the browser, this will live on with interest. Even for the purposes of an internet archive of x86 application, it is of use.
Microsoft, and ex Microsoft employees have done a number of things here and there over the years which is tangent to this effort; let's see if Google has more success.
pearcewg
2008-12-12 13:29:15
A:
I'm a bit skeptical - what's the great deal ? It's basically executable programs that you distribute through the web, sandboxed. It's unlikely that it will replace flash (because of its appeal to designers/animators), except maybe on niches like games. Then again, I don't quite see the point. Just package them and offer them as downloads, you won't be sandboxed.
Edit: Maybe one of the interests would be interaction with the webpage, through javascript.
BraveSirFoobar
2008-12-12 13:31:16
You may not read the detail yet.That is why NaCl may be great: 1. We don't want to download and to execute untrusted application. 2. On the web means, WebStart/OneClick enabled. 3. I read that they said it is cross OS, even will run on ARM CPU.
Dennis Cheung
2008-12-12 13:37:19
1 and 2 are false problems, point 3. is interesting. I'll read more on the subject.
BraveSirFoobar
2008-12-12 13:59:57
Sorry, I don't understand. Why 1 and 2 are false problems?For example, how to run a local exe, and ensure that it won't read/write my files without my permission?
Dennis Cheung
2008-12-12 14:27:39
Security alone won't sell it. Millions of people download products, demos, sharewares, open source tools and it's been pretty ok to distribute online as long as you are a 'legit' source. So, I think the security aspect, while "nice to have" isn't the killer selling point here.
BraveSirFoobar
2008-12-12 15:16:33
+3
A:
It seems completely pointless to me.
The sandbox requires strict limitations on the program structure and instruction set/sequences for verification, which means you're unlikely to be able to port any of your existing native code without significant changes.
And we already have ways to take advantage of the full power of the CPU on the client side in the forms of Flash and Silverlight, whose runtimes already provide this sandbox functionality as well as allowing hardware acceleration. You also lose the benefits of a JIT-compiled and garbage collected environment meaning you won't have the most optimised instruction set running on the client, and it's potentially prone to memory leaks.
And frankly the security aspect worries me. Do I really trust that Google have identified every single possible instruction sequence and control flow that could do something like cause a buffer overrun etc.? Not given the number of security flaws in Chrome.
Maybe I'm missing something though...?
Greg Beech
2008-12-12 13:41:14
except when there's no common bytecode that correctly supports some nice features (closures and coroutines come to mind). that means Lua and Scheme can't be efficiently compiled to JVM (not even LLVM, i think) to be deployed.
Javier
2008-12-12 14:10:45
It is a interesting question: Do I really trust that VMware/Microsoft do it right on the VM? I do. But their release note/changes log said they have just fixed few security bug. If a OS can be sandbox, why not an application?
Dennis Cheung
2008-12-12 14:11:19
Normally your guest OS doesn't try to break out of it. Somebody would need to write malware that elevates in the client OS and then break out of VM to do nasty stuff on the host... unlikely. Complete different situation with random programs from the web running directly inside a sandbox.
ypnos
2009-03-22 11:26:43
the main difference it that this is intended to be secure. we'll see if it lives to that claim)
Javier
2008-12-12 14:11:27
Well... Lets see other examples of produts that they reinvented:- Gmail- Google search Engine- Google DocsIf they keep reinventing the wheel like this, i have to say: "Thanks"
Sergio
2008-12-12 14:31:25
@Javier: You're seriously implying that something written to run native code is "intended to be secure?" "The inner-sandbox uses static analysis to detect security defects in untrusted x86 code." How long do you think it will take to get around this?
R. Bemrose
2008-12-12 15:26:01
Google mail? The search engine? These are both uber-hyped IMO. Neither is half as good as is commonly claimed. Google is the new MSFT, people just don't realize it yet. What I want to know is who will be the next Google? As for nacl? No thanks.
ApplePieIsGood
2008-12-12 15:50:52
@R.Bemrose: well, multiuser systems have been 'sandboxing' native processes to well-defined user privileges for some time. a browser view of 'secure' is different and more dangerous if breached, but maybe it's doable.
Javier
2008-12-13 03:36:42
A:
for me the main point is that if it manages to be popular, it will be easy to use better languages than currently offered on the browser. JavaScript is not enough, Java is unpopular and slow to start, and CLI is MS only.
If Adobe releases the full specs to AS bytecode, then maybe it would be worthwhile to create other compilers that target it. Alchemy is a great step, but compiling a VM for modern languages (i'd like to have Python and Lua) makes them too slow. (almost like JS until a few months ago).
but if google's sandbox is really secure, we could just compile any VM written in C and deploy them with the page. similar to how we currently deploy JS libraries (jQuery rocks!) to make it easier to program, we could simply include the VM and write in whatever language we like.
Javier
2008-12-12 14:19:51
A:
I agree with you, bytecode & JIT is a good way. But I feel happy that we will alternative choice. I don't mean they do better.
Sometime PROS will become CONS. GC is good, however it's unpredictability makes it hard to write Real Time Apps.
JIT is good. However, any one have seen usable H.264 encoder/decoder written in bytecode? (Please tell me if you have one). What I see is, we have to WAIT the JRE/CLR provide some modules in native and JNI/Interop (you will break the sandbox if you do it yourself).
Beside, there are millions of programmer who may never write Java/C#, but write C/C++.
Yes. I think they are reinventing the ActiveX. But thing changes these year. It is a interesting question: Do I really trust that VMware/Microsoft do it right on the VM? I do. But their release note/changes log said they have just fixed few security bug. If a OS can be sandbox, why not an application?
Again, I don't mean they do better. But good to have choice.
Dennis Cheung
2008-12-12 14:19:59
Actually an H.264 encoder/decoder written in a higher level language would be a great idea! Have you seen the number of different inline assembly blocks in FFmpeg/x264 to manually perform the optimisations a JIT compiler could perform automatically? You could also write a JIT module to target...
Greg Beech
2008-12-12 16:10:18
(continue) a GPU if available and take advantage of massive parallelism, assuming the source is written to allow it. The cost of JIT compilation is insignificant compared with the cost of encoding.
Greg Beech
2008-12-12 16:11:36
Note that I'm not suggesting a GC here - that isn't a requirement for JIT compilation - just something like a JIT compiler that would compile the native C code on the target platform to take advantage of SSEn etc. without it having to be written manually.
Greg Beech
2008-12-12 16:13:43
if there was a LLVM plugin, it would be doable (and maybe even performant); but with current JITs available on web? (JS, Java, CLR), no thanks.
Javier
2008-12-12 18:49:46
A:
I'm having a real hard time finding a case when it would be advantageous for me. However, it does sound interesting. I might give it a try, but I don't really expect it to find widespread use.
Brian Knoblauch
2008-12-12 15:09:36
+2
A:
No, for two reasons:
- Security. Google is banking on being able to figure out every single possible set of C instructions that could be considered harmful. While Google has some smart people, I don't think they'll figure out every single one.
- Portability. It only works on x86 systems. This rules out Smartphones, older Macs, video game systems with a web browser, etc...
Edit: To elaborate on the security part, this is what Google says on its security blog:
Our approach is built around a software containment system called the inner-sandbox that is designed to prevent unintended interactions between a native code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code. Previously, such analysis has been challenging due to such practices as self-modifying code and overlapping instructions. In our work, we disallow such practices through a set of alignment and structural rules that, when observed, enable the native code module to be disassembled reliably and all reachable instructions to be identified during disassembly. With reliable disassembly as a tool, it's then feasible for the validator to determine whether the executable includes unsafe x86 instructions. For example, the validator can determine whether the executable includes instructions that directly invoke the operating system that could read or write files or subvert the containment system itself.
R. Bemrose
2008-12-12 15:13:57
Actually, they whitelist safe instructions, rather than blacklisting. So they don't need to figure out every unsafe instruction, they just need to find a usable subset of safe ones. They also have an ARM version, and are working on a version that will use LLVM intermediate bytecode as a portable object format.
bdonlan
2010-05-21 19:28:01
+2
A:
It basically means that you can write web-browser platform code (as in Flash/Silverlight/ActiveX/Java and now GoogleNC) in C++ instead of some new or adapted language.
If you like the idea of that, then this may be useful for you. I don't think that this will supplant Flash anytime soon, though.
EndangeredMassa
2008-12-12 16:01:20
i also don't think C++ would replace JavaScript or Flash for writing RIAs, but if you have compiled C, you can have Python, Lua, haskell, Lisp, anything; without it having to be 'popular' first.
Javier
2008-12-12 18:51:38
+1
A:
I'm a bit suprised to not read about security of your "own" data. Google is a big trap for collecting any sort of data. What will happen to this data? It's probably similiar to the new stuff from Google again. You can call me paranoid, but I don not trust Google as much as many others. It's obvious to me that Google want to bind you to them in any thinkable way. They offer interesting things and then if people got those they got them .
So feel free to vote me down for that
Regards Friedrich
Friedrich
2008-12-15 06:38:34
A:
Yes, already installed NativeClient plugin on my computer. I would defenetly use it for browsing internet and for making own web-pages. Until now there was no simple way to deploy and share your C++ programs with others. NativeClient can change that. You could write Hello World code and immediately the whole world will have access to it. Making personal homepages will finally be about learning libraries, not about specializing in tens and hundreds of bug-prone problem-limited technologies, programming languages and even programming environments. Do you imagine how much clutter will be removed from our work?
AareP
2009-03-22 10:48:59
A:
Unity, a company which provides game development tools with a "build once, deploy anywhere" philosophy has just announced that they have ported their browser control to Native Client, allowing for a fully 3D game to be played for a user without having to prompt them to install the plug-in.
Michael La Voie
2010-05-21 19:25:25