Print
Trying to define Google as a company isn’t easy, but if there is one theme that every project seems to share, it’s the drive to make the web every bit as rich and fast an experience as what can be found offline. Web App’s are starting to catch on in a very meaningful way, but browser technology is still far too immature to take advantage of all the powerful hardware found in modern machines.
The ideal solution would be to allow code to execute natively within the browser, but as Microsoft learned with ActiveX, this is far easier said than done. On Friday however, Google announced it is beginning to roll out its “Native Client” with Chrome 10, and they think they’ve found a secure way to deliver the type of performance that could power everything from 3D gaming to rich media.
A complete rundown on the SDK and roll out schedule has been posted to the Chromium Blog, but the team feels confident that the new Native Client functionality can be safely contained within the Chrome sandbox, thereby preventing malicious applications from doing any real damage to the host machine. If you’re looking to play around with the feature before it is baked into the mainstream version of Chrome, open up your beta build and enable the feature by typing “about:flags” into your URL bar.
The discussion groups have a few links to active projects, but clearly the developers are still in the very early stages of learning how to use the SDK. Is giving the browser low level access to the hardware a recipe for disaster?
Comments are closed on this article
Lhot
February 21, 2011 at 3:37am
...recipe for disaster is too meek a phrase...it will be a catastrophe :/
d3v
February 21, 2011 at 8:35am
Native access to machines over the interwebz. Sounds like beginnings of skynet to me.
You would think in this day and age where virtualization is all the rage browser makers would be looking at that technology as a way to get more performance without compromising security.
Eoraptor
February 21, 2011 at 10:39am
Of course not, security is always someone else's problem. Half of the bug-fix process is trying to claim that your security hole is actually somnone else's fault and put the patching process off on them.
ShyLinuxGuy
February 20, 2011 at 10:01pm
Microsoft hasn't learned with ActiveX. It is still alive and well.We don't need any implementation of anything like ActiveX in intent. A browser should be really only that--it's becoming so much, you can probably replace most of any given program with web apps, addons and whatnot, creating a bigger security risk in the meantime.
It is a recipe for disaster, we still, in 2011, have naive 5th graders and grannies clicking on anything displayed within the confines of the browser window--I have fixed countless virus-infected netbooks owned by 10-year-olds to confirm this to be the truth. And, don't forget that there's also the quite common possibility of hijacks--include this feature, and there need not be any security breaches originating just from the user.
Even though I don't use Chrome, I really hope Google doesn't make another Internet Explorer, whether they go ahead with this 'native client' or not.
OT (kind of): How about spending some time, energy and effort on SANDBOXING???
Eoraptor
February 21, 2011 at 12:09am
Well most browsers are essentially sandboxes to start with... then people have to go install flash and it's all tears and reformats from that point on. Except for IE, most browsers run pretty nicely independent of the OS. sadly, they don't do anything other than basic html 4 in that format and then you have to go tying them into flash, quicktime (god forbid), media player, etc to use most of the modern internet.
what we really need is a browser that meets the promise of HTML5 and its advanced multimedia structures without plugins and access to core files, or one that includes ALL of its own codecs, attachments, media passthroughs, and file Xfer functionality, which goes beyond sandboxing and into full virtual machining.
or smarter end users.
j0101011
February 20, 2011 at 8:37pm
there is allways going to be people who take advantage of idiots on the internet, and there are billions of idiots out there. For rich content it will allways be nesisary to access hardware, and someone will allways find a way to use it. So no matter how it is implemented there are allways going to be asses that take advantage of that fact.
Eoraptor
February 20, 2011 at 6:43pm
Considering people's predeliction to click on anything they see without checking to see if its legit or safe?
Yes, yes it is a recipie for disaster
