Feeds

Google's Native Client goes live in Chrome

The C++ code Mozilla never wants on web

Combat fraud and increase customer satisfaction

Google has officially launched Native Client – a means of securely running C and C++ code inside a browser – as part of a new stable version of its Chrome browser that activates this rather controversial sandboxing technology.

Mountain View turned on Native Client, aka NaCl, in the Chrome beta last month, and on Friday, it debuted in the new Chrome 14, a stable release that also includes Google's new Web Audio API.

First unveiled as an open source project over three years ago, Native Client is meant to turn the browser into a more serious platform for 3D games, video editing, and other apps that require the sort of speeds JavaScript can't provide.

"While JavaScript is a fabulous language and it just keeps getting better, there is a lot of great software that isn't written in JavaScript, and there are a lot of software developers that are brilliant, but they would rather work in a different language," Brad Chen, who oversees Google's Native Client project, told The Reg this summer.

"If we're successful with this project, we will make other languages more useful in the context of the web. We want to create a system that gives languages like C and C++ – but eventually others as well – the same excellent level of portability and safety that JavaScript provides on the web today."

In essence, Native Client is a sandbox designed to securely run native code. With the 32-bit x86 instruction set, Native Client taps the hardware's rarely-used "segment registers" to restrict where a program can read and write data in memory and to make sure the program doesn't jump to code outside a certain memory range. Plus, it uses a modified compiler and a code verifier that restrict code jumps.

So, yes, apps must be ported to the platform.

Native Client plugs into the browser via a new plugin API known as Pepper. "Our goal is to have an execution arm that can have no side effects – zero interaction with the outside world – and that's what we think we have achieved with the sandbox," Chen said. "But the thing is that if you can't interact with the outside world, including the browser, you can't actually do anything. That's where these Pepper interfaces come in. They're designed to expose to Native Client exactly what is also being exposed via JavaScript."

Google sees this as a natural extension of the web. But Opera and Mozilla see it very differently, preferring to concentrate on JavaScript and other existing web standards. "The promise of the web is that it's cross-platform, that it's source driven, that it evolves with time. Native Client doesn't actually solve any of those problems that the web actually solves," Mozilla open source evangelist Chris Blizzard told us at a conference in June.

"Once you download the native code, there's no opportunity for browser optimization. There's no opportunity for all kinds of things. You have to keep in mind that the evolution of browsers over the last several years has been that we have made a 10X improvement on existing sites. The evolution of browsers has made everyone's applications faster, whether or not you've updated that site in X number of years.

"With Native Client, all of that disappears. The fast innovation we've seen on the web disappears. A source code–based world means that we can optimize things that the user hasn't even thought of, and we can deliver that into their hands without you, the developer, doing anything."

At the moment, Native Client is only available for use with 32-bit and 64-bit x86 chips, but the company is working on a portable version known as Portable Native Client, aka PNaCl (pronounced "pinnacle"). Rather than generate x86, PNaCl will translate native code into bitcode using a compiler based on the open source LLVM (low-level virtual machine) project. When the browser downloads this bitcode, it will then translate it to machine code and validate it much like Native Client does today.

Because PNaCl is not yet in place, Google is only allowing Chrome 14 to run Native Client applications that come through the Chrome Web Store. This way, the company can ensure that developers offering versions of their applications that run on all available platforms – i.e. 32-bit and 64-bit x86.

Chrome 14 for Mac also includes a few changes specific to OS X Lion. It uses Lion's "overlay scrollbars", which only appear when you're scrolling, and it includes "initial support" for full-screen mode. You can switch to full screen using the Ctrl+Shift+F key combination or the Mac's full screen key.

You can download the release here. If you're already running Chrome, your browser will automatically be updated to the new version. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.