Feeds

Google's Native Client goes live in Chrome

The C++ code Mozilla never wants on web

Combat fraud and increase customer satisfaction

Google has officially launched Native Client – a means of securely running C and C++ code inside a browser – as part of a new stable version of its Chrome browser that activates this rather controversial sandboxing technology.

Mountain View turned on Native Client, aka NaCl, in the Chrome beta last month, and on Friday, it debuted in the new Chrome 14, a stable release that also includes Google's new Web Audio API.

First unveiled as an open source project over three years ago, Native Client is meant to turn the browser into a more serious platform for 3D games, video editing, and other apps that require the sort of speeds JavaScript can't provide.

"While JavaScript is a fabulous language and it just keeps getting better, there is a lot of great software that isn't written in JavaScript, and there are a lot of software developers that are brilliant, but they would rather work in a different language," Brad Chen, who oversees Google's Native Client project, told The Reg this summer.

"If we're successful with this project, we will make other languages more useful in the context of the web. We want to create a system that gives languages like C and C++ – but eventually others as well – the same excellent level of portability and safety that JavaScript provides on the web today."

In essence, Native Client is a sandbox designed to securely run native code. With the 32-bit x86 instruction set, Native Client taps the hardware's rarely-used "segment registers" to restrict where a program can read and write data in memory and to make sure the program doesn't jump to code outside a certain memory range. Plus, it uses a modified compiler and a code verifier that restrict code jumps.

So, yes, apps must be ported to the platform.

Native Client plugs into the browser via a new plugin API known as Pepper. "Our goal is to have an execution arm that can have no side effects – zero interaction with the outside world – and that's what we think we have achieved with the sandbox," Chen said. "But the thing is that if you can't interact with the outside world, including the browser, you can't actually do anything. That's where these Pepper interfaces come in. They're designed to expose to Native Client exactly what is also being exposed via JavaScript."

Google sees this as a natural extension of the web. But Opera and Mozilla see it very differently, preferring to concentrate on JavaScript and other existing web standards. "The promise of the web is that it's cross-platform, that it's source driven, that it evolves with time. Native Client doesn't actually solve any of those problems that the web actually solves," Mozilla open source evangelist Chris Blizzard told us at a conference in June.

"Once you download the native code, there's no opportunity for browser optimization. There's no opportunity for all kinds of things. You have to keep in mind that the evolution of browsers over the last several years has been that we have made a 10X improvement on existing sites. The evolution of browsers has made everyone's applications faster, whether or not you've updated that site in X number of years.

"With Native Client, all of that disappears. The fast innovation we've seen on the web disappears. A source code–based world means that we can optimize things that the user hasn't even thought of, and we can deliver that into their hands without you, the developer, doing anything."

At the moment, Native Client is only available for use with 32-bit and 64-bit x86 chips, but the company is working on a portable version known as Portable Native Client, aka PNaCl (pronounced "pinnacle"). Rather than generate x86, PNaCl will translate native code into bitcode using a compiler based on the open source LLVM (low-level virtual machine) project. When the browser downloads this bitcode, it will then translate it to machine code and validate it much like Native Client does today.

Because PNaCl is not yet in place, Google is only allowing Chrome 14 to run Native Client applications that come through the Chrome Web Store. This way, the company can ensure that developers offering versions of their applications that run on all available platforms – i.e. 32-bit and 64-bit x86.

Chrome 14 for Mac also includes a few changes specific to OS X Lion. It uses Lion's "overlay scrollbars", which only appear when you're scrolling, and it includes "initial support" for full-screen mode. You can switch to full screen using the Ctrl+Shift+F key combination or the Mac's full screen key.

You can download the release here. If you're already running Chrome, your browser will automatically be updated to the new version. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.