Feeds

Google's Native Client goes live in Chrome

The C++ code Mozilla never wants on web

Providing a secure and efficient Helpdesk

Google has officially launched Native Client – a means of securely running C and C++ code inside a browser – as part of a new stable version of its Chrome browser that activates this rather controversial sandboxing technology.

Mountain View turned on Native Client, aka NaCl, in the Chrome beta last month, and on Friday, it debuted in the new Chrome 14, a stable release that also includes Google's new Web Audio API.

First unveiled as an open source project over three years ago, Native Client is meant to turn the browser into a more serious platform for 3D games, video editing, and other apps that require the sort of speeds JavaScript can't provide.

"While JavaScript is a fabulous language and it just keeps getting better, there is a lot of great software that isn't written in JavaScript, and there are a lot of software developers that are brilliant, but they would rather work in a different language," Brad Chen, who oversees Google's Native Client project, told The Reg this summer.

"If we're successful with this project, we will make other languages more useful in the context of the web. We want to create a system that gives languages like C and C++ – but eventually others as well – the same excellent level of portability and safety that JavaScript provides on the web today."

In essence, Native Client is a sandbox designed to securely run native code. With the 32-bit x86 instruction set, Native Client taps the hardware's rarely-used "segment registers" to restrict where a program can read and write data in memory and to make sure the program doesn't jump to code outside a certain memory range. Plus, it uses a modified compiler and a code verifier that restrict code jumps.

So, yes, apps must be ported to the platform.

Native Client plugs into the browser via a new plugin API known as Pepper. "Our goal is to have an execution arm that can have no side effects – zero interaction with the outside world – and that's what we think we have achieved with the sandbox," Chen said. "But the thing is that if you can't interact with the outside world, including the browser, you can't actually do anything. That's where these Pepper interfaces come in. They're designed to expose to Native Client exactly what is also being exposed via JavaScript."

Google sees this as a natural extension of the web. But Opera and Mozilla see it very differently, preferring to concentrate on JavaScript and other existing web standards. "The promise of the web is that it's cross-platform, that it's source driven, that it evolves with time. Native Client doesn't actually solve any of those problems that the web actually solves," Mozilla open source evangelist Chris Blizzard told us at a conference in June.

"Once you download the native code, there's no opportunity for browser optimization. There's no opportunity for all kinds of things. You have to keep in mind that the evolution of browsers over the last several years has been that we have made a 10X improvement on existing sites. The evolution of browsers has made everyone's applications faster, whether or not you've updated that site in X number of years.

"With Native Client, all of that disappears. The fast innovation we've seen on the web disappears. A source code–based world means that we can optimize things that the user hasn't even thought of, and we can deliver that into their hands without you, the developer, doing anything."

At the moment, Native Client is only available for use with 32-bit and 64-bit x86 chips, but the company is working on a portable version known as Portable Native Client, aka PNaCl (pronounced "pinnacle"). Rather than generate x86, PNaCl will translate native code into bitcode using a compiler based on the open source LLVM (low-level virtual machine) project. When the browser downloads this bitcode, it will then translate it to machine code and validate it much like Native Client does today.

Because PNaCl is not yet in place, Google is only allowing Chrome 14 to run Native Client applications that come through the Chrome Web Store. This way, the company can ensure that developers offering versions of their applications that run on all available platforms – i.e. 32-bit and 64-bit x86.

Chrome 14 for Mac also includes a few changes specific to OS X Lion. It uses Lion's "overlay scrollbars", which only appear when you're scrolling, and it includes "initial support" for full-screen mode. You can switch to full screen using the Ctrl+Shift+F key combination or the Mac's full screen key.

You can download the release here. If you're already running Chrome, your browser will automatically be updated to the new version. ®

Internet Security Threat Report 2014

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
'In... 15 feet... you will be HIT BY A TRAIN' Google patents the SPLAT-NAV
Alert system tips oblivious phone junkies to oncoming traffic
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.