digg

Facebook Connect Join Digg About

Safer than ActiveX: a look at Google's Native Client plugin

arstechnica.com Google has released an early technical demo of an experimental new browser plugin called Native Client that allows web applications to leverage portable native x86 code. Ars takes a close look at the new plugin and its security model.

Who dugg this? Made popular Dec 10, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

121 Comments

show profanity settings
expand all
  • shumbora, on 12/10/2008, -7/+76a 12 year old with a loaded shot gun is safer than active x
  • adasha, on 12/10/2008, -0/+63Since they call it NaCl there's not really a 'should' about it.

    I fully expect the release version to be called 'salt'
  • GruntboyX, on 12/10/2008, -1/+45Google is trying real hard to move everything into the cloud and make the OS irrelevant.

    Really cool in the fact it will definitely make web pages more dynamic and feature rich.

    However.... I dont see the utility in having whole applications ported to the web only to run it on my machine. The Quake demo was cool, but how practical is it to have a web browser framing every application i would run. Seems rather annoying to have that extra interface to me.

    Still really cool technology
  • ArthurSucks, on 12/10/2008, -4/+47Native Doom in a webpage... I'm actually kinda impressed.
  • stutimandal, on 12/10/2008, -7/+46Safer? The comparative "safer" can be used only if ActiveX is safe -- which it is not. ActiveX is like a bomb -- it explodes randomly in windows computers if IE is used.
  • CharlesSaint, on 12/10/2008, -5/+39They should have called it Sodium Chloride.
  • Encablossa, on 12/10/2008, -6/+38Google, the new internet monopoly.
  • jbeardsl, on 12/10/2008, -1/+33Isn't saying "safer than ActiveX" a bit like saying "safer than swimming with salt-water crocodiles"? You're not jumping a very high bar. I'm just sayin'...
  • Azerael, on 12/10/2008, -1/+25Well, yeah. Who would attack a 12 year old with a loaded shotgun?
  • zantos420, on 12/10/2008, -0/+23Quake, not Doom; though I am equally impressed
  • silver26, on 12/10/2008, -3/+20Google isn't new.
  • EntropyFan, on 12/10/2008, -3/+17ActiveX is a container. A box to put code in.
    The code inside is what 'explodes'. And if you are willing to ship ***** code in an ActiveX container, you willing to ship ***** code in anything.

    Just look at QuickTime, and how unpatchable it is. ActiveX not needed.
  • amigabill, on 12/10/2008, -1/+12So this stuff will only work on x86 machines then. What about us small number of weirdos that use something else for our microprocessor? That's what I like about Java. I don't want to have to use the correct computer to visit a web site, and I don't think that web sites should care... I love my iBook.
  • vincentb, on 12/10/2008, -4/+14Sounds good, but also sounds like we are going a few years back in the C/C++ world with unmanaged pointers and no garbage collection.

    Isn't it exactly what Silverlight is achieving, but Silverlight being at a much more higher level (.NET Framework)? Or what Java Applets were about, 10 years ago?

    It's good for speed though, but what is the difference really from running Photoshop in a Web Browser instead of in your native OS? I think it is only valuable as a speed support for Javascript, but still then, does any Javascript requires so much power, it's mostly about DOM traversal and manipulation which can't be done in C.
  • falafelkiosken, on 12/10/2008, -3/+12what isn't safer?
  • dtfinch, on 12/10/2008, -0/+8I think I may have overlooked the part that explains what makes it secure, even after re-skimming the article a few times.
  • lovemorgul, on 12/10/2008, -6/+13The Native Client developers look to expand architecture support.
  • manitoba98xp, on 12/10/2008, -0/+7On that note, I propose renaming ActiveX "Trinitrotoluene".
  • inactive, on 12/10/2008, -1/+8No, in fact Bloodwine is wrong, just as everyone who has ever put that assinine notion forward. If it's all about installed base rather Microsoft's ***** job at security, then why the ***** did IIS get Code Red and all of it's derivatives while Apache, with a much larger market share, got none?

    Use of that argument makes you sound like a ***** ***** with no ***** critical thinking skills. Go back to your trees, monkeys.
  • geekworking, on 12/10/2008, -0/+7Linux .NET ?
  • Vonauda, on 12/10/2008, -0/+6Is taking over an OS from the inside out really the way to go?
  • LastDitchHero, on 12/10/2008, -0/+6Hey, I never shot anyone when I was 12!
  • chesterjosiah, on 12/10/2008, -4/+10Sorry, but the name NaCl has already been claimed (Sodium Chloride, aka salt). Can we please stop calling this NaCl now, before it catches on?
  • FKnight, on 12/10/2008, -0/+5Yeah but only a real ***** writes 100 lines of code to display a button.

  • diggdatt, on 12/10/2008, -0/+5So when can I expect to just boot up directly to Firefox or Chrome?
  • deadmoo, on 12/10/2008, -0/+5More impressed. Quake > Doom
  • Muncher, on 12/10/2008, -0/+5http://mono-project.com/
  • latrosicarius, on 12/10/2008, -2/+7Some benefits of it:

    - installing an application is as simple as pressing 'Allow' on Firefox to basically add a plugin.

    - No more manually downloading EXE files & running through installation wizards.

    - You could perhaps use programs that you otherwise could not, if you don't have Administrator access to the PC.

    - It's safer and has much tighter control over applications than you get by installing them directly on your system. For instance, do you REALLY know what SETUP.EXE will do when you double-click it? With NaCl, it has tight control over what the program can do, like they said: granular control over disk access, network access, etc.
  • JigoroKano, on 12/10/2008, -1/+6For example, Silverlight 2 doesn't support H.264, that will be in version 3.

    FTA

    "Google ported an H.264 encoder that is about 11,000 lines of conventional C code. To get the encoder to compile and run in Native Client, they only had to add approximately 20 lines of code and modify the Makefile. The resulting binaries are completely portable and can run without requiring recompilation on any operating system supported by the Native Client."

    They aren't really comparable.
  • bluehouse, on 12/10/2008, -5/+10It's only safer until hackers figure out a way to exploit it. ActiveX controls are only as bad and/or malicious and the people who write them. Don't blame the car company when you get into an accident because you're a reckless driver
  • latrosicarius, on 12/10/2008, -1/+6ok first of all, chrome is open source

    second, the code itself is not proprietary: the example uses standard c code in a hello world example, which means any program can run through NaCl... even programs that were already written a long time ago.

    third, the article shows a big fat screenshot of Quake running in Firefox via NaCl
  • Barackalypse, on 12/10/2008, -2/+7Great, yet another feature I'm going to have to go into my browser configuration to disable.
  • wush, on 12/10/2008, -0/+4Yeah - it's called Quake Live now and there's an invite based testing phase
  • Bloodwine, on 12/10/2008, -0/+4I think you will start seeing more and more resistance to cloud computing as the economy worsens and it becomes more apparent that you are taking risks by relying on using a third-party services (and possibly having all your data and whatnot stored with them instead of locally).
    Perhaps I am just being too cynical or negative, but I like having all my apps on my desktop.
    Now, I think there is a market to web-enable your desktop apps and environment. As broadband internet becomes more and more widespread and especially once IPv6 is used by the mases (and we all have unique, static addresses), I'd love to be able to work remotely off my home computer. That is, my home computer will be my service provider.
    I know you can use VPN, Terminal Services, etc. to do it now, but there is a lot of room for improvement and security.
  • FKnight, on 12/10/2008, -2/+6@DamnMan:
    Have fun drawing your user interfaces one pixel at a time.

  • MiDri, on 12/10/2008, -1/+5I might give it a whirl.
  • ParanoydAndroid, on 12/10/2008, -0/+4Here, I'll help you:

    "NaCl is designed to prevent ... exploitation, even for flawed NaCl modules."

    The Native Client framework consists of trusted and untrusted modules that run in their own individual processes and communicate through an RPC system. Third-party untrusted modules contain application-specific programming and leverage the Native Client container to interact with trusted modules that perform any activities which impact the underlying platform, including networking operations and file system access. The container will impose security constraints on the behavior of the third-party code and will also give users granular control over the permissions granted to third-party code. "

    If it's too long for you, I'll summarize: NaCl is designed to be secure by not using "trust" or depending on the user to make the correct decision. All native code is given to the system to execute only through interaction with the (open source) plugin - this plugin only allows "safe" actions. Also, since it's open source, anyone can comb through it and check for vulnerabilities.
  • DamnMan, on 12/10/2008, -1/+5High level "frameworks" are like the programing equivalent of Ikea flat pack furniture. Insert tab A into slot B, it seems a bit wobbly but it will probably hold and that's the way its supposed to go so what are you going to do?
  • thesteef000, on 12/10/2008, -0/+4you are a true visionary... and wrong
  • Stonekeeper, on 12/10/2008, -1/+5http://code.google.com/p/nativeclient/
  • woodman445, on 12/10/2008, -1/+4I'm OK with that.
  • Derrekito, on 12/10/2008, -0/+3aka table salt. NaCl is simply a type of salt.
  • Murdats, on 12/10/2008, -3/+6my point was not that it was activex itself that caused the problem but what activex allows the code it runs to do, ie holes in the box.

    a good code environment doesnt let viruses run without the user even getting a notification or other serious things like that, as I have also pointed out this has been fixed in vista, but via more a hack then anything.

    good environment = the most malicious programmer ever can not harm the system the code runs on
    bad environment = you don't even have to try to cause damage.

    I myself am a PC but you seem to be getting overly defensive here.
  • DCstewieG, on 12/10/2008, -0/+3Hey don't knock floppies...with high density they held 1.4 MEGS!!
  • aklu, on 12/10/2008, -1/+4yes. In your browser.
  • xrmb, on 12/10/2008, -0/+3You mean to boot up in FF/Chrome... they are your future BIOS!
  • FKnight, on 12/10/2008, -1/+4Good luck recompiling Photoshop to run under NaCl. Some people do more on their computer than run office apps and Bejeweled.

  • DiscoUnderpants, on 12/10/2008, -0/+3Why can DOM traversal and manipulation not be done in C?
  • ScottOrwig, on 12/11/2008, -0/+3Comparing this to ActiveX is a bit unfair. How about a comparison to Silverlight? It has a much stronger security model.
  • thesteef000, on 12/10/2008, -2/+5It's a digg thing. Once something says google, you're supposed to read that as better, more secure and not evil.
  • Fetching more discussions...
    Show 51 - 100 of 127 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.