Announcement

Collapse
No announcement yet.

Google wants to run native code in browsers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google wants to run native code in browsers

    http://weblog.infoworld.com/fatalexc..._client_g.html

    Pretty nuts...
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: Google wants to run native code in browsers

    for the benefit of people who don't like to click links unless there's some breadcrumbs to lead them into the forest...

    Last week, a team of Google engineers demonstrated a copy of Id Software's classic first-person shooter Quake running within a browser window at a frame rate comparable to an OS-hosted copy of the game.

    How did they do it? Simple. The Google Native Client is a new set of components that allows Web browsers to download and execute native x86 code. It's not an emulator, and it's not a virtual machine. The code runs on the actual processor with access to memory and system resources and negligible loss of performance. It even gives browser-based apps access to modern, accelerated CPU instruction sets, such as SSE.

    ...

    Google claims that its Native Client improves upon any of these past technologies [like ActiveX, mentioned in a previous paragraph]by building a "sandbox" security layer around native code downloaded from Web sites. You can think of it as a kind of "virtualization lite" -- except that Native Client avoids the overhead of full-blown virtualization environments such as VMware by placing strict limitations on what kind of code is allowed to run.

    ...

    Each process is assigned its own unique memory address space, rendering it impossible for malicious code to attack memory used by the OS or other processes. To further reinforce this, certain processor instructions and system calls are banned, the code must handle returns from subroutines using a specific method, and modules running in the Native Client can only communicate with the world outside its sandbox through a provided set of APIs.
    that sounds all well and good, if it actually works like that in practice. i suppose that some of our best stack smashing ninjas will have real answers and presentations at a future Black Hat or DEFCON in a year or two of this is more marketing hype than actual development work.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #3
      Re: Google wants to run native code in browsers

      Originally posted by bascule View Post
      Google wants to be thee SOA company. It's only a matter of time before they start charging.

      xor
      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

      Comment


      • #4
        Re: Google wants to run native code in browsers

        Originally posted by xor View Post
        Google wants to be thee SOA company. It's only a matter of time before they start charging.

        xor
        Wouldn't work. People don't pay for Beta software. So if they wanted to charge, Google would actually have to complete something.
        A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

        Comment


        • #5
          Re: Google wants to run native code in browsers

          Originally posted by Deviant Ollam View Post
          ...
          that sounds all well and good, if it actually works like that in practice. i suppose that some of our best stack smashing ninjas will have real answers and presentations at a future Black Hat or DEFCON in a year or two of this ....
          Yeah, somehow I see a headline down the road of:

          "Three 'Google Attack APIs' Released at DefCon"

          or maybe

          "Clueless Judge Blocks DefCon Release Of 'Google Attack APIs' "
          Thorn
          "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

          Comment

          Working...
          X