Google Dropping Netscape Plugin API Support In Chrome/Blink 170
An anonymous reader writes "Google today announced it is dropping Netscape Plugin Application Programming Interface support in Chrome. The company will be phasing out support over the coming year, starting with blocking webpage-instantiated plugins in January 2014. Google has looked at anonymous Chrome usage data and estimates that just six NPAPI plug-ins were used by more than 5 percent of users in the last month. To 'avoid disruption' (read: attempt to minimize the confusion) for users, Google will temporarily whitelist the most popular NPAPI plugins: Silverlight, Unity, Google Earth, Google Talk, and Facebook Video."
Google offers NaCl as an alternative, and "Moving forward, our goal is to evolve the standards-based web platform to cover the use cases once served by NPAPI."
"standards-based web platform" (Score:5, Funny)
Standards are wonderful, and everyone should have their very own!
Re: (Score:1)
Re:"standards-based web platform" (Score:5, Insightful)
That may be, but why don't we "evolve" this other thing to cover all the existing use cases BEFORE disabling NPAPI?
Re: (Score:2)
They will never update their NPAPI plugin while it is still working. Because if it work, don't fix it.
The NPAPI is only depreciate at this point; the summary state that the most common used ones are white-listed. It is therefore probably not impossible to custom white-list any if your specific need.
Re: (Score:2)
Re:"standards-based web platform" (Score:4, Informative)
However, NaCl is definitely not a standard if it's only implemented in a single browser.
Btw, Unity3D already supports NaCl with the same license that supports the web plugin. Silverlight needs to die anyways, and two of those plugins are Google services.
Re: (Score:3, Insightful)
Isnt NPAPI just another "de facto" standard anyways? Pretty sure the "N" stands for "netscape", not "W3C" or "IETF" or "RFC".
Re: (Score:2)
Things can be de-facto standard, or formalized by an organization (like the ones you mentioned).
NPAPI is a de facto standard.
NaCl is not a standard at all, just a protocol a single vendor designed themselves and implemented.
Re: (Score:2)
Re: (Score:2)
Unity3d may support NaCl; but it has a couple of glaring deficiencies - like a lack of network support (this is apparently a issue with the Pepper API not supporting it). The webplayer (NPAPI) version is unfortunately also a bit faster at runtime.
A pox on both houses. (Score:3, Interesting)
NaCl is a good implementation of a terrible idea: i.e Running software in the browser is all kinds of wrong.
If not NaCl or JS, then what? (Score:1, Troll)
Re: (Score:3)
Re:If not NaCl or JS, then what? (Score:4, Insightful)
Yes. I am against both. Cross platform programming as an Interpreter running in a sandbox (JavaScript) or a bytecode VM (Java, NaCl...) shouldn't be done through the browser.
The Internet should be slightly expanded HTML1 and CGI as far as I'm concerned. Maybe with an exception for audio\video if we can agree on a codec...
Keep application development and serving to the likes of Android's Play Store + Dalvik.
Re: (Score:1)
The Internet should be slightly expanded HTML1 and CGI as far as I'm concerned.
"No one will need more than 637 kB of memory for a personal computer..."
Re: (Score:3)
The Internet should be slightly expanded HTML1 and CGI as far as I'm concerned.
"No one will need more than 637 kB of memory for a personal computer..."
Apples and oranges. Having more RAM doesn't create a huge security risk like running code in a browser does.
Re: (Score:2)
Even if the security issues could be put to rest, there's no justification for running applications in a document viewer.
If Google is so concerned with serving up cross platform applications, they can package a VM and an App Store along with their browser. They can even conceive of their own URI scheme that will pass requests to the App Store to download and initialize Apps on the VM.
Is it really too much to expect something better then serving GUIs the likes of Facebook and Gmail inside the browser?
Chrome Web Store (Score:2)
If Google is so concerned with serving up cross platform applications, they can package a VM and an App Store along with their browser.
Chrome Web Store already exists on desktop versions of Chrome.
Re:If not NaCl or JS, then what? (Score:4, Insightful)
there's no justification for running applications in a document viewer.
Except that most of the world finds it pretty convenient, and anything we've called a web browser in the last 15 years or so has been much more than a document viewer.
If Google is so concerned with serving up cross platform applications, they can package a VM and an App Store along with their browser.
They do. The V8 Javascript Engine is implemented as a VM. They include the Chrome Web Store in the desktop version of their browser as well. That doesn't mean that it's not beneficial to run apps delivered over the web in the browser, the way that every other vendor does.
Is it really too much to expect something better then serving GUIs the likes of Facebook and Gmail inside the browser?
And what's wrong with it? A sandboxed plugin API and Javascript VM makes more sense to me than downloading a native app to handle the same thing, and I down see a benefit to having a some kind of Net-VM app, separate from the browser, to run web apps in. Either way, you're still talking about running someone else's code. From that perspective, keeping the browser integrated with a sandboxed scripting and plugin environment makes more sense than any alternatives I've heard anyone propose.
Re: (Score:2)
there's no justification for running applications in a document viewer.
I'd violently disagree with the idea that the web should be a repository of documents for document viewers. Your comment essentially embodies all that is wrong with the web and the people who developed it. Alan Kay got it right [youtube.com] and you didn't, deal with it.
Re: (Score:2)
uh?
I ran a few java applets a few years ago, mostly one yahoo game. What was striking is how smooth the game's little 2D effects were, and it did not use a shit ton of CPU like flash and javascript do. Java is more akin to using a native app, UI can be anything non standard just like flash or elaborate websites. Starting the JVM was slow in 1997, but that long ago, plus we had mode PIO 16 hard drives and 120MHz CPUs.
A shame that Java was plagued with updating/installation and security issues.
Re: (Score:2)
Two words: Java applets. This is exactly how they work, and it's a mess. You have to start the JVM every time you load an applet (or load it with the browser and keep it around), and then the UI is a mess.
Aren't you confusing a good idea with a bad implementation here?
Comment removed (Score:4, Insightful)
Re: (Score:2)
The real problem is everyone has been coming up with "Go buttons" but there was no decent "Stop button". So to stop some stuff but not others you have to make sure ALL the unwanted Go buttons" are not pressed. And that is not easy to do. Some people say "Use a library" the problem is how do you make sure future "Go buttons" that haven't been invented yet are not pressed either? And how about different browsers behaving differently?
So more than 10 years ago I proposed that a "Stop" "button" be created: http: [w3.org]
Re: (Score:2)
To be fair, the person in charge has repeatedly apologized
...which he even sort of didn't have to, because the management was to blame for the most part of the outcome.
Re: (Score:2)
Re: (Score:2)
Having more RAM doesn't create a huge security risk like running code in a browser does.
Why would running code in a browser create a huger security risk than running code outside of a browser? If anything, the latter is more dangerous. The browser at least is expected to expose only a limited interface for the downloaded code to manipulate the state of your machine. Anything else is a bug.
Appeal to tradition fallacy (Score:2)
Why would running code in a browser create a huger security risk than running code outside of a browser?
because the god damn browser wasn't expected or designed to run code originally
Expecting the current version of a computer program to be no larger in scope than the first version is a form of the appeal to tradition fallacy [wikipedia.org].
Re: (Score:2)
The browser was designed as a Page Rendering/Document Veiwing Engine
Uh...what? Have you actually seen WorldWideWeb [wikipedia.org]? The only reason why virtually all later browsers were viewers-only was because the new guys found it "too difficult" to support the advanced features [archive.org].
Re: (Score:2)
Expecting the current version of a computer program to be no larger in scope than the first version is a form of the appeal to tradition fallacy [wikipedia.org].
It gets worse: the old version was much better [slashdot.org].
Re: (Score:1)
and don't even get me started on the horseless carriages...
Re:If not NaCl or JS, then what? (Score:5, Insightful)
Nothing stops you from only writing a webpage thats HTML1 with no JS; just dont be surprised when noone wants to visit it.
Re: (Score:3, Informative)
Actually, the fact that HTML1 doesn't exist stops you. HTML2 was an attempt to document what browsers of the time rendered (i.e. it was descriptive, as opposed to the prescriptive HTML3 and later), but there was no HTML1.
Re: (Score:2)
Why should I care about visits? I don't live off advertisements and page hits.
I'm interested in delivering information. A company's portfolio... A product's specifications... A personal contact page... A data sheet... Wikipedia with NoScript is done right as far as I'm concerned.
Re: (Score:2)
Presentation is highly important in this business. Like it or not, an attractive web site does wonders for the opinion of those who might stumble upon it. It does not have to be laden with graphics and other whiz-bang features that slow down the browser, but a boring page suggests a lack of bother and care by the company, which might translate into related opinions from those who browse the page.
Geeks continually misunderstand and downplay the significance of image. Humans are visual creatures - ignore this
Re: (Score:2)
Nothing stops you from only writing a webpage thats HTML1 with no JS; just dont be surprised when noone wants to visit it.
If it contained interesting stuff, HTML1 wouldn't stop me visiting it. Actually it might provide nicer experience than a modern web page which is surrounded with advertisement banners and various menus from every side.
A round-trip and full reload for each click (Score:3)
The Internet should be slightly expanded HTML1 and CGI as far as I'm concerned.
Usability would be horrible. For example, web-based paint programs [wikipedia.org] can currently use HTML5 Canvas, SWF, or Java. But without any sort of client-side scripting, they would have to use a server-side image map and make a round-trip for each click on the image. And imagine how much longer Slashdot comment pages would take to update if every time you expanded or collapsed a comment, the server had to resend the full text of all other comments.
Re: (Score:3)
As for the Slashdot comments, Slashdot should be an App.
There already was an app: the NNTP news reader. But no ISPs provide NNTP service anymore. So for which platforms would the Slashdot app be made available?
Re: (Score:2)
My ISP provides usenet servers. Keeps some major bandwidth inside their network.
The problem with usenet is that it's a free-for-all, no moderation. Slashdot is actually a really good example of how the web improved internet based discussion groups.
Re: (Score:2)
What's wrong with using a simple, RESTful, HTTP API?
What's wrong is the difficulty of getting your application approved by Apple, Microsoft, Nintendo, and Sony.
Re: (Score:2)
Re: (Score:2)
We're taling about HTTP and HTML, not the web.
What's the difference between the HTTP and HTML on one hand and the web on the other?
Re:If not NaCl or JS, then what? (Score:4, Insightful)
Re:If not NaCl or JS, then what? (Score:4, Funny)
Re: (Score:3)
LOL... You were going along fine until you said "develop an app for GNU/Linux". Yeah, right - like any web developer is going to create an app specially for that 1.3% market...
Unlike the blockbuster that is Windows RT.
Re: (Score:2)
Yeah, right - like any web developer is going to create an app specially for that 1.3% market...
Some web browsers Launchpad.net (the Ubuntu bug tracker) is made for a fraction of that 1.3% market. Besides, for which free (as in at least beer) operating system should developers of client-server applications create the client side of said applications? Or why is it desirable that purchasing a copy of a Microsoft brand operating system or an Apple brand computer be a prerequisite to participation in the public sphere?
Re: (Score:3)
No it isn't. NaCl is a great proof of concept. It shows that you can sandbox x86 apps using some static analysis of the binaries and a few other constraints (it also showed that segmentation support on modern x86 chips is pretty poor and terrible on Atom). The problem is that it only works on x86 binaries. What proportion of Web use these days is (ARM-based) phones and tablets? 20%? If you make something that only works for 80% (and falling) of your customers, then that's a problem.
PNaCl is promising
Re: (Score:2)
Great idea, let's serve a html renderer in javascript to render a website in the browser in a consistent way and without extraneous features.
Re: (Score:2)
NaCl supports only a tiny subset of NPAPI functionality, it's also not portable beyond i386 and armel.
NPAPI is just as secure (or more often, insecure) as the browser itself. Some sandboxing is in theory good, but NaCl hardly brings anything you can't already do, at a speed and sanity penalty, in javascript.
At the moment I have only two plugins installed: Flash and DNSSEC Validator. Tell me how would you implement the latter without either arbitrary network access or calling out to the OS.
Re: (Score:2, Insightful)
NaCl supports only a tiny subset of NPAPI functionality, it's also not portable beyond i386 and armel.
To which still-manufacturer-supported platforms is NPAPI portable?
Re: (Score:2)
Manufacturer of what?
There's flash plugin for sparc, but they stopped at version 11.2.202.223 while the current one on linux is 11.2.202.310
But surely there are other NPAPI plugins than Adobe ones, like the totem or mplayer plugins.
For a web browser, let's see iceweasel 17.0.9 [debian.org] :
amd64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390 s390x sparc
I meant "not PowerPC Macs" (Score:2)
Manufacturer of what?
Manufacturer of the computer. Mostly I was trying to exclude PowerPC Macs from a discussion of the future direction of NPAPI.
amd64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390 s390x sparc
Now let me rephrase my question: For which of these platforms are NPAPI plug-ins still released?
Re: (Score:1)
Our company uses a NPAPI (and activex on IE) plugin to bridge between our website and users' TWAIN scanners/cameras.
It's a fucking shame that after all the *chans and flickrs and reddit over the last decade that none of the browsers (even on the pads) have an "acquire" button to go with their "browse" button on the file upload box.
Oh wait, there's now a javascript API that will work on about three phones to get video. Whoop de fuck you I'm out.
Scanning was Re:"standards-based web platform" (Score:2)
Re: (Score:2)
Last I looked, NaCl is moving to llvm bytecode, allowing on the fly JITting to x86, Arm, etc.
The only thing that'll be really annoying is there will be no way to access hardware directly. I wrote a PC/SC plugin ages ago to do just this.
I guess the only way there now would be writing a signed Java applet...
But wait ... I can't do that on OSX, because ... Chrome is a 32bit app!
Re: (Score:2)
Tell me how would you implement [DNSSEC Validator] without either arbitrary network access or calling out to the OS
It could be done at the level of the OS' DNS resolver, for the good of all applications, including browsers.
Re: (Score:2)
can you sell properiaty.. because I sure can't!
why not sandbox npapi?(yeah yeah, full of problems to do that. but not that much more than nacl).
also where does this leave say, unity web player? is nacl available as feasible route for other browsers? is nacl even ready?
Re: (Score:2)
Re: (Score:2)
NaCl is definitely better than NPAPI. Can you spell "sandbox"?
Unfortunately, the major purpose of plugins is to break out of the sandbox, to access things like sockets, webcams, local files, hardware information, etc. I haven't seen many plugins for the purpose of running speedy code.
Re: (Score:2)
I think you mean "Standard-esque"
Re: (Score:2)
http://xkcd.com/927/ [xkcd.com]
Re: (Score:1)
The N stands for Netscape!
The same company that invented SSL and JavaScript? Yeah, no-one uses any of their stuff anymore, that's a perfectly good reason to get rid of it all by itself.
Comment removed (Score:4, Insightful)
Chrome native messaging (Score:2)
I use the AmazonMP3Downloader plugin so when I purchase music from Amazon it gets added to my music library immediately.
AFAIK PPAPI (and NaCl) can't implement that because they need to save the music to places outside the sandbox.
AmazonMP3Downloader could be split into a part that runs inside Chrome and a separate process that downloads the file, and the two parts would communicate with Chrome native messaging [chrome.com]. It's like when Windows Vista came out: applications that needed to run in the background with administrative privileges needed to be split into an elevated service and a not-elevated GUI.
Re: (Score:2)
Re: (Score:2)
Every piece of native code you ask users to install is yet another vector for trojans and viruses.
This is true whether Amazon MP3 Downloader/Cloud Player is an NPAPI plug-in or a separate process, so I don't see the difference.
Re: (Score:2)
If AmazonMP3Downloader ever gets popular enough to attract black hats who use vulnerabilities in it to pwn your computer you might change your mind about the value of giving plugins that level of access.
Re: (Score:2)
Re: (Score:2)
"anonymous Chrome usage data" (Score:1)
If Google can offer NaCl, they... (Score:1)
...can also offer pepper. Seriously, this is crazy. Everyone knows Google won't do no evil.
Re: (Score:2)
Nowhere in the article does it say that pepper (ie. PPAPI) is going anywhere. You'll note that the built in flash and PDF viewer don't use NPAPI
I think he was making a salt & pepper joke.
Re: (Score:2)
Well NaCl it is one small corner of the bloated corpse of that is PPAPI.
Embrace, Extend, Extinguish? (Score:3, Interesting)
Mark my words: Chrome is going to end up being a second IE 6-like millstone around the IT industrys neck. We are already seeing web sites that only work in Chrome (and Safari, if you're lucky). Firefox, IE (!), and whichever intrepid fourth party browser engines still exist on the periphery, will be reduced to second-class citizens..
Re: (Score:2)
Chrome renders with Webkit, which is used by multiple browsers. Its also one of the most standards-compliant engines out there; if Firefox / IE arent rendering a page and Chrome (webkit) is, thats probably a deficiency in those browsers' engines' standards support.
Re: (Score:3)
Actually, WebKit cuts corners on standards a lot more than Firefox and IE do. For example, the official CSS 2.1 test suite from when the standard was finalized two years ago shows WebKit passing about 89% of the tests (for comparison, Firefox passed about 97%).
If Firefox/IE aren't rendering a page and WebKit is, it's almost always because the page author has written WebKit-specific code (e.g. used -webkit CSS prefixes on properties that are supported without a prefix in other browsers).
What WebKit and espe
Re: (Score:2)
my fiance insists on using chrome despite constantly having weird issues with it.
Re: (Score:2)
If Firefox/IE aren't rendering a page and WebKit is, it's almost always because the page author has written WebKit-specific code (e.g. used -webkit CSS prefixes on properties that are supported without a prefix in other browsers).
The problem isn't using browser-specific extensions. The problem is that the page doesn't work without them. What's really wanted is a way to tell a browser to disable all vendor-specific extensions and to have everything be according to standard (or disabled) so that authors can check their stuff ahead of time.
Checking stuff ahead of time? Hah! I can dream...
The new IE is here (Score:4, Interesting)
More and more Chrome is reminding me of IE from the humble IE 4 which was the best browser to the jaguarnut of IE 6 which still has not completely died off yet in China and some corporate portals.
Chrome rushes to throw HTML 5 and CSS 3 features not standardized on W3C so they can pass HTML5test and calls them HTML 5 and CSS 3 but really are made just like box model and CSS were invented by IE. The W3C in the end decided to make it a little different which is why when Firefox went one way the corps hung onto IE 6 instead.
This NACL and plugins is all 21st activeX to me. If MS did this for IE 11 everyone would be screaming bloody murder.
Re: (Score:2)
Are you sure that's your sig (Save IE6), or was that the end of your argument :)
Re:The new IE is here (Score:4, Informative)
From the NaCl FAQ:
Is Native Client open? Is it a standard?
Native Client is completely open: the executable format is open and the source code is open. Right now the Native Client project is in its early stages, so it's premature to consider Native Client for standardization.
You think that NaCl might lock you in to some proprietary standard, but the complete opposite is true: if you want, you can build your own version of HTML and CSS in NaCl, or build your own programming language. Hell, you can build a browser in NaCl.
Re: (Score:2)
Where is the patent waiver?
Re: (Score:2)
Elephant bollocks. I guess you meant juggernaut [wikipedia.org]? No nuts there but more to the point.
Re: (Score:2)
I see we are not letting a mere lack of knowledge be any impediment to voicing opinions tonight.
Well, I've been developing "web services" since before the web existed (BBS networks), all the way up to HTML5 and beyond, with bleeding edge browser features pre-standardization, so let me weigh in on the issue:
/me shudders.
Re: (Score:2)
Re:Next Page Google can take from MS (Score:2)
How do you think MS was able to fast track Office XML into an ISO standard?
Some "standards" don't happen without force.
Does this mean I will lose LASTPASS? (Score:1)
Re: (Score:2)
dunno why lastpass would need npapi. I don't use it, but I would guess lastpass acts more as a browser plugin, in the sense that it is a plugin for the browser and not a plugin for handling elements on the page that the page creator declared that plugin would handle(like a box on the page that's supposed to show a flash animation).
I find it telling (Score:2)
I find it telling that even Google Earth doesn't use NaCl yet.
Quake Live (Score:2)
Quake Live runs their engine through a NPAPI plugin. They're supposed to port that to NaCl just for Chrome users? More likely they'll just not support it and ask people to switch to Firefox.
Re: (Score:2)
You still play Quake?
How... quaint.
Re: (Score:2)
You still play Quake?
How... quaint.
Hey, why not! I support the idea that games from any era can be played at any time. BTW Quake 3 Arena was still the game used for tournaments held at QuakeCon 2013. Playing both old and new stuff makes a nice mix of entertainment.
Torture.... (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Lost Years of My Life to NPAPI (Score:2)
"standards" (Score:2)
It's not a standard just because you publish the documentation. Or can I make the Hugo-Plugin-Standard now?
Google is just being a bully because of it's position. "Adopt our made-up standards, or don't interact with us."
VMWare (Score:2)
This is going to make the VMWare browser-based console not functional, which was the only way to manage your VMWare instances in linux.... super.
Re: (Score:2)
Linux isn't supported in 5.5 anyways since they upped the flash version requirement to greater than the last version available for Linux.
Re: (Score:2)