Native Client：Google的最新Web开发平台

yuba

Google于昨天宣布一个项目称作“Native Client”，作用是允许开发人员编写Native Code (C/C++/...)的应用运行在多个平台的桌面和浏览器中。目前这个项目刚刚宣布，属于非常早期的一个项目，但是不难看出Google也希望统一 Web应用和桌面应用的想法。这个项目已经可以在Google Code里看到： http://code.google.com/p/nativeclient/
                  
举例来说，开发者可以使用Native Client来提速照片共享类网站，用户可以直接在网站上修改图片，进行相关的编辑工作。

Native Client有些类似于微软的ActiveX技术，但是可以在除了Windows之外的其他操作系统上运行，包括Linux和Mac，部分功能还和Adobe的一项Alchemy技术相似。

开发人员可以使用GNU C编译器来创建自己的代码，通过一个特殊的浏览器插件，网络应用就可以被编译并在用户的PC机上运行。

该软件目前可以支持Firefox、Safari、Opera和Google Chrome浏览器，但还无法支持IE，Google发言人表示，在Native Client基本完成时，会增添对IE的支持。为了保证此软件的安全行，Google内建了一种他们所谓的“inner-sandbox”，可以对安全漏洞进行代码分析，并且保护操作系统上的其他部分不受感染。

coredump

A cross platform ActiveX

ingeer

這個。。。。 起點太高，安全問題很難解決，不適合做WEB APP。。。

someonehappy

“作用是允许开发人员编写Native Code (C/C++/...)的应用运行在多个平台的桌面和浏览器中。

......

开发人员可以使用GNU C编译器来创建自己的代码，通过一个特殊的浏览器插件，网络应用就可以被编译并在用户的PC机上运行。”

有点晕，不知道是原代码通过网络传送，然后浏览器自动编译运行它，还是先编译之后，再在网上传递到客户机然后运行。

如果是后者，应该就和java类似了吧。

另外，我一直搞不清楚为啥java applet没流行起来，理论上应该就是类似的东西，是设计上有什么问题，还是实现上出现了什么现实问题？

coredump

http://www.psynixis.com/blog/200 ... ava-applets-failed/

一句话：生不逢时

coredump

氯化钠(NaCl)的实现原理尽在paper中。

inner-sandbox: 首先用静态的汇编代码分析确保"self modification"这样的指令被剔除，其次使用x86的段内存保护机制在进程内隔离出安全子域，有点像在进程内划出小进程空间的感觉，但又不是像线程那样，而是限制进程内不同module的访问边界。

outer-sandbox: 截留所有系统调用，仅允许46个系统调用的白名单，其他一概禁止。

外加一些特殊实现的模块间通讯机制。

其实，说白了，这个Native Client的实现其实都是OS的任务，进程隔离，内存访问，系统调用等，NativeClient用浏览器插件实现了OS的几个关键功能，还设计了自己的可移植运行格式

coredump

原帖由 someonehappy 于 17-12-2008 10:16 发表

                               
登录/注册后可看大图

有点晕，不知道是原代码通过网络传送，然后浏览器自动编译运行它，还是先编译之后，再在网上传递到客户机然后运行。

后者

如果是后者，应该就和java类似了吧。

不一样的，Java是编译成字节码，NaC直接运行x86二进制码，就是真正的.exe文件，只不过用静态分析加其他安全机制(inner-sandbox, outer-sandbox)对这个.exe的行为加以限制。并且允许跨OS和browser来运行。

NaCl的设计很大胆，有点想要与魔鬼共舞的味道

someonehappy

paper好像才第一页。

看了标题，是针对x86平台的portable，这样的话，机器码基本是统一的，不同的就是操作系统，还有一些不同x86平台的特性，所以，它可以把操作系统调用重新包装成统一的接口，把不同x86平台的特点也隐藏掉，然后目标代码只包含x86平台统一的机器命令子集，通过调用NaCl平台提供的库函数，这样，只需要一个目标程序就可以跨平台跑了。

当然还有相关web方面的一些东西，发布控制啥的。

这样如果实现了，基本可以解决大多数PC用户的问题，不管是windows,linux还是啥。不过对于其他硬件系统就没办法了，比如跑Mac的PowerPC。

对么？

coredump

差不多是这个意思，他们用x86的用意是x86的市场份额够大，不过也有很多人有类似的质疑，以后移植起来有点难度，有人还建议用LLVM呢。

感觉下一步浏览器将慢慢变成一个虚拟机，Native Client的Google Group上就有人建议干脆用精简的linux kernel做Native Client运行环境。

coredump

很赞同作者的观点，不过就是担心Google推动NaCL的决心和力度：
FROM: http://groups.google.com/group/n ... d/f0814ebd35d1808f#

NaCl is currently a research project of google. As a research project
and as a project of google there is a high chance it will be
abandoned.
So my question is how likely is it the research project will become a
"product" and how will you try to push it to the users?
An obvious way is to deliver it with Chrome. But I guess this is not
enough, it would be really helpful if Firefox would include it in the
installation, too.

As I really, really like it - I would love to see this as a standard.
It would finally remove nearly all artifical restriction of current
web-apps. Personally I consider many current web-apps a toy. While a
web mail clients like google mail is a nice thing, other serious
software like picture/video/audio-editing, games and business software
is limited to a performance compareable to 8-bit computers from the
80s. A "word processor" as a web-app is a joke. Basically you rely on
an existing functionality in the brwoser (design mode). This means it
is _fixed_. You can not extend it beyond a certain point, without
changing _all_ browsers. So, IMO something like NaCl is already
overdue.

Acutally, a sandbox like NaCl is probably the only secure way for
nearly all software.
Something like UAC from Vista does no longer match the requirements of
an operating system (Linux/Unix/MacOs is in _no_ way better!).
The fundamental problem is this:
Current operating systems isolate processes and access rights by
_users_ and not per process!
What does it helps if a process can not modify a system file, but is
allowed to send all my data to a third person?
So, IMO every program executed should run in a sandbox! The sandbox
should be designed this way that a program by default can only see its
own files , its own processes, ... The program "thinks" it is the only
program running on a computer. Every access to data not written by the
program itself has to be explicit requested and is granted on a per
file/directory basis. So, even if I as a user give access to some of
my documents to a malicious program, it will never have access to my
saved passwords, email, etc. In addition it should only be possible to
launch a program from specific directories.
Well, I think all this is the job of an operating system and not a
browser. A browser should run in a sandbox supervised by the OS and
not the other way round. But what does it help if all OS-makers just
rely on an outdated security model and are to narrow minded to really
think of alternative models - and finally _deliver_ a solution...

So, google please go on!

coredump

Review and ideas (deployment, OpenGL and killer apps)  

I am quite frankly impressed by your technology. I am a Linux user
with a background on security and I will like to make a review
combining those two perspectives : a classic user and computer savy.
I am so tired of Flash from a user point of view, I feel it's slow and
memory hungry. Specially when you have 10 youtube video embed in one
page, it make my system crawl to its knees when they don't even play.
Security is extremely well done because you can't do really much but
some security flaws have been found over the years and it's still
possible to overload the plugin and exploit it. Applications are
limited. At most you have a few games and video player. Some 3D has
started to appear but it's still mostly not used. Coding and
development tools are limited to almost what Adobe can deliver.

I don't dislike Java applets. Users always seem to dislike it for its
loading time. It's JIT and its normal to have some loading time. I was
really impressed by the port of Quake 2 (called Jake2). It runs
somewhat fast enough for me but it's a port, a rewriting of a game in
another language. Security is its most trusted feature. Even if it
relies on the user to accept to execution of code, it's always in a
context of an applet with the corresponding security model which does
not allow arbitrary read/write on disk.

I won't talk about ActiveX. Well to me at first when it was introduced
in the late 90's I thought it was a great idea : convert a regular
application code into something to goes inside the browser but its
security made it impossible to use. Still it was a good idea only
badly implemented.

And here comes Native Client. I have this feeling again I had when I
heard about ActiveX and really hoping you're going to get it right.
What I like about it is everything. It's genius. I am still blasted by
the Quake demo. I didn't have too much trouble compiling the source
and that's what is genius about "Native Client". It's not like Jake2
which is a port of code from C to Java, all I needed was to recompile
the source with just a few modifications. That's the beauty of it. The
application can be written in any language. System calls are analyze
to trap any unwanted result. That's genius. Making it open-source is
the right thing to do. Thank you Google for that, maybe this time it
will be done the right way.

There are things missing still. The big one is deployment of
applications. I don't know how you will resolve that. Your intentions
are to speed things up on the web but to do that I must have a piece
of code on my computer, in a safe place. One thing that could be done
is to combine part of this inside the browser like Firefox is doing it
for extensions. I think it's the right way but I don't know how Google
feel about Mozilla Corp. The other way would be to use a system like
war files for tomcat : one file containing all the that is needed,
uncompressed it somewhere safe, not writable by the application and
give the application the ability to write somewhere else some settings
and have a limit on the size of this folder. I would not like a
setting file like in Java because it will break a lot of application.

I saw a post about OpenGL and how it's not possible to use it. I don't
know why it can't be used but I am sure it can be, I don't know how
hard it will be. If the SDL libraries can be called from "Native
Client" I am sure OpenGL can.

What can I say more? "Native Client" opens the door of limitless
possibility on the web. We can imagine everything from image
applications to video editing to office suites. Let's see how it will
change the web.

someonehappy

对这些东西都没有啥特别的了解，不过我一直觉得现在什么都想从browser里面走，这本身从道理上来讲就不太对。因为很简单，browser的出现根本不是为了这样的目的。我们其实一直在对它进行修补，用聪明才智在想尽一切办法弥补。不过总有一天要到头的。

理论上来讲，既然现在由于网络的发展，pc上的应用出现了和以前很不同的地方，那么从大了来讲也许应该从操作系统的角度有些变化，从小了来讲，起码应该舍得抛开现在的浏览器来设计一个真正适应现在应用的软件形式。虽然现实里面这是比较难的，但是从历史来看，很多事情就是应该两条腿走路，老的不适应的东西，改进到一定阶段，还是会被慢慢的抛弃。

像google这种有钱有资源的公司，应该想的更远一些。也许，nacl一开始因为兼容的考虑是插件的形式，但是将来如果做的比较成功，就应该抛开浏览器的框框，或者针对现在的网络应用彻底的重写浏览器，不知道现在的chrome是否已经有了类似的考虑。

coredump

you are right!

Actually NaCl can run standalone.