Native Client in Chrome: Google flexes Web muscle

Google has built its Native Client technology into its newest version of Chrome, endowing the browser with new processing power for running Web applications.

Native Client, or NaCl for short, is an ambitious Google project that, if successful, will help close one gap that separates Web applications from those that run natively on a computer's operating system. That would improve the competitive position of Web applications such as Google Docs compared to Microsoft Office--and thereby boost Google's Chrome OS project in comparison with Windows.

Most Web browsers run programs written in JavaScript or perhaps Flash, both of them running on a programming foundation that makes those programs slower than native software. But Native Client lets programmers write software that directly taps into x86 chip models such as AMD's Athlon or Intel's Core. Secial programming tools and a screening mechanism in the Native Client software itself are designed to provide security for what has historically been the risky process of downloading executable programs from the Net

Chrome Version: 4.0.220.1, released Friday, "introduces the Native Client as a built-in feature for the first time on Windows," said Jonathan Conradt, a Google engineering program manager, in a blog post about the release. Previously the software was available only as a browser plug-in.

Google also offers a variety of basic tests and more elaborate examples of what Native Client can do, though it takes a bit of technical configuration to get them working. Among them are spinning ray-traced globes, the Game of Life, and the Quake first-person shooter video game.

Native Client shows how Google is using Chrome as a vehicle to advance its Web programming agenda. While some competitors such as Microsoft have a strong business of software that runs natively on a computer, Google wants software to run on central servers on the Internet.

This cloud computing approach has some advantages--being able to more easily collaborate and share documents for example, or to see and edit documents using any PC or smartphone. Google was born on the Web and has an incumbent's advantage there over rivals, but as an applications foundation, the Web remains slow and primitive compared to native applications in many regards.

Native Client isn't the only effort to change that situation. Google also has a plug-in called O3D--also a project it's building into Chrome--designed to let programs tap into hardware-accelerated 3D graphics. It works at a higher programming level than a related effort from Mozilla and Firefox called WebGL.

Google first released Native Client in December 2008. In June 2009, declaring confidence in NaCl's security model, Google it announced it was bringing Native Client out of research and into production.

Though Native Client is built into the new Chrome version, there are plenty of qualifiers for the release. First, it's only in the developer preview version of Chrome, and only for Windows right now. Second, it's disabled by default; adding "--internal-nacl" as a command-line switch at Chrome launch will activate it, according to an explanatory page.

The new version of Chrome offers a variety of other features too, notably a number updates for extensions to let people customize the browser.

For example, extensions now appear as an option on the wrench menu for browser settings. More obviously from a user-interface perspective, the browser actions interface (see illustration below) is now available to place extensions in the form of a button to Chrome's main toolbar.

Browser Actions is a new extensions interface that let browser customizations take the form of small icons in the browser's main toolbar. This illustration shows what Google believes to be an overabundance of such extension buttons.

(Credit: Google)

[MadLyb]

Hmmmm...a browser plug-in that can access the system directly allowing for more sophisticated applications...what a novel idea. Why has no one ever thought of this before...ohhhh...yeah...

...just hope this one is more secure.

[Shankland]

Yes, everybody loves to hate ActiveX, and not without reason. Native Client is a significant and new potential attack surface, though it's passed significant scrutiny thus far.

[ikramerica--2008]

It's not called NaCl for "short" as that's not any shorter than saying Native Client.

Google is being CUTE. NaCl is common salt. Of course, they didn't think it through, as NaCl is also corrosive to Chrome, taking off it's luster and ruining it's protective properties, letting the rust get through.

Hopefully Google spent more time making NaCl safe than they did thinking about the cute name...

[Lerianis3]

Not everyone hates ActiveX, and many of the problems that lead people to 'hate it' have been fixed for quite a while now in Windows Vista and Windows 7, with the 'protected mode' browsing and the fact that you have to GIVE PERMISSION for any ActiveX control, even from Microsoft themselves, to install.

[Random_Walk]

ActiveX is usually the first thing disabled by default in the Windows Server editions, and only turned on when the user allows it (see also the default "Enhanced Security Configuration" setting of IE in all recent server versions). That's just how bad/risky/ugly ActiveX is, even to it's own frickin' owners.

Now in this case, there is a bit of difference... IE is ingrained into the whole OS, due to Microsoft's efforts to bolster the 15-year-old claim that the browser is a 'vital' part of the OS. This makes ActiveX (and IE) a flaming security hazard, and is more trouble than it's worth.

In Google's case, they don't have to worry about the rest of the OS like IE does - if they make a pipe of sorts that drills all the way down, they can make it fairly secure from the rest of the OS - much like a software hypervisor insulates virtual machines from the OS. They don't have to worry about Chrome components being needed by the rest of the Windows OS (and *nix isn't built with such crap dependencies anyway).

"Not everyone hates ActiveX, and many of the problems that lead people to 'hate it' have been fixed for quite a while now in Windows Vista and Windows 7"

Even Microsoft admits that ActiveX is a hazard (see above about ESC) - they don't care if consumers or workstations get bit, but they go out of their way to protect their server products by making it nearly impossible to use the thing (for instance, in the one aspect which most admins did use it - Windows Update).

[SeizeCTRL]

I caught that one too ikamerica... when I was in the navy, it always amazed me that they continue the tradition of brass fixtures everywhere including the ship's bell. Why place one of the most corrosive metals in one of the most corrosive environments. It seemed we were cleaning and shining brass every other day which just seemed incredibly non-productive.

[sparrowhyperion]

I would never ever trust something that can effectively bypass any top level security software I have installed. Not to mention that trusting a web based application at all is a very very bad idea. I can see it now. Some company who tries to save a few pennies, decides to go with a web based app. Then blammo, they lose their connection or worse, the app server crashes... Then not only don't they have web access, but they can't even work on non web related projects. Very dumb idea. Never trust your apps to a third party over which you have no control. It's just a very stupid thing to do.

[forever4now]

Sounds like you need to try some modern web apps. With HTML5 & Gears, you can use web apps offline (i.e. when there is no access to the server). Everything syncs up, automatically, the next time a connection is established.

Re. NaCl, you should read up on it. Google's done some amazing things, to make it EXTREMELY secure:
http://code.google.com/p/nativeclient/

[Random_Walk]

"I would never ever trust something that can effectively bypass any top level security software I have installed. "

...do you ever use virtual machines? same-same ;)

[chocota]

Are you Bill Gates or Steve Ballmer with another name? If that's the case I understand and you are excused, you know, trying to protect your stupid expensive business that the only thing it does is to undermine society. If server crashes, don't be short-minded, work offline with Google Gears, and like everything new, problems will arrive, but that will fixed, like all the problems that brought the first Windows, including the now dead Windows Vista. But, If You are nobody working for Microsucks, excuse me, Microsucks, oooops I did it again, Microsoft, so You are a Short Minded Stupid. So your Short Mind will never understand that Clod Computing is the future of the WEB, for the benefit of the Society

[Random_Walk]

@chocota:

Seriously, dude - use a rational argument of go home.

[DMAN3k]

Didn't your mama ever tell you don't install anything you don't trust.

[sciontcya]

Yes, hence Mac OS is in the house.

[Lerianis3]

sciontcya, need I remind you that the consensus among security researchers right now is that OSX is the most INsecure OS out there right now. Easiest to hack, easiest to put malware on.... the only reason it hasn't had oodles of viruses thus far....... it's still an 'also-ran' OS.

[sciontcya]

@ Lerianis3,

Another POS (pile of...) reply.
No, that's not true.
Any time it's done, there's some hole opened by the "challenger" that makes it doable.
It's not being done and it's not the most insecure, also-ran OS.
It's simply the best desktop OS there is.

[bananaphonerules]

@sciontcya

OSX is good, but so is Windows 7 (pointless debate to follow).

The real issue is the arrogant (we're perfect) users that think they'll never fall victim to social engineering or Trojans.
Its the real world people.

Its hard to get stats for virus from people who don't think they need to detect them? How would you know?

[sciontcya]

@ bananaphonerules,

I fight that battle all the time.
I do run anti-virus software - not because I'm worried NOW, but for the future.
I don't like arrogant, blind following of ANY OS.
Just makes no sense.
BTW, I'm running Win7 Ultimate on my Boot Camp - pretty good so far, but Apple needs to update the BC drivers for some things.
That thing sure boots quickly.
Almost like something's missing ;)

[DOTA AllMoons]

this will most certainly be exploited by hackers. as if web based attacks weren't bad enough already.

[Lerianis3]

They can try to.... and Google with fix the problems with it. Anything that can be used for good can ALSO be used for ill if someone is devious enough.

[knowles2]

With browser stays as small as it is now, then it the same case as Linux and OSX, they to small to worry about and to wast there time on.

[lmasanti]

"Native Client, or NaCl for short, is"... let call it "Salt." (If I do remember correctly from my Chemistry classes!)

[meh100]

Glad to see I'm not the only one on Cnet who thought of that.

[ikramerica--2008]

And it's not called NaCl for "short" as that's not any shorter than saying Native Client.

Google is being cute. NaCl is common salt, as stated.

Of course, they didn't think it through, as NaCl is also corrosive to Chrome, taking off it's luster and ruining it's protective properties, letting the rust get through. Talk about an unintended metaphor...

Hopefully Google spent more time making NaCl safe than they did thinking about the cute name...

[Shankland]

I keep meaning to ask Google whether they thought they were being clever in a sodium chloride kind of way, but I never get around to it. Brad Chen, if you're reading this, is there any link between Native Client and table salt, or is it just a coincidence?

[hmdz105]

What the hell is then Microsoft .net applications that run natively inside IE or Java applications in all browsers?! Why weren't "they" successful? They had to wait for some genius programmers in Google to reinvent their ideas and implement it?!

[forever4now]

NaCl runs native code, not interpreted code.

[hmdz105]

NaCi runs native code not interpreted?! That is funny! How could interpreted code ever run on an x86 machine? They are all translated to native my friend, but their performance differ quiet a bit. I guess JIT from MS is as fast as native could ever be!
No need to reinvent the wheel.

[hawkeyeaz1]

NaCl is compiled for x86 architecture, with some additional rules. Java and .NET are byte code that require being compiled before they run. So, NaCL downloads the file, then runs it, whereas Java and .NET downloads, finds the compiler, compiles it, then runs it. Slight overhead w/ Java and .NET.

[hmdz105]

I still don't get it. Both environments do not directly deal with native x86 code. Their ultimate war will be in which Just in time compiler is faster.

[Hugh_Isaacs_II]

"While some competitors such as Microsoft have a strong business of software that runs natively on a computer, Google wants software to run on central servers on the Internet."

Google never explicitly said that they want software to run on the internet, they've only mentioned it as a platform, and with advances like Gears, I don't think that's their goal.

[Shankland]

Gears, Native Client, and O3D all essentially make the browser a more capable platform for running Web-based software. So it's kind of a definitional matter about where the software is running. The Web hosts the software and maintains its state, but local processing and storage services give it a boost. I see the local resources very much in a subordinate and to an extent optional role. Thus I see Google as interested chiefly in cloud-based software.

[forever4now]

If I remember correctly, WebGL was recently integrated into WebKit. If Google integrates NaCl, O3D AND the WebKit build containing WebGL, developers will be able to build some REALLY AWESOME browser-based apps.

Check out what Disney/ABC is doing, with O3D:
http://www.youtube.com/watch?v=k0tzZiTXEB8

There is also a demo of Large Animal's Infinite Journey O3D game here:
http://www.youtube.com/watch?v=NAgug5D6Kdg

For those who are curious about the difference between WebGL & O3D:
- O3D is a retained mode API.
- WebGL is an immediate mode API.
Google it, if you are interested to learn more.

Definitely, exciting days ahead, for web developers!

[Shankland]

You remember correctly about WebGL and WebKit. It's being built into Firefox, too, though it's not available in mainstream builds yet:

http://news.cnet.com/8301-30685_3-10357723-264.html

Along the same lines, though not as glamorous as 3D, SVG and Canvas are arriving in many non-IE browsers as retained-mode and immediate-mode APIs for 2D vector graphics.

http://news.cnet.com/8301-30685_3-10365636-264.html

[Millo_Avissar]

I trust Google to take care of my documents and applications , more then I trust myself.
they will run backups properly , thir UPS is better then mine, and my son is definitely not around to break anything.

There was a time, when a corporate could work offline, not anymore
so, for us netizens, that already became web-dependent "the cloud" and web apps are better choices, and we thank Google and Amazon for their great effort in bringing this for us.

[Earthquake152]

Wow... NaCl. The chemical formula for salt is now being used as the name of a program.

[Williame789]

I wonder on what Chrome branch Stephen Shankland is?

[forever4now]

This is seriously cool stuff!

Here are some HTML5 sites & demos to try with Chrome 3 (or Chrome Frame for IE, with the URLs prefixed with "cf:"):
http://www.youtube.com/html5
http://demo.sproutcore.com/video/
http://www.rgraph.net/
http://html5gallery.com/
http://tinyvid.tv/

The above links may also work with Safari 4 & Firefox 3.5, although I didn't try them.

There's also a Javascript NES emulator here (you definitely need Chrome, to play the games):
http://benfirshman.com/projects/jsnes/

The above are just HTML5 & JavaScript. Imagine what you can do with NaCl, O3D & WebGL!

[cdwilliams1]

"The above are just HTML5 & JavaScript. Imagine what you can do with NaCl, O3D & WebGL! "

Not to be a downer, but reimplementing apps I already have in a web browser isn't all that exciting IMO. I'm still trying to figure out what all the fuss is about.

[forever4now]

@ cdwilliams1

Moving apps to the browser make them accessible from:

- any OS (Windows, OS X, Ubuntu, ChromeOS, Android, Moblin, iPhone, Symbian, WebOS, Blackberry, WinMo, ?).
- any device type (smartphones, netbooks, notebooks, desktops, tablets, eReaders, photo frames, carputers, ?).
- any CPU architecture (x86, ARM, MIPS, ?).

Implementing web technologies, like HTML5, WebGL, O3D, etc., natively in the browser also reduces/eliminates the need for proprietary technologies, like Flash & Silverlight, which don't integrate seamlessly into a web page & are CPU & battery hogs (especially important for mobile devices like smartphones).

[02cfranklin]

Secial programming tools... new tech? xD

[EvanSei]

Oh good something that can season my steak and give hackers an easy way into my computer, I think I will wait a while before installing this version. NaCL no thank you (at least on my computer)

[dreamfordream]

i am using this version, however the Browser Action interface is not visible on the main tool bar, is there anyway to activate it? Thanks guys.

[keano12]

I for one beg to differ that this can be helpful but I still don't like how they're trying to run their Monopoly under the people's noses. Oh wait, thus far they have succeeded in doing that because no one in the world cares enough... Go Google.

[sheldonhuelin]

I can't wait to see the future Google Docs.

[eltoro2827]

whats chrome? whats google? whats pagerank? whats a sergey brin and a larry page? whats an eric schmidt? whats an android? oh yeah....oh whole lot of crap!

[t8]

Nice one Google. I love your ideas.
Keep going.

[Police_States_of_America]

>But Native Client lets programmers write software that directly taps into x86 chip models

no 64bit support? :C

[hawkeyeaz1]

Soon.

What's Google Chrome? Oh wait I remember it's a piece of crap which takes years to open there own ORKUT . I would rather prefer to pay for more secure, safe and trusted companies like Apple and Microsoft. And last but not least when google is planing to stop using our user data. (Search related data which generates by using google search engine)

[forever4now]

"secure, safe and trusted" used to describe Microsoft????

Microsoft is as close to the exact opposite of that description, as you can get.

[BIGELLOW]

Welcome, troll.