Les nouveautés et Tutoriels de Votre Codeur | SEO | Création de site web | Création de logiciel

seo Native Client: A Technology for Running Native Code on the Web 2013

Seo Master present to you: By Brad Chen, Native Client Team

Modern PCs can execute billions of instructions per second, but today's web applications can access only a small fraction of this computational power. If web developers could use all of this power, just imagine the rich, dynamic experiences they could create. At Google we're always trying to make the web a better platform. That's why we're working on Native Client, a technology that aims to give web developers access to the full power of the client's CPU while maintaining the browser neutrality, OS portability and safety that people expect from web applications. Today, we're sharing our technology with the research and security communities in the hopes that they will help us make this technology more useful and more secure.

At its core, our release consists of a runtime, a browser plugin, and a set of GCC-based compilation tools. Together, these components make it possible to build applications that run in a web browser but incorporate native code modules. To help protect users from malware and to maintain portability, we have defined strict rules for valid modules. At a high level, these rules specify 1) that all modules meet a set of structural criteria that make it possible to reliably disassemble them into instructions and 2) that modules may not contain certain instruction sequences. This framework aims to enable our runtime to detect and prevent potentially dangerous code from running and spreading. We realize that making this technology safe is a considerable challenge. That's why we are open sourcing it at an early stage: we believe that peer review, community feedback, and public scrutiny greatly improve the quality of security technologies like this one.

While it's a big challenge to secure Native Client, we believe that the ability to safely run fast native code in a browser has the potential to provide benefits to users and developers. For example, imagine that you run a photo-sharing website and want to let your users touch up their photos without leaving your site. Today, you could provide this feature using a combination of JavaScript and server side processing. This approach, however, would cause huge amounts of image data to be transferred between browser and the server, leading to an experience that would probably be painfully slow for users who just want to make a few simple changes. With the ability to seamlessly run native code on the user's machine, you could instead perform the actual image processing on the desktop CPU, resulting in a much more responsive application by minimizing data transfer and latency.

To learn more and help test Native Client, please visit our developer site. There you can read our documentation and the Native Client research paper, browse the source code, and download the research release. The release contains the experimental compilation tools and runtime so that you can write and run portable code modules that will work in Firefox, Safari, Opera, and Google Chrome on any modern Windows, Mac, or Linux system that has an x86 processor. We're working on supporting other CPU architectures (such as ARM and PPC) to make this technology work on the many types of devices that connect to the web today.

Once you've gotten your bearings, please report any bugs you find (especially security bugs) using our issue tracker, and join our Google Group to share your thoughts on the technology. We look forward to your feedback!2013, By: Seo Master

seo A better developer experience for Native Client 2013

Seo Master present to you: Author PhotoBy Christian Stefansen, Native Client Team

Native Client (NaCl) enables you to write high-performance apps that run your C and C++ code in the browser. With the new Native Client add-in for Microsoft Visual Studio and the new Native Client debugger it just got a lot easier.

The Visual Studio add-in makes it easy to set up, build, run, and debug your app as a Pepper plug-in and as a Native Client module. If you are porting an existing application to Native Client, building as a Pepper plug-in is a convenient intermediate stage for development enabling you to gradually rewrite the app to use the Pepper APIs (video).


The Native Client debugger, affectionately called nacl-gdb, works on Windows, Mac, and Linux and is now available in the SDK. So whatever your development platform, you can now spend more time coding features and less time chasing bugs with printf.

Following the Native Client philosophy of being OS-independent and open source, nacl-gdb is based on... well... gdb! For those of you who are not excited by a text interface, the Visual Studio add-in makes interacting with the debugger easier. If you use a different development environment that can interact with gdb, you can point it to nacl-gdb and use the same commands plus some additional NaCl-specific commands.


Whether you’re an existing Native Client developer or thinking about using Native Client for your next project, now is a great time to grab the SDK, write an amazing app, and quickly squash any bugs you find. We look forward to questions on Stack Overflow and ideas and comments in the discussion forum.


Christian Stefansen is the Product Manager for Native Client and Pepper (PPAPI). When he is not busy planning new features for Native Client, he likes traveling and writing. He is currently writing a book about India.

Posted by Scott Knaster, Editor
2013, By: Seo Master

seo Native Client brings sandboxed native code to Chrome Web Store apps 2013

Seo Master present to you:
By Christian Stefansen, Native Client Team

Wouldn’t it be great if you could create web apps using your existing C and C++ code? Native Client lets you do just that, and it is now enabled for Chrome Web Store apps in Google Chrome’s beta channel.

Native Client apps live on the web platform, so you don’t need to create separate versions of your app for each operating system. Rather than relying on OS-specific APIs, Native Client apps use Pepper, a set of interfaces that provide C and C++ bindings to the capabilities of HTML5. This means that once you’ve ported your code to Native Client, it will work across different operating systems, and you only need to maintain one code base.

Today Native Client supports the Pepper APIs for 2D graphics, stereo audio, URL fetching, sandboxed local file access (File API), and asynchronous message passing to and from JavaScript. In future releases we will be adding support for hardware accelerated 3D graphics (OpenGL ES 2.0), fullscreen mode, networking (WebSockets and peer-to-peer connections), and much more. As new capabilities are added to HTML5 and Pepper, they will become available to Native Client.

This functionality does not come at the expense of security. To ensure that Native Client is as safe as JavaScript, Native Client code is isolated from the operating system by two nested security sandboxes: the Native Client sandbox and the Chrome sandbox. And unlike NPAPI plugins or ActiveX controls, Native Client apps do not have access to the underlying OS APIs.

We encourage you to start developing apps with Native Client. You can download the SDK and find tutorials, examples, API documentation, and our FAQ on the Native Client site. Once version 14 of Chrome hits stable channel, you’ll be able to upload your Native Client apps to the Chrome Web Store, where you can reach Chrome’s 160 million users.

The next milestone for Native Client is architecture independence: Portable Native Client (PNaCl) will achieve this by using LLVM bitcode as the basis for the distribution format for Native Client content, translating it to the actual target instruction set before running. Until then the Chrome Web Store will be the only distribution channel for Native Client apps. This will help us ensure that all Native Client apps are updated to PNaCl when it’s ready – and in the meantime avoid the spread of instruction set architecture dependent apps on the web. We’ll be providing updates on the progress of PNaCl on this blog.

Christian Stefansen is the Product Manager for Native Client. In his spare time, when he is not writing Native Client apps for fun, he likes playing tennis, playing the piano, and living as a travel writer in India for a couple of weeks at a time

Posted by Scott Knaster, Editor

2013, By: Seo Master

seo Native Client Security Contest: The results are in! 2013

Seo Master present to you: A few months ago, we challenged you to discover exploits in the Native Client system and more than 600 of you decided to take us up on our invitation. We're very pleased with the results: participants found bugs that enabled some really clever exploits, but nothing that pointed to a fundamental flaw in the design of Native Client. Our judges reviewed all entries very carefully and have selected five teams as the winners of the Native Client Security Contest.

The big winner of the contest was the team "Beached As", consisting of IBM researcher Mark Dowd and independent researcher Ben Hawkes. "Beached As" reported 12 valid issues, including vulnerabilities in the validator and multiple type-confusion attacks. The team "CJETM" (Chris Rohlf, Jason Carpenter, Eric Monti — all security professionals with Matasano Security) came in second by reporting three issues with a common theme of memory related defects, including an uninitialized vtable entry, an exception condition during new(), and a double delete bug. Gabriel Campana from Sogeti ESEC R&D Labs was selected as the third place, while for the fourth and fifth place we had a tie between independent researcher Daiki Fukumori and Rensselaer Polytechnic Institute student Alex Radocea. You can find a listing of all the issues the teams submitted at the Native Client Security Contest site.


The winners of the Native Client Security Contest, Team "Beached As"
Mark Dowd (left) and Ben Hawkes (right)

Winning teams were attracted to the contest by the potential of the Native Client technology. Mark Dowd, member of the winning team "Beached As", commented, "When I saw the press release announcing the product, I was intrigued by some of the ideas mentioned in the article. After reviewing the architecture a little, I thought the project adopted a novel approach to solving the problem of running native code securely, and was keen to take a closer look." Curiosity about what the technology could achieve also motivated the CJETM team, according to Chris Rohlf.

The real-world relevance of Native Client made this contest more interesting and challenging for participants. Contestant Alex Radocea stated, "Unlike most security challenges out there, the set of problems were not crafted. The tasks at hand were real and complex, as the real world is. I have no doubt that many unknown people eyed the code or attacked the applications and, frustratingly, found absolutely nothing wrong." Mark Dowd agreed: "Our goal was to create a convincing lead, to try and take the victory, and I think we did that. Having said that, the field was not soft. There were some tough contestants who were able to uncover a variety of interesting vulnerabilities."

We would like to thank all the contestants, the jury chair Ed Felten and all the security experts that judged the contest for helping us improve the security of our system. This contest helped us discover implementation errors in Native Client and some areas of our codebase we need to spend more time reviewing. More importantly, that no major architectural flaws were found provides evidence that Native Client can be made safe enough for widespread use. Toward that end, we're implementing additional security measures, such as an outer sandbox, but you can help by continuing to file bugs in Native Client. Community support and scrutiny has helped and will continue to help make Native Client more useful and more secure.

2013, By: Seo Master

seo Who's @ Google I/O - spotlight on the Open Web 2013

Seo Master present to you: Web developers face many limitations when trying to develop web applications that match the functionality of desktop applications. Many people are working on removing these limitations and helping make the open web an even more powerful platform. Browsers have recently focused on and significantly improved JavaScript performance, and new HTML5 and related APIs are currently being formulated and implemented, giving developers even more capabilities. Through efforts like O3D, Chromium, and Native Client, we want to contribute our technology and web development expertise to developing and promoting open web standards that will ultimately help developers build better apps and make their users happy.

Here are some of the developers who'll be at Google I/O (only 19 days away) and speaking or demoing their products built on open web technologies:
  • Browser Perspectives: An Open Discussion
    Web developers are asking more from today's browsers — more speed, more functionality, and a greater ability to build web applications that make users happy. To talk about how browser development happens with respect to new standards, such as what influences decisions around which new APIs to implement first and how to implement new features in the face of still-changing standards proposals, we have a panel with representatives from Google, Microsoft, Mozilla, and Opera. The discussion will be moderated by Mike Schroepfer, VP of Engineering at Facebook.

  • Bespin Project (Mozilla Labs)
    Bespin is a Mozilla Labs experiment that proposes an open, extensible web-based framework for code editing that also promotes the use of open standards. The Bespin web code editor is built on HTML5 technology. Dion Almaer and Ben Galbraith will be leading a session, Bespin and the Open Web, where they talk about their experiences.

  • Opera Software
    Opera is actively involved in contributing and deploying open web technologies. Specifically, they are currently helping specify GeoLocation, HTML 5, CSS 3, cross-device widgets and SVG, amongst others, and dev.opera.comshowcases techniques and technologies to developers. The Opera Dragonfly developer tools are built using the latest Web technologies. Charles McCathieNevile will be one of the speakers on the Browser Perspectives talk.

  • Yahoo! Pipes
    Pipes lets users remix popular feed types and create data mashups using a visual editor. This visual editor allows you to drag pre-configured modules onto its canvas and wire them together. Pipes use the HTML5 <canvas> tag extensively in the Pipes Editor and Pipe thumbnails.

  • Large Animal Games
    Large Animal Games has developed over 75 games for a variety of platforms, many of which are fully integrated with OpenSocial. They've developed a cross-network game platform called Toga which enables the simultaneous deployment of games across multiple social networks, including those that support OpenSocial. They're also in the process of developing a game using O3D that will ultimately be integrated with social networks via Toga.

  • Crazy Pixel Productions
    Crazy Pixel Productions is a full service 3D animation and game development studio that specializes in top notch art and incredibly immersive worlds. Crazy Pixel has worked on producing art for the O3D Beach demo and is now developing a new game based on O3D.
You can also take a look at our sessions page for a full list of sessions. In particular, sessions under the "Client" track focus on making changes in client products such as browsers to empower the open web platform, implementing HTML5 and related APIs, discussions around 3D and native code, and more. The Sandbox will include engineers of Google product teams that are deploying open web technologies, like the Gmail for mobile HTML5 app, Native Client, Chrome extensions, and O3D.

Google I/O is only 19 days from now - to sign up, go to code.google.com/io!

*Keep up with the latest I/O updates: @googleio.

2013, By: Seo Master

seo 1-up for web games 2013

Seo Master present to you: Author Photo
By David Glazer, Engineering Director, Google+

Hundreds of millions of users are already having fun playing games on the web. With GDC going on this week (#googlegdc), we wanted to give you an update on our efforts to improve the web ecosystem for game developers.

New technology capabilities

With HTML5, WebGL, and WebRTC, the browser has evolved into a feature-rich gaming platform. We are working closely with all browser vendors to further improve the web’s capabilities with new HTML5 APIs such as Gamepad, Mouse Lock, and Fullscreen.

Native Client (NaCl), a technology that enables console quality games in the browser, is also gaining traction. Starting today, the BlitzTech Gaming engine and the Havok Physics Engine have announced NaCl support, complementing a rich ecosystem of game middleware. Some of the latest games that take advantage of NaCl’s capabilities are Zombie Track Meat, Eets Munchies, Go Home Dinosaurs, Dark Legends, Air Mech, and Ubisoft’s From Dust. You can see an early preview of them at our GDC booth.


Improved distribution and monetization

Using social information in game play allows users to connect in more meaningful ways and developers to build even more compelling games. Google+ games continues to grow and attract exciting new games, including the exclusive launch of the epic fantasy title Kingdom Age last week. To help social game developers reach more users globally, all Google+ games will soon be available in the Chrome Web Store, providing an audience of hundreds of millions of users.

In addition, our In-App Payments solution recently added support for more currencies and optimized the payment flow to enable higher conversions.

Visit us at GDC and on the web

To get started working with us, you can now access a new site, developers.google.com/games, that pulls together all our technologies to help you build, distribute, promote, and monetize your games. And for those of you attending GDC this week, stop by our developer day and our booth. We are looking forward to continuing our collaboration with the gaming community and bringing the best games to hundreds of millions of Internet gamers.


David Glazer, Engineering Director for Google+ .

Posted by Scott Knaster, Editor
2013, By: Seo Master

seo Announcing the Native Client Security Contest 2013

Seo Master present to you:

Exploits, bugs, vulnerabilities, security holes -- for most programmers these terms are synonymous with fire drills and coding all-nighters. However, for the next 10 weeks, the Native Client team is inviting you to bring them on! We're challenging you to find security exploits in Native Client. Sign up today for the Native Client Security Contest, you could win up to $ 213 , as well as recognition from renowned security researchers.

Before getting started, you must complete the registration process for yourself or your team. Then, you can grab the latest build of Native Client, attack it to find security holes, and submit the ones you discover. You get credit for bugs that your team reports first. If another contestant submits a vulnerability before you, or we publish a fix before you report it, well then... you'll have to keep looking!

At the end of the contest, all entries will be reviewed by a panel of academic experts, chaired by Edward Felten of Princeton University. They will select the five eligible entries with the most high-impact bugs, and these winners will receive cash prizes, as well as earn bragging rights. For more details, please review the contest's terms and conditions.

Registration is now open and the contest will run until May 5th. Sign up today to start reporting exploits as soon as possible.

Happy bug hunting!2013, By: Seo Master

seo Native Client: Getting ready for takeoff 2013

Seo Master present to you:

(Cross-posted from the Chromium Blog)

Over the last few months we have been hard at work getting Native Client ready to support the new Pepper plug-in interface. Native Client is an open source technology that allows you to build web applications that seamlessly and safely execute native compiled code inside the browser. Today, we’ve reached an important milestone in our efforts to make Native Client modules as portable and secure as JavaScript, by making available a first release of the revamped Native Client SDK.

The SDK now includes support for a comprehensive set of Pepper interfaces for compute, audio, and 2D Native Client modules. These interfaces are close to being stable, with some important exceptions that are listed in the release notes.

In addition, we’ve focused on improving security. We have enabled auto-update and an outer sandbox. This allowed us to remove the expiration date and localhost security restrictions we had adopted in previous research-focused releases. Beyond security, we’ve also improved the mechanism for fetching Native Client modules based on the instruction set architecture of the target machine, so developers don’t need to worry about this any more.

We are excited to see Native Client progressively evolve into a developer-ready technology. In the coming months we will be adding APIs for 3D graphics, local file storage, WebSockets, peer-to-peer networking, and more. We’ll also be working on Dynamic Shared Objects (DSOs), a feature that will eventually allow us to provide Application Binary Interface (ABI) stability.

Until the ABI becomes stable, Native Client will remain off by default. However, given the progress we’ve made, you can now sticky-enable Native Client in Chrome 10+ through the about:flags dialog. Otherwise, you can continue using a command line flag to enable Native Client when you want to.

A big goal of this release is to enable developers to start building Native Client modules for Chrome applications. Please watch this blog for updates and use our discussion group for questions, feedback, and to engage with the Native Client community.


2013, By: Seo Master
Powered by Blogger.