| |
|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: Native Client. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
Native Client
by possibly noteworthy at 7:51 am EST, Dec 11, 2008 |
Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. We've released this project at an early, research stage to get feedback from the security and broader open-source communities. We believe that Native Client technology will someday help web developers to create richer and more dynamic browser-based applications.
Naturally it is easier to run OpenOffice in a browser if you can just run OpenOffice in your browser. |
| |
RE: Native Client
by Decius at 8:27 am EST, Dec 11, 2008 |
possibly noteworthy wrote: Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps
Was that supposed to be ironic? In fact their security approach sounds interesting: The inner-sandbox uses static analysis to detect security defects in untrusted x86 code. Previously, such analysis has been challenging due to such practices as self-modifying code and overlapping instructions. In our work, we disallow such practices through a set of alignment and structural rules that, when observed, enable the native code module to be disassembled reliably and all reachable instructions to be identified during disassembly. With reliable disassembly as a tool, it's then feasible for the validator to determine whether the executable includes unsafe x86 instructions.
|
|
| | |
RE: Native Client
by I Love Lamp at 1:09 pm EST, Dec 11, 2008 |
Decius wrote: possibly noteworthy wrote: Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps
Was that supposed to be ironic? In fact their security approach sounds interesting: The inner-sandbox uses static analysis to detect security defects in untrusted x86 code. Previously, such analysis has been challenging due to such practices as self-modifying code and overlapping instructions. In our work, we disallow such practices through a set of alignment and structural rules that, when observed, enable the native code module to be disassembled reliably and all reachable instructions to be identified during disassembly. With reliable disassembly as a tool, it's then feasible for the validator to determine whether the executable includes unsafe x86 instructions.
Yeah, I'm sure it's 100% secure and works 100% of the time. Great idea, this puts ActiveX controls to shame. |
|
nativeclient - Google Code
by ubernoir at 11:32 am EST, Dec 11, 2008 |
Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. We've released this project at an early, research stage to get feedback from the security and broader open-source communities. We believe that Native Client technology will someday help web developers to create richer and more dynamic browser-based applications.
I picked up on this through a digg link to an ars technica article. I'm sure people have seen it but since I know relatively fuck all about security but since there are people like Decius, Acidus, et al here I was wondering what people think
edit oops do the recommend then see I should have checked discuss lol |
|
|
