VGMStream on Google Native Client by fernandoc1 at 12:17 PM EDT on August 6, 2011
I'm interested in porting VGMStream to Google Native Client. It seems to be a promising technology and it is cross-platform. For people who don't know this, here is the link for the site: http://code.google.com/chrome/nativeclient/ It seems to be very easy to put audio running in this. Here is an tutorial, explaining how it works: http://code.google.com/chrome/nativeclient/docs/audio.html And here you can find a wave synthesizer example: http://code.google.com/chrome/nativeclient/docs/examples.html I wanna know, if there is someone interested in the project. It will be soon enabled by default in Google Chrome, and people could start using applications built with this, by only opening a link in their Chrome Browser.
Ah, I forgot to put an e-mail for contacts: fernandoc1987-nacl@yahoo.com.br
If someone is interested, please, contact me. I think that it will be very interesting, and Google seems that it is going to give great support to people with this technology.
If you had read the link (http://code.google.com/chrome/nativeclient/) carefully, you would see that it is the you can run native code in the browser. To explain better, you compile you C/C++ code intro native X86, X86_64 or ARM native code and it generate a module that can be loaded to the browser. In some point of view, you can say that it will be limited to Chrome, but if you see charts like this (http://marketshare.hitslink.com/browser-market-share.aspx?spider=1&qprid=1) you will see that Chrome is the fastest growing platform. In some way, it is the easiest way to reach any major operating system (Linux, Windows and MacOS). The only think that it needed to port it to native client is a modification in the code, to pass to the browser the wave stream. The user interface can be done in HTML5 and Javascript. Maybe on Chrome version 15 Native Client will be enabled by default. In my opinion it would be interesting to support this, because it is also possible to publish the VGMStream in Google Webstore (https://chrome.google.com/webstore?hl=en-US), so people can create a shortcut in their desktop to the application it self, without needing to install any package.
If someone is thinking that running native code from the browser is an unsafe approach, there are some papers on (http://www.chromium.org/nativeclient/reference/research-papers) that discuss how to run untrusted code in a sandbox.
It currently is not possible. But I think that on the maturing of this technology, Google will make it ready playable on Android. I don't know if the Android Browser, currently have NaCl in it's plans, but be sure that as soon as Google enable this in Android, you will be able to run the module, easily. I have just got this news here: http://www.h-online.com/open/news/item/Chrome-14-beta-goes-Native-1322490.html For people that still have issues about how safe a NaCl module is, all I have to say is that it is build to run code in the same level of access that JavaScript runs in Chrome. I have been reading about Native Client, for a long time, and I'm sure that it will be a way to go to the web with code that we build today for desktops. Google is also suggesting people to start considering Native Client. See this blog post: http://chrome.blogspot.com/2011/08/building-better-web-apps-with-new.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+blogspot%2FEgta+%28Google+Chrome+Blog%29
In the beginning I came here to suggest this, to be a way to even attract more people to the VGMStream project, since it is really cool to be able to listen game music that we loved to hear while playing. Now with the resources of the Web, we should be able to build communities that could share these tracks and a Web player could be really cool.
If nobody have interest in this proposition, I will try myself, when I have a free time to do this.
I'd be interested if I had more time on my hands, but just as a note on executing native Intel code from a browser... Like you said, NaCl modules do run at the same security level as JavaScript currently; that's exactly the reason why it's unsafe.
Technically, JavaScript & any client-sided script/application is considered "dangerous" if it can directly access a client's file system. JavaScript can be dangerous because it does allow for client file system access (i.e.: even though it may not let you manipulate files on a client's computer, JavaScript can be used to drop trojans & spyware onto a client's computer). Signed Java applets can be even more dangerous, as having a signature grants Java applets the ability to directly manipulate (i.e.: delete, move, copy, upload, download, etc.) files on the client's side. NaCl, honestly, will ultimately be the most unsafe of them all, unless it's developed such that it will prevent programmers from executing file system operations on a client's system.
This said, NaCl's still in development & it does seem very promising (& ultimately, there's no such thing as true, 100% security on architecture that's as open as computer & internet systems).
Only to be more precise: you are not allowed to access the client's filesystem directly through JavaScript nor Native Client. You need to ask the user to get the file for you, before you are able to access it from your client application. It is in the HTML5 File API specification. Native Client is build to be secure and it run in a sandbox. For those who have any doubt about what I'm saying, here is a discussion where I ask about how to read a file from the user filesystem: https://groups.google.com/group/native-client-discuss/browse_thread/thread/e0133272da037337
To give you an idea of where I stand on this, I run NoScript in full whitelist-only mode. And I still feel uncomfortable about temporarily allowing a page.
The only thing that I have to say is that if you find anything that represents a threat for users of NaCl, you can report it to Google and they will properly reward you for your findings. I've seen people winning up to $3000 in their security program. Here you can find more about this: https://sites.google.com/a/chromium.org/dev/Home/chromium-security
> If you're interested in doing it, why don't you just do it?
That is what I'm gonna do. I need only a little of free time to do this. What I was trying to do here is only to ask if someone is interested. But as I can see, there is no one with interest. Think of this as a proposal to open a new path for this project. I thought that it would be interesting, since it should be easy for people to access VGMStream without needing to install any software in their PCs, other than Google Chrome, through the Web Store. For those that even after everything that I posted here still don't understand what I'm saying, I can only say that time will show you the real thing happening and the next level of computing should arrive soon. Native Client will not be an exclusivity of Google Chrome, since it is open source. As soon as people find out it's usefulness it is going to be ported to other browsers.
It's kind of sad to see someone claim their not being understood correctly when someone disagrees with them, but it's not really unexpected in the world of shiny web 2.0 crap.
It is not a matter of people disagreeing with me. You are saying that this is not secure, and I challenge you to point me the flaws of it. That is why I'm thinking that you are not disagreeing but not understanding. But anyway, I'm not gonna insist on it. So, if you are happy with your Windows, I'm not going to tell you to try another thing.
Honestly, even if there is a security flaw in the technology, there's no way of securing it without working on it. I honestly don't have much time for it, but I can try to help out in some way. Here's my tip of the day: if you want to find a good, free, basic web host without ads, you might as well use Dropbox or Wuala.
You can basically host your own HTML-only site alongside the regular file hosting service. Wuala is free for 1 GB of space & Dropbox is free for 2 GB; all you do is install their client program, create your site & copy it with your project files into your Public folder.
From there, you can link a free .co.cc domain to your HTML file's public URL & you'll be all set; it makes life easier for people who want to start off with their projects.
Sorry for being blindly hostile to the idea, it's true that I really haven't looked into it. I'm just not much interested. I wish you luck with your investigations.