Active-X is retarded. Give root control of the machine to some random internet webpage?.Originally Posted by Jason Cross
At least Flash is javascript running in a plugin that can be sandboxed and has not native api to begin first.
These things exist because sometimes are needed. You have the office that want to upload documents to a website from Office. Or let a website choose betwen two printers. Withouth something like Active-X you can't do that. But is the lesser evil.
Or in the case of Flash, ....flash is needed because at the time, it was the only format for vectorial graphics, streaming graphics + video. Companies like Nokia tried to stop any web standard for video, becuse profit from some propietery codec patents, and don't want a free codec from success. Probably a lot of other companies profit from that, and secretly don't want free codecs to succed. Hence... no video for you internet. Internet routed the damage by using that weird vectorial graphics plugin to render video. Is a hack.
My opinion:
- Using a browser to run native games: Ok, it expand the positibities of gaming. I kind of like the existence of flash games and webgames. These things have created stuff we could have never seen with desktop gaming and console gaming.
tldr: I am ok with that because is cool and you will not have it withouth it.
- Using a browser to install a game that is forced to launch from the browser: Not ok. BF3 is this, and is ridiculous, it works wen it works, but wen it don't work, you know is because is tryiing to do something totally asstupid. Yesterday I was tryiing to play COOP with BF3, and was a very sad experience, as the browser and the game where fighting tryiing to communicate. For MP it mostly work. Vindictus also use this system, and for a few months I was unable to play because the launcher was using the wrong version of the game (the asian and the european version was installed on my comp, and the browser was tryiing to launch the wrong version) I fixed that by studing the javascript source code of the page and realizing how to suggest to the game what version must use.
tldr: I am not ok with this because is unnecessary and create problems.
- Using a browse to stream a game: Ok with that. This seems what are doing with Bastion, so this is ok.
- Using a browser technology to provide a baseline that is the same for different systems ( OS's, desktop/mobile) so a dev can "write once, run everywhere": I am Ok with it, but "good luck with that". Games are normally heavily optimized to where are running. By making something that you don't really know where is going to run, you must not optimize, so make some unoptimized game that probably don't stress enough what is possible today with current technology. This is ok for some games, but not for all games.
tldr: "write once run everywhere" technologies have a bad fit with games.
Firstly, no it doesn't, it runs at the same privileges as the host process.
Second, admin is not root privileges, the Windows closest equivalent would be SYSTEM.
Thirdly, how is this different from NPAPI? That's the most retarded thing about this, people bitch about ActiveX but where are the NPAPI complaints?
Google says it's secure. People who don't like NaCl raise eyebrows. About what you'd expect. But again, I think it's best to think of this as a program written using the NDK for Android. What are the security implications of running a game in Android? Well, it's locally running code, so if you have OS bugs they can be exploited. What are the security implications of NaCl on Chrome(OS)? Basically the same (except that the OS is Chrome).
I don't know how Bastion in particular works, but there's nothing inherent in the NaCl technology that makes an internet connection required. In fact, even with HTML apps, the Chrome Web Store lets you download and install them totally locally, if the app maker packaged it that way (which most don't, because it's a lot easier to just whip up a manifest pointing to your site and call it a day).So, what happens when I want to play Bastion where I don't have a net connection?
Yeah, the way this is being positioned now, I think it is best to think of NaCl as Google using the browser you probably already have installed on your computer as their beachhead onto your computer for a slightly-more-secure Steam clone. In the same way that Valve used Half Life 2 as their beachhead for Steam.
Eventually, they will probably roll it out into a more general app-store-for-the-desktop, and the security provided by NaCl itself mainly means Google won't have to review apps as thoroughly.
The fact that it is preinstalled with a web browser seems almost incidental to me.
It's not so much Steam as it is the Apple App Store/Android Market. Explicitly, that's what the Chrome Web Store is.
This isn't working for Android though.
Question: If my connection is fast enough to play this game streaming, why don't i just download it?
Steam says bastion is 1Gb on their store page.
My crappy comcast internet downloads from steam at 2.5Mb/s
By my calculations that means it would take me around 7 minutes to download bastion. I know people hate waiting, but that really isn't that long... If starbucks is empty (ha ha ha ha), i can't get my coffee in 7 minutes after ordering.
For pc gaming we come to the same issue that makes onlive useless, if i have the connection to support this, it is almost certainly better for me to just run this from my computer. Zero benefits over conventional distribution with MANY downsides. Maybe it will have some use off the PC though.
From the perspective of games, this isn't some weird new technology, this is just Google Steam. I'm sure it just downloads it to your computer, but in a clever way that lets you play while you are downloading. WoW has the same thing (well, that's an online game, but you see my point hopefully). I'd be surprised if it had to redownload the entire thing every time you played.
If the Chrome Web Store could "fail" like Android Market, it would be success beyond Google's most optimistic projections, I'm sure.
I was responding to the security point.
This isn't the thread for it, but there's no reason to believe that the Android Market is a significant vector for security issues.
Android is the only mobile platform with any significant malware presence, therefore whatever they're doing for reviews isn't working, which leads into the point I was making about your thought that "Google won't have to review apps as thoroughly."
There is no significant malware problem on Android. There is a significant "antivirus" marketing problem on Android, which makes people think there is, though.
No, there is plenty of known malware on the platform and an increasing number of studies supporting this. Whether the anti-malware products do anything or not I'm not in a position to comment on.
However, of all the mobile platforms, android is currently the only one with any significant penetration in this issue. It's not all smoke and mirrors any more.
Studies not funded by anti-malware companies? Can you provide some links?
Funding doesn't matter if the methodology is solid. I would be amazed if the anti-malware companies aren't funding studies on every platform and you only see a small number of them because, surprise surprise, only a small number of them produce results worth publishing.
Well obviously the methodology would be influenced by the funding if the companies producing said software are the ones providing the studies showing how everyone needs it. What Mike's asking is if any of the studies you're referring to are done by people who don't stand to gain anything by selling anti-malware apps.
Sorry, but if you can't find a flaw in the methodology then it doesn't matter who it's funded by. Funding should cause you to examine closely, not dismiss out-of-hand.
We can go back and forth on this all day. Can you put forth something for us to examine closely, so that we can debate its methodology?
Sure
http://www.juniper.net/us/en/dm/interop/go/
http://www.mcafee.com/us/resources/r...at-q3-2011.pdf
http://www.securelist.com/en/analysi...lution_Q3_2011
Google response (to the Juniper one I think)
https://plus.google.com/u/0/11476509...ts/ZqPvFwdDLPv
Cool, thanks.
The Juniper report, which lauds itself as "An Objective Briefing", calls out a 400% increase in Android "malware samples" since Q3 2010. It does not define what a malware sample is. It mentions that 1 out of 20 (5%) of Android apps request user permissions to allow unauthorized calls. Poor coding or deliberate malware? Unsaid. How many apps did they examine to get this 5%? Unsaid. 383 apps "were found to have the ability to read or use authentication credentials from another service or application". A requirement for those apps to function as designed? Poor coding? Unsaid.
A heading in Juniper's report states that "Android Takes Crown as Primary Mobile Malware Target", with no supporting data. The section it leads into consists solely of a description of a Chinese-developed (possibly) malware package. No numbers regarding frequency, severity, or other contenders for "primary mobile malware target".
There's a fairly long narrative concerning a Myournet/DroidDream malicious app, but it's more a timeline of Google's response than any analysis of success or failure. That's it. No data correlation, no methodology, no comparison across devices or any time more granular than a year ago. In short, no substantiation.
The McAfee report seems to be frequently cited by bloggers and so forth. It reports that the "total malware samples" in Q3 2011 is in fact higher than the "total malware samples" in previous reporting periods, but it doesn't explain what a "sample" is (a newly discovered piece of malware, or a new report of prior vehicle?). Other charts for different attack vectors within the report use the word "unique" in the legend for similar charts; the Android chart does not. I don't know if this is an oversight or they're not counting unique hits for Android.
The text of the mobile section consists of descriptions of malicious Android apps that sign you up for SMS subscriptions, steal call info and so forth. All bad news, to be sure. The second chart is a pie chart showing that Android is a distant second to Symbian in "total malware by platform" (unique apps? Frequency of discovery?) despite the lone sentence immediately above it proclaiming "And Android is the top target of today's mobile malware authors", a statement which does not support the chart and is not supported by the chart.
The final chart in the mobile section of the McAfee report is "Android Malware by Quarter", showing that Q3 2011 has the highest value to date. I'm assuming this chart is much like the first, only Android-specific. If so, this is confusing. The displayed value on this third chart is slightly less than 100; let's call it 100. That's out of the roughly 1300 "Total Mobile Malware Samples" displayed in the first chart. 1 out of every 13 malware apps is on Android? Doesn't sound very threatening.
This report has no stated methodology, no description of a data collection process, and conflicting (or at best confusing) data. Regardless of what McAfee is trying to say here, however, it does not support your assertion that "Android is the only mobile platform with any significant malware presence", given that they're either 100/1300 in Q3 or #2 overall, depending on which chart you credit.
The third report, from Securelist, is my favorite. It's detailed, creative, and the guy seems to be enthusiastic about it. Unfortunately, it's not substantative either. There's a chart (whose legend is one run-on word "Thenumberofnewsignaturesformobilethreatstargeting aselectionofplatforms, Q1,Q2,&Q3 2011"), showing a dramatic spike in malware signatures for Android in 2011 to date. That may address an increase in the number of malware apps out there, if a signature is a response to a new malware vector. If they're hypotheticals, it doesn't mean anything. I'm not sure. The remainder of the Android section is narrative in nature and discusses a few malware apps. No mention of methodology or data collection processes.
I appreciate the research and the Securelist report at least was interesting, but they do not support the assertion that Android is the only mobile platform with malware presence. In fact, they refute that statement, given that each report dedicates sections to other platforms.
On Android:
400%
So, from 1 to 4 Malware samples in a year? Surely an epidemic.
Got to love researches and their use of % instead of pure numbers.
--------
On Native Client/ActiveX
You still need to allow Plugins for the site for Native Client to work.
The Bastion page didn't show anything until I enabled Javascript and Plugins for that page.
You are saying people browse the interwebs WITHOUT having JScript/Plugins disabled by default?
In theory javascript sould only add to a page, and pages sould work with javascript off. But the version you will get will look like HTML 1.0 the more we progress into things like JQuery. If you disable javascript, you can also browse with Lynx, because you will have a similar graphic experience.
Also, sometimes javascript is used to patch bugs and problems created by Internet Explorer. If you disable javascript, you have to live with the bug/problem. In a perfect world, browsing with javascript disabled will be a perfect reasonable option. Only in a perfect world.
Disabling javascript on the Internet these days is like walking around with only one eye, sure you can do it but it's going to be a pain in the ass. Not to mention this doesn't protect you against safe sites being compromised.
I can't imagine that disabling Javascript nets you a benefit anywhere near the pain it will bring.
With Chrome it is very simple to enable it on a per site basis.
It's simpler not to have to, so already it's useless for 99% of browser users and with sub-domains how many people understand which domain is doing what, especially with the heavy use of caching sites these days? For the final 1% who think that is worth it it still doesn't protect them against compromised sites they have already enabled.
The machine's got an AMD Radeon 6750M. Not white hot, but decidedly better than Intel-integrated graphics. Although it also has an Intel integrated chip, and dynamically switches between them according to need. Perhaps that's what's going wrong here.
Yeah, I could definitely see that being a bug with graphic duties not being handed off correctly. Presumably in normal operation the OSX version of Chrome uses the integrated graphics to accelerate rendering and these new NaCl games don't trigger the switch like they should.
The streaming aspect isn't really inherent to Chrome / NaCl gaming. The important part of NaCl seems to be letting people run games/apps without having to trust the sources. A few years ago when I posted my free indie game Lost in the Static for download, I saw lots of posts saying "what, I'm just supposed to download and run this random exececutable from some random guy's website?!?!!". But nobody says that when you link to a Flash game.
So it's more likely worthwhile to compare it against Flash (similar security risk, higher performance, opens up possibility of C/C++ developers producing browser games) than try to compare it against exist methods for distributing AAA games.
Considering Google keeps killing smaller projects left and right I would very wary of relying on NaCl, webGL is probably a safer choice for a small webgame giving that has support from Chrome and Firefox. Also the ChromeOS project seems to be on the death doors once real Chrome is ported to Android I wouldn't be surprised if they killed it, that would mean NaCl would have less reasons for existing.
Posting Permissions
Reply With Quote