--
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
You mention NaCl as the solution to rendering plugins, and indeed it allows re-using existing code rather than rewriting everything in javascript (ugh!)
The other thing that I'm not clear is on one of the con of NaCl is "Does not allow raw TCP/UDP". Actually, we have studied NaCl last year and one of the concern we had was, the provided TCP communication doesn't seem to support transfer of data other than text format. In that case, I wonder how we could grab our video data from the server.
--
--
--
--
Richard I am interested in NPAPI replacement. Please let me know how can I contribute in it.-Vikram
--
I did do some search on the possibility of using ppapi without nacl the day I heard of this news. Although it seems possible, I'm afraid it's shaky path as Google may tweak it such that it will have to be used together with nacl.
Hi Richard,
I did do some search on the possibility of using ppapi without nacl the day I heard of this news. Although it seems possible, I'm afraid it's shaky path as Google may tweak it such that it will have to be used together with nacl.
So I wanted to point out a couple of solution that would have to be written per-platform and maybe per browser but might have other advantages,
All these require a service running in the background.
Setparent on windows (not sure what it is on other platform) - this allows one to take a top level window (of any app) and put it into amother window/control such as a picture. On Windows you can also just pass in the window handle on creation. This would only solve part of the issue for visible plugins... You would still need some form of IPC. It seems very secure and would be faster than tcping images over.
Another area worth investigating is taking over the control window. Hooking could be used for full control... I use hooking a lot as part of my job and there are lots of hooking libraries out there like easyhooks. You could hook every browser and createwindowA/W (or if that does not work the much lower level ntusercreatewindow). Then you could u could go and hook other things:
- Ipc to a service (if it that is the easiest approach) could be done by overwriting a commonly used Windows function like createfile or wsaconnect and called by java script. Shared memory or pipes would be faster than tcp.
- You could hook individual functions however the more you hook the more you would have to do on a browser specific bases... I might be a more special case thing.
It should be possible to update firebreath in such a way to emulate most of its common functionality.
Anyway those are my quick thoughts at the moment.
As to what we need in chrome.
We have a particular realtime implementation of h264 and other video formats. At a minimum having access to a very fast h264 decoder(or vp8 or vp9 or h265) that can decode each frame slice we send it might be enough however it would be preferable to be able to write this code ourselves because there are so many edge cases when you cant buffer frames. It needs to run 720p at least 80fps so it can catchup when it gets behind. JavaScript does not have intrinsics, fast multthreading, fast memory operations or any of the other tools we use to make this fast.
An opus sound decoder that can take a opus frame and play it back in real time.
For a web socket server running as on OS background process I have the following question. In firebreath I can use security zones to prevent the plugin from functioning if loaded from a domain which the plugin doesn't trust (for example the plugin will only function if loaded from domain X for some reason). If we use a local web socket server I'm not sure if a similar safety net could be used? I'm not sure how the local web socket server could authenticate that the client is actually trying to connect from a page loaded from domain X for example, would it be possible?
I can�t think of a way to do it offhand :-/
Richard
On Oct 17, 2013, at 11:26 , mgt <m...@home.se> wrote:
For a web socket server running as on OS background process I have the following question. In firebreath I can use security zones to prevent the plugin from functioning if loaded from a domain which the plugin doesn't trust (for example the plugin will only function if loaded from domain X for some reason). If we use a local web socket server I'm not sure if a similar safety net could be used? I'm not sure how the local web socket server could authenticate that the client is actually trying to connect from a page loaded from domain X for example, would it be possible?�
--
�
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
�
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
SSL Certificate? :-)
Richard Bateman wrote:
I can’t think of a way to do it offhand :-/
Richard
On Oct 17, 2013, at 11:26 , mgt <m...@home.se> wrote:
For a web socket server running as on OS background process I have the following question. In firebreath I can use security zones to prevent the plugin from functioning if loaded from a domain which the plugin doesn't trust (for example the plugin will only function if loaded from domain X for some reason). If we use a local web socket server I'm not sure if a similar safety net could be used? I'm not sure how the local web socket server could authenticate that the client is actually trying to connect from a page loaded from domain X for example, would it be possible?
--
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
That still wouldn�t tell you for sure which website contacted the plugin.
Richard
On Oct 17, 2013, at 18:18 , Taran Rampersad <taran.a....@gmail.com> wrote:
SSL Certificate? :-)
Richard Bateman wrote:
I can�t think of a way to do it offhand :-/
Richard
On Oct 17, 2013, at 11:26 , mgt <m...@home.se> wrote:
For a web socket server running as on OS background process I have the following question. In firebreath I can use security zones to prevent the plugin from functioning if loaded from a domain which the plugin doesn't trust (for example the plugin will only function if loaded from domain X for some reason). If we use a local web socket server I'm not sure if a similar safety net could be used? I'm not sure how the local web socket server could authenticate that the client is actually trying to connect from a page loaded from domain X for example, would it be possible?�
--
�
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
�
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
�
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
�
---
You received this message because you are subscribed to a topic in the Google Groups "firebreath-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/firebreath-dev/gqgrUg5orwk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to firebreath-de...@googlegroups.com.
That still wouldn�t tell you for sure which website contacted the plugin.
It could. You'd have to set up a certificate specifically for the application and for that site. A signed SSL certificate is also verified by an external authority - it's specific to a server - so the only way past it is if someone compromises the SSL certificate on the server itself.
That said, the same concept applies. What Richard presented is the same concept. In looking at it from a perspective based on a present Firebreath project I'm working on, saving to the registry or an ini equivalent leaves a big opening for someone who really wants to subvert the security of the system. With the SSL certification framework, it's been pretty hardened over the years.
I'm not saying it's perfect. I'm not even saying it's a great solution. It's a stopgap. But it's a functional stopgap.
Richard Bateman wrote:
That still wouldn’t tell you for sure which website contacted the plugin.
Richard
--
---
You received this message because you are subscribed to a topic in the Google Groups "firebreath-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/firebreath-dev/gqgrUg5orwk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to firebreath-de...@googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
Hi Richard,Count me in! We are on the same boat now....As you may know, we are developing our own video player. One major issue we are facing now is that we have our own video codec which has already been optimized to x86 and x64 in assembly language. Seem to me, such optimization will not be portable to nexe by just dropping in the code.
So, what I could think of is1) Write a NaCl app as the front player2) Separate out the decoder engine into a local service which will decode the video and locally stream the decoded video to the NaCl app via websocket .
My concern to the above proposal is1) Imagine, if the video is 1920x1080 at 24-bit and 30fps, that's going to be 186 MB per sec of data! How taxing will it be to the system, even if it's streamed via localhost?2) Multiple concurrent player would seem impossible.Also, has anyone taken a look at zeromq? I wonder if it's usable in NaCl.
--
--
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
Alright. Let me first start by stating what we already know: The writing is on the wall, the browser manufacturers have decided to kill NPAPI. I think this is a bad idea, I think it’s stupid… however, it seems that anything that doesn’t have at least 1% of the entire world’s population (small number, right? it’s just 1%) is safe to throw under the bus as far as Google is concerned.Anyway, all frustration aside, it’s time to start figuring out other solutions; it’s possible that those solutions will fragment this community into several projects, each aimed at a different problem. I don’t know. The important thing, though, is that now we need to identify what things can and can’t be done. I have been in touch with Stuart Morgan, who is one of the Chrome developers who has worked with some Chrome NPAPI stuff, and his request is that we find a list of things that can’t be done with the other technologies listed in the blog post.To that end, I have created a page on firebreath.org that I want us to all start working on:I think we’re going to need to break things down more, but frankly I need help. If I get the help, then I will work with those willing to work with me until we get something figured out and at the very least can go to the browser manufacturers with a list of “this is what we can do, this is what we need to be able to do” items and have at least some documentation on alternatives. My hope is to create a framework that possibly uses FireBreath, possibly is totally different, but solves 90% of the issues in whatever way we need. I don’t yet know for sure if that’s possible. This is going to cost us all a lot of time.If I don’t get that help then I’ll solve my problems and let everyone else figure it out on their own time. I’m sorry to put it that way, but I just can’t do this all myself; I need the help, and right now I’m tired and cranky and frustrated =]My thoughts so far===============I think we will need to break things down into subtypes of plugins; the goal is to build something that simplifies cases for those types. Here are the groupings I’ve thought of so far, please let me know what you think:**Video / Drawing plugins**As I’ve researched, the best chance for most of these will be to use a NaCl plugin, at least from a drawing perspective. You could alternatively try to draw using WebGL or Canvas, but if you need any native code running, it’ll have to be NaCl. For network access, we’ll have to look into Native Messaging as a backend to the NaCl plugin, accessed asynchronously — and yes, I can see this will be messy. it’s the only solution I see.**Hidden / hardware access plugins**Plugins that are used for hardware access or to provide behind-the-scenes services to plugins I think we can handle using Native Messaging; after installing, a chrome extension can launch communicate with the other application, thus allowing us to make requests for the other application to handle things. We should be able to abstract this with a javascript API, possibly utilizing JSAPI on the other side to automatically create wrapper objects with common code that would let us make asynchronous calls that still look and feel like javascript and serialize the requests and responses with JSON.—I’m sure there are other types, but this is the current direction of my thoughts. What other ideas do we have, and who is willing to help? I need someone to research — in depth — each of these things and then I’d like to discuss it with them to see if we can hammer it together into a unified solution.Richard
--
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hi Richard,Since you mentioned sleep apnea, I'll share with you my experience. I had sleep apnea since early 30s. At one point of time, it was so bad that part of my palate collapsed as I must have sucked it so hard while breathing during my sleep. After a sleep study, I was recommended to use a CPAP and the first machine I had was a Puritan Bennett APAP. I had it for a few years, followed by a second device which I forgot the brand as I used it for a short period of time before I stop using it altogether. I have stopped using it for past 3 years ever since I lost weight by changing my diet and lifestyle. So, while in the short term, CPAP is essential, change to a healthier lifestyle is definitely the way to go... :-)
--
Hi,Is FireBreath going to die now? Is it actually worth learning it?
The thing is:I have a project idea ( though it isn't my idea :D) - browser plugin (cross-browser, hopefully :D). The plugin is going to pretty complex:
- rendering of all kinds (OpenGL will be used)
- audio
- networking
However, if FireBreath won't support creation of plugins for all the major browsers (Chrome, Mozzila, Safari, Opera, IE, maybe Konqueror) due to the fact that those browsers won't support NPAPI, and FireBreath won't find any solution, programmers will have to create 4 or 5 plugins (well, not completely, but still, it will be a lot of work) instead of one.
So finally, the question(s) is/are: Have the FireBreath guys found the solution? Is FireBreath going to support creation for all the major browsers? If not, is there any alternative out there, so the programmer can create one port of his application/library and not many of them?BTW, does somebody know how folks in Unity are going to solve this? NPAPI is going to thrown away soon, so the had to find the solutions.
Thanks for the replies. LeviDňa utorok, 24. septembra 2013 23:00:43 UTC+2 Richard Bateman (taxilian) napísal(-a):Alright. Let me first start by stating what we already know: The writing is on the wall, the browser manufacturers have decided to kill NPAPI. I think this is a bad idea, I think it’s stupid… however, it seems that anything that doesn’t have at least 1% of the entire world’s population (small number, right? it’s just 1%) is safe to throw under the bus as far as Google is concerned.Anyway, all frustration aside, it’s time to start figuring out other solutions; it’s possible that those solutions will fragment this community into several projects, each aimed at a different problem. I don’t know. The important thing, though, is that now we need to identify what things can and can’t be done. I have been in touch with Stuart Morgan, who is one of the Chrome developers who has worked with some Chrome NPAPI stuff, and his request is that we find a list of things that can’t be done with the other technologies listed in the blog post.To that end, I have created a page on firebreath.org that I want us to all start working on:I think we’re going to need to break things down more, but frankly I need help. If I get the help, then I will work with those willing to work with me until we get something figured out and at the very least can go to the browser manufacturers with a list of “this is what we can do, this is what we need to be able to do” items and have at least some documentation on alternatives. My hope is to create a framework that possibly uses FireBreath, possibly is totally different, but solves 90% of the issues in whatever way we need. I don’t yet know for sure if that’s possible. This is going to cost us all a lot of time.If I don’t get that help then I’ll solve my problems and let everyone else figure it out on their own time. I’m sorry to put it that way, but I just can’t do this all myself; I need the help, and right now I’m tired and cranky and frustrated =]My thoughts so far===============I think we will need to break things down into subtypes of plugins; the goal is to build something that simplifies cases for those types. Here are the groupings I’ve thought of so far, please let me know what you think:**Video / Drawing plugins**As I’ve researched, the best chance for most of these will be to use a NaCl plugin, at least from a drawing perspective. You could alternatively try to draw using WebGL or Canvas, but if you need any native code running, it’ll have to be NaCl. For network access, we’ll have to look into Native Messaging as a backend to the NaCl plugin, accessed asynchronously — and yes, I can see this will be messy. it’s the only solution I see.**Hidden / hardware access plugins**Plugins that are used for hardware access or to provide behind-the-scenes services to plugins I think we can handle using Native Messaging; after installing, a chrome extension can launch communicate with the other application, thus allowing us to make requests for the other application to handle things. We should be able to abstract this with a javascript API, possibly utilizing JSAPI on the other side to automatically create wrapper objects with common code that would let us make asynchronous calls that still look and feel like javascript and serialize the requests and responses with JSON.—I’m sure there are other types, but this is the current direction of my thoughts. What other ideas do we have, and who is willing to help? I need someone to research — in depth — each of these things and then I’d like to discuss it with them to see if we can hammer it together into a unified solution.Richard
--