Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Chrome Google

Google Chrome Will Block All NPAPI Plugins By Default In January 107

An anonymous reader writes Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser's security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September 2015. For context, Google first announced in September 2013 that it was planning to drop NPAPI. At the time, Google said anonymous Chrome usage data showed just six NPAPI plugins were used by more than 5 percent of users, and the company was hoping to remove support from Chrome "before the end of 2014, but the exact timing will depend on usage and user feedback."
This discussion has been archived. No new comments can be posted.

Google Chrome Will Block All NPAPI Plugins By Default In January

Comments Filter:
  • If I knew which 6 NPAPI plugins were used I'd know if I cared or not.
    • Re:Which 6? (Score:5, Informative)

      by jandrese ( 485 ) <kensama@vt.edu> on Monday November 24, 2014 @05:30PM (#48452653) Homepage Journal
      From the link:

      Silverlight (launched by 15 percent of Chrome users last month).
      Unity (9.1 percent).
      Google Earth (9.1 percent).
      Java (8.9 percent, but already blocked for security reasons).
      Google Talk (8.7 percent).
      Facebook Video (6.0 percent).

      Silverlight is in that list thanks to Netflix, but Google got HTML5 video working for Netflix so that should drop off of there. Google Earth seems like something Google can fix as well. Same with Google Talk.

      Unity, Java, and Facebook Video might be problematic however. I guess we'll have to wait and see if Chrome users are important enough for the respective companies to redevelop their plugins.

      • by Guspaz ( 556486 )

        Those percentages are out of date. The percentages from the latest update are:

        Silverlight (11 percent of Chrome users, down from 15 percent)
        Google Talk (7 percent of Chrome users, down from 8.7 percent)
        Java (3.7 percent of Chrome users, down from 8.9 percent)
        Facebook Video (3 percent of Chrome users, down from 6 percent)
        Unity (1.9 percent of Chrome users, down from 9.1 percent)
        Google Earth (0.1 percent of Chrome users, down from 9.1 percent).

      • Talk won't be fixed. It's been deprecated in favor of Hangouts.

      • by AmiMoJo ( 196126 ) *

        Chrome is the dominant browser now, so it's more a question of if those plug-ins are important enough to be redeveloped for the majority of users.

        The replacement API has been around for ages, and is much more secure. If I used any of those plug-ins I'd be demanding they get upgraded for my own protection, or stop using them.

      • Ouch! I use java and silverlight daily.
    • Just six plugins are used by more than 5% of users doesn't seem to be that significant. After all, 1000 plugins used by 1% of users will have far more impact than that.

      Also, I do wonder if there is a correlation between people who use more plugins, and those who opt not to send anonymous data in.

  • So, which plugins does this really affect?

  • An honest question, why use Chrome when you can also use Chromium and not be 'the product'?

    I'll stick with Firefox.
    • https://code.google.com/p/chro... [google.com]

      looks like there's little difference two me. you are only the product if you sign in to google, which is true of whatever browser you choose.

    • by afgam28 ( 48611 )

      An honest question: if you don't want to be "the product" then what are you doing here? How do you think Slashdot makes its money?

      • I suspect Dice doesn't do nearly as much datamining as Google.
        • by afgam28 ( 48611 )

          I suspect they do some, but either way you're still "the product". Or is it more about privacy (which is a totally different thing from being exploited)?

    • Google has never provided binaries on their Chromium site and that has always seemed like a very deliberate choice to deter would be users.

      To run Chromium (on Windows) you must to dig through third party sites which may or may not have the latest version of Chromium available and may or may not bundle adware garbage installers.

      Chrome binary download links, in contrast, are featured prominently on many sites. It is heavily advertised.

      • Google has never provided binaries on their Chromium site and that has always seemed like a very deliberate choice to deter would be users.

        To run Chromium (on Windows) you must to dig through third party sites which may or may not have the latest version of Chromium available and may or may not bundle adware garbage installers.

        Here you go...
        https://download-chromium.apps... [appspot.com]

        This is the raw build of Chromium for Windows x86, right off the trunk. It may be tremendously buggy.
        created by François Beaufort - now maintained by the Chromium team

  • What's amazing is that this 1996-era hack for extending the functionality of the Netscape browser, in a rather kludgy and unsafe way, still exists at all in 2014. I took a class at the Netscape office in Mountain View in 1997 to learn how to write NPAPI plugins and thought then that it was an ugly hack that deserved to go way soon, though I was glad it existed to solve my immediate problems. Not only did it not go away (though MS removed NPAPI support for IE a long time ago), nearly all major browsers today

  • I know NPAPI wasn't exactly the most elegant thing, but at least it was supported by a few major browsers. Are there any good plugin API alternatives that are cross browser? Or is everyone having to implement a version of the plugin for each browser using whatever API that browser has decided to support?

    • Firefox could implement Pepper but they've chosen not to. You're probably never going to get IE to support any open plugin standard.

      • From what I've read on the discussions on Firefox implementing Pepper the reason why they aren't isn't a simple case of them choosing not to. It's a case of google not actually having a published standard (as I've seen it described the Pepper 'API' is just the current head of the chrome source which changes with each chrome release) so it's not an easy thing for another vendor to support.
      • Firefox could implement Pepper but they've chosen not to. You're probably never going to get IE to support any open plugin standard.

        Because no formal version of PPAPI exists but rather is an ever changing header file in the Chrome source code. Mozilla will not commit to spending the time and resources to implementing PPAPI only to have Google significantly break it on a whim and have everyone blaming Mozilla for their plugins not working. In contrast NPAPI is a rather old interface that has not seen significant modification in a long time and still works fine.

        • Firefox could implement Pepper but they've chosen not to. You're probably never going to get IE to support any open plugin standard.

          Because no formal version of PPAPI exists but rather is an ever changing header file in the Chrome source code. Mozilla will not commit to spending the time and resources to implementing PPAPI only to have Google significantly break it on a whim and have everyone blaming Mozilla for their plugins not working. In contrast NPAPI is a rather old interface that has not seen significant modification in a long time and still works fine.

          Nah Mozilla would rather significantly break the plugins themselves on a whim and have everyone blaming Mozilla for their plugins not working.

      • Pepper isn't an API that is in any way portable across implementations, it's a chunk of WebKit / Chrome rendering guts that are exposed for external use. Supporting it in another browser is theoretically possible, but would be a huge investment in time and effort because you'd have to translate a lot of things from what Pepper exposes into something that makes sense in your own rendering engine and browser.
  • They're ending support when it literally annoys just a handful of developers. That might optimize the benefit of dropping support. Any later and they're expending too much effort for the hold-outs. Any earlier and they're shoving too much burden on an active legacy community. They gave plenty of warning too.

    I'm not some Google fan-boy. There are plenty of things they do wrong; but credit where due.

  • NPAPI plugins (or at least Unity) already don't work on the Mac version of Chrome

  • Flash does not use that API anymore?
  • I remember when the problem of web video was finally solved for like a couple monthes, at least for me. WMV video plugin would reliably install and play full screen video on a modest computer. But instead, flash video replaced it and tripled the CPU requirements, and it works but this is shit.
    The web would be better if we had followed the route of a NPAPI video plugin, we'd have Youtube that works on a Pentium II and 128MB RAM. Running three of them would not make a 2GHz single core computer crumble.

    • Newer codecs would still have inflated the hardware requirements. H.264 takes more crunch than MPEG-2. However, as you point out, the main problem is that the YUV overlay is not used in web browser video players. One can see the difference when he downloads a video from YouTube with youtube-dl or plays it via MiniTube: the CPU usage is much lower.
  • I believe Google dropped NPAPI support in Linux for version 35 onwards. This *immediately* broke all Java applets (as far as I know, there's no PPAPI Java plug-in), which wasn't great for sysadmins using Java VNC applets (yes, I know about noVNC, but not all Web UIs have moved to that) or F1 timing on formula1.com as a consumer example.

  • by daveewart ( 66895 ) on Tuesday November 25, 2014 @04:04AM (#48456015)

    Google Chrome for Linux dropped support for NPAPI in version 35. This meant that if you use VMware, there's now no current browser which allows you to open VMware consoles via VMware vSphere/vCenter.

    This is because of two related issues:

    - vCenter needs Flash, but it has to be *recent* Flash (not 11.2 Linux Flash). Only option which provides recent Flash is Chrome;

    - vCenter's 'launch console' add-in is NPAPI-based, so that won't work from Chrome version 35 onwards.

    Therefore my VMware-managing setup on my Linux desktop is Google Chrome 34, pinned to prevent updating; and this is used only for local VMware management, not browsing.

    I post this just for information and to rant about it yet again, but of course this is VMware's fault for relying on a deprecated architecture for plugins.

    • Stupid and kludgey hack, but is it possible to solve this, at least to a degree, with Wine? Running either the Windows version of Flashplayer (in something like nspluginwrapper; I think I remember hearing about a way to do this though I never tried it) in a Linux browser, or running a full Windows browser (can Wine do that these days?) seems like it solves the problem. It introduces at least one problem, too, of course... but at least you *can* install updates instead of pinning to a version that will only

    • It probably won't solve the issue, but have you tried using the fresh player wrapper to run chrome's pepper flash with firefox?

  • Maybe they should block all malware plugins too. Honestly after running a small repair shop, I could name them off right off the top of my head. Block those assholes and turn it into a marketing thing to brag about security (security for stupid, careless people at least).
  • Bullshit.

    Google wants complete and utter control of the browser and your internet usage.

    Fuck the googletron.

  • Can't watch Slingbox without using their plugin, which uses NPAPI. They seem unwilling to update any software...which means I'll have to boot up IE just to use Slingbox.

    That is after they make me watch a 15 second advertisement to watch TV I pay for on hardware I pay for on the only valid viewing option on my PC.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...