IRC Log Viewer » #firebreath » 2014-09-22

IRC Nick Time (GMT-7) Message
Bob_ 13:09 Hi - What is the Firebreath strategy for a "post-NPAPI" world. I've seen the FB page that talks about the different options, but don't see any solid recommendations. Currently, I am thinking I'll go with websockets as a general web api solution, but would be happy to hear from the FB experts as to any other things to consider. Thanks much.
taxilian 13:09 you have seen all there is to see, it sounds like.
there are a few other discussions on the firebreath-dev group you can look at if you want
unfortunately websockets don't work universally if you're using SSL
so that disqualifies them as an acceptable solution for many of us.
my current strategy is to use NPAPI everywhere except Chrome, and on Chrome the plan is to use a pnacl plugin for parts of it and native messaging for what I can't do with pnacl
of course, native messaging is an ugly, terrible hack that is really difficult to install (really the install part is the major hack bit, the tech itself seems reasonable), but that's the only solid option I've found
fortunately they haven't dropped NPAPI support in Chrome yet; we'll see how long it takes 'til they do. hopefully they'll continue to update things in the mean time
Bob_ 13:09 OK. Thanks for the input. This could work for the non-IE browsers. On IE11, it seems the user has to jump through some security hoops to allow ActiveX components to still function. I'll investigate. Thanks again.
taxilian 13:09 depends on the system configuration
I haven't had any IE11 issues so far with our plugin
except that it doesn't work in Windows RT mode, of course
except that it doesn't work in Windows RT mode, of course
Bob_ 13:09 No, I'm talking about Win8.1 desktop. I was able to load the plugin, but could not access a data DLL because of sandboxing.
taxilian 13:09 that's been around since vista
not new
research low integrity mode
research low integrity mode
if you install your DLL to LocalLow you should be able to access it
Bob_ 13:09 OK. I'll try your suggestion. Many thanks.
OK. I'll try your suggestion. Many thanks.
kylehuff 14:09 taxilian - RE: issue 321628; word...
I like how my comment (number 26) lists precisely how FUBAR the distribution of native messaging hosts is, yet none of the points were addressed except the one about the additional development burden. (which, in security terms is a point worth considering, given that the who point of this endeavor is to make users that use a shitty operating system more secure)
taxilian 14:09 yeah. I figured I may as well add my $0.02 and see if it helps
at this point it's not likely to hurt
at this point it's not likely to hurt
kylehuff 14:09 yeah, lets hope your comment isn't largely ignored like many of the others.
taxilian 14:09 oh, probably will be
kylehuff 14:09 thats all right; you fought the good fight. you'll go down as a hero.
taxilian 14:09 lol
kylehuff 14:09 I have a friend who has an in at google. she said she could hook me up with an interview. I considered it for as long as it took me to remember what I said when I read the spec for native messaging installation: "who comes up with this crap?!"
granted, I don't know who actually drives the project anymore. but google is guilty by association
granted, I don't know who actually drives the project anymore. but google is guilty by association