While browsing the other day in Google's Chrome, I was caught off guard by a notification warning that Chrome browser will no longer support the NPAPI plugin architecture. Like many of our design oriented readers, I'm not a hardcore web coder and instead rely on programs like Adobe's Muse when creating client websites. So I was instantly concerned and fell back on the old, "what will this mean to me?" line.
Geek section warning
Reading the link that was provided in the notice I saw that Google has been incrementally fazing out support for the legacy NPAPI in favor of now only supporting the newer PPAPI. This notice stated that NPAPI now had security issues, and was no longer a safe option for running browser plugins. Specifically, it said: "Plugins that use NPAPI, including Silverlight, Java, and Unity, won't work."
This sounded rather concerning. First off, as a web surfer who happens to use Chrome as my preferred browser, I don't want to have issues viewing websites correctly, or being able to allow java applications to work properly. Moreover, I'm well aware that even though Silverlight never became the Flash killer it wanted to be, it has been the darling platform of Netflix for many years. I certainly didn't want to have to switch to another browser to catch episodes of Spartacus.
Even more importantly, I had real concerns as a content creator. After all, if one of the big market browsers won't open or play websites or web applications that I create for clients, we are looking at headaches. So what was the lowdown on this?
Let's start with a bit of background. The NPAPI acronym stands for 'Netscape Plugin Application Programming Interface'. I should hope you know that anything that still uses the name 'Netscape' is either very, very old (ie, prehistoric in web terms), or inconsequential (AOL bought what remained of Netscape. 'Nuff said?).
So the NPAPI plugin platform, first developed in 1995, is quite old and we can see why there may be reason to move to exclusive support of a much newer and safer plugin architecture. This Wikipedia link explains some of the security issues involving NPAPI.
The solution is PPAPI, which is an acronym for 'Pepper Plugin Application Programming Interface' (note, no more 'Netscape'). Developed and supported by both Google and Canonical (a well known supporter of open source software), PPAPI was originally based on NPAPI, and later completely rewritten.
PPAPI was first released on the Google Code site in 2009, and described as "a set of modifications to NPAPI to make plugins more portable and more secure". All good. But adoption by other browsers was not immediate. In fact even in 2010, Chromium (the open source version of Google's Chrome) was the only browser supporting it. The very vocal detractors of the plugin architecture have been many, including the developers of Firefox and Opera browsers.
Moreover, if you go up to the Google site for it today, it is described as "PPAPI is a cross-platform API for plugins for web browsers. It is currently an experimental feature of Chromium and Google Chrome." Yes, "experimental".
Google has stated that, "NPAPI is a really big hammer that should only be used when no other approach will work," and that, "Because of the additional security risks NPAPI poses to users, extensions that use it will require manual review before being accepted in the Chrome Web Store".
When Google says that, you take heed. Regardless of what we curmudgeons might prefer. Technology often forces us to move ahead and abandon what has worked, prior to replacing it with something better that will also work. Yes, Flash comes to mind. And like Flash, HTML5 is another alternative to some of the functionality that was once found in NPAPI.
So there are a few options out there. Especially if you are a coder. Most major developers have taken heed. Netflix has been moving away from its Silverlight monkey over the past year or more for both Chrome and Safari. "On Chrome, Netflix started to move toward HTML5 in early 2013, in part to ensure playback on Chromebooks because there is no Silverlight implementation for Chrome OS."
For we design-developers, Adobe's press representative informed us that: "We do not anticipate the move from NPAPI to PPAPI to affect our customers since our tools do not rely on plugins."
Good news! But still, after you upgrade to a non-NPAPI version of Google Chrome (which you probably have done as of this writing), it might not be a bad idea to take a once-over spin across all the websites you have created in the past few years, and make sure nothing is broken. You never know.
Words: Lance Evans
Lance Evans is creative director of Graphlink Media.
Liked this? Read these!