I checked with our (Mozilla) networking folks and here's what I learned.<p>This is for Chrome extensions only, not for web content. Mozilla has had an API available to extensions for this for a long time. That is how Chatzilla works, for example.<p>The Web API team has created a raw socket API for <i>web content</i> that will be used for the Boot to Gecko email client and other non-HTTP applications. For security reasons, this requires an extra permission to be granted by the app store and/or by the user.
It's worth noting that while this is becoming available in chrome now, the WebRTC APIs that both Chrome and Firefox are working on (and will likely start showing up in the 3-6 month time frame) is also likely to provide p2p message passing support.<p>There's a group of people beginning work on porting some of the traditional p2p constructs like DHTs into the browser, for those interested: <a href="http://joincollage.com/webp2p" rel="nofollow">http://joincollage.com/webp2p</a>
Here's a plug for an existing plugin that brings these capabilities to standard web-pages. Works in Chrome, FireFox and Safari.<p><a href="http://sockit.github.com/" rel="nofollow">http://sockit.github.com/</a><p>Note that this was a research project. It works, but there's no security, so once installed, any malicious web-page could use your browser to connect to TCP/UDP end-points.
It's nice to see Google repurposing Microsoft's project name of "Canary". I'm reminded of this classic Reg article:<p><a href="http://www.theregister.co.uk/2002/10/23/were_being_spanked_by_nokia/" rel="nofollow">http://www.theregister.co.uk/2002/10/23/were_being_spanked_b...</a><p>The codename for the Microsoft phone was "Stinger" until everyone called it "Stinker". Choice quote:<p><pre><code> (Microsoft hates the "Stinker" moniker so much, that it's
rebranded Stinker as "Canary" - perhaps unaware of the bird's
history as a sacrificial and disposable early warning system for
miners. When the Canary dies - you clear out fast).</code></pre>
So he mentions security concerns, but then doesn't explain why they don't apply to this scheme? I assume websockets added the handshake for a reason.<p>Or maybe is because chrome extensions already have a weak security model and you have to put trust in the author not to sniff all your data and upload it to a server.
Why are sockets still not a standard web api after all these years? Is a socket in a browser app granted socket permission more dangerous than a socket in a native app? How do sockets in iOS and Android work? Why does the web still not have sockets?
interesting how something so trivial as sockets (but in the context of a http browser) can stir so much talk of decentralization. maybe if people pull their heads out of their asses about web and embrace native apps again...
By combining the browser p2p technologies that are being introduced with the local storage stuff, you could presumably write a web app that serves itself and maintains persistent connections and functionality between users, even if the host is taken down.<p>Now that could be very useful...