That's what I'm getting at here. Executing remotely downloaded code is scary, but we already do that.
And the problem with Java was that it had terrible performance. The idea of NaCL is that it will actually perform better than what we have now.
It had, indeed, terrible performance in 1996.
> The idea of NaCL is that it will actually perform better than what we have now.
The original article here does an excellent job of explaining why. Did you read it? In particular, his reference to Tom Forsyth's article on Moore's Law versus Duck Typing is very informative. And his reference to the game Supreme Commander makes it pretty clear what level of performance he would like to see web-deployable pieces of code achieve.
Those years of experience can be brought to either solution, can't they?
I watched the video that junkbit posted a link to here, and they appear to not trust the llvm-bc. Once the bitcode is translated to a native executable, they run a verifier on the resulting binary, and if the verifier is unable to prove that the only instructions that can execute are those in thi binary, then they have a strict policy of not letting it run. In addition to that, the translator itself runs as a NaCl module so that if a bug is found, it cannot be maliciously used to escalate privileges.
Their approach seems pretty reasonable to me.