Hello Netrek devs,

I've been playing around with some JavaScript libraries for HTML5 canvas
drawing, and I feel fairly confident that it would be possible to make
browser-based a Netrek client.  The browser could use WebSockets to
communicate with an intermediary WebSocket-based Netrek server.

[[Browser client]] <---WebSocket connection---> [[WebSocket server]]
<----real TCP connection----> [[Regular Netrek server]]

The intermediate WebSocket server would be quite thin; it just needs to
catch WebSocket messages from the client and forward them to the actual
Netrek server.  (I believe this roughly is the model that freeciv.net uses
for their browser-based Freeciv client.) The WebSocket server and the
actual server could be run on the same host or different hosts, which means
anyone who can set up a WebSocket server could connect their browser client
to a real Netrek server.

The main benefits to a browser-based Netrek client are:

1. It would be cross-platform and not require any downloads/installations,
which would greatly the reduce the barrier to entry for new players.  (Some
might consider this a disadvantage, however, allowing a potential flood of
clueless players.  This may be a non issue; see RSA verification below.)

2. Once a desktop version is completed, it should be fairly easy to modify
the UI to create a mobile-friendly version.

3. Support for Web-only devices: Chomebooks and (someday) Boot2Gecko
devices from Mozilla.

My main concerns are:

1. WebSockets only use TCP, not UDP. (WebSockets are exactly as efficient
as TCP, minus a negligible one-time set-up cost per connection.) My
understanding is that all modern Netrek implementations prefer UDP but
provide legacy support for TCP.  Would writing a client that could only use
TCP be a waste of time?  How playable is Netrek over TCP only?

2. RSA verification of a browser-based client would be impossible.  The
actual client -- as far as the server is concerned -- is the intermediary
WebSocket server, which has no way of verifying what the user's broser is
running.  Furthermore, running cyptographic verification (or any kind of
self-verification, really) in Javascript is doomed from the start, since a
player could easily modify the client's code (and/or the code of the
verification process) at any time using Greasemonkey or the browser's debug
console. Would this mean that major servers would never be able to accept
Web clients?  Web-friendly servers could always be set up, so that regular
players using desktop clients are not affected.

So, in conclusion: any thoughts (either policy-related or technical) about
writing a Web client?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.us.netrek.org/pipermail/netrek-dev/attachments/20120228/8923a79c/attachment-0001.html>