| |
| ▲ | dylan604 7 hours ago | parent | next [-] | | > I thought this was a safe space for hackers to express enthusiasm about pushing their own hardware and software further (and in this case even in a comparatively safe way). Nothing is preventing said experimentation nor discussion of it. I am merely offering my more conservative views of the situation as a contrast to the echo chamber gungho nature of the experimentation. Just because we can doesn't mean we should is often left out of the conversation. At some point, the net negative that comes from the use of something "cool" is never contemplated by those creating the something "cool" simply because they would never fathom using the "cool" for "uncool" purposes. Sadly, someone else will and weaponize it in an uncontrollable manner. If the creators can't think of how it can happen, it is vital that those not so involved in the creation speak up when there are potential issues. | | |
| ▲ | concinds 6 hours ago | parent | next [-] | | I wouldn't describe it as "conservative" but as "pro-native-apps and anti-web-apps", which seems irrational in this day and age where "native apps" means platform lock-in by monopolies, less sandboxing and user-control than on the web, much more gatekeeping and control over published binaries, and these days the web app is usually a more private/secure alternative to the native app (which also bundles a marketing SDK, now, and fingerprints you invisibly via iCloud Keychain, tracks you with various identifiers, and more). If native platforms removed USB or Bluetooth, the "control over my own hardware" crowd would flip a table. I just wish they also understood the benefits of the web compared to native. The Chrome/Project Fugu team's dream of making the web platform as powerful as native platforms is the correct one from a user freedom standpoint, or at bare minimum a "user choice" standpoint. | | |
| ▲ | dylan604 5 hours ago | parent | next [-] | | I'm not saying pro-native-apps outright even if that might be what it gets boiled down as. I'm saying I do not trust anything that runs in a browser. I actively block as much nonsense as possible. I do not trust devs that write code to run in browsers. There's a lot of devs getting taken out in the blast radius, but the only way to be sure is to take off and nuke it from orbit. There are devs out there hell bent on writing malicious code. I am willing to take a stand and refuse to use things when the net result is negative. I do not use social media. I do not shop at Walmart. These are the decisions I'm willing to live with even if it makes life slightly less "easy" because I've made a moral decision to not open myself up to nonsense just to later ask "what happened...". | | |
| ▲ | lxgr 3 hours ago | parent [-] | | Sure, you do what works for you. But why advocate for even more limits to how other people use their computers? One person's nonsense is another person's treasured hobby. Yes, bad actors exist, but why concede every single nice thing to them? | | |
| ▲ | dylan604 2 hours ago | parent [-] | | again, net negative is being glossed over. whatever good and nice things there might be, if it is being used more for negative purposes, you need to consider is it worth it at all or was it rushed and needing more thought before the PoC was pushed to prod | | |
| ▲ | lxgr an hour ago | parent [-] | | How can you tell that the negatives were glossed over? Just by WebUSB's eventual launch? Have you considered that different people might have different value preferences than you? |
|
|
| |
| ▲ | dwaite 3 hours ago | parent | prev | next [-] | | The web and native app platforms have very different security models. Nobody is vetting websites for you. There is no guarantee the same company operates a website today that did yesterday. There is no obvious distribution or regulatory authority instituting penalties for illegal actions (and often is no legal presence in a country when illegal actions take place). That means for the web, every consent prompt has a large, sometimes even unbounded amount of harm behind it if the user picks incorrectly, and browsers have limited capacity to help them pick correctly outside of reactive block lists once substantial harm has been done and recognized. This is why, for example, the major browsers have all moved to restricting web extensions behind their own review processes/stores, and put restrictions that make unaudited web extensions difficult to install outside of development workflows. The risk is just too great. Chrome pushed many of these API early in the Chromebook product cycle, because their idea was that you would only build apps using web technologies. I somewhat doubt they would have pushed for WebUSB themselves if Chromebook started in its current state, where it primarily runs android apps and is about to transition to be android-based. | | |
| ▲ | lxgr 3 hours ago | parent [-] | | > The web and native app platforms have very different security models. Yes, and as a result, the web is much more sandboxed than native app stores (which are mostly based on the illusion that vetting apps can somehow achieve better security than minimizing what resources apps can access in the first place and making access more fine grained). This is exactly why I'd rather run e.g. shady USB aftermarket firmware flashing apps in my browser (where I know they can at most compromise the device I'm flashing) than as a native app (where USB access is the default and requires zero permissions to be approved). > This is why, for example, the major browsers have all moved to restricting web extensions behind their own review processes/stores, and put restrictions that make unaudited web extensions difficult to install outside of development workflows. The risk is just too great. Web extensions very often have access to your complete browsing data, including all cookies. That's orders of magnitude more risky than access to an explicitly selected USB device, in my view. > I somewhat doubt they would have pushed for WebUSB themselves if Chromebook started in its current state, where it primarily runs android apps and is about to transition to be android-based. Android has an USB API as well, and if Google only wanted "apps" to have USB access, nothing was stopping them from making Web USB "Chrome App Store" only. |
| |
| ▲ | skydhash 2 hours ago | parent | prev [-] | | > where "native apps" means platform lock-in by monopolies, less sandboxing and user-control than on the web, much more gatekeeping and control over published binaries, and these days the web app is usually a more private/secure alternative to the native app Please add “mobile and/or proprietary” before “native apps”. Linux and BSD on PC are still very much free. The web as a platform is just a NIH effort. |
| |
| ▲ | lxgr 3 hours ago | parent | prev | next [-] | | > those creating the something "cool" simply because they would never fathom using the "cool" for "uncool" purposes I can definitely imagine a ton of things going wrong with Web USB, and I think the spec authors did a pretty good job at bolting everything down that can be, while still shipping something actually capable at providing USB access. And that's my point: Sure, fewer capabilities are always safer than more capabilities. But some capabilities are nice and arguably worth the risk, especially if the obvious alternative (blindly installing native applications) isn't much safer. | |
| ▲ | leptons 6 hours ago | parent | prev [-] | | >Sadly, someone else will and weaponize it in an uncontrollable manner. Except it isn't "uncontrollable". You have to explicitly allow every single website to use WebUSB. Without that explicit allowance, the website can't access anything. Plenty of things can be weaponized, even household utensils. Should we ban all forks? The sky is not falling, and WebUSB is not going to cause it to fall. |
| |
| ▲ | dwaite 3 hours ago | parent | prev [-] | | Sure, but some people are concerned about any website being one confirmation prompt away from being able to have full access to hardware in the user's physical environment, and being able to permanently change the behavior of that hardware. A hacker may think such things are convenient for them, but an end user does not know the ramification of a random website (WebUSB IIRC still does not have origin restrictions) getting hardware access - nor can we categorize the risk in order to protect them. | | |
| ▲ | lxgr 3 hours ago | parent [-] | | What physical access and what permanent behavior changes in particular are you concerned about? Most common "dangerous" USB device classes are explicitly excluded in Web USB. I've heard about rogue keyboard firmware, but that requires having a programmable/updatable firmware keyboard in the first place. And that closes the loop of my argument: People that want to update the firmware in their keyboard will do so, whether it's in the browser or by installing a potentially shady and not at all sandboxed third party application. At least in the browser, permissions are time limited and scoped to explicitly granted devices. > WebUSB IIRC still does not have origin restrictions How would you even enforce these on the open web? | | |
| ▲ | dylan604 2 hours ago | parent [-] | | The most important USB thing I have are storage devices. Keyboards/mice/etc are much less of a concern. If something rogue happens to a drive, that's a "major problem in Australia. Please help us stop it" situation. | | |
| ▲ | lxgr an hour ago | parent [-] | | That would indeed be horrible, which is why storage devices are explicitly excluded from WebUSB. | | |
| ▲ | dylan604 18 minutes ago | parent [-] | | It's a good thing that history has shown us that things have never happened that were designed not to happen. Sure, my tinfoil hat is securely fashioned, but I've been around long enough to see things get subverted even if it's not until long after release. |
|
|
|
|
|
