Originally posted by samdraz
View Post
Announcement
Collapse
No announcement yet.
Chrome 61 Progresses With WebUSB API & More
Collapse
X
-
I think in this way browser take from the job of operating systems, interfering with them.
Maybe a better alternative would be a common communication protocol based on JSON, XML or something like that, between a USB device and the application intermediated by the host operating system. And solving many issues, also. A web browser engine can understand natively that protocol with external peripherals.
Browser should not "see" and have complete access and exclusive to a particular device, only the OS. The OS impose security policy and rules, access rights and so on, over all applications. Problems solvedLast edited by onicsis; 10 June 2017, 10:39 AM.
Comment
-
Originally posted by Ronshere View Post
I strongly believe Google is working towards being an OS
In fact....their new OS Fuchsia could be just that. As a matter of fact they are ditching Linux underneath. Part of the reason given is to get out from other patent encumbrances, Java and the GPL, but also they were tired of Linux not having a standard GUI such as GNOME is becoming and also Linux not having a decent scheduler.
https://www.theverge.com/2016/8/15/1...erating-system
https://arstechnica.com/gadgets/2017...a-wild-new-ui/
We built Google's new Fuchsia OS from its source code and took it for a test drive. This is what we found out.
Last edited by Jumbotron; 10 June 2017, 11:01 AM.
Comment
-
Originally posted by karolherbst View Post
Web only USB drivers. Imagine that you need to visit a webpage to be able to use a device I am sure this will come at some point or that at least somebody will try to do something like this.
Comment
-
Originally posted by microcode View Post- Web-based configuration tools for exotic USB devices, like my (chinese) USB foot pedals, for which the existing tools only run on Windows.
- Firmware updates for devices directly from the browser (maybe difficult).
- USB configuration tools could have two possible outcomes:
1. the configuration is valid for the browser only -- I always wanted to rewind youtube videos with foot pedals, yay!
2. the browser accesses the OS's configuration files -- no thanks! I'd rather not have a super mario web game install advertisements and spyware as autostarting services on my system.
- Firmware updates via browser (and that requires root rights) are possibly the worst imaginable security nightmare. You can view and edit all your configuration files, but you don't know which unmentioned features the firmware you just got holds. What would prevent a phishing site from gifting me a new motherboard BIOS version when I didn't look closely enough whether it was the genuine OEM site.
EDIT: Okay,SpyroRyder was faster. Seems I forgot I had the tab open for a few hours.Last edited by elvenbone; 10 June 2017, 12:18 PM.
Comment
-
Originally posted by karolherbst View Post
Web only USB drivers. Imagine that you need to visit a webpage to be able to use a device I am sure this will come at some point or that at least somebody will try to do something like this.
Comment
-
Originally posted by elvenbone View PostThese two sound like absolute horror to me.
- USB configuration tools could have two possible outcomes:
1. the configuration is valid for the browser only -- I always wanted to rewind youtube videos with foot pedals, yay!
2. the browser accesses the OS's configuration files -- no thanks! I'd rather not have a super mario web game install advertisements and spyware as autostarting services on my system.
2. It is only capable of replaying either a) a small string, less than 96 printable characters and only supporting shift (for uppercase) as a modifier, b) a single key chord (as many modifiers as desired, and one standard key), or c) one keypress which can be held by holding the pedal. It has no direct capacity to rewrite configuration files.
Originally posted by elvenbone View Post- Firmware updates via browser (and that requires root rights) are possibly the worst imaginable security nightmare. You can view and edit all your configuration files, but you don't know which unmentioned features the firmware you just got holds. What would prevent a phishing site from gifting me a new motherboard BIOS version when I didn't look closely enough whether it was the genuine OEM site.
Either you have a risk of running a firmware installer off a third party site and getting malware; or you go to a malware site and the attacker has to devise an attack on your system which relies on compromising a specific USB device. In the second case, the malware author needs to 1. own the same device as you 2. be knowledgeable and willing enough to reverse-engineer the device 3. be lucky that it's a device which can be feasibly used to compromise your system 4. be willing to spend at least a few weeks of full time work potentially to compromise one version of one USB device which somebody *might* just plug in and trust their site with.
Sorry, that's bogus. I would much rather people expose their USB devices than their administrator accounts. It's not the tradeoff we wanted, it's the tradeoff we have.
I get why you would like to avoid using devices like these in the first place, but for the folks who want to or have to, it is great to have an option which offers at least marginally more security. There is not a single way in which this is a step backwards either for security or for convenience.
Comment
-
Originally posted by samdraz View Postis chrome a browser or separate operating system?
This stuff appears to allow javascript-based drivers and applications to control USB devices, which should allow them to be multiplatform easily.
Considering how break-prone are native drivers and control applications for most such things, I'm not opposed to this.
Comment
Comment