[whatwg] Device Element
Roger Hågensen
rescator at emsai.net
Tue Dec 28 10:07:32 PST 2010
On 2010-12-28 09:53, Silvia Pfeiffer wrote:
> How about making a concrete proposal as to what it should look like?
> If Google was to implement it and turn it into a concrete proposal, I
> wouldn't have a problem with it either. As it is right now the spec
> for usb/RS232 is useless IMHO.
>
> Silvia.
Yeah! And not to mention the security bomb.
I don't like the idea of a web app accessing my USB stick without my
permission.
So that means that all browsers would need to ask the user for permission.
That is at the Browser level.
Then there is the OS and/or driver level which all those wanting this in
this list so far is forgetting.
OS priviledge levels. An administrator (school, work, library,
fire/police/hospital, or home network) might have set the OS to not
allow a regular user to access say a USB stick or other USB or serial
device with their regular user account.
Windows Vista+, Mac OS X, and Linux does this.
Unless something was blocked by an admin, then anything available in
usermode is available to anything else in usermode.
So if all browsers supported an arbitrary USB/serial device API like
maybe get device config, set device config, read data, write data, those
are the basics right? (any more than that and it's no longer generic)
And they would also need to allow the user to explicitly enable which
device should be exposed.
Maybe the browser could when asked by a web app to access a device,
simply show a prompt informing the user that this/that app wants device
access,
then show all devices the OS presents (Readable/Writable state etc.
admin disabled ones are not listed etc.) in a list unless the web app
asked for a specific device, in which case only list the matches or
exact match.
If the user allows the webapp access, then and only then does the webapp
get access to the device/or devices the user specified.
The webapp should also be marked as being secure (HTTPS) or not, and the
user should be able to set the browser to ignore "non-secure" webapps
(HTTP) etc (can webapps be signed with a certificate at all?).
Don't get me wrong, I understand those of you advocating so hard for
this in the list, but the issue is that weather data and test stats
although similar are different enough that a generic API is needed,
and a generic API needs a lot of security precautions as I'm sure many
here may have a USB harddrive hooked up to the system, the last thing
you want is for some webapp that seems like it's just some microphone
voice FX toy suddenly barge through your harddrive right?
Or worse, that weather app starts poking around your microphone, or webcam.
A lot of people has certain devices hooked up, since USB is so versatile
there is anything from:
recording devices (mic, cam, etc) to output devices (speakers,
headphones, mini displays/embed keyboard screens, picture frames etc),
to networking (network cards/routers, controllers for household electrics),
and who knows what else.
So the remark someone made that the security trade is worth it? Nah-ah.
Nothing on the net should ever have direct access to any
input/output/storage device or similar at all.
Any "webapp" (I use "webapp" as I consider HTML, Java, Flash in the same
boat in this particular issue) should go through 3 layers of security.
The Browser layer (the listing/prompt I described above), The User layer
(if the OS supports it, let the user dictate which software can use
which devices), and then the OS layer (admin settings, intranet, driver
config etc).
I know some people here are drooling at the idea of driverless USB
devices that a webapp talks to directly, but it's never going to happen.
The OS (or admin configuration) still control which devices are
available, even if they are HID.
And no browser would allow blind access to the OS's devices, a few major
scandals and people would flee from that browser like crazy. (I think
almost every major browser dev here has been though such a crappy event
and it ain't fun.)
Now, I'm no USB expert, but isn't it possible for a USB device to
provide a user level driver when being plugged in?
If so then do that for the device (userlevel USB HID device driver?)
Then provide a url to the webapp. The browser will/should ask the user
if it's ok for webapp zzzzz to access the "blah" device, user clicks yes
and off ya go.
Doesn't sound that overly complicated to me (from a user standpoint).
As a dev I know that an admin can (and should be able to) disable
userlevel drivers (or ability to use them) etc. for some regular users
in the OS.
Likewise a school, library or public system or public service system
might want to config the browser to not allow webapps to access hardware
directly,
in which case the browser would either turn up with a box saying "No
Devices Found" or "This Device is not allowed on this system" or something..
If we allow webapps to tunnel straight through the Browser, the User,
the OS, the Drivers, and access the Device directly you are gonna have a
Peek-a-Boo hell on your hands as people are usually assholes with stuff
like this.
And then the fact that your house lights keeps flashing on/off (USB
house lighting control hooked to a PC maybe?) all night will be the
least of your worries.
Some of the people here are only thinking of the device "they" want to
plug in and work with.
But look around you right now, what else is a serial device hooked to
your computer?
USB stick? Mouse? Keyboard? Webcam? Headset/Mic? USB Hub? House
controllers? Printer? Scanner? Your portable camera currently hooked in
since you copied off the photos and it's still charging?
Search the net for weird USB devices, if it's available for sale, there
is at least one owner of such a device out there. Oh and don't forget,
aren't there various USB "body" interaction devices out there? (and as a
sidenote, there are even USB sextoys, the last you want to hear as a dev
is that you are responsible for making it easy for some hacker to hack
someones "toys" right? Though I'm sure the lawyers would love it.)
And isn't there USB medical gear available? To assist some doctors and
patients to do sessions remotely, or regulate dosage? Now the
manufacturer of that may have secured their interface and API well...
But then here comes the webapp-access-any-USB-device API? Outch...
1. A Weather device API for Webapps, fine no problem.
2. Let any Webapp access any Device? Bad idea and not even close to the
same thing as #2.
Don't forget the big picture, even something minor may have a major
impact, if implemented incorrectly.
--
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/
More information about the whatwg
mailing list