alt Hacker NewsWebUSB Extension for Firefox
Comments
I was rather hostile towards WebUSB/Bluetooth for ideological reasons, until I came across some cool apps like a climbing board control app (Bluetooth) or a netMD (to transfer to minidisks, via USB), which I would have found overkill to install a "hard App" for. I'm glad that there's an option for Firefox at last.
WebUSB is so great.
I can ship a cross-platform application that accesses a hardware device without having to deal with all the platform specifics, and with decent sandboxing of my driver.
I think one way to make it more "secure" against unwitting users would be to only support WebUSB for devices that have a WebUSB descriptor - would allow "origin" checking.
I recently flashed GrapheneOS on a Pixel for a friend. I was very surprised that you can do this entire process from the browser using WebUSB - the only downside being that it required me to launch Chromium.
WebUSB has been used by projects like GrapheneOS, ESPHome, and Meshtastic. Google has used WebUSB to let users convert Stadia controllers to regular bluetooth input devices. Some manufacturers of keyboards use WebUSB for their configuration utilities.
It's an incredibly useful API, and it's secure. You have to explicitly pick a device to give access to. Mozilla's attitude in refusing to natively implement it seems neither reasonable nor rational. Though that is unfortunately on-par with what I've come to expect from them over the past ten or so years.
People are starting to ship even local apps only in the form of some html & js that only works on Chrome because only Chrome has webusb.
Whether we like the idea of the browser having access to usb or not, I at least like even less the idea of being forced to install and use Chrome for the same reasons as the bad old days of being forced to use IE.
BBC Microbit kids hardware platform uses WebUSB. It’s a game changer for introducing hardware to students. Just works. Makecode.microbit.org is the web IDE. Reference URLs for the code make sharing and debugging easy.
This is great. It makes https://printervention.app (https://news.ycombinator.com/item?id=47677885) and the soon-to-be-released https://yes-we-scan.app work on Firefox.
It would be even greater if it were possible to avoid the two-step installation. It certainly used to be possible to ship a binary inside a Firefox extension (I did that here: https://mackerron.com/zot2bib/), but I guess they may have shut that capability down for security reasons?
Looks to be a great proof of concept. No, running a standalone executable alongside the browser is not the way you'd want to do WebUSB. But it's great to see someone working on it.
Having WebUSB and WebBle everywhere would allow me to ship my IoT application via web only. That would be a win for my productivity, no more messing about with app store shenanigans.
No thanks. I'll accept it in my browser when they fix the security implications this raises, and when the Spec is no longer in draft.
Well, this seems like a terrible idea. I really don't want websites to be able to access hardware. I am already uncomfortable with the webcam access.
As much as I understand the ease of deployment this brings people, it puts a massive amount of code between the device and the user. Will webusb software written today work in 5, 10, 15 years? Personally, I think webusb is a giant contraption.
I keep chrome installed just to flash my meshcore devices... I doubt i'll try this but it's a nice step, hopefully we can get something akin to native adoption.
And Web Serial reached mainline Firefox last week.
I hope Mozilla can eventually stop playing their silly role in the security theater of “but what if our users are dumb” and actually deliver those "power-user" features that would allow me to uninstall Chrome for good. Oh, and also, --app= flag please.
Will this work on Firefox Android? I recently wanted to try the printervention.app website to print from my phone over an OTG cable.
Does this work with Web MiniDisc Pro?
So we can’t trust simple things like back-button hijacking, so let’s open up access to all attached hardware. Sounds stupid.
I really don't understand the use case. Why would I want hardware that I own to be managed by a web app that could disappear?
Interesting. So I could use that to install Graphene OS?
is this satire? firefox does not implement it intentionally
[dead]
Can't Mozilla hand over Firefox to another team?
WebUSB as an extension is the right approach. The security concern isn't the API itself — it's the default-on expectation that Chrome created. Firefox's model of "opt-in via extension" gives power users what they need without expanding the attack surface for everyone else.