alt Hacker NewsWebUSB is so great.
I can ship a cross-platform application that accesses a hardware device without having to deal with all the platform specifics, and with decent sandboxing of my driver.
I think one way to make it more "secure" against unwitting users would be to only support WebUSB for devices that have a WebUSB descriptor - would allow "origin" checking.
Replies
Yep, I’ve bought a few thermal printers recently and webusb support (marketed as Chromebook support) was a major deciding factor. Thermal printers aren’t well supported by built in printer drivers, so it’s nice to not have to install some questionable driver software with access to my whole computer and instead have a sandboxed chrome extension with enumerated permissions. I’ve also poked around the extensions’ minified js source out of curiosity and as a basic security audit
It was also nice trying out some RTL-SDR apps as soon as I got it without having to figure out how to build and install the Debian packages from source first.
It drives me nuts every time I have to switch from Firefox to Chrome to use webusb or webserial.
Let's please not (or at most, add a scary warning for non-tagged devices), as this would break the use case for at least all retrocomputing.
This brings back bad memories of the old ActiveX "safe for scripting" mechanism.
Yep. FlipperZero, Android, now some random chinese handheld radio - just some of the things I didn't have to install some crap unsandboxed app to flash in the last 3 months. Absolutely revolutionary.
> I can ship a cross-platform application
And you can also un-ship it whenever you want, leaving users with unusable devices they paid money for.