W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2010

[whatwg] Device Element

From: Roger Hågensen <rescator@emsai.net>
Date: Tue, 28 Dec 2010 19:07:32 +0100
Message-ID: <4D1A2764.8030409@emsai.net>
On 2010-12-28 09:53, Silvia Pfeiffer wrote:
> How about making a  concrete proposal as to what it should look like?
> If Google was to implement it and turn it into a concrete proposal, I
> wouldn't have a problem with it either. As it is right now the spec
> for usb/RS232 is useless IMHO.
>
> Silvia.

Yeah! And not to mention the security bomb.
I don't like the idea of a web app accessing my USB stick without my 
permission.
So that means that all browsers would need to ask the user for permission.
That is at the Browser level.

Then there is the OS and/or driver level which all those wanting this in 
this list so far is forgetting.
OS priviledge levels. An administrator (school, work, library, 
fire/police/hospital, or home network) might have set the OS to not 
allow a regular user to access say a USB stick or other USB or serial 
device with their regular user account.
Windows Vista+, Mac OS X, and Linux does this.

Unless something was blocked by an admin, then anything available in 
usermode is available to anything else in usermode.

So if all browsers supported an arbitrary USB/serial device API like 
maybe get device config, set device config, read data, write data, those 
are the basics right? (any more than that and it's no longer generic)

And they would also need to allow the user to explicitly enable which 
device should be exposed.
Maybe the browser could when asked by a web app to access a device, 
simply show a prompt informing the user that this/that app wants device 
access,
then show all devices the OS presents (Readable/Writable state etc. 
admin disabled ones are not listed etc.) in a list unless the web app 
asked for a specific device, in which case only list the matches or 
exact match.
If the user allows the webapp access, then and only then does the webapp 
get access to the device/or devices the user specified.
The webapp should also be marked as being secure (HTTPS) or not, and the 
user should be able to set the browser to ignore "non-secure" webapps 
(HTTP) etc (can webapps be signed with a certificate at all?).

Don't get me wrong, I understand those of you advocating so hard for 
this in the list, but the issue is that weather data and test stats 
although similar are different enough that a generic API is needed,
and a generic API needs a lot of security precautions as I'm sure many 
here may have a USB harddrive hooked up to the system, the last thing 
you want is for some webapp that seems like it's just some microphone 
voice FX toy suddenly barge through your harddrive right?
Or worse, that weather app starts poking around your microphone, or webcam.
A lot of people has certain devices hooked up, since USB is so versatile 
there is anything from:
recording devices (mic, cam, etc) to output devices (speakers, 
headphones, mini displays/embed keyboard screens, picture frames etc), 
to networking (network cards/routers, controllers for household electrics),
and who knows what else.

So the remark someone made that the security trade is worth it? Nah-ah. 
Nothing on the net should ever have direct access to any 
input/output/storage device or similar at all.
Any "webapp" (I use "webapp" as I consider HTML, Java, Flash in the same 
boat in this particular issue) should go through 3 layers of security.
The Browser layer (the listing/prompt I described above), The User layer 
(if the OS supports it, let the user dictate which software can use 
which devices), and then the OS layer (admin settings, intranet, driver 
config etc).

I know some people here are drooling at the idea of driverless USB 
devices that a webapp talks to directly, but it's never going to happen.
The OS (or admin configuration) still control which devices are 
available, even if they are HID.
And no browser would allow blind access to the OS's devices, a few major 
scandals and people would flee from that browser like crazy. (I think 
almost every major browser dev here has been though such a crappy event 
and it ain't fun.)

Now, I'm no USB expert, but isn't it possible for a USB device to 
provide a user level driver when being plugged in?
If so then do that for the device (userlevel USB HID device driver?)
Then provide a url to the webapp. The browser will/should ask the user 
if it's ok for webapp zzzzz to access the "blah" device, user clicks yes 
and off ya go.
Doesn't sound that overly complicated to me (from a user standpoint).

As a dev I know that an admin can (and should be able to) disable 
userlevel drivers (or ability to use them) etc. for some regular users 
in the OS.
Likewise a school, library or public system or public service system 
might want to config the browser to not allow webapps to access hardware 
directly,
in which case the browser would either turn up with a box saying "No 
Devices Found" or "This Device is not allowed on this system" or something..

If we allow webapps to tunnel straight through the Browser, the User, 
the OS, the Drivers, and access the Device directly you are gonna have a 
Peek-a-Boo hell on your hands as people are usually assholes with stuff 
like this.
And then the fact that your house lights keeps flashing on/off (USB 
house lighting control hooked to a PC maybe?) all night will be the 
least of your worries.

Some of the people here are only thinking of the device "they" want to 
plug in and work with.
But look around you right now, what else is a serial device hooked to 
your computer?

USB stick? Mouse? Keyboard? Webcam? Headset/Mic? USB Hub? House 
controllers? Printer? Scanner? Your portable camera currently hooked in 
since you copied off the photos and it's still charging?
Search the net for weird USB devices, if it's available for sale, there 
is at least one owner of such a device out there. Oh and don't forget, 
aren't there various USB "body" interaction devices out there? (and as a 
sidenote, there are even USB sextoys, the last you want to hear as a dev 
is that you are responsible for making it easy for some hacker to hack 
someones "toys" right? Though I'm sure the lawyers would love it.)
And isn't there USB medical gear available? To assist some doctors and 
patients to do sessions remotely, or regulate dosage? Now the 
manufacturer of that may have secured their interface and API well...
But then here comes the webapp-access-any-USB-device API? Outch...
1. A Weather device API for Webapps, fine no problem.
2. Let any Webapp access any Device? Bad idea and not even close to the 
same thing as #2.
Don't forget the big picture, even something minor may have a major 
impact, if implemented incorrectly.

-- 
Roger "Rescator" H?gensen.
Freelancer - http://www.EmSai.net/
Received on Tuesday, 28 December 2010 10:07:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:02 UTC