WebUSB is one of those APIs that Apple has rejected though, yes? This use case is very Android but what else does it enable?
-
-
Replying to @stshank @slightlylate1 reply 0 retweets 1 like
-
Replying to @stshank
We're leading on many APIs via Project
, and my hope is that the counterfactual of "not needing to download unsafe binaries" eventually wins over skeptics once they see we've done it safely & value it delivers. Browsers update faster, and can mediate bad actors better.1 reply 0 retweets 5 likes -
Replying to @slightlylate @stshank
In terms of uses, think connecting to cameras, printers, programming Arduinos, updating incidentally embedded software (e.g., in headphones), CnC hardware...all the sorts of stuff that used to need custom, OS-specific drivers & software.
1 reply 0 retweets 5 likes -
Replying to @slightlylate @stshank
@noopkat has been showing what's possible:https://youtu.be/IpfZ8Nj3uiE2 replies 0 retweets 4 likes -
Replying to @slightlylate @noopkat
Do you think Apple has a fair point about lots of people not being informed or expert enough to handle permissions dialog boxes? I.e. could there be problems with naughty websites doing bad things with your hardware?
2 replies 0 retweets 0 likes -
This seems to imply a blanket answer to a nuanced problem. We reject the assumption of unsolvability -- after all, Apple seems to believe these things are more than reasonable for native apps -- and instead focus on better patterns. Apple could too if they invested reasonably.
3 replies 0 retweets 3 likes -
This really seems to underestimate how good phishing attacks can be....
2 replies 0 retweets 0 likes -
Replying to @HarperMitchell @slightlylate and
This isn't a "problem to be solved" but the start of an arms race against phishers
1 reply 0 retweets 0 likes -
Replying to @HarperMitchell @slightlylate and
And the desire to "win against native" seems to be clouding how incredibly powerful this could be in the hands of an advanced adversary performing targeted attacks
1 reply 0 retweets 0 likes
This isn't our first rodeo. Caution is at the center of our approach. And what's your counterfactual? Dangerous native binaries? How is that better?
-
-
It's not, which is why I run Qubes and am very, very selective about how I grant device access to various VMs and don't, you know, let any *website* get access to *the whole serial bus* where the only thing between me and it is *a few clicks*
1 reply 0 retweets 0 likes -
Replying to @HarperMitchell @slightlylate and
There is a problem space here, but this specific feature I wouldn't trust myself to use responsibly The thing about binaries is they tend not to rewrite themselves after they've been signed, unlike web pages that can return different content on each page load
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
DMs open. Tweets my own; press@google.com for official comms.