- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
cross-posted from: https://lazysoci.al/post/46128508
You must log in or # to comment.
This has been a serious pain point for people who have wanted to use web apps to flash many things, including keyboards and phones. Nice to see Mozilla is finally observing the competition on something that’s not AI.
I only have Chrome to flash my Flipper Zero, ESP32’s and my Mestastic stuff. Being able to use Firefox would be nice.
It’s about time. I hate having to use another browser so I can use a few web apps that need to connect to serial devices.
Aren’t there native applications being able to do that?
Why install a native app when a website can do it? It’s very common to use a website to flash ESPHome for example.
Well you have more control over it and not dependent on the server. Also it should be more private I guess. I’m not judging, just asking if there was no native app that you felt forced to use a worse browser.
not dependent on the server
It doesn’t have to be - a developer could also provide a HTML file that the user can download and open locally.
And to be honest, if someone had to build a user-friendly cross-platform GUI app for connecting to some sort of serial device, they’d probably just end up using web technologies (Electron or Tauri) anyways. May as well avoid the extra overhead of Electron.
I encountered such programs in the past. It’s basically simple HTML with JavaScript, to run with my “favorite” browser and not being packaged as an Electron app. But that is very rare. Still better than dependent on the server, which solves a huge issue (which was my point). But the other point isn’t solved, if the person is “forced” to use a browser he or she does not like.
Not for what I need. Some of them have an electron program, but that’s just chrome bundled with a web app.
I think this means that meshtastic and meshcore flashers will be usable in Firefox now.
Great news for ESPhome - it is such a hassle to try and use the cli (especially on windows) as opposed to just using the interface in home assistant
these technologies are both really cool and really scary at the same time.
IMO it’s fine since you need to explicitly grant permission for the site to use it, and also explicitly choose a device to allow it to communicate with. You can also configure your browser to always reject requests to use the API, if you never want to use it.
WebSerial is useful for the developer as they can build their webapp once and it’ll work consistently across platforms, and it’s useful for the user since the same interface will work across all OSes.
I prefer it over the other common approach for communicating with serial devices, which is often to only make a Windows app and to have some convoluted setup process involving sketchy-looking drivers, which then breaks when you have different devices that require different versions of the flashing software or drivers.
i agree with you, but the exploits are gonna be wild.
Chrome’s had it for five years, and I don’t recall any Webserial-specific vulnerabilities in it (but I could be wrong!)
i’d bet on webusb being compromised first, when/if that takes off for more mundane tasks.
This has always felt like something that doesn’t belong in a web browser to me.
as someone who did an ESP based project for end users, this is really useful to let users flash new stuff on their device without needing some convoluted toolchain on your computer
it was really really useful to tell people “go to xyz and select the option you want, follow the on screen instructions and you’re done. sorry, chrome only”
Just last week my mobile died. I was able to get a new one and flash GrapheneOS while traveling, using my partners phone. That was totally awesome.
Since they are adding Ai to the browser, it seems the quality and security standards are reduced.
This is a bit of speculation on my part, but I think the recent leadership changes, especially Eric Rescorla (ekr) leaving as Mozilla CTO probably lead to this. I think ekr was responsible for many of the security vetoes that held APIs like this back. Maybe they had good reason for it at the time, but Chrome has now demonstrated that Web Serial has been safe for years.
So although I appreciate Firefox has always been security conscious, I think they sometimes landed a little too strict on some decisions. I’d be happy if this attitude change allows some more innovation in Firefox that is not just “AI all the things”.
Huh maybe they’ll finally add WebUSB
As a not particularly techy end-user. What does this mean
There are a lot of devices (esp32, phones, serial devices, etc ) that can have software installed (flashed) over this protocol. Before this our only choice was a chromium based browser.
But can’t phones already run firefox anyway?
I do not want this.
You can completely disable the API in Chrome… I assume Firefox will allow this too.
Why?
All my serial devices need careful handling and will happily destroy themselves or start a fire if given the wrong instructions — my 3D printer, my laser engraver, my inverter/solar/battery monitor-programmer.
None of them are remotely prepared or hardened in any way to protect from malicious or careless commands.
I don’t generally trust websites and I do not want any website to discover those devices and interact with them.
Maybe it will depend on the specifics of their UI/UX implementation, but I don’t think you’ll end up in a scenario where you’re surprised that a website suddenly has access to your serial ports. I expect the UI will be fail-safe, very visible, and that you’ll be able to disable it entirely if you wish, so that you never even see a prompt.
Why you can disable the API completely?
