Hacker News new | ask | show | jobs
by lordofgibbons 296 days ago
How and why do browsers allow this? Why wouldn't the browser ask for permission in the same way that it does for Microphone access?

It's insane to allow any random website to port scan my LAN. If this wasn't a "feature", I would have considered this a high severity vulnerability
1 comments
JJJollyjim 296 days ago
Chrome doesn't allow it - local network services have to opt-in to being fetchable from public sites (https://github.com/WICG/private-network-access), although they're replacing it with a user-permission-based approach (https://github.com/WICG/local-network-access).

(There is some language online suggesting PNA has not actually shipped, but I experienced it myself in stable Chrome several years ago, so I am unsure of the current state).

Firefox doesn't implement either approach -- I assume this is indicative of their lack of development resources.

link
adithyassekhar 296 days ago
> Firefox doesn't implement either approach -- I assume this is indicative of their lack of development resources.

Since ublock had this as a feature for a long time, I'm sure they are aware of it. Unlike other non funded oss projects, Firefox can't and shouldn't shield themselves with this lack of development resource excuse. They have millions.

link
johncolanduoni 296 days ago
A trillion dollar company (that loves huge vanity projects) gave up on maintaining a browser because it was too much work and just ship a Chrome fork now. I won’t defend Mozilla’s allocation of their resources, but even if they put it all into the “right” Firefox features the web platform is too complex and too much of a moving target for a company with mere centi-million revenues.
link
adithyassekhar 296 days ago
To be honest they weren't trying to build a better browser. Atleast not anymore, earlier edge was nice. They just wanted more data for ads / money. Going the chrome way was more profitable for them.

I thought Mozilla was different.

link
sitkack 296 days ago
They are also firing as many senior folks as possible. You should revisit what ever argument you are trying to make.
link
johncolanduoni 295 days ago
Microsoft? Were they firing as many senior folks as possible in 2018 when they announced they would give up on EdgeHTML and Chakra? Or in early 2020 when it actually came together? That’s not my recollection of the FAANG-ish job market at the time these decisions were made.

If you meant Mozilla, they’re a total indefensible trashfire for sure. But I’m not convinced they could have succeeded with their resources.

link