[nl]

I understand and previously agreed with Mozilla's hard line privacy and security stance.

Recently I've changed my mind. I've been building a thing using everything in the web platform, even if it is Chrome only and it is great. You can build apps the blend local and remote systems together in ways that make new things possible - and it is on an open-standard runtime.

But as a long time Firefox user I hate that I have to warn people at some critical features won't work.

I think from a platform point of view having features in the web platform that let it compete with other platforms is worth the trade off.

[usrnm]

So, what you're saying is that you agree with the security concerns regarding these API, but your convenience as a developer outweighs them?

[nl]

No that's a mischaracterization.

I'm saying I think it is important for free and open systems to be competitive with closed ecosystems, and to take advantage of the power of local systems.

I believe in a world where we - as developers - can build systems that have both maximum safety and maximum utility for users.

Currently there are two ways of distributing software that takes full advantage of the hardware users have:

1. AppStores, with centralized, permission based certification of developers in an attempt to make apps safe.

2. Binary downloads, relying on the operating system to make them safe for users.

I believe there should be a third way - a platform that sandboxes users from the worse things that are possible and breaks reliance on cloud platforms.

I think the web platform is the closest to achieving this. I think the security and privacy concerns are valid and well-founded, but I think the trade-offs in pushing permission-based systems are worthwhile.

Take this project as an example. The alternative to web-serial is to download a random executable binary and firmware written by who knows to your computer, with full read/write permissions. I think that is a riskier outcome for users than enabling this API.

[usrnm]

The web is not a software distribution platform, it's a platform for distributing thin clients to propriatory walled gardens that will break your use cases or just ban you at will. Users have absolutely no control over the web, so no I don't see it as a superior alternative

[nl]

I completely disagree.

I've been using the web since 1994, and it's always distributed applications. I mean what were WAIS and Veronica except attempts to build applications - and they were (vastly inferior) predecessors to the web.

The web is the most ugly, horrible, messy, fantastic and beautiful Commons in human history and I love it.

Yes, people will block it and Balkenize it and make it ugly and make terrible apps that run horribly.

But it is better than anything else we've built, so there is that.

[Fnoord]

I think you're both right. What I dislike about it, is how we went from walled gardens to ads, tracking, and guilt tripping adblock users (while IMO whatever you see or don't want to see is up to the client). It is a huge cat and mouse game.

(That guilt tripping is what worries me in relation to WebUSB and webserial.)

In a TUI, it is still completely unacceptable that the client would spam the user with ads. And if it would, due to FOSS nature it is easy to circumvent.

If web devs are clever they produce an API instead of pure HTML + JS + the whole bloated crap around them. It'd save them costs, and heavy API users could subscribe.

[rfrey]

I think it is uncharitable to say "your convenience". It's more like "your vision as a creator". We're talking about developer intent that isn't possible otherwise. You can say "good, it shouldn't be", but don't characterize it as convenience.

[hommelix]

Now with Webxxx, the user needs to make sure that it is the right URL, not a fake teanns instead of teams, so he is unsure every time he has to use it. Some random download, once it works, can be reused and you have more trust that it works after the trial was positive.

And if it is open source, you can review the code before compiling. I can't review the code of some random server, as my browser only receives a random wasm binary for example.

[nl]

But the alternative is binary flashing software AND a binary blob to flash.

This doesn't preclude it being open source in anyway. Infact with a WASM toolchain you could even compile in the browser.

[fennecfoxy]

Yep, web serial okay but not bluetooth? "We can't make it secure". Yes you can.

No web bluetooth from inside an iframe, always require consent to select a device and connect to it.

Sure, I suppose it could enable more scams by tricking people into connecting to x device but if we were truly worried about stopping scams we'd turn the internet off and then shotgun our entire species.