r
On Fri, Dec 4, 2015 at 2:25 PM, Robert O'Callahan <rob...@ocallahan.org>
wrote:
> On Fri, Dec 4, 2015 at 1:56 PM, Eric Rescorla <e...@rtfm.com> wrote:
>
>> On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan <rob...@ocallahan.org>
>> wrote:
>>
>>> There are three possible approaches I can see to expose USB devices to
>>> third-party applications:
>>> 1) What I suggested: Whitelist vendor origins for access to their
>>> devices and have vendor-hosted pages ("Web drivers"?) expose "safe" API to
>>> third-party applications.
>>> 2) Design a permissions API that one way or another lets users authorize
>>> access to USB devices by third-party applications.
>>> 3) Wrap USB devices in Web-exposed believed-to-be-safe standardized APIs
>>> built into browsers.
>>>
>>
>> I can think of at least one more:
>> (4) Have the APIs hidden behind access controls that need to be enabled
>> by an extension
>> (but a trivial one). Perhaps you think this is #2.
>>
>
> Yeah it seems like a version of #2.
>
> I think we should definitely support #1. Trusting device vendor code with
>>> access to their devices is no worse than loading their device driver, in
>>> most respects. Once we support such whitelisting device vendors can expose
>>> their own APIs to third party applications even with no further effort from
>>> us.
>>>
>>
>>
>> Color me unconvinced. One of the major difficulties with consumer
>> electronics devices
>> that are nominally connectable to your computer is that the vendors do a
>> bad job
>> of making it possible for third party vendors to talk to them. Sometimes
>> this is done
>> intentionally in the name of lock-in and sometimes it's done
>> unintentionally through
>> laziness, but in either case it's bad. However, at least in those cases,
>> the third party
>> vendor can at least in principle produce some compatible downloadable
>> driver
>> for the device, and its not much harder to install that than to install
>> the OEM driver.
>>
>> I don't think it's good for the Web for browser to be in the business of
>> enforcing vendor
>> lock-in by radically increasing the gap between the access the vendor has
>> to the
>> device and the access third parties do.
>>
>
> I see your point, I just don't think it's as important as you do.
>
Sure. Conversely, I don't find myself convinced by your position.
Would be happy to talk about this live if you think that's useful.
-Ekr
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
