deleted by creator
IMO it’s fine since you need to explicitly grant permission for the site to use it, and also explicitly choose a device to allow it to communicate with. You can also configure your browser to always reject requests to use the API, if you never want to use it.
WebSerial is useful for the developer as they can build their webapp once and it’ll work consistently across platforms, and it’s useful for the user since the same interface will work across all OSes.
I prefer it over the other common approach for communicating with serial devices, which is often to only make a Windows app and to have some convoluted setup process involving sketchy-looking drivers, which then breaks when you have different devices that require different versions of the flashing software or drivers.
deleted by creator
Chrome’s had it for five years, and I don’t recall any Webserial-specific vulnerabilities in it (but I could be wrong!)
deleted by creator
This has always felt like something that doesn’t belong in a web browser to me.
Just last week my mobile died. I was able to get a new one and flash GrapheneOS while traveling, using my partners phone. That was totally awesome.
Since they are adding Ai to the browser, it seems the quality and security standards are reduced.
I think this means that meshtastic and meshcore flashers will be usable in Firefox now.
Huh maybe they’ll finally add WebUSB
As a not particularly techy end-user. What does this mean
I do not want this.
You can completely disable the API in Chrome… I assume Firefox will allow this too.
Why?
Why you can disable the API completely?
All my serial devices need careful handling and will happily destroy themselves or start a fire if given the wrong instructions — my 3D printer, my laser engraver, my inverter/solar/battery monitor-programmer.
None of them are remotely prepared or hardened in any way to protect from malicious or careless commands.
I don’t generally trust websites and I do not want any website to discover those devices and interact with them.
