[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Web versions
|
From: |
Taylan Kammer |
|
Subject: |
Re: Web versions |
|
Date: |
Tue, 9 Mar 2021 15:01:49 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
On 08.03.2021 18:59, Jacob Bachmeyer wrote:
> Taylan Kammer wrote:
>> On 06.03.2021 22:30, Jacob Bachmeyer wrote:
>> In times like that, I wish I had quick
>> access to some Unix-like environment with helpful tools like netcat and
>> nmap on the client's end.
>>
>> If I could just open a browser on the client's PC and visit a website
>> that boots up a GNU/Linux with useful tools like that, it would be
>> pretty amazing.
>
> The problem is that to be able to implement tools like that, the browser
> would need to offer access to the local network at a level that would be
> a serious security risk. While nmap and netcat/socat can be great for
> development and troubleshooting, they are also great for an intruder's
> recon efforts to prepare further intrusions. 8-| Do you want ad
> companies routinely port-scanning your LAN?
Browsers already offer websites the ability to access your microphone,
camera, GPS location, and even *screen contents* (!). Any sane browser
of course asks the user on a per-website basis whether the user would
like to allow this.
>From a quick web search I found out that there's already a draft for a
filesystem API that allows write access and working with directories:
https://wicg.github.io/file-system-access/
I'm not really happy at *all* with the state of the WWW, but it mostly
has to do with the choices website developers make rather than what
browsers are capable of.
In principle I see little difference between trusting Debian's package
database so much that I never have second thoughts while running
"apt-get update && apt-get upgrade", and trusting a specific website so
much that I have no second thoughts about them changing the "source
code" of a browser-based application they host.
Preferably of course, such an application would be released under the
AGPL, with a clear indication of what version one is using, and a way
for the browser to checksum the whole application to rule out "sneaky"
changes that aren't reflected in the version number.
With the way the web continues to evolve I wouldn't be surprised if this
becomes a major way of rolling out arbitrary cross-platform software in
the future. If that happens, I would definitely want to see GNU and the
larger free software community be a part of that future.
- Taylan
- Web versions, Rohit D, 2021/03/06
- Re: Web versions, shulie, 2021/03/06
- Re: Web versions, Alfred M. Szmidt, 2021/03/06
- Re: Web versions, Taylan Kammer, 2021/03/06
- Re: Web versions, Jacob Bachmeyer, 2021/03/07
- Re: Web versions, Taylan Kammer, 2021/03/08
- Re: Web versions, Jacob Bachmeyer, 2021/03/14
- Re: Web versions,
Taylan Kammer <=
- Re: Web versions, Schanzenbach, Martin, 2021/03/11
- Message not available
- Re: Web versions, Colby Russell, 2021/03/11
- Re: Web versions, shulie, 2021/03/14
- Re: Web versions, DJ Delorie, 2021/03/14
- Re: Web versions, aviva, 2021/03/14
- Re: Web versions, DJ Delorie, 2021/03/14
- Re: Web versions, shulie, 2021/03/16
- Re: Web versions, shulie, 2021/03/16
- Re: Web versions, aviva, 2021/03/14
- Re: Web versions, DJ Delorie, 2021/03/14