probably not the first person with this idea but

rachel@transitory.social

@cato@chaosfurs.social yeah only to run esphome initial install and similar

but then I switched to linux and can't be assed to install chrome so I just use the cli now, and then OTA after that

kirakira@furry.engineer

@cato LOL

danvolchek@mastodon.social

@reiddragon @cato @Colin why? The android bootloader shows you the signature of the OS before it boots. You can compare that to the published hash on the website (assuming it's anything like graphene) and at that point it's no different from having used a native app. Apart from the fact that it was way easier for users to use and devs to maintain

kneoghau@mastodon.social

@cato WebUSB is like magnets on computers, I still think it's dodgy even if modern technology removes or mitigates the risks. A big magnet damages screens and hard drives (CRT and HDD), so of course I don't want my phone (OLED and SSD) to have magnet mounting!

thing@plasmatrap.com

@raccoon@hollow.raccoon.quest @cato@chaosfurs.social only chrom(e/ium-based browsers) have WebUSB support.
And also, google chrome is a piece of shit.

machetebadger@hachyderm.io

@cato

My Chromium

is a

MACHINE

that turns

zigbee, serial and android devices

in to

flashed over WebUSB

brezelradar@norden.social

@momo @cato Hab ich bisher nie erfolgreich benutzen können. Brauche ich allerdings nicht zum flashen, sondern nur Noten in Websynths kippen o.ä. Thomanns stompen-dings funktioniert bei mir auch nicht.

Das einzige, was (leider auch nur) in chromiumbased Browsern zuverlässig funktioniert, sind ZSA's Tastaturflashtool und deren 10-Fingertrainingsseite. Für ersteres gibt's auch ein offline-Tool (und prinzipiell ja QMK), für zweiteres monkeytype.

bas_spr@digitalcourage.social

@cato https://github.com/mozilla/standards-positions/issues/100
Mozilla claims they have privacy concerns

rexo@st.transbus.social

@cato@chaosfurs.social @reiddragon@fedi.catto.garden boooooo

reiddragon@fedi.catto.garden

@rexo @cato great argument

rexo@st.transbus.social

@cato@chaosfurs.social @reiddragon@fedi.catto.garden if you want an actual argument then yes I do actually trust a specific scoped permission more than a native app with full access. I suppose you could have everything in Flatpaks with scoped perms but realistically I'm not sure if 1. companies would bother and 2. people would accept that

rexo@st.transbus.social

@cato@chaosfurs.social @reiddragon@fedi.catto.garden also that would restrict people to Linux. better than forcing Windows, but ultimately WebUSB is cross platform

reiddragon@fedi.catto.garden

@rexo @cato this is the hundredth time I'm saying this just in this thread, but that permissions system doesn't mean jack shit. It's been compromised many times, can be completely bypassed by someone who knows what they're doing, and even if it worked as intended, it doesn't even cover everything, allowing websites to just get direct access to the GPU driver, letting them exploit it willy nilly, with absolutely no permissions in sight

The. Web. Cannot. Be. Trusted. The whole model was made for serving static documents, not applications. But now they shoved applications in the bloody thing and we're supposed to just pretend the whole thing isn't a giant security nightmare

soph@ice.sophari.org

@cato
- whats my purpose
= android webview debugging
- oh my god

cato@chaosfurs.social

@raccoon Chromium based browsers are afaik the only ones supporting WebUSB because Mozilla refuses to implement it

urbanclone@infosec.exchange

@cato seems so niche but it’s so completely me/true