Websites take control of USB devices: Googlers propose WebUSB API

What could possibly go wrong? Wait, what could possibly go right


Two Google engineers have drafted a software interface that allows websites to control USB devices.

Reilly Grant and Ken Rockot say their proposed WebUSB API allows hardware developers to configure and control USB devices from webpages, simplifying the process of installing and setting up equipment.

"Today when you connect a device to your computer, you hope that somehow it will find the right driver and it will Just Work. For lots of devices it does, because there are standardized drivers for things like keyboards, mice, hard drives and webcams built into the operating system," the developers said.

"What about the long tail of unusual devices or the next generation of gadgets that haven't been standardized yet?"

WebUSB attempts to solve that problem by letting the device connect to a web server rather than rely on installed software. In addition to controlling the hardware, a website could install firmware updates and perform other basic tasks.

The Googlers note that WebUSB is not intended to be a one-size-fits-all solution for linking up any USB device with any controller. The API contains origin protections that will restrict the domains a single device can access and where it can receive updates and downloads, a process the developers liken to the CORS (cross origin resource sharing) protections on HTTP data transfers.

One use-case the developers suggest is 3D printers. Rather than having to install software drivers to configure the printer and calibrate the hardware, a developer could simply create a web application that handles the entire process automatically.

"WebUSB thus replaces native code and native SDKs with cross-platform hardware support and web-ready libraries," the developers said.

Currently, WebUSB remains very much a work in progress. The API – spotted over the weekend – is still considered unofficial and is hosted through the W3C's Web Platform Incubator Community Group (WICG). Grant and Rockot say that any member of the WICG is welcome to contribute to the project. ®

Similar topics


Other stories you might like

  • Open source body quits GitHub, urges you to do the same
    Paid-for Copilot trained on FOSS code final straw for Software Freedom Conservancy

    The Software Freedom Conservancy (SFC), a non-profit focused on free and open source software (FOSS), said it has stopped using Microsoft's GitHub for project hosting – and is urging other software developers to do the same.

    In a blog post on Thursday, Denver Gingerich, SFC FOSS license compliance engineer, and Bradley M. Kuhn, SFC policy fellow, said GitHub has over the past decade come to play a dominant role in FOSS development by building an interface and social features around Git, the widely used open source version control software.

    In so doing, they claim, the company has convinced FOSS developers to contribute to the development of a proprietary service that exploits FOSS.

    Continue reading
  • Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined
    Developer interactions sometimes contain their own kind of poison

    Analysis Toxic discussions on open-source GitHub projects tend to involve entitlement, subtle insults, and arrogance, according to an academic study. That contrasts with the toxic behavior – typically bad language, hate speech, and harassment – found on other corners of the web.

    Whether that seems obvious or not, it's an interesting point to consider because, for one thing, it means technical and non-technical methods to detect and curb toxic behavior on one part of the internet may not therefore work well on GitHub, and if you're involved in communities on the code-hosting giant, you may find this research useful in combating trolls and unacceptable conduct.

    It may also mean systems intended to automatically detect and report toxicity in open-source projects, or at least ones on GitHub, may need to be developed specifically for that task due to their unique nature.

    Continue reading
  • For a few days earlier this year, rogue GitHub apps could have hijacked countless repos
    A bit of a near-hit for the software engineering world

    A GitHub bug could have been exploited earlier this year by connected third-party apps to hijack victims' source-code repositories.

    For almost a week in late February and early March, rogue applications could have generated scoped installation tokens with elevated permissions, allowing them to gain otherwise unauthorized write or administrative access to developers' repos. For example, if an app was granted read-only access to an organization or individual's code repo, the app could effortlessly escalate that to read-write access.

    This security blunder has since been addressed and before any miscreants abused the flaw to, for instance, alter code and steal secrets and credentials, according to Microsoft's GitHub, which assured The Register it's "committed to investigating reported security issues."

    Continue reading

Biting the hand that feeds IT © 1998–2022