Google, Mozilla Working on Letting Web Apps Edit Files

The fearmongering here is growing to new heights. If managed properly each application that runs in your browser could have its own directory to work in, without being able to write anywhere else. Just because you don't understand what this new technology is all about, doesn't mean it's as scary as some make it sound.
Being able to run any program in your browser, no matter the device or operating system, given your hardware is powerful enough, is going to make software much more accessible than it has ever been. If it works and it supports DirectX and Vulkan, Steam will immediately migrate to this new API, finally achieving Valve's goal to be platform independant.
 
Zarathustra[H] said:
Why should a website ever have access to local storage?

This is insanity

Neither the current method or this new API should be allowed.
Click to expand...


So they can catalogue & report if you have any copyrighted material on your local machine, or perhaps interesting marketable design ideas that can be 're-imagined' for their usage.

joking :)


wait... :nailbiting:
 
M76 said:
But why? What would be the practical use of this? Apart from the obvious: gathering more data to sell than ever before.
Click to expand...
Easier to make Google Docs work on local files. Spying and implanting spyware. I suspect that Google & friends make a pretty penny from the government spying on you and they have the excuse that they're forbidden to reveal it. So they're going whole hog and maximizing that government $$$.
 
Now we need a browser maker that chooses not to use this feature. But still, this development will probably require sandboxing that browser just to be safe. Good intentions, path to evil and all that...
 
darckhart said:
"make sure a user understands what they are giving a website access to" LMAO if users knew this, we wouldn't be in the privacy mess we're in now.

and AFAIK some apps already do this "local" malarkey. as part of installation agreement you give, chrome, dropbox, etc, update themselves "behind the scenes"
Click to expand...
It's one thing to let an app I installed have that authority. Completely different to have one slipped on my system from the internet.
 
benedict said:
The fearmongering here is growing to new heights. If managed properly each application that runs in your browser could have its own directory to work in, without being able to write anywhere else. Just because you don't understand what this new technology is all about, doesn't mean it's as scary as some make it sound.
Being able to run any program in your browser, no matter the device or operating system, given your hardware is powerful enough, is going to make software much more accessible than it has ever been. If it works and it supports DirectX and Vulkan, Steam will immediately migrate to this new API, finally achieving Valve's goal to be platform independant.
Click to expand...
Righto, all of us here are newbies and don't understand how these things work and have never seen such ideas go bad before. I'm so relieved that you told us nothing is a problem here. BTW even if they managed to make it perfectly safe with no exploits (they won't) I still don't like a bunch of crap cluttering up my SSD.
 
Laowai said:
Wow.
We have laws against murder, theft, and more things than you can shake a fucking stick at yet oddly enough they still happen.
I honestly am surprised we're having this discussion. I had thought you were smarter than this.
Even if this somehow gets banned in the States...and by this, I'm not referring to what is actually happening which is simply the creation of a new API, but all the bad shit we think may happen after....there are other countries with their own laws. Unless you are also pushing for the US to wall off its internet like N.Korea or China....how would any law in the States matter a hill of beans?
Is it even technically possible for a country to ban an API in any way that could be enforced?

I could not even imagine what that would look like, but I'm not a lawyer.
Click to expand...

Yes, people still commit crimes even when things are illegal, but having criminal consequences IS effective and DOES tamp down on undesired behaviors. You may still have some company trying to do something after its been banned, but there will be financial consequences once they are caught, and they will have to reverse course.
 
WhoMe said:
Ok, I screwed up and lost my cheap internet connection so I said to hell with it and left the internet for six months. Then my dad dies on Thanksgiving (great timing) and being a cheap SOB I take home his mifi to poke around the internet a bit using up the data he'd paid for...and this is one of the first stories I read! I was thinking of signing up with T-Mobile now they are in my area, but damn, you know I just may go dark again. I almost long for the days of my 300 baud modem and dialing into BBS's :).

gxp500 said, "what can go wrong?" Add the saying, "If it can go wrong, it will," too that.
Click to expand...

dude, sorry about your loss, that's f*cked man. but look if your like me. you don't need a smartphone/mifi/facebook/spyware. just keep the internet at home and on your terms. and get a vpn. airVPN is the safest/best (imo). peace.
 
  • Like
Reactions: WhoMe
like this
Zarathustra[H] said:
Yes, people still commit crimes even when things are illegal, but having criminal consequences IS effective and DOES tamp down on undesired behaviors. You may still have some company trying to do something after its been banned, but there will be financial consequences once they are caught, and they will have to reverse course.
Click to expand...
Ok. Perhaps.
Now, is it even possible and/or feasible to ban an API when it's still being developed as you seem to want? Or after?
What exactly is it that you want to make illegal because as you said earlier "it must be stopped at any cost." and on what grounds?

To be clear - I'm not a fan of this as I see a whole lot of potential negatives but I can also see legit uses.
My kneejerk reaction is "I won't use it" and yours is "STOP IT AT ANY COST!".
This API, which does not even exist yet as far as I can tell, seems a strange hill to die on.
 
WhoMe said:
Righto, all of us here are newbies and don't understand how these things work and have never seen such ideas go bad before. I'm so relieved that you told us nothing is a problem here. BTW even if they managed to make it perfectly safe with no exploits (they won't) I still don't like a bunch of crap cluttering up my SSD.
Click to expand...
You're putting words in my mouth. I certainly hope most people here are not newbies and understand how things work. But chasing perfect security is a pipe dream. You will never have perfectly safe software with no exploits. As a matter of fact the chase of security at all costs has severely hampered technological progress in IT in the past 15 years. Windows is a prime example how trying to make something safe makes it unusable.
What this development gives is incredible functionality, not security. And as a matter of fact I don't give a damn about security on my home PC. I'm more than competent enough to protect myself. I want the software to be functional, not trying to protect me from myself.
 
benedict said:
You're putting words in my mouth. I certainly hope most people here are not newbies and understand how things work. But chasing perfect security is a pipe dream. You will never have perfectly safe software with no exploits. As a matter of fact the chase of security at all costs has severely hampered technological progress in IT in the past 15 years. Windows is a prime example how trying to make something safe makes it unusable.
What this development gives is incredible functionality, not security. And as a matter of fact I don't give a damn about security on my home PC. I'm more than competent enough to protect myself. I want the software to be functional, not trying to protect me from myself.
Click to expand...
You said it, you own it. Please tell me how this is going to be beneficial? They've already got cookies. Why would I want them to be able to put even more crap on my computer and waste even more bandwidth? What is going to be so great about this that it is worth the risks? Not to mention that most software is really bad at cleaning up after itself so here is another source of crap to clean up.

As to those who say "well I just won't run that API," you can bet that as time goes on you'll be unable to use more and more sites until you give in.
 
WhoMe said:
You said it, you own it. Please tell me how this is going to be beneficial? They've already got cookies. Why would I want them to be able to put even more crap on my computer and waste even more bandwidth? What is going to be so great about this that it is worth the risks? Not to mention that most software is really bad at cleaning up after itself so here is another source of crap to clean up.

As to those who say "well I just won't run that API," you can bet that as time goes on you'll be unable to use more and more sites until you give in.
Click to expand...
It's going to be extremely beneficial to businesses, who will be able to run their ERP software through their browser anywhere on any pc, phone or tablet. Just because something isn't beneficial to you doesn't mean someone else can't use it. Kudos to Google and Mozilla if they manage to do it.
 
benedict said:
It's going to be extremely beneficial to businesses, who will be able to run their ERP software through their browser anywhere on any pc, phone or tablet. Just because something isn't beneficial to you doesn't mean someone else can't use it. Kudos to Google and Mozilla if they manage to do it.
Click to expand...
Obviously it's going to be (or anticipated to be) beneficial to the companies doing it or they wouldn't put money into it. That's a no duh. I want to know what it does for me or other end users, we're the ones who will get the bad, so what's the good?
 
Laowai said:
Ok. Perhaps.
Now, is it even possible and/or feasible to ban an API when it's still being developed as you seem to want? Or after?
What exactly is it that you want to make illegal because as you said earlier "it must be stopped at any cost." and on what grounds?

To be clear - I'm not a fan of this as I see a whole lot of potential negatives but I can also see legit uses.
My kneejerk reaction is "I won't use it" and yours is "STOP IT AT ANY COST!".
This API, which does not even exist yet as far as I can tell, seems a strange hill to die on.
Click to expand...


Can you stop reducing the magnitude by calling it 'just an api'... Yes by definition it's an api, but what it does on the back end on your local machine is not like any API that exists. The issue is this opens up a HUGE new attack vector on your browser. You thought the internet was unsafe with just js/adobe vulnerabilities, wait until shit like this comes out. Scanning your files, installing root kits/malware/viruses/keyloggers..... And lets not forget securing APIs is a painful as well, yet we're just supposed to trust they have implemented it securely, closed sourced.....

Guess it's time for windows to really push application sandboxing so we can restrict the browsers file access at the OS level and reduce this huge vulnerability. Because while we may disable this in the beginning, that may not be possible in future browser updates. So I am absolutely 100% against this as a systems/security admin, and if they don't allow disabling this and giving complete control via GPO, chrome/FF will be banned company wide. Users are way too dumb to understand the risks involved and will just click yes/ok on anything.
 
benedict said:
It's going to be extremely beneficial to businesses, who will be able to run their ERP software through their browser anywhere on any pc, phone or tablet. Just because something isn't beneficial to you doesn't mean someone else can't use it. Kudos to Google and Mozilla if they manage to do it.
Click to expand...

also going to be beneficial when they open this massive gaping security hole and end up having the ERP DB fully penetrated and end up getting sued into oblivion. So greatly beneficial to lawyers and hackers, probably not so much for anyone else, ERP is already done in browsers on a daily basis...
 
Biznatch said:
Can you stop reducing the magnitude by calling it 'just an api'... Yes by definition it's an api, but what it does on the back end on your local machine is not like any API that exists. The issue is this opens up a HUGE new attack vector on your browser. You thought the internet was unsafe with just js/adobe vulnerabilities, wait until shit like this comes out. Scanning your files, installing root kits/malware/viruses/keyloggers..... And lets not forget securing APIs is a painful as well, yet we're just supposed to trust they have implemented it securely, closed sourced.....

Guess it's time for windows to really push application sandboxing so we can restrict the browsers file access at the OS level and reduce this huge vulnerability. Because while we may disable this in the beginning, that may not be possible in future browser updates. So I am absolutely 100% against this as a systems/security admin, and if they don't allow disabling this and giving complete control via GPO, chrome/FF will be banned company wide. Users are way too dumb to understand the risks involved and will just click yes/ok on anything.
Click to expand...
Yeah...none of that is an actual response to my post which posed a few questions to a different user. You responded to exactly none of them. Moving on....

1. It is an API. it is not anything more. Should we refer to it as "The API of Doom!" instead?
2. I acknowledged more than once it is potentially dangerous. I never stated that I'm in favor of this. The opposite is true.
3. You can trust who you want, I never stated anyone should trust any company.

You're against it. I get that. So am I.
 
You must log in or register to reply here.
Back
Top