On 08.03.2021 18:59, Jacob Bachmeyer wrote: > Taylan Kammer wrote: >> On 06.03.2021 22:30, Jacob Bachmeyer wrote: >> In times like that, I wish I had quick >> access to some Unix-like environment with helpful tools like netcat and >> nmap on the client's end. >> >> If I could just open a browser on the client's PC and visit a website >> that boots up a GNU/Linux with useful tools like that, it would be >> pretty amazing. > > The problem is that to be able to implement tools like that, the browser > would need to offer access to the local network at a level that would be > a serious security risk. While nmap and netcat/socat can be great for > development and troubleshooting, they are also great for an intruder's > recon efforts to prepare further intrusions. 8-| Do you want ad > companies routinely port-scanning your LAN?
Browsers already offer websites the ability to access your microphone, camera, GPS location, and even *screen contents* (!). Any sane browser of course asks the user on a per-website basis whether the user would like to allow this. >From a quick web search I found out that there's already a draft for a filesystem API that allows write access and working with directories: https://wicg.github.io/file-system-access/ I'm not really happy at *all* with the state of the WWW, but it mostly has to do with the choices website developers make rather than what browsers are capable of. In principle I see little difference between trusting Debian's package database so much that I never have second thoughts while running "apt-get update && apt-get upgrade", and trusting a specific website so much that I have no second thoughts about them changing the "source code" of a browser-based application they host. Preferably of course, such an application would be released under the AGPL, with a clear indication of what version one is using, and a way for the browser to checksum the whole application to rule out "sneaky" changes that aren't reflected in the version number. With the way the web continues to evolve I wouldn't be surprised if this becomes a major way of rolling out arbitrary cross-platform software in the future. If that happens, I would definitely want to see GNU and the larger free software community be a part of that future. - Taylan
