
Show HN: Web Bluetooth - punnerud
https://webbluetoothcg.github.io/web-bluetooth/
======
Waterluvian
Is the browser sandbox going to keep growing until it's pretty much a somewhat
pared down desktop virtual machine?

Not implying this is good or bad.

~~~
stephenr
One particular browser vendor has a particularly strong incentive to push more
and more computing "access" through their own controlled channels, core of
which is making "everything" accessible through a browser (for some values of
accessible and for some values of browser)

WebRTC started at Google, and oh wait it can expose local network information
without so much as a prompt or notice?

WebUSB started at Google and the security section of the spec basically says
"some truly evil shit could happen via this API. Because of that, the spec
leaves any notification or prompting about access to devices up to
implementors. " _may_ display a permission prompt" is not something you want
to see on anything providing a website access to your local devices.

and now we have WebBluetooth.. oh look. 4 Google staff contributors with 97%
of the commits to the spec doc repo. Oh look and the security section also
basically says "this shit could seriously fuck up your monday my man".

Never make the mistake of thinking that Google gives two shits about the
security of the people using it's $0 services/products. This is a company that
force included Flash Player as the rest of the world was finally ready to give
up that piece of shit, and _still_ ships it today.

~~~
drdaeman
They should care about security. Exploited machines do disrupt their business
(e.g. spam, hacked websites, hijacked extensions).

~~~
stephenr
Unless the spam/hack/hijack just happens to block Google tracking cookies and
prevent access to Google web properties, no it doesn't disrupt their business
at all.

Google's business is selling web ads.

------
tarikjn
I fail to see some good use cases, does anyone have any examples of useful
usages for this API? The example in the draft is for a heart rate monitor, but
that would seem only useful for live monitoring. Other things I can think of
would be game controllers, but they may not necessarily be bluetooth, and
could be mapped to standard input.

~~~
IshKebab
Combined with the Physical Web you can do really cool things like interacting
with physical stuff without downloading an app.

Think parking meters, vending machines, ticket machines, art installations
(e.g. there's one where you can play snake on fountains), museum exhibits,
building controls (lights, air conditioning, etc.).

~~~
akerro
>downloading an app.

I still need a browser, depending on what I use, still have to download it.

~~~
herpad
Just for the sake of argument, you will download the necessary browser how
exactly?

~~~
stephenr
Well it could be that the browser that ships with the OS doesn't support "All
your keyboards are belong to us". Sorry. Web Bluetooth.

------
omgmog
It's pretty powerful stuff, though I'm sort of leaning towards the idea of
"how much is too much in the web browser?".

I've been playing with some Web Bluetooth enabled things lately, namely the
"Puck.js"[1] piece of Espruino[2] hardware and it's Web Bluetooth browser-
based IDE[3].

The browser-based controls for device discovery (in Chrome at-least) are quite
nice/intuitive.

[1] [http://www.puck-js.com/](http://www.puck-js.com/) [2]
[http://www.espruino.com/](http://www.espruino.com/) [3]
[https://www.espruino.com/ide/](https://www.espruino.com/ide/)

------
nunez
This is awesome and scary at the same time.

~~~
jaflo
Why scary?

~~~
Waterluvian
Haven't read the spec and am totally uninitiated in this kind of thing. But
doesn't it add a very broad surface for attack?

~~~
akerro
At least this one has a section "security", WebUSB that was designed by Google
employees didn't have that section.

------
Kliment
I think it's extremely important to note that this only specified a BLE API,
rather than normal bluetooth.

------
patates
Puck.js uses this for editing the code on the device through a Web-based IDE.
I find it very cool.

------
mdrzn
> _getAvailability() informs the page whether Bluetooth is available at all.
> An adapter that’s disabled through software should count as available._

Not happy with this choice.

