

Turn your phone into a remote control for your browser - mustardamus
http://pairs.io/

======
xarball
What are you doing to prevent government tampering, MITM attacks, or other
dangers? You seem to have put a lot of thought into the security of the
implementation, though it might help you spread it to the do-it-yourself-er
culture if you explained what you were doing a bit to keep things secure.

Is the cipher completely encrypted all the way from the phone to the desktop,
whilst being tunneled through your server?

And if it's as secure as you say it is, what stops people from proxying their
own arbitrary payloads through your tunnel? (-- that is to suggest that you're
being as honest as you are about not decrypting anything the entire way from
the phone through your cloud to the desktop...)

If it's that secure, what would stop a botnet from theoretically leveraging
this as misdirection?

And what is the purpose of the cloud server here? If someone had their own
hosting, would they still need to rely on your server to route the commands?

All questions and criticisms aside, I've always wanted something that could do
this for my house without having to rely on an external entity... I think
paranoia has taken a rather large toll in our culture today, because anything
with the word 'cloud' in it starts to give all programmers the chills unless
it comes with some assurances of trust, longevity, and ultimately devotion.

I'd almost suggest selling a piece of hardware that people could install in
their houses, simply because it's extensible for your purposes, users can
maintain control over it, and it's far more difficult to isolate as a target,
and ultimately it allows people to decide whether to "connect indefinitely to
any company" for continued operation.

I mean, if you pick up any cloud-based mobile control software from any major
manufacturer today, they all create this massive problem of a surrogate
dependency on the cloud in their implementation.

These days you can't even set up an IR mobile control product without sending
out your wifi password through a web-based silverlight UI hosted in the cloud
just to get it to the product that's meant to use it! That's so far backwards
security-wise that it's teaching people to send their login credentials the
wrong damned way!

Hopefully everyone sees what's going on here?

~~~
OedipusRex
You picked up a nerf gun and expected an AR-15, this is just a little demo of
something cool this person created, I doubt that making this water tight was a
large goal, at least for now.

~~~
xarball
Oh well in that case it's all in good fun.

I didn't mean anything by it - only an industry observation.

Happy to play along :)

------
statictype
Works on my Nexus 4. Neat idea but it's already been done many times, unless
I'm missing something?

I can pair the Youtube app on my phone with my TV the same way and search/play
items from my phone.

~~~
mustardamus
Great, thanks for testing.

Yes, it has been done. I am aware of
[http://www.remoteless.no](http://www.remoteless.no) & Co. I myself coded a
Grooveshark Remote in a similar fashion for the Nodeknockout 2012.

What the difference is, is that I don't want to code another remote control
that is capable of doing x and y for service z. I want a simple JS API to code
new remote controls. The service is to provide a framework for that. And by
"that", I mean future.

------
kureikain
This looks very cool. I had the same ideas, but for the slideshow control for
remote control speakerdeck.com and slideshare.net [1]

The technology stack that I used is quite simple: Go Lang, Firebase and a
bookmarklet. I plan to replace Firebase with CouchDb and TouchDB later.

If you can explain how you send the data between client and server, that will
be a big help.

\----------

[1] [https://axcoto.com/qslider](https://axcoto.com/qslider)

~~~
jamiemills
Check out [http://uslide.net](http://uslide.net) \- its been available for
over a year or more and does this very well

~~~
mustardamus
Thanks for the share. I'm gonna have a look.

------
pimlottc
Minor nit: On my phone, the placeholder text for the verification code input
box reads "five digits". My code was "9tlni". Only one of those is a digit.

~~~
mustardamus
You are obviously right! Changed to "5 characters". Thanks for pointing that
out.

------
couchand
There's something funky with your QR code. My reader doesn't recognize it as a
URL (it seems to be just the plain text type). There was also a space in the
URL that I had to delete before my browser would recognize it as a valid URL.
(fyi I'm running Cyanogenmod with their stock browser and the Obsqr QR
scanner).

~~~
mustardamus
Fixed the space issue by encoding/decoding the data with Base64. Thanks for
the hint, hope it works for you now.

------
anilyeni
well this is the same hoby project that i am working on. The thing is this is
not remote control for "browser". This is remote control for the api
integrated web page. Mine project called "peegle" works with a chrome
extension. So I can call it remote controller for browser. Just check it maybe
we can do something together.

~~~
mustardamus
You are right, for this demo the title is a bit misleading. Haven't really
thought about it. However, my plan is also to create something similar to you
at a later stage. To control one website with the remote, which will control
the browser via a extension.

What is your setup?

~~~
anilyeni
chrome extension - node.js - webapp/iphoneapp

------
hashx
If you turn on dim in the browser, the status isn't reflected in the
phone.Thereafter off becomes on and vice-versa

~~~
mustardamus
Good catch. It's because I cheated. The command will be sent from the phone to
the desktop, the phone on the other hand does not receive the state of the
dim. Button text is just changed by click event. Gonna change soon.

------
michaelmior
Curious what the purpose of the visual verification code is. I don't see any
obvious reason this is necessary.

~~~
mustardamus
In the QR code a URL with connection id and encryption key (generated by the
desktop) is stored. The visual verification code encrypts these parameters to
prevent them from showing up in the phones browser history in plain text.

~~~
michaelmior
Got it. That makes sense :)

------
hrktb
There's a space in the url in the QRcode that needs to be removed (it's 24~25
characters from the end)

~~~
mustardamus
Fixed by encoding/decoding the data in the URL with Base64. Thanks for the
hint.

------
tzaman
Not sure what it does? I don't need controlling the browser remotely, I sit
right behind the computer :)

~~~
hrktb
I guess you could use the same system to control a screen behind a showwindow,
or have limited control of a remote tab (the user lets you use his tab to do
or show something specific to him). It's a nice demo I think.

~~~
mustardamus
Thank you! Interesting applications. You could also do a multi device game
with it. Or with the help of a browser extension control the entire tabs (eg.
having one remote for multiple services).

------
natch
Nice idea but does not work on my fully up-to-date iPhone 5s. After putting in
the code and tapping "Pair" the pair button just flickers slightly and nothing
else happens. Tried with two different codes, rescanning the QR code each
time.

~~~
mustardamus
Thanks for testing. It's fresh of the shelf and I have not tested it with any
other than Chromium/Firefox on Linux and Android/Chrome browser on a Android.

Assuming it would work cross device out of the box, because it _should_, was a
idea I was comfortable with. I'll make it work.

~~~
netchaos
Not working on my Nexus 5 device. No response after tapping the "Pair" button.
Can't wait to try it.

Update: Works when I use Chrome beta on my phone.

~~~
mustardamus
Nice, thanks for the hint.

------
techaddict009
Great Idea! Does it work on any phone?

~~~
mustardamus
It should. natch pointed out it does not work on a iPhone, yet.

~~~
natch
It's been fixed for iPhone :-) apparently. At least it works for me, now.

------
notastartup
can you explain the tech behind this? how do you deal with latency

