[conspire] Flashing twelves

Ivan Sergio Borgonovo ivan at webthatworks.it
Wed Mar 20 05:26:45 PDT 2024 


On 3/20/24 8:04 AM, Rick Moen wrote:
> Quoting Ivan Sergio Borgonovo (mail at webthatworks.it):
>> On 3/19/24 11:12 PM, Rick Moen wrote:
>>
>>> Point is, an "Android + iPhone API" is not required.  HTTP 1.1 + HTML
>>> 3.2 works just great.
>>
>> once you've a web server on your device you're so so so near to
>> exposing your appliance to the net and accessing it through a
>> webview in an app that manufacturers will sabotage the "web server
>> in the appliance" and sell the cloud + app as a feature.
> 
> If, hypothetically, the appliance had _only_ NFC (e.g., Bluetooth)
> as its path to the admin WebUI, is that really near to exposing it to
> the Net / the outside world?  I'm honestly not very sure.

Problem is... it is way easier to build up something based on whatever 
tcp/ip rather than nfc/bluetooth.

Sure you could use Bluetooth tethering but the benefit perceived by the 
user is marginal, the complexity for the user is going to be greater and 
the benefit for the manufacturer will be none.

Once you're on the "let's use http/html" next step is hiring any "web 
agency" that won't need any android/iphone expertise to build up a 
webview app.

But now there is no reason to store html, js, css on the appliance.
The C programmer can do what he knows best... offer an HTTP api.
And you could go even further... move the logic, the css, js and html on 
"the cloud" so you won't need to update the app (packaging, uploading 
bla bla bla).
No firewall configuration problems and a lot of opportunities for the 
manufacturer to gain money.

Of course the http api is not public and even if it was the 
authentication won't be. You authenticate to the cloud, the manufacturer 
authenticate to the appliance. Once the manufacturer is hacked you're 
fucked.
Safe firmware upgrades on small system are tricky.
On more expensive system you may have a lcd touch panel etc...

Skipping the "cloud" part makes it hard to configure and maintain the 
whole system and offers few appreciable advantages to the "average" user.

Add all the implications about smart homes etc...


-- 
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net

More information about the conspire mailing list