A universal Web-USB plugin for all browsers

Submitted by brad on Fri, 2008-02-29 02:10
Topic: 
Best Of Blog
Inventions
Internet

As our devices get more and more complex, configuring them gets harder and harder. And for members of the non-tech-savvy public, close to impossible.

Here's an answer: Develop a simple browser plug-in for all platforms that can connect a USB peripheral to a TCP socket back to the server where the plugin page came from. (This is how flash and Java applets work, in fact this could be added to flash or Java.)

Once activated, the remote server would be able to talk to the device like its USB master, sending and receiving data from it and talking other USB protocol commands. And that means it could do any configuration or setup you might like to do, under the control of a web application that has access to the full UI toolset that web applications have. You could upload new firmware into devices that can accept that, re-flash configuration, read configuration -- do anything the host computer can do.

As a result, for any new electronics device you buy -- camera, TV remote control, clock, TV, DVD player, digital picture frame, phone, toy, car, appliance etc. -- you could now set it up with a nice rich web interface, or somebody else could help you set it up. It would work on any computer -- Mac, Linux, Windows and more, and the web UIs would improve and be reprogrammed with time. No software install needed, other than the plug-in. Technicians could remotely diagnose problems and fix them in just about anything.

So there is of course one big question -- security. Of course, the plug-in would never give a remote server access to a USB device without providing a special, not-in-browser prompt for the user to confirm the grant of access, with appropriate warnings. Certain devices might be very hard to give access to, such as USB hard drives, the mouse, the keyboard etc. In fact, any device which has a driver in the OS and is mounted by it would need extra confirmation (though that would make it harder to have devices that effectively look like standard USB flash drives into which basic config is simply read and written.)

One simple security technique would be to insist the device be hot plugged during the session. Ie. the plugin would only talk to USB devices that were not plugged in when the page was loaded, and then were plugged in as the app was running. The plugin would not allow constant reloading of the page to trick it on this.

For added security, smarter devices could insist on an authentication protocol with the server. Thus the USB device would send a challenge, which the server would sign/hash with its secret key, and the USB device could then check that using a public key to confirm its talking to its manufacturer. (This however stops 3rd parties from making better configuration tools, so it has its downsides.) It could also be arranged that only devices that exhibit a standard tag in their identification would allow remote control, so standard computer peripherals would not allow this. And the plugin could even maintain and update a list of vendors and items which do or don't want to allow this.

There are probably some other security issues to resolve. However, should we resolve this it could result in a revolution of configuring consumer electronics, as finally everything would get a big screen, full mouse and keyboard web UI. (Non portable devices like cars and TVs would require a wireless laptop to make this work, but many people have that. Alternately they could use bluetooth, and the plugin could have a similar mode for working with paired bluetooth devices. Again, doing nothing without a strong user confirmation.)

This works because basic USB chips are very cheap now. Adding a small bit of flash to your electronics device and a mini-USB socket that can read and write the flash would add only a small amount to the cost of most items -- nothing to many of them, as they already have it. Whatever new toy you buy, you could set it up on the web, and if the company provides a high level of service, you could speak to a tech support agent who could help you set it up right there.

Share on:
  • Reddit logo
  • Facebook logo
  • Twitter logo
  • LinkedIn logo

Comments

drewp

Sat, 2008-03-01 00:46

I like this. For a few more examples, here's what I'd get if the USB devices around me could be reached from remote web servers:

flickr.com could grab the photos from my camera. Another website could take timelapse photos with my camera and compile them into a movie.

HP.com could check on my printer and run an automatic cleaning when I don't use the printer for several days. I also don't mind them gathering usage info on how often I jam the paper, etc.

Remote monitor my UPS. The power company might care to have my outage data. Or I might use a watchdog site that not only checks my web and mail servers, but also my power load.

I have some USB/1-wire temp sensors on my computer. A large building or server room might want to spread sensors like this over many computers, and then they'll want to be gathering the results in a central place. Your web-usb bridge would reduce the custom software on each node.

Games and other interactive sites could make use of unusual input devices, like the PowerMate or a dance pad.

I can connect my laptop to my cell phone for networking (or use nearby wifi). I have a GPS that is reached via USB (and then bluetooth). While it's nice for the laptop to know its position, I go to some trouble to broadcast it to a mapping website. It would be fine to instead connect the GPS to the mapping site.

I know all these are separate from your original goal (setup the new TV). I'm in favor of your usages too.

brad

Sun, 2008-03-02 20:59

I have some concern over using such a system to control existing computer peripherals rather than configuring consumer electronics devices that are not normally hooked up to the computer. It is useful, of course, but presents several challenges.

First of all, established peripherals (printers, UPSs and others you name) tend to have drivers already installed on the computer. There are issues in attempting to communicate with a device which already has a driver talking to it. That driver could of course already provide a means for web sites to talk to the device, which is both good (you are running native code on the machine) but also sometimes more limiting -- you can only do what the driver writers planned for you to do. It also is not portable over all OSs the way raw USB access is.

You would have to suspend normal driver operations. This may not be easy, though in theory should be possible with many devices. In addition, there are security issues with providing access to established peripherals.

On the other hand we don't want most device drivers to be reporting home on us without our knowledge or consent. A key factor of the plugin I describe is that it would be an overt act. Go to a web page with the plugin, and see a dialog pop up saying "Do you want to give control of USB device XXX to the YYY web site?" Letting the power company monitor a UPS is more spyware-like.

mendel

Tue, 2008-03-11 08:46

A good device is one where the designers have come up with an easy way to use a minimum number of available controls through eliminating bloat and finding an intuitive way to use the control.
Giving the designer teh option to forgo the expensive process of developing a good interface and instead making do with a couple of quickly slapped together web pages will make your average device more of a pain to administer than it is today.

brad

Tue, 2008-03-11 14:02

And probably will, but there are still products that need UI to be usable and customizable, and I would rather have the option for a big screen, web-connected UI than trying to cobble something on a device with 3 buttons.

Add new comment