Comment by lordofgibbons

Comment by lordofgibbons 3 days ago

7 replies

View on Hacker News

How and why do browsers allow this? Why wouldn't the browser ask for permission in the same way that it does for Microphone access?

It's insane to allow any random website to port scan my LAN. If this wasn't a "feature", I would have considered this a high severity vulnerability

JJJollyjim 3 days ago

Chrome doesn't allow it - local network services have to opt-in to being fetchable from public sites (https://github.com/WICG/private-network-access), although they're replacing it with a user-permission-based approach (https://github.com/WICG/local-network-access).

(There is some language online suggesting PNA has not actually shipped, but I experienced it myself in stable Chrome several years ago, so I am unsure of the current state).

Firefox doesn't implement either approach -- I assume this is indicative of their lack of development resources.

Reply View 5 replies
  • adithyassekhar 3 days ago

    > Firefox doesn't implement either approach -- I assume this is indicative of their lack of development resources.

    Since ublock had this as a feature for a long time, I'm sure they are aware of it. Unlike other non funded oss projects, Firefox can't and shouldn't shield themselves with this lack of development resource excuse. They have millions.

    Reply View 4 replies
    • johncolanduoni 3 days ago

      A trillion dollar company (that loves huge vanity projects) gave up on maintaining a browser because it was too much work and just ship a Chrome fork now. I won’t defend Mozilla’s allocation of their resources, but even if they put it all into the “right” Firefox features the web platform is too complex and too much of a moving target for a company with mere centi-million revenues.

      Reply View 3 replies
      • adithyassekhar 3 days ago

        To be honest they weren't trying to build a better browser. Atleast not anymore, earlier edge was nice. They just wanted more data for ads / money. Going the chrome way was more profitable for them.

        I thought Mozilla was different.

        Reply View 0 replies
      • sitkack 3 days ago

        They are also firing as many senior folks as possible. You should revisit what ever argument you are trying to make.

        Reply View 1 reply
        • johncolanduoni 3 days ago

          Microsoft? Were they firing as many senior folks as possible in 2018 when they announced they would give up on EdgeHTML and Chakra? Or in early 2020 when it actually came together? That’s not my recollection of the FAANG-ish job market at the time these decisions were made.

          If you meant Mozilla, they’re a total indefensible trashfire for sure. But I’m not convinced they could have succeeded with their resources.

          Reply View 0 replies