Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So these guys will have IP addresses, wifi network credentials and root passwords for all devices using their services.

The site will provide you with a root password for your embedded device, and you will provide the site with the wifi network and credentials needed to access the network where the device is.

That doesn't sound like good security practice.



So... What is with this trend of making a web service out of something that ought to be a shell script?

Reminds me of yesterday's hn post about making your PDFs look scanned by... Uploading to a web server that runs a ghostscript command.

It's almost as if locally running software is deeply confusing to people and the perception is that you need to have a potentially privacy violating service if you have a friendly ui. Not to mention all the energy wasted running those servers. Is this how bad our society has gotten at writing software?


In 2020, most people's only device is a cellphone.

They can't easily run ghostscript directly, and making a web service is easier than making an app (recompiling ghostscript for all CPU architectures, ...) despite the ongoing hosting costs.


I feel like the right answer to that is to make ghostscript run on a cell phone. I mean... we're already on Darwin or Linux; the userland is weird, but ex. Termux and iSH proves that you absolutely can run a lot of packages all the same. So in my mind, the real question is: Why does the porting and app development experience suck so much? I mean... HyperCard, in 1987, was usable by non-programmers. A/UX had Commando in 1995, which wrapped CLI in a nice GUI. To hear people rant, the height of RAD GUI building was Visual Basic 5 (1997) or VB6 (1998). Have we really lost that much in the ensuing 25 years?


Not just hosting costs. Energy costs. Destruction to our planet.

That is also in addition to sending your documents to who knows who.

You can probably compile ghostscript to javascript via emscripten or similar. I am not sure what this means for its AGPL license.

But maybe this is more a discussion for that other thread.


> You can probably compile ghostscript to javascript via emscripten or similar. I am not sure what this means for its AGPL license.

Shouldn't be any "worse" than running it server-side, since AGPL exists in order to apply to SaaS.


You can change the root password after first boot the same way you would do with Raspbian or Armbian image. We just want to shorten the time the device is running with a default password. You can think of that entered password as it is a temporary one. Wifi configuration is completely optional. You can leave it unconfigured and do it later over serial line. We don't keep any credentials on our servers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: