Updating Logitech Hardware on Linux (opens in new tab)

(blogs.gnome.org)

176 pointskrakensden9y ago21 comments

21 comments

18 comments · 11 top-level

atemerev9y ago· 4 in thread

For once, somebody is handling a security breach correctly. Yay, Logitech!

Am I missing something? From what I read, the author was frustrated by the lack of correct handling of the breach, and wanted to fix it himself. Logitech sent him a bunch of info on how the protocol works, but the author did all the hard work of writing the Linux firmware updater and patch, no?

csydas9y ago

Yes and no. Officially, Linux isn't supported, so Logitech could have just sent a link to the Supported Systems page and been done with it.

Instead, they sent documentation and got the Dev in touch with Logitech's internal dev team, and a Linux solution was born.

Would it have been cool if Logitech just did it from the get-go? Sure, but I think there is an element of "Cool" from Logitech's willingness to be a resource for the Linux community.

2 more replies

mwfunk9y ago

Yeah, and that's great. Most companies wouldn't do that. Most companies would just not do anything to help support Linux at all.

Logitech would get a much bigger warm fuzzy if they did this work themselves, but this is the next best thing.

1 more reply

kalleboo9y ago

I'm just impressed they got through the support barrier to someone who had the authority to make the right decision.

sneak9y ago· 2 in thread

TL;DR: using free software to ease the process of downloading and running binary blobs.

f/loss is starting to look like religion as long as we have these arbitrary boundaries.

mwill9y ago

I'm not sure if you're implying they should have used incomplete, unstable reverse engineered verion, or just used Windows to do the update, but if its the latter:

  For people running Linux exclusively, like a lot of Red Hat’s customers

  Some devices are plugged in behind racks of computers forgotten, or even hot-glued into place and unremovable

Hardly seems like ideology was the limiting factor.

sneak9y ago

I'm talking about the software actually being updated; i.e. not the stuff running on the CPU.

josteink9y ago· 1 in thread

I hadn't heard about LVFS until now.

Shame to see list of supported/supporting vendors is so short: https://secure-lvfs.rhcloud.com/lvfs/devicelist

audidude9y ago

Now that both Red Hat and Canonical (among other enterprise distributions) will be using this for firmware updates, I'm increasingly optimistic about more vendors joining in. LVFS is still a fairly young project, so I see the size of that list as encouraging.

dopeboy9y ago

This is awesome. I've used Logitech hardware for the past 15 years and Linux for the past 12. Thank you Logitech and thank you Richard.

It's been a long journey but bit by bit, we're getting out of second class status.

treve9y ago

This is super great. Impressed by Logitech as well for providing all the raw details to make this happen.

gbil9y ago

Good for me that I read HN otherwise I wouldn't have know this vulnerability.

What is really worrying is that this is 1 year old yet the unifying receiver which came with 2 products I bought a month ago from a larger retailer (AMZ DE) had an older FW. And while it is understandable that the stock AMZ has might be older than a year, what is unacceptable is that they don't integrate a warning in their software eg. Logitech Options, which should inform you to update the vulnerable FW on the unifying receiver.

gshulegaard9y ago

This is great work! Simple tasks such as managing peripheral devices is still a source of a lot of friction for Linux desktop. I am gladdened by Logitech's purported support for this.

microcolonel9y ago

Maybe it's time to see if we can get vendors to adopt fwupd, or something which can rely on the same dataset, as a standard cross-platform mechanism for updating firmware on devices which can conceivably be supported. I imagine it would take a considerable burden off of those vendors; marketing it as such has a decent chance of success. Not sure if Richard Hughes (thanks for assembling my ColorHUG by the way, if I go back to work in the next month or two I'll definitely get a ColorHug+, since I'm interested in verifying open source scanner calibration workflows) wants to make a living maintaining a firmware updater, though. It'd probably have to be somebody else.

digi_owl9y ago

While i welcome the openness from Logitech, there are some elements that irks me.

First off i do not like the trend of giving every damn vulnerability found a cute name and logo.

Second, the tool presented here seems overly reliant on the presence of the Freedesktop permissions model.

Rather than having a tool that root can run to do the firmware update and leave it at that, there is talk of daemons and d-bus interfaces to schedule updates and whatsnot.

Maybe all this makes sense once one has 1000s of computers one wants to manage from a central UI. But for individual desktops it seems massively overdesigned.

sofaofthedamned9y ago

Superb! We need more of this! I love my Logitech kit as it always seemed more reliable than the generic 2.4ghz stuff, this will make it better - thank you.

cat1999y ago

nice.. the OSS pairing stuff is great (solaar), now it will be better.. will continue to recommend logitech items to everyone I know..

j / k navigate · click thread line to collapse