
Updating Logitech Hardware on Linux - krakensden
https://blogs.gnome.org/hughsie/2017/05/22/updating-logitech-hardware-on-linux/
======
dopeboy
This is awesome. I've used Logitech hardware for the past 15 years and Linux
for the past 12. Thank you Logitech and thank you Richard.

It's been a long journey but bit by bit, we're getting out of second class
status.

------
treve
This is super great. Impressed by Logitech as well for providing all the raw
details to make this happen.

------
josteink
I hadn't heard about LVFS until now.

Shame to see list of supported/supporting vendors is so short:
[https://secure-lvfs.rhcloud.com/lvfs/devicelist](https://secure-
lvfs.rhcloud.com/lvfs/devicelist)

~~~
audidude
Now that both Red Hat and Canonical (among other enterprise distributions)
will be using this for firmware updates, I'm increasingly optimistic about
more vendors joining in. LVFS is still a fairly young project, so I see the
size of that list as encouraging.

------
gbil
Good for me that I read HN otherwise I wouldn't have know this vulnerability.

What is really worrying is that this is 1 year old yet the unifying receiver
which came with 2 products I bought a month ago from a larger retailer (AMZ
DE) had an older FW. And while it is understandable that the stock AMZ has
might be older than a year, what is unacceptable is that they don't integrate
a warning in their software eg. Logitech Options, which should inform you to
update the vulnerable FW on the unifying receiver.

------
gshulegaard
This is great work! Simple tasks such as managing peripheral devices is still
a source of a lot of friction for Linux desktop. I am gladdened by Logitech's
purported support for this.

------
microcolonel
Maybe it's time to see if we can get vendors to adopt fwupd, or something
which can rely on the same dataset, as a standard cross-platform mechanism for
updating firmware on devices which can conceivably be supported. I imagine it
would take a considerable burden off of those vendors; marketing it as such
has a decent chance of success. Not sure if Richard Hughes (thanks for
assembling my ColorHUG by the way, if I go back to work in the next month or
two I'll definitely get a ColorHug+, since I'm interested in verifying open
source scanner calibration workflows) wants to make a living maintaining a
firmware updater, though. It'd probably have to be somebody else.

------
atemerev
For once, somebody is handling a security breach correctly. Yay, Logitech!

~~~
StavrosK
Am I missing something? From what I read, the author was frustrated by _the
lack of_ correct handling of the breach, and wanted to fix it himself.
Logitech sent him a bunch of info on how the protocol works, but the author
did all the hard work of writing the Linux firmware updater and patch, no?

~~~
csydas
Yes and no. Officially, Linux isn't supported, so Logitech could have just
sent a link to the Supported Systems page and been done with it.

Instead, they sent documentation and got the Dev in touch with Logitech's
internal dev team, and a Linux solution was born.

Would it have been cool if Logitech just did it from the get-go? Sure, but I
think there is an element of "Cool" from Logitech's willingness to be a
resource for the Linux community.

~~~
brokenmachine
I'm more happy with the way this turned out than even if Logitech just
released a closed-source Linux updater.

Props to Logitech. The more info out there about a device, the more likely I
am to buy it.

------
digi_owl
While i welcome the openness from Logitech, there are some elements that irks
me.

First off i do not like the trend of giving every damn vulnerability found a
cute name and logo.

Second, the tool presented here seems overly reliant on the presence of the
Freedesktop permissions model.

Rather than having a tool that root can run to do the firmware update and
leave it at that, there is talk of daemons and d-bus interfaces to schedule
updates and whatsnot.

Maybe all this makes sense once one has 1000s of computers one wants to manage
from a central UI. But for individual desktops it seems massively
overdesigned.

------
sofaofthedamned
Superb! We need more of this! I love my Logitech kit as it always seemed more
reliable than the generic 2.4ghz stuff, this will make it better - thank you.

------
cat199
nice.. the OSS pairing stuff is great (solaar), now it will be better.. will
continue to recommend logitech items to everyone I know..

------
sneak
TL;DR: using free software to ease the process of downloading and running
binary blobs.

f/loss is starting to look like religion as long as we have these arbitrary
boundaries.

~~~
mwill
I'm not sure if you're implying they should have used incomplete, unstable
reverse engineered verion, or just used Windows to do the update, but if its
the latter:

    
    
      For people running Linux exclusively, like a lot of Red Hat’s customers
    
      Some devices are plugged in behind racks of computers forgotten, or even hot-glued into place and unremovable
    

Hardly seems like ideology was the limiting factor.

~~~
sneak
I'm talking about the software actually being updated; i.e. not the stuff
running on the CPU.

