from Hacker News

Updating Logitech Hardware on Linux

by krakensden on 5/23/17, 5:44 PM with 21 comments

  • by dopeboy on 5/24/17, 10:16 PM

    This is awesome. I've used Logitech hardware for the past 15 years and Linux for the past 12. Thank you Logitech and thank you Richard.

    It's been a long journey but bit by bit, we're getting out of second class status.

  • by treve on 5/24/17, 9:31 PM

    This is super great. Impressed by Logitech as well for providing all the raw details to make this happen.

  • by josteink on 5/24/17, 9:38 PM

    I hadn't heard about LVFS until now.

    Shame to see list of supported/supporting vendors is so short: https://secure-lvfs.rhcloud.com/lvfs/devicelist

  • by gbil on 5/25/17, 6:15 AM

    Good for me that I read HN otherwise I wouldn't have know this vulnerability.

    What is really worrying is that this is 1 year old yet the unifying receiver which came with 2 products I bought a month ago from a larger retailer (AMZ DE) had an older FW. And while it is understandable that the stock AMZ has might be older than a year, what is unacceptable is that they don't integrate a warning in their software eg. Logitech Options, which should inform you to update the vulnerable FW on the unifying receiver.

  • by gshulegaard on 5/24/17, 8:58 PM

    This is great work! Simple tasks such as managing peripheral devices is still a source of a lot of friction for Linux desktop. I am gladdened by Logitech's purported support for this.

  • by microcolonel on 5/25/17, 9:40 AM

    Maybe it's time to see if we can get vendors to adopt fwupd, or something which can rely on the same dataset, as a standard cross-platform mechanism for updating firmware on devices which can conceivably be supported. I imagine it would take a considerable burden off of those vendors; marketing it as such has a decent chance of success. Not sure if Richard Hughes (thanks for assembling my ColorHUG by the way, if I go back to work in the next month or two I'll definitely get a ColorHug+, since I'm interested in verifying open source scanner calibration workflows) wants to make a living maintaining a firmware updater, though. It'd probably have to be somebody else.

  • by atemerev on 5/25/17, 12:30 AM

    For once, somebody is handling a security breach correctly. Yay, Logitech!

  • by digi_owl on 5/25/17, 4:35 PM

    While i welcome the openness from Logitech, there are some elements that irks me.

    First off i do not like the trend of giving every damn vulnerability found a cute name and logo.

    Second, the tool presented here seems overly reliant on the presence of the Freedesktop permissions model.

    Rather than having a tool that root can run to do the firmware update and leave it at that, there is talk of daemons and d-bus interfaces to schedule updates and whatsnot.

    Maybe all this makes sense once one has 1000s of computers one wants to manage from a central UI. But for individual desktops it seems massively overdesigned.

  • by sofaofthedamned on 5/24/17, 9:29 PM

    Superb! We need more of this! I love my Logitech kit as it always seemed more reliable than the generic 2.4ghz stuff, this will make it better - thank you.

  • by cat199 on 5/24/17, 11:30 PM

    nice.. the OSS pairing stuff is great (solaar), now it will be better.. will continue to recommend logitech items to everyone I know..

  • by sneak on 5/25/17, 10:53 AM

    TL;DR: using free software to ease the process of downloading and running binary blobs.

    f/loss is starting to look like religion as long as we have these arbitrary boundaries.