This is awesome. I've used Logitech hardware for the past 15 years and Linux for the past 12. Thank you Logitech and thank you Richard.

It's been a long journey but bit by bit, we're getting out of second class status.

This is super great. Impressed by Logitech as well for providing all the raw details to make this happen.

I hadn't heard about LVFS until now.

Shame to see list of supported/supporting vendors is so short: https://secure-lvfs.rhcloud.com/lvfs/devicelist

Good for me that I read HN otherwise I wouldn't have know this vulnerability.

What is really worrying is that this is 1 year old yet the unifying receiver which came with 2 products I bought a month ago from a larger retailer (AMZ DE) had an older FW. And while it is understandable that the stock AMZ has might be older than a year, what is unacceptable is that they don't integrate a warning in their software eg. Logitech Options, which should inform you to update the vulnerable FW on the unifying receiver.

This is great work! Simple tasks such as managing peripheral devices is still a source of a lot of friction for Linux desktop. I am gladdened by Logitech's purported support for this.

Maybe it's time to see if we can get vendors to adopt fwupd, or something which can rely on the same dataset, as a standard cross-platform mechanism for updating firmware on devices which can conceivably be supported. I imagine it would take a considerable burden off of those vendors; marketing it as such has a decent chance of success. Not sure if Richard Hughes (thanks for assembling my ColorHUG by the way, if I go back to work in the next month or two I'll definitely get a ColorHug+, since I'm interested in verifying open source scanner calibration workflows) wants to make a living maintaining a firmware updater, though. It'd probably have to be somebody else.

For once, somebody is handling a security breach correctly. Yay, Logitech!

While i welcome the openness from Logitech, there are some elements that irks me.

First off i do not like the trend of giving every damn vulnerability found a cute name and logo.

Second, the tool presented here seems overly reliant on the presence of the Freedesktop permissions model.

Rather than having a tool that root can run to do the firmware update and leave it at that, there is talk of daemons and d-bus interfaces to schedule updates and whatsnot.

Maybe all this makes sense once one has 1000s of computers one wants to manage from a central UI. But for individual desktops it seems massively overdesigned.

Superb! We need more of this! I love my Logitech kit as it always seemed more reliable than the generic 2.4ghz stuff, this will make it better - thank you.

nice.. the OSS pairing stuff is great (solaar), now it will be better.. will continue to recommend logitech items to everyone I know..

TL;DR: using free software to ease the process of downloading and running binary blobs.

f/loss is starting to look like religion as long as we have these arbitrary boundaries.