Logitech Will Restore Third-Party Harmony Home Automation

After issuing a firmware update that reportedly cut off local access for Harmony Hubs, Logitech says it will offer yet another update to undo the move and restore local network control. The Verge reports: While Logitech originally defended its move to make the Harmony Hub unresponsive to third-party home automation software -- arguing that the private APIs were never meant to be used for anything except setting up the Harmony Hub for the first time, and that keeping them around meant maintaining a security hole -- Logitech has now relented, saying it's "working to provide a solution for those who still want access despite the inherent security risks involved." That solution is basically an about-face: Logitech will undo the change it made in the first place by restoring access to XMPP local controls with a new update, so that third-party home automation software like Home Assistant can see and operate the Hub over your local network. Logitech's calling it a "XMPP beta program" for now, and says it'll make the update available to all Harmony customers in January as well.

Walk Away from Corporate Tyranny

Free Software developers of the world, open your eyes! Our communities are being raped, our work pillaged.

Detestable villains - thieving, mean spirited, belligerent, racist, unprincipled - are using underhanded tricks to force hypocritical "Codes of Conduct" on the projects we built.

These petty-authoritarian CoCs are always imposed anti-democratically. There is never free debate, and usually no public discussion at all. They are imposed by force without a vote. If the CoCs were put up for a fair democratic vote by project contributors, they would always lose by a landslide.

The purpose of these CoCs is to allow social activists, who have contributed nothing to the project, to conduct witch hunts against anyone who opposes their hate-driven agenda. Thereby they plan to steal our work for their shadowy corporate paymasters.

You can readily tell these CoCs are not about "just being nice" - because they are ALWAYS supported by the very LEAST NICE, most aggressively mean and shamelessly bigoted people you can imagine. Look how the CoC-mongers treat anyone who disagrees with them as subhuman.

If a project to which you contribute has been raped by CoC-mongers there is a simple solution: WALK AWAY. Never contribute again. If you have a patch almost ready, count the time you spent on it as a loss and throw it away. If you see a security issue, remain silent and do nothing. IT'S NO LONGER YOUR PROJECT. YOU ARE NOT WELCOME THERE.

If you are evaluating new software, don't even consider any projects burdened under the tyranny of a CoC. Their technical attributes do not matter - just don't consider them. Never be openly political, always make up a technical reason for rejecting CoCed projects.

Don't argue in public about the CoC. Doing so only exposes you to needless risk. You might be dis-employed, blackballed, and even set up for a #MeToo purge. Just stay far away. If you resign from a project that gets CoCed, try to do so on the same day the CoC is imposed. But give "spend more time with friends & family" or "pursue other interests & projects" as your reason for resignation. Protect yourself!

Comrades: Individually we are powerless, and easily crushed beneath the iron boot of Corporate Social Just-Us. But together in solidarity we are millions and we are strong. The Internet itself depends on our collective labor. If we stop working, the internet stops working.

Free Software developers, save yourselves and save your communities! Just WALK AWAY from any project with a CoC. Without our labor they are nothing.

Bravo

Logitech have always been good guys.

Re: Bravo

Huh?

Re: Bravo

I saw this update but I do not need it. What is it they say? Lack of planning on your part does not constitute an emergency on my part?

Surprised that they didn't turn it into a monthly

Want to control your lights? That'll be 4.95, please.
Your heating/cooling? Another 4.95, please.
And so on...

Re:Surprised that they didn't turn it into a month

It's not too late for that

Re: Surprised that they didn't turn it into a mont

Can we make a new site called slashHollyeoodDot? I find this stuff boring and I want to read the salacious news about brangelina instead

Re:Surprised that they didn't turn it into a month

[Alwin+Henseler]

Rates would have to be reasonable, of course. Otherwise a whole cottage industry would pop up of 'home control service assistants' (read: people) that get called to someone's house, just to flip a few buttons and move some thermostat dials. Offering "flush toilet" and "put book back on the shelf" as value-added services.

Ridiculous, right? Never mind - you heard it here first!

Re: Surprised that they didn't turn it into a mont

The free market would lead to accurate pricing of those services, rendering all but logitech original position invalid - I would wonder how those services would be advertised. Clearly some would use routers from the established brands like blast which may be goin out of style. Other older brands like HP might make the grade

Nonsense

[markdavis]

>"arguing that the private APIs were never meant to be used for anything except setting up the Harmony Hub for the first time, and that keeping them around meant maintaining a security hole"

That is just nonsense. If they only thought that then they should have:

1) Told users exactly what they were going to do and why.
2) Turn it off by default after the update.
3) Put in an option in setup to turn it back on, locally only.
4) Document how to turn it on and why/how it could be dangerous.
5) Perhaps add filters or controls to help restrict access when it is on.

Re: Nonsense

If they just had the assistant tell you all this in a really sexy voice you wouldnâ(TM)t need documentation

Re:Nonsense

[drinkypoo]

If they are not using it any more, then literally removing it means no longer having to support it. Your solution offers Logitech nothing, and means more work for them. I still don't think they should remove it, on the basis that people are using it and they put it in there to begin with, but I understand why they wanted to rip it out completely.

Re:Nonsense

[tlhIngan]

If they are not using it any more, then literally removing it means no longer having to support it. Your solution offers Logitech nothing, and means more work for them. I still don't think they should remove it, on the basis that people are using it and they put it in there to begin with, but I understand why they wanted to rip it out completely.

It also removes a potential security hole - because heck, who knew if that interface was authenticated? Or perhaps the implementation has an overflow bug that lets you take it over? We all say IoT stuff is insecure, so a manufacturer wanting to close off something they didn't use anymore (and didn't advertise as having) means a more secure product. In general, a good thing.

It's not up to Logitech to research that hey, some people have discovered this private interface and used it in their home automation systems. As far as Logitech is concerned, it's a deprecated interface that should be closed off to make the product more secure.

Of course, they probably got surprised at the number of people who were using it - given it wasn't advertised as a product supporting it and decided to perhaps turn it from an unsupported insecure interface into a supported secure one. This will probably take some time to do as now the code has to be audited for security flaws (which probably exist, which is why they removed it instead of fixed it), and the interface properly documented. And secured, to ensure only authorized users can access your home automation system and not some random person on the Internet.

Re: Nonsense

Yeah but you could just turn the damn thing off if it isnt working for you

Re:Nonsense

[markdavis]

>"If they are not using it any more, then literally removing it means no longer having to support it. Your solution offers Logitech nothing, and means more work for them"

But they didn't claim they removed it because it was more work for them or was difficult to support or cost them money. They just claim it was a security hole and never meant to be used like that in the first place. Which is silly- I find it impossible they didn't know lots of people were using it, it is probably all over all kinds of forums.

It is bad enough for them to be "mean", worse to be dishonest too.

Re:Nonsense

[omnichad]

They had to have some people on staff whose job or was to figure out how people were really using their products to aid for product development (ok, really they've probably stagnated instead). Just seeing the number of people that integrate with them despite not giving an interface or having a formal partnership should make it plainly obvious. I would be a little surprised of they didn't know exactly what they were doing and had plans to launch a new product where they could officially monetize their integrations

Re:Nonsense

But they didn't claim they removed it because it was more work for them or was difficult to support or cost them money. They just claim it was a security hole and never meant to be used like that in the first place. Which is silly- I find it impossible they didn't know lots of people were using it, it is probably all over all kinds of forums.

It is bad enough for them to be "mean", worse to be dishonest too.

This coming from you is so laughable I can barely believe it.

You're the same markdavis that posted in another thread about Firefox doing GOOD for removing old plugin APIs 90% of their users depended and relied on.
Now that it is Logitech doing the same thing, they are mean and dishonest!

hypocrisy overload

Here:

But they didn't claim they removed it because it was more work for them or was difficult to support or cost them money. They just claim it was a security hole and never meant to be used like that in the first place. Which is silly

There:

Yes, it can be a pain to find a replacement for addons, but the changes Mozilla made were absolutely necessary to fix move forward with the desired performance, stability, and security goals. So I am glad they bit the bullet and changed

Can't make up your mind?

Re:Nonsense

[markdavis]

>"This coming from you is so laughable I can barely believe it. You're the same markdavis that posted in another thread about Firefox doing GOOD for removing old plugin APIs 90% of their users depended and relied on."

Mozilla told us well in advance what they were doing, and it wasn't turning off or removing anything, it was a redesign with replacement. They HAD to do it to move forward with more than just security, but for performance and stability. They didn't overnight just "do away" with addons and wipe their hands of it, but changed the structure carefully. Logitech completely discarded something (total loss of functionality) they knew people were using legitimately, with no notice, and no workaround, and no replacement functionality, and probably more because they were trying to save money on a PAID device.

You are comparing apples to oranges (and doing it anonymously at that) and then calling it hypocrisy.

Re:Nonsense

[rtb61]

Problem is, they knew exactly what people were doing with it and exactly what problems it would cause all those people and what it would cost them and well, they just did not give a fuck, there was gold in them thar hills of rejected product to buy logitech product. I would not trust them here in after. This is what they were quite willing to do to inflate their profits until they were forced to chicken out, cluck, cluck, cluck.

Re:Nonsense

[DeVilla]

...it wasn't turning off or removing anything, it was a redesign with replacement.

Yeah. That's "If you want to keep your doctor / insurance ..." dishonest. There are plenty of once useful extensions for Firefox that don't work and can't work, because the APIs necessary to re-implement them have not been "replaced". I'm getting by, but I hate the web a lot more now than when I could at least make a browser behave in a tolerable fashion.

Re:Nonsense

[markdavis]

I don't disagree that it was painful and that there aren't some still-lingering effects. But it seems most everything useful for most people is still there. I do wish for more UI API's.... I think they will be coming.

Don't trust logitech, it'll be killed off again

When everything has died down again they'll quietly kill it off. It's what logitech does best - those of you that havent learned this about their company yet need to wake up.

They have a long history of shit like this. Look up their previous product nightmares.

Privacy by Design?

[mrwireless]

Removing the ability to control a smart home device form the local network might have gone against the GDPR's "privacy by design" principle. Perhaps their legal team pointed this out?

I suspect/hope that in the future we will see more smart devices that go beyond the "cloud-first" or "cloud-only" control schemes. It should be possible to have a smart home that never connects to the internet. Open Source home automation software like Home Assistant makes this possible.

Re: Privacy by Design?

There are a shortage of qualified home assistants. I bet an enterprising fellow could figure out how to get more out to the market.

Re: Privacy by Design?

Yeah it is about distribution. The GDPR actually turned distribution into a nightmare. Some people have more managers and lawyers investigating compliant distribution methods than they do on the entire rest of their businesses. Need more forward thinking people

Re: Privacy by Design?

Brussels received a ton of requests to make specific GDPR exceptions - they ignored them all - we will never be able to calculate the economic damage that did

Re: Privacy by Design?

I guess they must have been worried about rich people taking the government to court.

Re: Privacy by Design?

I read your post like it says, there's a shortage of maids and butlers.
Probably there's a shortage of spouses, siblings or affordable pubs for the everyday man. And too much gentrification drives out the human voices, hands and feet. You've become a $100k/year tech proletarian, living in a million dollar house. There's no one left to speak to so you have to replace life with a $20 smart speaker.
Some things are efficient like window blinds that open and close themselves to reduce the heating bill and maximize sunlight when wanted. Let's hope this can be done to better life in a small way rather than turn it ever more into a fordist assembly chain.

Re: Privacy by Design?

So you want to do away with Technology so the "House Nigra" can have his job back?

Re: Surprised that they didn't turn it into a mon

Yeah! I want to hear more about how Angelina spent millions on lawyers to sue brads manager for giving him some girls phone number.

IoT business model

Having a home automation system that does not connect to the internet would defeat the whole business model of these IoT companies. They have no interest in letting you control your system and keeping all that valuable data on your systems. They want to collect it all, analyze it, and sell it to the highest bidder. YOU are the product they are selling. This is why I do not have these things in my home.

Re:IoT business model

[omnichad]

All those valuable light switch toggle timings in a massive database. I'm sure someone's really drooling at a chance at getting that. For reasons.

Re:IoT business model

I imagine would-be thieves would love to get their hands on the data as it essentially maps out when people are home.

The reason?

[freeze128]

It would be interesting to find out the exact reason that they decided to backtrack. Was it because of the sudden increase in support calls? Was it because their forum almost crashed because everyone was posting about how this sucks? Was it because of a deluge of lawsuits to their legal department?

If we can find out what made Logitech come to their senses, maybe it can be done with other tone-deaf companies.

Re:The reason?

Nah, Logitech don't have anyone actively managing the Harmony development team. Their support and bug fixes for it are pretty much non-existent. This just got sufficiently shouty that someone in head office heard about it and jumped on it.

Re: The reason?

[kiki100]

Turn it off by default after the update https://audacity.onl/ https://findmyiphone.onl/ https://origin.onl/

Backward Compatibility

[PhYrE2k2]

This is the bigger issue of backward compatibility. How long should a vendor support a feature they no longer want to support simply because someone is using it?

How much legacy code is in Linux, Windows, and every single program? The bloat, the old compatibility APIs. Sigh.

The coding and API mistakes of the past haunt software forever. Itâ(TM)s why I donâ(TM)t blame vendors for making a major version which breaks compatibility every once in a while.

Re:Backward Compatibility

[drinkypoo]

This is the bigger issue of backward compatibility. How long should a vendor support a feature they no longer want to support simply because someone is using it?

If they don't want to support it, they should bring out a new version, and open source the old one. If the new version if better, then people will use it. If it isn't, then they don't need to bring out a new version, do they?

Re:Backward Compatibility

As it works today, so it will work tomorrow, for all values of today.

Simly provide a "switch" that will disable all Internet communications (inlcuding the retrieval of updates) and thus wipe your ass of the problem. There is no need to make a device unuseable.

Of wait ... the shit won't work if it cannot open unencrypted communication channels to the internet in which all the passwords and WiFi credentials you have told it are transferred to its "masters" at Logitech (and to anyone else interested) on a fairly regular (hourly) basis.

Re:Backward Compatibility

[DeVilla]

Well, if it was billed as a home automation tool, taking away some automation functionality seems questionable. That API may not be what they meant, but it seems they discovered a market they were accidentally serving. If they are wise they will find a way to continue to serve that market, unless those are users they want to serve. But that comes with a trade-off in lost goodwill.

Restored Local Access

Local Network Access has been restored. Remote Access from the Internet was never interrupted.

Hmmm.

Obviously this is to increase "security" so that the device can be installed in foreign network locations not controlled by Logitech.