back to article A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed off

Pity the poor users of Logitech's Harmony smart home system: last year they were told the manufacturer was going to brick its Link hub and forced them to buy the latest version. This year, just in time for Christmas, it has effectively bricked that new hub for anyone using it to connect to other devices. "Logitech recently …

  1. redpawn

    Be like me

    Just replace all your tech every year and the problems will go away. You know you'll feel safer too. Come on get with the program now. The tech industry depends on you and your new kit will be secure for the better part of six months.

    1. Anonymous Coward
      Anonymous Coward

      Re: Be like me

      No - be like me

      I just replaced my technology with bricks.

      A firmware update bricks my device? It's still a brick.

      A security flaw exposes my device to hackers allowing them to brick my device? It's still a brick.

      It's weather proof, can be used for both offensive and defensive security and comes in a range of stylish colours.

  2. Jay Lenovo
    Facepalm

    A bridge too many

    Bricking the devices will certainly make them secure.

    While some people will change the locks, Logitech's step 1. is to bulldoze the home.

    1. Anonymous Coward
      Anonymous Coward

      Re: A bridge too many

      These are undocumented unofficial APIs. You are clearly a cretin that reacts to the lame clickbait continuously spewed here

      1. Anonymous Coward
        Anonymous Coward

        Re: A bridge too many

        Yes, even MS said so about APIs its own applications were using, but other applications should not.

      2. caffeine addict

        Re: A bridge too many

        The door is over there. Please feel free to use it.

      3. Anonymous Coward
        Anonymous Coward

        Re: A bridge too many

        "These are undocumented unofficial APIs. You are clearly a cretin that reacts to the lame clickbait continuously spewed here"

        So how long have you been working for Logitech?

      4. xanda
        Holmes

        Re: A bridge too many

        These are undocumented unofficial APIs...

        Means what exactly?

        Presumably it means you think it's OK for Logitech - or any other manufacturer - to sell kit with such capabilities; knowing full well that it's a key feature; that their customers will want to make use of it, only for it to be trashed by unchallengeable dictate later on?

        You're happy for the makers of all your stuff to treat you this way and be paid handsomely for the privilege yes?

        Of course you are...

        1. Michael Habel

          Re: A bridge too many

          How can it be useful if its was never advertised, documented or, published. By non other than Logitech themselves? That's like saying Team 0verFl0w had found yet another flaw in the PS3/4 to allow anyone who cared enough to run unsigned code. Yeah it's sure is useful if you want to pirate Games, or run Homebrew. But, you wouldn't be bitching about S0NY releasing yet another useless Firmware update, ~For stability~. Now would you?

          So what exactly makes S0NY a better company than say Logitech?

          1. This post has been deleted by its author

          2. xanda
            Thumb Down

            Re: A bridge too many

            "How can it be useful if its was never advertised, documented or, published..."

            We got no beef with issuing security updates and the like but...

            You mean to say that Logitech didn't know their kit would be used this way? Of course they did. It was probably decided early in the project's life that letting such compatibility remain would make it all the more desirable in the marketplace.

            And even if this is not the case they certainly knew about it long before the supposed 3rd party security experts 'brought it their attention' - how could they not with a thriving community of enthusiasts/hackers right under their nose all that time? Did they not stop to think what that would imply?

            The concept of 'accepted custom and practice' comes to bear here which makes Logitech responsible to a large extent. They ought not be so 'righteous after the event' or to have stuck the two fingers up. Nor should they have have pulled the rug...

            They ought to have come up with something else (no - I don't know what that would be) that protected the expectation and investment of their customers.

          3. jimbo60

            Re: A bridge too many

            > So what exactly makes S0NY a better company than say Logitech?

            You mean the Sony that used to make great products like Trinitron screens, great prosumer camcorders and the like? But more recently seemed to specialize in things like music CDs with embedded rootkits, free game download with embedded rootkits, and that ghastly Securom game copy protection scheme that mostly seemed to excel at making my kids' favorite games stop working after any kind of hardware upgrade? That Sony?

            I think it is likely that Sony and Logitech are neighbors in the same sewer.

            1. Carpet Deal 'em

              Re: A bridge too many

              Sony is a large holding corporation with many divisions; unless I'm mistaken, no two of those were done by the same unit.

          4. bean520

            Re: A bridge too many

            Umm, dunno what rock you were living under, but people *did* kick up a stink about the updates that removed functionality to the PS3. There was a whole class-action lawsuit about it.

        2. WeeJavaDude

          Re: A bridge too many

          It means that whatever device used leveraged APIs not intended for external use. People may have purchased the harmony product and other equipment to achieve their goals, but the APIs were never advertised as being a key feature or even a supported feature. Harmony has ever right under these conditions to close what they perceived to be a security hole. Frustration should be directed to the device using the undocumented APIs. Using undocumented APIs always come with a risk to the user of this APIs and if the APIs are closed down it is not the sources issue it is the consumers.

          Yes, it would be great for Harmony to open these up or to create secure versions to be used (business decision), but it is also acceptable for them to close undocumented APIs because they are a preceived security risk. As a HUB user that did not leverage these undocumented APIs, if it truly has a security risk glad to hear they took action. I would be the first to call foul if these were supported documented APIs they decided to pull without an alternative, but in this case, I personally see it as well within their rights. Some Harm, but now foul.

          If someone hacks some internal protocol or undocumented/supported external APIs and uses them there is always this risk no matter what company it is. People affected should be yelling at the company that leverages these APIs, not Harmony.

          1. Jamie Jones Silver badge

            Re: A bridge too many

            What right? They have no right to dick with a product you've *bought*, especially if it removes features you use.

            1. WeeJavaDude

              Re: A bridge too many

              That is where I think we disagree. It did not remove a feature, it fixed a security hole that was being exploited. If it removed a feature that was advertised, supported, or even sudo supported than I would agree but that does not seem to be the case. Since the inception of software upgrades, this has always been the case. If part of their model is auto-updating their software, they do have a right to make changes to project their products. What if they did not do this and the security issue was exploited and as a result, more people were affected? I know as a customer using the product, I would not be too happy about that especially if I found out they did not patch it because people were using an undocumented API.

              We have phones that are constantly being updated to fix security issues. If doing so breaks a hack or exploits an API whose purpose is internal and is being exploited by some Application that is found a way to get to it and that App breaks it is not the phone companies issue.. the developer of that App was going around the supported SDK to accomplish something that he felt was cool. he took a risk and it bit him. This has happened a number of times in the past and it sucks to be the consumer in the middle, but the device is not being used as intended or advertised.

              Here is another good example.

              A few years back DirectTV starting updating their boxes with software which included pirate boxes. Then one day (Super Bowl Sunday) they flipped the switch and Put up a "Game Over" on all the pirate boxes. Here is a case where someone found how to exploit DirecTV and DirectTV close the door on them.

              I can even go back to OS/2 and single message queue fix that broke a huge number of applications because of a low-level change in an upgrade they did to fix a bug that people were exploiting or miscoding to.

              I know I am not going to convenience the people whose equipment stopped working, but from my experience of 30 years developing and managing software projects I have been in situations where we have done just this, later to regret it but I knew at the beginning the risks and thought it was the right thing to do at the time it sucked when the party was over.

              1. Danny 14

                Re: A bridge too many

                ti have no problem fixing security issues. how about fixing it and leaving some sort of external control for those who used it?

              2. sabroni Silver badge

                @WeeJavaDude

                I have the same amount of experience and I'm thinking exactly the same!

                If i sell you a sprocket that i day doodles and then a year later patch it to stop it doodling you have a case. If I patch it so it doesn't diddle anymore then that's tough titties. Ask for a diddler if that's what you want!

                The other side of this is of course that I'm responsible for someone hacking your engine via my sprocket's undocumented diddler!

                1. WeeJavaDude

                  Re: @WeeJavaDude

                  Looks like Harmony made a turnaround. Sounds like the Microsoft way of handling security. Close a door and then give you an option to bypass if. Sounded like the unsafe feature in C#. Wrap code with unsafe and go to town. Never been a fan of this type of approach, but definitely more customer-centric approach.

  3. Anonymous Coward
    Anonymous Coward

    They should stick to mice and keyboards

    Those are pretty good. Bricking something after a year, OTOH, is plughole behaviour.

    1. Anonymous Coward
      Anonymous Coward

      Re: They should stick to mice and keyboards

      They should stick to mice and keyboards...Those are pretty good

      In my experience Logitech mice are good to use when new, but every single one I've used has had a short service life at odds with its price point. I won't touch their stuff now.

      So for me, the mice aren't that different to the Harmony hub. It worked great when it came out the box. But a couple of years later all you've got is a paperweight.

      1. Eddy Ito

        Re: They should stick to mice and keyboards

        Oh come now, Logitech mice aren't that bad. Their cordless mice are about the only thing I have that will go through a box of Costco Duracells in the few months before the batteries start to leak.

        1. Jeffrey Nonken

          Re: They should stick to mice and keyboards

          I've got several M525 mice that have lasted a couple years, at least. Including one that keeps getting knocked to the floor. Carpeted, fortunately.

          I don't really keep track, but they don't seem to be going through batteries particularly quickly. I also use NiMH, FWIW.

          1. Jamesit
            Thumb Up

            Re: They should stick to mice and keyboards

            I used alkaline batteries from a dollar store and only had to change them twice a year. I paid $20 for the mouse and it lasted about 5 years. Was easy to take apart and clean too.

        2. Updraft102

          Re: They should stick to mice and keyboards

          I went through three Logitech G500 mice in under a year. The side buttons (the entire point of the G5) kept failing and somehow internally crossed with the left mouse button. Once the warranty on that ran out, I bought a G700, and bought the Best Buy extended warranty on it. That proved to be one of the best purchases ever! The warranty, not the mouse.

          Over the two years, I probably exchanged the mouse 15 times. It would last a little over a month, and then the side button would break internally and come out.

          It's like Logitech didn't expect anyone to actually use the extra buttons. They stick them on there, use them as a selling point, then apparently hope no one uses them, 'cause they're going to fail if you do. These were fairly pricey gaming mice, and while I was using the extra buttons, I wasn't being overly rough with the mice... not nearly as rough as you would expect a "gaming" mouse to take in stride.

          Just before the warranty ran out, the store apparently discontinued the mouse, so my last exchange didn't work. They ended up refunding the purchase price of the mouse instead! I can't remember if they refunded the cost of the warranty too, but I ended up getting a couple of years of mouse rental for at most the cost of the warranty.

          Before all that, I also had a G5 that developed another side button issue (got stuck in the pressed position) and a M400 non-gaming mouse whose largest side button simply quit doing anything. I didn't warranty those, so the warranties must have been finished before they failed.

          The real question is why I kept buying Logitech. Why I bought the extended warranty on the G700, though, was quite obvious!

          So, yeah, they were that bad, if you actually tried to use the extra buttons. I never had any issues with the main buttons or the LED/laser tracking bits. The extra buttons, though, were on borrowed time before you even got the box open. They're there to get sales, not to be used!

          1. Terje

            Re: They should stick to mice and keyboards

            You are not supposed to hit the side buttons with a hammer! :) My G700 have lasted since early 2011 and it's been flawless apart from needing a new micro switch for the lmb after wearing it out. Apart from that I have had no issues at all with it and that is with heavy use. I guess they may well have changed the design of those parts to be cheaper though. What keeps me stuck with logitech though is the free spinning scroll-wheel that I can't fathom to live without now.

          2. David Woodhead

            Re: They should stick to mice and keyboards

            @updraft102

            Over the two years, I probably exchanged the mouse 15 times. It would last a little over a month, and then the side button would break internally and come out ...

            Just before the warranty ran out, the store apparently discontinued the mouse, so my last exchange didn't work. They ended up refunding the purchase price of the mouse instead! I can't remember if they refunded the cost of the warranty too, but I ended up getting a couple of years of mouse rental for at most the cost of the warranty ...

            So how much of your life, to the nearest hour, did you devote to getting two years free use of an unacceptable mouse, rather than one which performed as you wanted?

      2. GX5000
        Devil

        Re: They should stick to mice and keyboards

        Oh please, I have mice that are older than some on this board from Logi...

        I Still use a dual optical mouse that's over sixteen years old as well.

        I'd love to switch to a Ratt or something but I always switch back and give the new one away.

        1. Slef

          Re: They should stick to mice and keyboards

          "I Still use a dual optical mouse that's over sixteen years old as well." and a quarter of the age of some peeps on here!! LOL

        2. joeW

          Re: They should stick to mice and keyboards

          I'm still rocking my MX-510 from 2004. I switched to a RAT-7 for about a year but after it died on me I went back to Old Faithful.

        3. Shadow Systems

          Re: They should stick to mice and keyboards

          I'm not sure why folks have so much trouble with their mice.

          Mine gets food, water, fresh bedding, a squeaky toy, & plenty of HabiTrail tubes to play in & has lasted me many years of delighted, loyal service. It gets a little nervous when the cat jumps in my lap, but kitty knows the mouse is not for eating & to keep her claws off his balls.

          =-)p

    2. jimbo60

      Re: They should stick to mice and keyboards

      Nope. I bailed on them years ago when a 6 month old expensive USB webcam became a micro door stop because they never issued drivers for the next version of Windows that came out shortly after I bought it. That sort of non-support turned me into a non-customer.

      The Microsoft web cam I bought after that episode keeps going and going, even after many years of windows upgrades.

      1. baka

        Re: They should stick to mice and keyboards

        Ditto. An expensive USB "HD" Webcam and a failed foray into expensive Xbox Gaming headsets.

        I was a harmony user too, but after they pulled this hub stuff it sealed the deal.

  4. Snowy Silver badge
    Holmes

    [quote] "These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority."[/quote]

    If you were relying undocumented/ unsupported APIs to do thing you have to realized that they could be turned off , or broken tomorrow.

    1. JohnFen

      "If you were relying undocumented/ unsupported APIs to do thing you have to realized that they could be turned off , or broken tomorrow."

      This isn't unique to undocumented APIs. If you are relying on anything that accepts updates from or relies on a server you don't control, you have to realize that it can be turned off or broken tomorrow.

      1. JDX Gold badge

        >If you are relying on anything that accepts updates from or relies on a server you don't control, you have to realize that it can be turned off or broken tomorrow.

        Quite. While undocumented/unsupported APIs are a bad thing to tie your horse to it only highlights that in many of these systems you don't have control. It's like a PC game where they turn off the server and you can't play multiplayer, only this is important.

        I was looking the other day at a WiFi powered switch. Only to realise the one I liked had its own app and server... you couldn't control the damn switch without going through some 2-bit company's server. At least with Google/Amazon et al you have a fair guess it won't disappear overnight.

        1. SImon Hobson Bronze badge
          Mushroom

          At least with Google/Amazon et al you have a fair guess it won't disappear overnight.

          No, they'll usually give you at least a few days notice ! BTW - try asking a Revolv user what they think of Google's approach to long term support ;-)

          But yes, it's a problem if you buy into all this "online connected" tat - you are at the whim of some beancounter at some outside company who does not have your interests in mind.

        2. katrinab Silver badge
          Flame

          "At least with Google/Amazon et al you have a fair guess it won't disappear overnight."

          Maybe Amazon, but I definitely wouldn't trust Google.

          1. JDX Gold badge

            I know Google discontinue products but I can't see Google Home suddenly disappearing. Of course they could just drop support for loads of devices or release a new API which old devices never get updated for.

        3. JohnFen

          "I was looking the other day at a WiFi powered switch. Only to realise the one I liked had its own app and server"

          This is perhaps the thing that irritates me the most about these sorts of things (the Harmony is fully in this category): making them rely on a third party server does not give any benefits to the people using these devices. The entire reason companies do this is to be able to collect more data on you. That's it.

          1. JDX Gold badge

            >making them rely on a third party server does not give any benefits to the people using these devices. The entire reason companies do this is to be able to collect more data on you. That's it.

            That's not entirely true. They offer the ability to control your devices from your phone outside your house which has to go through some server fairly obviously. But then they don't give a second option for when you're ON your WiFi.

            This could reasonably be attributed to laziness, and penny-pinching as well as malice. We should never lose focus on the fact that: Most of the time things suck this is not due to evil, but incompetence.

            1. JohnFen

              "They offer the ability to control your devices from your phone outside your house which has to go through some server fairly obviously."

              But you can provide this capability without using a third party server. This is more complex to set up than the average user would be willing to tackle, but even that could be done like we used to do it in the old days: provide a third party server, but all it does is routing, connecting your two endpoints. There is no need for that server to be engaging in any business logic at all.

              "This could reasonably be attributed to laziness, and penny-pinching as well as malice."

              I don't think so, because the solution that these companies are selling is actually more complicated and expensive to produce and operate than the alternative (even if the alternative is running a routing server).

    2. Michael Habel

      Funny how nobody wants to admit this sole fact. It's very reminiscent of the few, 5he proud, the Remoaners. The first party are whinging 'casuse they had their Toy taken away from them. The others just want to live in fantasy land.

      1. Martin
        WTF?

        What ARE you talking about? And what's it got to do with so-called Remoaners?

      2. Jamie Jones Silver badge

        I've said this before, but if my 10 year old used the word "remoaners", I'd seriously be worried about his mental ability.

  5. Anonymous Coward
    Anonymous Coward

    The Only Thing...

    ...Logitech is interested in is profits and the only thing that will get their attention is a good swift kick in the assets.

    1. Version 1.0 Silver badge

      Re: The Only Thing...

      I will never forgiven them for buying and killing the Slimp3 Squeezebox system. Logitech is a typical "modern" company, customers are just wallets waiting to be turning into corporate profits to them.

      1. ColinJ

        Re: The Only Thing...

        the problem with squeezebox was this it was cheap, well supported by online community, could integrate seamlessly with existing hi-fi and reliable = no revenue stream, unlike Sonos.

      2. Mike Pellatt

        Re: The Only Thing...

        Well, I'm still using Logitech Media Server, and its players.

        Not a single bit of Logitech hardware involved, though :-)

  6. DerekCurrie
    FAIL

    Making Users Afraid Of Updates Is The Opposite Of Responsible

    Device security already suffers from a rampant plague of Wetware Error whereby devices aren't installed with the latest security update. This problem occurs everywhere from regular users up through the largest of corporations and governments. To create a FEAR of updating is irresponsible and guaranteed to hurt the customers. Outrageously poor job, Logitech. (o_0)

    There are alternative providers. Use them. It's also helpful to keep in mind that very, very few IOT devices are adequately secured. Rather, you can essentially guarantee that current IOT devices are going to be bot infected immediately after being connected to the Internet, making them a contributing factor in that other rampant plague of distributed denial of service (DDOS) attacks across the Internet, if not worse. Oh and expect your local area network (LAN) to be compromised as well, unless you've deliberately kept your IOT devices OFF your LAN. IOW: IOT remains a profound security nightmare at this time.

    1. JohnFen

      Re: Making Users Afraid Of Updates Is The Opposite Of Responsible

      "To create a FEAR of updating is irresponsible and guaranteed to hurt the customers. Outrageously poor job, Logitech."

      True, but let's be honest here: Logitech is not the only company that is making people hesitate to apply updates. The majority of the tech industry, and particularly the big players like Microsoft, are doing the exact same thing.

      It's an entirely justified fear, and is why I no longer trust applications or most operating systems to autoupdate. In fact, on some platforms (such as Windows and anything mobile), I have to go so far as to firewall all applications off so they don't get all sneaky. We've reached a point in the industry where you must treat all tech, hardware and software, as malicious until it's proven otherwise.

    2. Oddlegs

      Re: Making Users Afraid Of Updates Is The Opposite Of Responsible

      I'm as much as a geek as anyone but let's face a few truths here. 99.99% (at least) of users won't even have known these undocumented APIs existed let alone used them. The APIs were a (potential) insecurity which could have lead to an attack. Imagine the headlines if they'd done nothing: Millions of home networks breached as manufacturer refused to close known security holes

      This update is good for the vast number of users. It doesn't break a single advertised or documented feature of the device and it does actually make them a little bit more secure. Could Logitech have given advanced users the ability to reenable the APIs? Perhaps but then they'd be acknowledging they existed and would have faced calls to document and support the APIs and still would have come in for criticism in the case of an attack.

      1. JohnFen

        Re: Making Users Afraid Of Updates Is The Opposite Of Responsible

        Right, and this is one of the main problems with software and devices that aren't under your control -- you can't trust them. Their features and capabilities may change without notice.

        "This update is good for the vast number of users."

        Perhaps so, but it only highlights the underlying problem: if you aren't a "most common denominator" user, then these systems are unacceptable.

      2. JDX Gold badge

        Re: Making Users Afraid Of Updates Is The Opposite Of Responsible

        >99.99% (at least) of users won't even have known these undocumented APIs existed let alone used them.

        I don't know Harmony specifically but this might not be the case. These smart systems tend to be bought by more tech-savvy people because they are not simple to set up and use. I use the Honeywell Evohome system and there is quite a large community of people doing stuff with their APIs. Their APIs are unofficial but their own staff are involved in the community - and yet they also could just turn them off.

  7. Cincinnataroo

    Do Logitech refund users who bought the devices for the API's?

    1. Persona Silver badge

      If the API's were both undocumented, unadvertised and (I'm guessing here) probably inherently insecure, the consumer doesn't have a case.

      1. tin 2

        But if a product is "updated" by the manufacturer and now doesn't do what it did when you bought it, documented or no, that's problematic.

        1. Gordon 10

          No. Not if it wasnt a documented sales feature.

          1. Mike Pellatt

            Or even if it was.

            See "PS/3 Linux"

  8. TonyJ

    Went off of Logitech...

    ... when theu bought Slim Devices.

    First they ruined the line up of devices and they they killed the brand altogether.

    Since then, I've avoided them. Good to see they haven't alerted their M.O.

    1. Lloyd

      Re: Went off of Logitech...

      Same here, I'm still running loads of the slim devices though, 3 radios and a duet connected to the home cinema system with a Squeezebox server on one of my media servers. It all still works well and I can't see me upgrading any time soon (if it ain't broke).

      1. tin 2

        Re: Went off of Logitech...

        Same here! Heavily invested in the kit and that's why Logitech can go and do one. and i'm not surprised they've pulled a similar stunt again.

        Also of course: getting out of the internet connected smart speaker market just as that market was really taking on? Smart.

    2. Chz

      Re: Went off of Logitech...

      *joins the abandoned Squeezebox owners club*

      Logitech consistently make good hardware. Then they either make abhorrent software for it, or once the software works, they kill the product entirely.

      1. Flicker

        Re: Went off of Logitech...

        Logitech were never a great fit for the Squeezebox products and their death was pretty inevitable once Sean Adams and Dean cashed out, but I'd give Logitech some credit for keeping the forum alive on their servers, agreeing to properly open-source the LMS server code and providing some level of tacit, informal updates and support via at least one of their employees in Switzerland. For a discontinued product line I think they've treated the Squeezebox users rather better than they seem to have stuffed the Harmony people (and yes, I'm still very happily running a mix of SB3s, Boom, Radio Slim / Logitech kit together with some re-purposed Jogglers and Pi's)

        1. tin 2

          Re: Went off of Logitech...

          I'm not so sure it's that benevolent. Given the continuing popularity of the product and the fanaticism of the userbase, they'd get properly lynched if they really did discontinue those services. But I am grateful what's still there is there.

  9. JohnFen

    Yet another example

    Do not rely on third party services unless absolutely necessary, and especially not for things like home automation (where using third party services is 100% unnecessary).

  10. Martin Walker

    worse by the year

    what else can you say? from being a cutting edge system, to an embarrassing mess of things that just ain't working any more.Bought I think 3 over the years and did not mind being on a bleeding edge moving forward, but now its in a state where it won't do what it says on the tin, and you can't manually try and correct anything.

  11. Big Al 23

    I stopped buying Logitech a few years ago

    Zero customer support IME and products of such poor quality as to be defective out of the box. Returned new product to customer service with detailed letter and they didn't even respond. They clearly don't know the lifetime value of a customer.

  12. pogul
    Facepalm

    I wondered what the XMPP server was for!? I found it a year or two ago when I did a nmap of my home network, just out of curiousity - and there it was.

  13. Chris Hills

    No more lock-in

    This is why I am building my home automation so that I am in complete control. At the coal face are simple sensors and relays with arduino and rs485, and I plan to use the open source Mycroft to replace Amazon Echo. I will probably write the software myself or use something existing like home assistant.

    1. Pascal Monett Silver badge

      Re: No more lock-in

      It certainly looks like the way to go. Logitech is just one example of companies that don't actually care about providing you with a reliable service, they're all just faffing about, changing products and functionalities as soon as a new PHB takes office.

      There is no long-term plan and no care of not disrupting the user experience.

      It's all about getting the dough now, then screw you.

      That is why I am convinced that true home automation is going to actually be open source - by the people, for the people. That will be the only thing that actually has a chance of working for more than 18 months.

    2. Gordon 10

      Re: No more lock-in

      You knock yourself out with that. Some of us just want to have something that works OOB.

      1. Goobertee

        Re: No more lock-in

        >>You knock yourself out with that. Some of us just want to have something that works OOB.<<

        Were you reading? It worked out of the box and then Logitech shut it down.

        1. Ben Tasker
          Joke

          Re: No more lock-in

          Yes but his requirement was that it worked OOB, not that it would continue working.

          So, requirement fulfilled and Logitech wins the contract. Anything else (like continued operation) is a chargeable change request.

          That approach seems to work for Capita anyway

  14. Anonymous Coward
    Anonymous Coward

    If there is any hint of this API existing on their website...

    ...including anything about it on their official support forums... then this is likely a class action lawsuit to claim a refund. Much like when the PS3 dropped Linux support.

    They will have to prove that this wasn't an advertised feature that people bought the product for, not just say it was never intended to exist.

    On the other hand: Open Source, people - this is why you should be using it!

  15. Gordon 10
    FAIL

    Storm in a TeaCup

    How is this a story?

    A vendor locks out undocumented API's. Thats fair game. Cry me a river.

    Hatmony supports IFTTT - if you want API integration use that and lobby for the publicly exposed API's to be expanded properly.

    Not amazed with Logitech as I think they are slowly killing Harmony with neglect (particular on IFTTT and new devices) but these are features that were never sold, promoted or documented.

    1. Anonymous Coward
      Anonymous Coward

      Re: Storm in a TeaCup

      Have a downvote for proposing IFTTT as a solution for this.

      Or anything else, for that matter.

    2. JohnFen

      Re: Storm in a TeaCup

      "A vendor locks out undocumented API's. Thats fair game."

      In my view, the problem isn't so much that they locked out undocumented APIs, it's that they can make such system changes.

  16. Anonymous Coward
    Anonymous Coward

    Harmony ?

    Isn't that a chain of sex shops and a pornographic movie studio so Google tells me (cough) ?

    1. jelabarre59

      Re: Harmony ?

      Isn't that a chain of sex shops and a pornographic movie studio so Google tells me (cough) ?

      No, she was a character in 'Buffy the Vampire Slayer' and 'Angel'.

      Or maybe it was a sci-fi anime movie.

  17. Anonymous Coward
    Anonymous Coward

    something that countless customers have used to implement their own home automation systems.

    Really? From what I can see, people using home automation systems are pretty rare, and people implementing their own rarer still... And hobbyists who actually do implement their own systems should know the risks of relying on undocumented APIs, especially in a domain which is moving fast.

    1. JohnFen

      "And hobbyists who actually do implement their own systems should know the risks of relying on undocumented APIs"

      Hobbyists implementing their own systems wouldn't be using anything like Harmony to do it in the first place.

  18. The Dogs Meevonks Silver badge

    It's shit like this, that is the sole reason I will never give in to home automation. I'm quite capable of switching a light on/off and my heating is programmed to come on when needed and a simple press of a button will put in frost mode when I go away for a few days.

    The last thing I want or need is some crappy app monitoring me just for the convenience of turning on a light and/or heating... It's also one of the reasons I'll never have any kind of alexa/siri/google device.

    1. Mr_Happy

      Guess you are fit and healthy and not stuck in a wheelchair

    2. NXM Silver badge

      automation in general

      I made the point that heating via an app is a bad idea for many many reasons in a comment on the Grauniad a few months ago. Got totally shot down by fanbois who wanted the toys but didn't care about their own security.

  19. Martin
    Meh

    So what can we do about it?

    The problem is, there is no other option.

    Harmony controllers and hubs really do work well. Unless you want to juggle multiple remote controllers, they are really the only possibility.

    I'm using three of them - two for myself and one at my mother's house. They are very clever bits of kit, with a lot of flexibility.

    I agree with the complaints about closing off undocumented APIs. I'm also an old Slim Devices user still. I have to keep one Windows box to program my Harmony controllers, although I'd really rather not. I don't consider Logitech to be faultless here.

    But there is no-one else who does the job of Harmony controllers, even slightly.

    1. Flicker

      Re: So what can we do about it?

      Actually... purely for control of multiple bits of AV kit via IR I've found One-for-All remotes hacked / re-programmed via their JP1 interface to be much more usable than Harmony - and even more important so does my wife! Bought a Harmony ages ago (before Logitech bought them) and found it far more error-prone than OfA, especially if trying to control multiple devices through a macro. Bought a bunch of OfA 5's on sale some time back for £15 each and have been using them across a very wide range of devices, helped by an active and inventive community of JP1 hackers...

    2. JohnFen

      Re: So what can we do about it?

      "Unless you want to juggle multiple remote controllers, they are really the only possibility."

      This is not even close to being true. There are many alternatives, both "off the shelf" like Harmony and DIY.

      1. Martin

        Re: So what can we do about it?

        There are many alternatives, both "off the shelf" like Harmony and DIY.

        Examples, please. I've looked at OneForAll, but seems a bit inflexible and limited. And I really don't want DIY, if I can avoid it.

  20. Blacklight

    Alternatives...

    Anyone who has enough nouse to play with APIs, can do the following...

    Get a Raspberry Pi, an enclosure, and install OpenRemote on it.

    Yes, there is a cloud UI to set things up, but once you've got the config on the Pi, you can cut it off from t'interweb and it will still control anything in your house/network that you can make it talk to (from HTTP/JSON to raw TCP/UDP).

    Mine runs on a NAS rather than a Pi, but talks to Philips Hue (which runs when no cloud is available), Lightwave (same), and direct to other devices on the LAN. It is a bit of effort to get going, but it's so worth it when you hear of crap like this!

  21. StuntMisanthrope

    Logitech are bad but I can't quite put my finger on it.

    Nearly 15 years ago we had a multi-property multi-zone randomized playlist control and EQ, BPM'd and automatic update plus content distribution with streaming music and comedy system that in someways is better than Spotify and Sonos or whatever. Then what happened. Living in the wrong country, banking and idiot politicians. #slimserverperlandphpMySQLHMTLm3uShellCron #redhat8 #p910ipartytricks

    1. StuntMisanthrope

      Re: Logitech are bad but I can't quite put my finger on it.

      The CEO's received a complaint. It appears Little Bobby has been the victim of inappropriate content at 10AM in the Lobby toilets. Ahh, we pushed a update but there was a timing error. We'll the Mother is in my office and we're waiting to see you. #okaybigyin

  22. Anonymous Coward
    Anonymous Coward

    Support...

    It's about time we got minimum support time legislation, maybe based on initial price, >£100 5 year >£100 10 years....

    Refunds based on the amount of lifetime you lose if the plug is pulled, ok in this case with undocumented use, that's a different issue, you take that risk.

  23. Trollslayer
    Thumb Up

    My Harmony One

    still does what I want.

  24. 100113.1537

    Hang on a minute....

    So what do you think Logitech's legal position would be if it it continued to allow the undocumented API interface to continue in the light of the security concerns it has discovered? They would be royally screwed - and not just by the chattering masses on tech forums, but also by its much larger consumer base in computer interface equipment.

    Come on people, you can't have it both ways - they discovered a security issue involving something they didn't even apparently intend as a feature of the equipment and have moved to close that potential security hole. With all of the jibber-jabber about on-line security - especially regarding home automation - do you think they could just ignore the issue? Harmony and home automation are a hardly Logitech's core business and this seems to be purely an issue for people using undocumented APIs, so not even a recognised part of their customer base.

    I know it is good to write articles "sticking it to the man" (whoever today's "man" is), but written another way this could be seen as a responsible approach by a company prepared to take a hit to maintain the security of its products. There are two sides to every story.

    1. This post has been deleted by its author

    2. Tom 35

      Re: Hang on a minute....

      "So what do you think Logitech's legal position would be if it it continued to allow the undocumented API interface to continue in the light of the security concerns it has discovered? They would be royally screwed"

      What are you talking about, there are thousands of things like wifi routers and cable modems with known holes you can drive a bus through that don't get a patch because they are a year old and and the new model is out. It's only that they want to keep selling the same one.

    3. JohnFen

      Re: Hang on a minute....

      "Come on people, you can't have it both ways"

      I'm not wanting it both ways. I view this as another example in a very long list of example of why you shouldn't be using IoT devices that require a connection to third party servers.

  25. TheRealRoland
    Pint

    *GASP*

    Nested comments!

    Be still, my heart.

    1. tin 2

      Re: *GASP*

      Don't like it. Somone's moved the steering wheel into the boot again.

  26. The Original Steve

    As a non-developer.... about undocumented / private API's...

    Can someone explain to an Infrastructure guy what the rules are with these kind of things please?

    As a layman (for API's and development), it appears at first glance that this is entirely appropriate and fine behaviour from Logitech. They've been notified about a security hole in their product, and apparently one way of removing the vuln is to remove an API. The API isn't public and isn't documented. So presumably Logitech made changes internally so that their software which uses the private API no longer depends on it, and kills of the API.

    Now a load of people are screaming because their "hacks" (applications, scripts etc.) which uses a private, undocumented API no longer works.

    If the above statement are correct, then from an outsiders POV I don't see what Logitech have done that's so terribly wrong...

    Is there some unwritten developer rule or code [of conduct] (pun half-intended) where API's don't get discontinued - even if they are private and undocumented - without a lot of notice to prevent these kinds of problems?

    Thanks in advance

    1. Gordon 10

      Re: As a non-developer.... about undocumented / private API's...

      No. You are spot on.

      But a bunch of whiners are whinging about it and it's a slow news week at El Reg Towers, so it was an easy win to trot out some copy before slinking off to the journo's pub.

      1. taxythingy

        Re: As a non-developer.... about undocumented / private API's...

        Disabling the API's is completely legal and likely reasonable, given the security concerns.

        However, it also makes for really bad PR among a small but important part of their customer base.

        The lost sales to the niche group over the next 5-10 years is probably dwarfed by the litigation potential.

  27. Tom 35

    I have a pre-Logitech Harmony remote, almost bought one of the fancy hub based ones to replace it on Black Friday, I guess I'm lucky.

    1. Gordon 10

      why? were you planning on messing around with an undocumented API on it? If you use it as intended it works fine and is in a class of one.

      It's a commercial product and there are always going to be edge cases that aren't supported but thats the difference between using something pre-built and going open sourcery on the problem.

      Yes I preferred it when Logitech didn't own it but you cant have everything in this world - I can live with it. It still does 99% of what I want.

  28. davenewman

    Have the broken the XMPP standard?

    By removing APIs that access XMPP?

  29. Steve McGuinness

    Horrible company with horrible products which deserves to lose market share and disappear in favour of tech companies that understand customer service.

  30. Jamie Jones Silver badge

    Who's device is it anyway?

    Call me old fashioned, but when I buy something, I don't expect someone to sneak into my house and alter it, even if they think "they know best"

  31. Anonymous Coward
    Anonymous Coward

    I've had a few logitech devices over the years - mice, joysticks - I quite liked them. But if they're pulling that kind of crap on customers, they won't be getting any more pennies from me.

  32. Anonymous Coward
    Anonymous Coward

    Damn, I better stock up on a few items

    I don't use the remote, but I do use a number of Anywhere MX mice which are good. From what I'm reading here I should (a) buy a couple before they go out of business and (b) preserve the control software that's out right now before they go and mess that up too.

    As for (c) never, ever buy a remote control from them, I once bought a Harmony device in the hope of making my parent's life easier. When I discovered I needed to inflict Silverlight on my system I used a work PC instead, and subsequently discovered that they had had succumbed to the "f*ck things up by introducing 'ease of use' " in a manner that made Microsoft look like mere amateurs. WTF is wrong with giving advanced users access to the straight mechanics underneath? Why do we have to suffer processes dreamt up by people with a personality disorder that must have been on drugs and alcohol simultaneously when they decided that their approach was sane? That may sound as if I'm talking about the team at Microsoft that invented the ribbon, but no, it's Logitech, a Swiss company that ought to have more sense when it comes to design. Alas, no. When (finally) configured it didn't work that well either, nor was it actually "you don't need a manual" easy, although it had the potential if all this "usabiliy" crap had not gotten in the way. It had a touch screen, it had buttons - the mechanics were present. The intelligence to make use of it, not so much.

    It went back the next day, and that was the last time I touched any remote made by Logitech.

  33. elvisimprsntr

    Last Logitech device I will ever own.

  34. Anonymous Coward
    Anonymous Coward

    Last thing I bought from Logitech was their Google TV box

    My general principal with Logitech these days is don't buy anything from them that requires any form of long-term updates; they simply do not have the organisational structure, scale or mindset to sustain this.

  35. Anonymous Coward
    Anonymous Coward

    History

    I recall when Logitech bought out Labtech, just to kill their competing products.

    Labtech made some GREAT head sets, airline cockpit quality. But they killed it off, and only offered the $2 junk with various colors and prices not reflecting the poor quality.

    Labtech, 3DFX, and so many others - good tech murdered by industrial greed. Stifling technology for greed.

    I don't like Logitech - for their crappy business practices of buying and destroying companies, tech and peoples jobs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like