* Posts by WeeJavaDude

3 publicly visible posts • joined 20 Dec 2018

A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed off

WeeJavaDude

Re: @WeeJavaDude

Looks like Harmony made a turnaround. Sounds like the Microsoft way of handling security. Close a door and then give you an option to bypass if. Sounded like the unsafe feature in C#. Wrap code with unsafe and go to town. Never been a fan of this type of approach, but definitely more customer-centric approach.

WeeJavaDude

Re: A bridge too many

That is where I think we disagree. It did not remove a feature, it fixed a security hole that was being exploited. If it removed a feature that was advertised, supported, or even sudo supported than I would agree but that does not seem to be the case. Since the inception of software upgrades, this has always been the case. If part of their model is auto-updating their software, they do have a right to make changes to project their products. What if they did not do this and the security issue was exploited and as a result, more people were affected? I know as a customer using the product, I would not be too happy about that especially if I found out they did not patch it because people were using an undocumented API.

We have phones that are constantly being updated to fix security issues. If doing so breaks a hack or exploits an API whose purpose is internal and is being exploited by some Application that is found a way to get to it and that App breaks it is not the phone companies issue.. the developer of that App was going around the supported SDK to accomplish something that he felt was cool. he took a risk and it bit him. This has happened a number of times in the past and it sucks to be the consumer in the middle, but the device is not being used as intended or advertised.

Here is another good example.

A few years back DirectTV starting updating their boxes with software which included pirate boxes. Then one day (Super Bowl Sunday) they flipped the switch and Put up a "Game Over" on all the pirate boxes. Here is a case where someone found how to exploit DirecTV and DirectTV close the door on them.

I can even go back to OS/2 and single message queue fix that broke a huge number of applications because of a low-level change in an upgrade they did to fix a bug that people were exploiting or miscoding to.

I know I am not going to convenience the people whose equipment stopped working, but from my experience of 30 years developing and managing software projects I have been in situations where we have done just this, later to regret it but I knew at the beginning the risks and thought it was the right thing to do at the time it sucked when the party was over.

WeeJavaDude

Re: A bridge too many

It means that whatever device used leveraged APIs not intended for external use. People may have purchased the harmony product and other equipment to achieve their goals, but the APIs were never advertised as being a key feature or even a supported feature. Harmony has ever right under these conditions to close what they perceived to be a security hole. Frustration should be directed to the device using the undocumented APIs. Using undocumented APIs always come with a risk to the user of this APIs and if the APIs are closed down it is not the sources issue it is the consumers.

Yes, it would be great for Harmony to open these up or to create secure versions to be used (business decision), but it is also acceptable for them to close undocumented APIs because they are a preceived security risk. As a HUB user that did not leverage these undocumented APIs, if it truly has a security risk glad to hear they took action. I would be the first to call foul if these were supported documented APIs they decided to pull without an alternative, but in this case, I personally see it as well within their rights. Some Harm, but now foul.

If someone hacks some internal protocol or undocumented/supported external APIs and uses them there is always this risk no matter what company it is. People affected should be yelling at the company that leverages these APIs, not Harmony.