@hughsie@mastodon.social
@hughsie@mastodon.social avatar

hughsie

@hughsie@mastodon.social

I write free software. Firmware troublemaker.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

hughsie, to random
@hughsie@mastodon.social avatar

My boss and I were talking more about how to convince vendors to care about uploading firmware for their devices.

Another suggestion is something like https://github.com/fwupd/fwupd/pull/7219 -- to allow us to collect data to say to the vendor '12,345 Linux users are not getting firmware updates for model ABC' which is a bit more convincing than throwing our hands in the air and mumbling about Linux market-share.

hughsie,
@hughsie@mastodon.social avatar

I've also written some of the webservice side, e.g. something like this -- for LVFS admins at the moment -- but I suppose I could expand this so that Lenovo could see devices from Lenovo for example.

hughsie,
@hughsie@mastodon.social avatar

BIG ASK: Could a few people build fwupd from the git main branch and then run "fwupdmgr report-devices" please. I need a bit of real world data to work on the server side report pages.

Checking out the code, then doing ./contrib/setup sets up all the build stuff you need -- and you don't need to replace your system fwupd at all. Thanks!

hughsie, to random
@hughsie@mastodon.social avatar

I know it doesn't make a huge amount of sense to do "releases" for a webapp that gets deployed onto the cloud every few days, but it's something the Linux Foundation have asked me to do.

In case you were wondering what new tricks we taught the LVFS in the last year, here you go:

https://lvfs.readthedocs.io/en/latest/news.html#id1

hughsie, to random
@hughsie@mastodon.social avatar

1.9.19 released! Lets try listing the main features here rather than just linking to the github page. Let me know which you prefer, one short toot or one less click!

https://github.com/fwupd/fwupd/releases/tag/1.9.19

hughsie, to random
@hughsie@mastodon.social avatar

I'm pondering tightening down the syscall list of Passim even more than "system-service" does -- does anyone see why https://github.com/hughsie/passim/pull/45/files wouldn't work?

If anyone wants to try it (especially on stuff like ppc64, aarch64 etc) there's also a build in my COPR with that change: https://copr.fedorainfracloud.org/coprs/rhughes/fwupd/builds/

jwildeboer, to Germany
@jwildeboer@social.wildeboer.net avatar

Doctor said today was my final visit after he cut me open and did his magic to release me of severe pain I had over the past week. Gave me two tubes of ointment and made sure I understand that sitting for hours is not acceptable. Total cost for diagnosis, medicines, minor surgery and 4 appointments: 16€ for the medicines. I love decent healthcare in #Germany.

hughsie,
@hughsie@mastodon.social avatar

@jwildeboer dude, I wish a 40 year-old me could have told a 20 year-old me about the importance of standing desks ... It should be in our new hire equipment issue!

vascorsd, to archlinux
@vascorsd@mastodon.social avatar

Yay new error messages!

On update to latest on new error message at the daemon start: "Failed to load daemon: syscall filtering is configured but not working"

Should you accept the mission, your adventure in the new quest shall be amazing ! Enjoy.

hughsie,
@hughsie@mastodon.social avatar

@vascorsd it's https://github.com/fwupd/fwupd/issues/7144

hughsie, to random
@hughsie@mastodon.social avatar

A new just landed with lots of little bugfixes. We've notably switched the systemd SystemCallFilter from a block-list to an allow-list (to improve security) so please yell if anything breaks.

https://github.com/fwupd/fwupd/releases/tag/1.9.17

hughsie, to random
@hughsie@mastodon.social avatar

@pid_eins is it expected a service can do mlock() when it has just allow-listed SystemCallFilter=@system? I couldn't find any docs on what caps system-service actually maps to.

We're trying to move from denying-listing caps to allow-listing in . Thanks!

hughsie,
@hughsie@mastodon.social avatar

@pid_eins brilliant, exactly what I wanted -- thanks!

mntmn, to random
@mntmn@mastodon.social avatar

firmware and system image for MNT Pocket Reform is ready, starting to flash first devices tomorrow

hughsie,
@hughsie@mastodon.social avatar

@mntmn could fwupd/lvfs help here? If so I'd be happy to help.

hughsie, to random
@hughsie@mastodon.social avatar

fwupd-efi 1.6 released, which also now depends on gnu-efi 3.0.18: https://github.com/fwupd/fwupd-efi/releases/tag/1.6

hughsie, to random
@hughsie@mastodon.social avatar

tl;dr: fwupd is moving away from xz and will use zstd for future releases

https://blogs.gnome.org/hughsie/2024/04/03/fwupd-and-xz-metadata/

hughsie, to random
@hughsie@mastodon.social avatar

Hey copyright people! What's the difference between "Copyright (c) Foo Bar" and "Copyright Foo Bar" from a legal point of view?

I'm wondering if I can standardize them in my projects, and if so, which version should I be using. Thanks!

hughsie,
@hughsie@mastodon.social avatar

@sageofredondo according to https://en.wikipedia.org/wiki/Copyright_symbol it's "©" or the word "Copyright" and I can't understand why we use both -- on the assumption that (c) is supposed to be the copyright character.

hughsie, to GNOME
@hughsie@mastodon.social avatar

Hey Internet. Does anybody know if any of the open source nonprofit foundations a member of the Apple Developer Program? I'd love to sign the package for macOS, but don't want to spend $99 every year for the privilege.

or perhaps? Any other ideas?

https://developer.apple.com/support/fee-waiver/

hughsie, to random
@hughsie@mastodon.social avatar

I'm thinking of adding a list of selected devices not supported on the LVFS -- to find out if there is enough interest from Linux users to convince the vendor to upload updates; the commercial reality is that all OEM vendors needs to justify the cost of providing Linux support on hardware. I think some data might be the best way to convince them.

I was thinking about something like this:

  • Lenovo Legion Pro (16" Intel)
  • 123 people would buy this if it had updates on the LVFS. You too?
hughsie,
@hughsie@mastodon.social avatar

If the user provided their email address to the LVFS we could notify of any updates to the specific model support status, and also make sure it's not the same user clicking the button 200 times. It doesn't feel great collecting user data for this purpose, and it seems like the kind of thing that could be abused by other malicious users. Does anyone have any other ideas?

hughsie, to random
@hughsie@mastodon.social avatar

I've just tagged a new release, which notably unbreaks very old USB devices that explode in a ball of fire* when you request the BOS descriptors. We're now copying the Windows 8 behaviour.

*not literally.

https://github.com/fwupd/fwupd/releases/tag/1.9.15

hughsie, to random
@hughsie@mastodon.social avatar

Does anyone know how to build the new bluetooth stack from Google called "Floss" on Linux?

All I can find is https://source.chromium.org/chromium/chromium/src/+/main:device/bluetooth/

hughsie, to random
@hughsie@mastodon.social avatar

1.9.13 for all your viewing pleasure: https://github.com/fwupd/fwupd/releases/tag/1.9.13

ljrk, to random
@ljrk@todon.eu avatar

Okay, @frameworkcomputer, please own up. I really love your idea and everything around the company, but not being able to deliver firmware security updates rated by Intel as High for almost two years is... not ideal. But honestly, what's worse is claiming to work on it and finding more and more excuses (3rd party vendor, release of a new laptop, ...).

But, since May '22, a lot of time has passed and some progress should've been made. Whether it is pulling some firmware engineers from the feature work of the new device and manually extracting the provided firmware packet and re-packaging it for LVFS, or whatever. Or, admit that you were fucked over by the 3rd party's SLA or don't have the resources to support Linux or whatever -- but don't give us no more unspecific delays.

Tell us: Will you support the device with firmware updates in the foreseeable future (name a deadline) or have you scrapped working on the device? Be honest.

Details and my last post in the forum: https://community.frame.work/t/responded-firmware-security-csme-version/23450/17?u=leonard_janis_konig

hughsie,
@hughsie@mastodon.social avatar

@ljrk both Lenovo and Dell do CSME updates using a UEFI UpdateCapsule -- we've sent out tens of millions of them over the years.

FwUpdLcl is the wrong solution to the problem -- it should really just be used in factory preload, not in the field.

hughsie,
@hughsie@mastodon.social avatar

@ljrk OEMs should not be using FWUpdLcl to update in the field, on Linux, Windows or any other OS! The CSME should have an entry in the ESRT, and there should be a hook in the BIOS for a UEFI UpdateCapsule for the ME interface.

Some vendors might bundle the CSME update and FWUpdLcl into a EFI binary (as that's pretty much what a capsule is, with a header) but it still needs signing by the OEM otherwise it's a security problem.

Framework should rally have figured this out by now IMHO...

hughsie, to random
@hughsie@mastodon.social avatar

A new fwupd release just dropped for your, well, firmware updating pleasure: https://github.com/fwupd/fwupd/releases/tag/1.9.12

  • All
  • Subscribed
  • Moderated
  • Favorites
  • Leos
  • Durango
  • ngwrru68w68
  • thenastyranch
  • magazineikmin
  • hgfsjryuu7
  • DreamBathrooms
  • Youngstown
  • slotface
  • vwfavf
  • PowerRangers
  • everett
  • kavyap
  • rosin
  • anitta
  • khanakhh
  • tacticalgear
  • InstantRegret
  • modclub
  • mdbf
  • ethstaker
  • osvaldo12
  • GTA5RPClips
  • cubers
  • tester
  • normalnudes
  • cisconetworking
  • provamag3
  • All magazines
    •