[HN Gopher] Fun with Logitech MX900 Bluetooth receivers (2006)
___________________________________________________________________
Fun with Logitech MX900 Bluetooth receivers (2006)
Author : userbinator
Score : 45 points
Date : 2024-11-14 11:05 UTC (8 days ago)
(HTM) web link (www.nynaeve.net)
(TXT) w3m dump (www.nynaeve.net)
| Elfener wrote:
| Why is there an 'A' after every sentence?
| grues-dinner wrote:
| The UTF8 encoding of a non-breaking space (U+00A0) is 0xC2
| 0xA0. If you decode as ISO-8859-1 or CP-1252, that is 0xC2 (A)
| and then NBSP (0xA0).
|
| So the content is supposed to have an NBSP between the
| sentences, was encoded as UTF8, but declared as ISO-8859-1 or
| similar at some stage in its history. The page seems now to
| declare UTF8, so it's presumably had the wrong decoding
| reencoded as UTF8.
| andrewshadura wrote:
| Because someone's messed up their encodings.A
| KnowtheRopes wrote:
| No offense, but an SSL certificate these days is a must, and not
| having one on your site is a big no-no. Sorry.
| KnowtheRopes wrote:
| I guess nobody cares this days about being safe and secure. :(
| bramblerose wrote:
| Which risk would TLS mitigate in this specific use case?
| ndsipa_pomu wrote:
| As with any http website, a malicious actor (e.g. someone in
| a coffee shop or an airport) could set up a plausible looking
| wifi service and then MITM the website and insert adverts or
| malware into the page.
|
| However, that has been discussed on many other topics that
| are directly to do with TLS/certificates etc. so I don't
| think it's worth bringing up (aimed at the OP) every time
| there's an HTTP linked.
| batch12 wrote:
| > I don't think it's worth bringing up (aimed at the OP)
| every time there's an HTTP linked.
|
| Maybe rewritten it could be viewed as a warning for those
| who care instead of a criticism.
| ndsipa_pomu wrote:
| I'd rather just have the browser warn me
| lxgr wrote:
| With HTTPS, the site author could still do all of that, no?
| So I'm not convinced this is really that big of a concern
| on an unknown website that I'm not entering any credentials
| or personal information on.
| dingnuts wrote:
| the SITE can do that when HTTPS is used, yes, but an
| unauthorized third party can inject stuff much more
| easily when it's plain HTTP. A little ARP poisoning and
| some mitmproxy and before you know it you're injecting
| malware or whatever
|
| Whether or not that matters when viewing this particular
| site is up for debate
| lxgr wrote:
| Yes - into the sandbox of this particular site (and
| limited to non-HTTPS-mandatory browser APIs at that).
|
| If that's a big threat vector, I feel like the much
| bigger risk would be visiting _malicious sites_ , not a
| local or ISP located attacker injecting stuff into
| benevolent-but-HTTP-only ones.
| ndsipa_pomu wrote:
| > limited to non-HTTPS-mandatory browser APIs at that
|
| Another trick that could easily be pulled by a malicious
| ISP/wifi provider is to insert a redirect into the HTTP
| page to go to an HTTPS site controlled by the attacker
| (presumably with some semi-related name so as to not seem
| suspicious to the user) and to then bypass non-HTTPS
| restrictions in the browser.
| ndsipa_pomu wrote:
| That's more of an issue with trusting any website,
| whereas TLS mitigates the risk of trusting a wifi
| provider or ISP. I also don't think it's much of a
| concern for old, infrequently used sites, but I wouldn't
| trust the competence of a modern website that didn't have
| a current SSL cert.
| yjftsjthsd-h wrote:
| https://doesmysiteneedhttps.com/
| freedomben wrote:
| It would be amazing if that site were served only over http
| lxgr wrote:
| For new pages, sure, but this is a post from 2006.
|
| The author is likely not updating it anymore, so you are
| effectively complaining to a group of people here that can do
| absolutely nothing about it.
| KomoD wrote:
| It's a blog from 2006-2010, I'm happy it's up at all.
| Mistletoe wrote:
| Is Ken Johnson still alive? I'm curious about how the blog is
| still up and why a programming type wouldn't fix the encoding
| errors.
| henriquecm8 wrote:
| I don't know if it's the same Ken Johnson, but I found a
| video about AppSec with a Ken Johnson that had his twitter
| profile in the description https://x.com/cktricky. Then I
| found this Ken Johnson LinkedIn page, and there's no
| mention of working at Microsoft, so it's probably not the
| same guy, and this other Ken Johnson looks much younger
| than I was expecting.
| mschuster91 wrote:
| > WIDCOMM bluetooth stack
|
| Oh that brings memories.
|
| Fun fact, Bluetooth is _still_ shit in Windows 10. A ham friend
| bought a TP-Link UB500 bluetooth stick to connect to some
| bluetooth-to-serial adapter for one of his radio... Windows
| recognized it, but refused to connect to the serial adapter. Only
| after installing dedicated drivers for the BT stick [1], it
| worked.
|
| It's mind-boggling that Windows _still_ doesn 't ship with a
| fully functioning native Bluetooth stack. Everything Bluetooth
| should be standardized _for decades_ now.
|
| [1] https://www.tp-link.com/de/support/download/ub500/v1/
| vel0city wrote:
| From what I've experienced, any Intel WiFi/BT adapter/BT stack
| just works out of the box on Windows. Any random USB adapter
| has a massive amount of variability. There's just so many
| different chipsets out there with tons of odd quirks.
| evoke4908 wrote:
| If all you're doing is pairing headphones, sure. Developing
| anything at all against the windows Bluetooth stack is abject
| misery. It's fundamentally broken. Many API calls are not
| implemented or just don't work. Several just return wrong
| data. Core features of Bluetooth like custom advertising data
| are simply not exposed in any way.
|
| My favorite: if your program is listening for devices in the
| background, the windows Bluetooth pairing menu breaks.
| Specifically the devices you're listening for will never show
| up about 50% of the time. If they do, it's likely that
| pairing will fail with no indication or reason.
|
| Additionally, windows 10 does not support simultaneous audio
| sink and source. You absolutely cannot ever have your phone
| stream audio to your computer and then the computer pipe it
| back out to your BT headphones. I'm not sure if windows
| actually supports audio sink at all apart from HFP (phone
| call audio). Windows 7 supported this. All linuxes also have
| had this for over a decade.
|
| At work, Microsoft forcibly updated one of our testing
| machines to W11, and there was nothing at all I could do to
| make it see our BT device. They are completely bog standard
| SPP serial devices using BT classic/EDR. Both of which have
| been a standard part of the BT spec since before W10 was even
| considered.
|
| Windows' Bluetooth stack is an atrocity and an embarrassment.
| It's outrageously broken and incomplete. It is hands down, no
| contest the single worst Bluetooth implementation of any OS
| since windows 7. When _linux_ has better Bluetooth than you,
| you 've really fucked up.
| kogir wrote:
| I really miss the feature of CSR devices that allowed keyboard
| and mouse use before OS boot, and wish any modern Bluetooth
| receiver was capable of it. Is it a patent issue?
| kadoban wrote:
| Mostly it's a cost/ease thing. For the device to work correctly
| with no OS, the hardware inside has to be powerful enough to
| run all of the logic itself and it has to be coded up to do
| that.
|
| If you wait until the OS is up, the device itself can offload a
| good amount of logic and processing to the device driver.
|
| My bet would be that the main reason is that it's easier to
| find programmers who can write complex device drivers than it
| is to find ones who can write complex embedded firmware, and
| it's quicker/easier in general to write device drivers than
| firmware.
|
| That and just 99% of people will never notice that it doesn't
| work outside of the OS, and of the rest, 99% will only be
| vaguely annoyed but not change brands over that.
| nucleardog wrote:
| Probably just a "it's hard for little pay-off" issue.
|
| To use a bluetooth keyboard from the stage of "Press F10 to
| Enter Setup" we need the firmware (whether BT host, mainboard,
| or something else) to have a full bluetooth stack, some way to
| manage pairing/unpairing devices, and a bunch of other stuff.
|
| If we do this outside the BT host, we probably need changes to
| the operating systems at least to handle how we're going to
| hand-off the state of the bluetooth stack when the OS takes
| control. Unless we want to _separately_ manage
| pairing/unpairing in the firmware, we would probably want some
| way to expose that to the operating system to be able to push
| its paired devices down.
|
| And then it's probably still not super useful unless we
| substantially lengthen the prompt time because the time for you
| to turn the keyboard on, coax it into connecting, and hit the
| button is gonna probably have the OS booted already.
|
| If you want this today just don't use bluetooth. Get one of the
| devices that uses "2.4GHz" or uses "Bluetooth + 2.4GHz" and
| shove a dongle in there. The keyboard/mouse will appear as a
| normal USB-connected device and you can use them how you want.
| AnotherGoodName wrote:
| FWIW EFI bioses absolutely can support Bluetooth which is
| unsurprising since EFI is a full fledged OS in its own right.
|
| You still need to check if your motherboard supports Bluetooth
| at boot but many do.
| evoke4908 wrote:
| I don't think the other comments in this thread are at all
| correct. This is _not_ a hard problem to solve and these
| comments vastly overcomplicate it.
|
| You need two things: 1) a processor which can present HID
| devices OR a Bluetooth adapter depending on the presence of 2)
| a driver which can inform the adapter when it should be in BT
| mode instead of the default HID and which can configure the
| firmware to auto-connect to which devices in HID mode.
|
| The first is easy and effecively free. The USB stack is
| (usually) implemented in firmware which makes it trivial to
| present as different device classes.
|
| My guess is the problem comes down to drivers. It is difficult
| and quite expensive to have a custom driver upstreamed to
| Windows Update. You can't do this without a custom driver or
| userland software. On the other hand, if you simply present as
| a generic BT adapter, windows has a generic driver that will
| (usually) always work and is always installed.
|
| The benefit of this feature is miniscule and there probably is
| not enough demand to make it worthwhile for CSR to sell their
| soul to Microsoft to have their driver blessed.
|
| In this day and age, almost nobody ships a custom driver for
| _anything_. You just use the generic drivers Windows already
| has for all standard device types.
| Groxx wrote:
| These do essentially exist in dongle form, though you'd need
| some kind of driver support to get rid of the physical
| pairing button: https://handheldsci.com/kb/
| duffyjp wrote:
| I had the MX900. I used it with my 15" Powerbook G4. It was
| wonderful. Over time however the connection got worse and worse
| to the point it was basically non-functional. I assume it was the
| proliferation of 2.4ghz wifi and the early bluetooth being unable
| to cope.
| Groxx wrote:
| Another possibility: USB-3 proliferation and inadequate
| shielding. Many 3 devices spew so much 2.4ghz noise that it
| interferes with wifi, much less lower power protocols.
|
| Unless you mean it degraded on the same device.
___________________________________________________________________
(page generated 2024-11-22 23:01 UTC)