This concept works fine for the author's example of a kitchen scale, but fails when the device in question is something like a router that has secure boot with one key burned into e-fuses.
In that case we need both open software and a requirement that the manufacturer escrow signing keys with someone so that after EOL any software can be run.
The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
Have you seen the state of embedded device security? It is already an unmitigated disaster.
Since you bring up botnets, there are far more exploited security vulnerabilities because a vendor EOLed support (or went bankrupt) and their firmware contained bugs that cannot be fixed because a signed firmware is required, or the source code was not provided than because their signing keys were leaked and someone is distributing malicious updates.
> Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
Yes, it is what I want. I am perfectly aware of the potential downsides and what I am proposing is worth it. The product is already EOL. In our current era of enshittification, vendor pinky promises to implement a user-bypass in their signed boot chain is not good enough. Look at the Other OS controversy on the PS3 if you want an example of this in practice, or Samsung removing bootloader unlocking in their One UI 8.0 update.
> The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
The vendor has implemented an internal pad on the laser-welded, weather sealed, IP-rated smart watch that must be shorted to disable secure boot. Opening the device to access this will essentially destroy it, but we preserved the vendor's secure boot signing keys so missioned accomplished!
IIRC, a certain Marvell SoC datasheet says multiple key slots are supported, but the boot ROM only supports reading the first entry (so really, only one key is supported).
But I don't know if there is a pragmatic way to approach that. I mean, I could also say "it should be illegal to produce e-waste", but what does that mean and how do we actually do it?
Simple things like "if an electronic device, through no fault of the owner, can no longer perform it's main function, then the owner is due a full refund. A company may escape the refund by placing all software required to run the product in the public domain."
It'd miss cases like fly by night companies, but you could catch big players like google disabling their thermostats for non-hardware reasons.
that seems like it can be addressed by making sure that the regulators who enforce these laws have more object permanence than a 6 month old baby.
like, if I try to sell a "metal sculpture" that by sheer coincidence is capable of firing 9mm ammunition, I'm going to have the ATF knocking on my door real quick, and they're not going to be fooled by me claiming "no that's art"
Open source windows 10 would cannibalise Microsoft’s long term objectives.
The actual proposal in this blog doesn’t make much sense. Having the specs of a device isn’t going to change much because they can be determined by anyone examining the PCB. Most devices don’t have a simple connection protocol, like the Spotify Car Thing used as an example.
Now for many products, nobody would spend the time needed to make it actually work, but for some it may be nice.
But I agree that it is more complicated than it seems, and realistically that would be on a case by case basis.
My personal pet example of this is old cameras, lenses, and digital backs. Plenty of great hardware out there that currently requires very extensive reverse engineering to use that would be made a lot easier with firmware & schematics.
Can you imagine if UBNT had to open source its EOL boot chain, so that Cambium was legally entitled to roll its firmware for old Unifi kit? And Vice Versa?
The result might not be "Old hardware supported by the community" the result might be "Eternal product updates so we can legally prevent Cambium from taking our customers"
Ideally we should just be designing products so they don't have external dependencies. A smart speaker should be able to stream over the local network on a standard protocol which doesn't rely on an external server existing. A lightbulb should be able to be paired using a generic standard without running through the OEMs servers.
Thankfully for some devices this does seem to be the trend. Matter over Thread smart devices are not dependent on proprietary hubs, apps, or external servers.
What manufacturers should be required to do, at a minimum, is remove any impediment to you running whatever alternative software you choose.
If the company disappears... what happens to the devices and the cloud storage?
I've been really enjoying the product (it's really well done, the mobile app works perfectly well) but it's a scary thought.
I also found this Reddit thread [1] with some language from the company supposedly saying they would do their best to launch alternative tooling if they disappeared, but I can't find this language anywhere else online.
[0] https://news.ycombinator.com/item?id=45341781
[1] https://www.reddit.com/r/homeautomation/comments/1b8vei3/wha...
Anybody else want to crowdfund? :)
P.s. if you end up absolutely bricking it, but at least get one great blog post out of it, it’s still worth it ha
That might actually be good for security. If APIs must be public, proper cloud security becomes necessary (rather than relying on obscurity).
The economics of leasing vs buying are well understood by the general public. Allow them to make an honest decision at the time of purchase.
This isn't even the case: generally leased things have to work for some defined period of time ("the least period").
I also think a distinction should be drawn between things bricked because they require a server connection, vs devices bricked because the rightful owner has chosen to do so because they have been stolen.
Mediatek devices are beyond hope, but some could be saved this way that are otherwise trash.
It is if you buy carefully: I don't buy hardware that can't be used with linux or whatever I deem necessary. And then, there's the car...
Have you tried pointing an LLM agent at a decompiled apk? It could probably write you protocol docs for it.
...although it could be "no more product support, talk to random people on github"
actually, don't know why there couldn't be legislative or tax support for these kinds of things.
I'd be fine if manufacturers had to have some kind of standard "nutrition facts" label of what will happen to its functionality if support is ended.
In simple terms, if a company has a continuum of products of a certain category over time, the designs (hardware, software, manufacturing, testing, etc.) are typically evolutionary in nature.
This means that product B inherits from product A, C from B, etc. When product C goes to market, A and B might be EOL. Open sourcing anything related to product C means relinquishing their intellectual property.
Nobody in their right mind would do that unless a unique set of conditions are in place to have that make sense. In general terms, this does not happen.
I love to see this future but knowing this, company would never do this