I actually think this is a great idea. Not even for "Open Source".
Can you imagine if UBNT had to open source its EOL boot chain, so that Cambium was legally entitled to roll its firmware for old Unifi kit? And Vice Versa?
The result might not be "Old hardware supported by the community" the result might be "Eternal product updates so we can legally prevent Cambium from taking our customers"
Open source isn’t going to happen on any real scale, because pretty much any non-trivial commercial product is going to have a ton of third party IP that the manufacturer has no right to give you.
What manufacturers should be required to do, at a minimum, is remove any impediment to you running whatever alternative software you choose.
I totally agree with the frustration of having hardware I would like to keep using but can't because it got EOL. Like a smart speaker or something.
But I don't know if there is a pragmatic way to approach that. I mean, I could also say "it should be illegal to produce e-waste", but what does that mean and how do we actually do it?
If you aren't looking at capturing 100% ewaste, then simple laws around liability and penalties for reduced functionality is all you'd need.
Simple things like "if an electronic device, through no fault of the owner, can no longer perform it's main function, then the owner is due a full refund. A company may escape the refund by placing all software required to run the product in the public domain."
It'd miss cases like fly by night companies, but you could catch big players like google disabling their thermostats for non-hardware reasons.
The only thing you'd achieve doing that is to change the "main function" of a device to somethings silly, like a thermostat being sold as an art decor with the optional additional of functioning as a thermostat too.
Given that Microsoft currently intends to productize Windows users' data to build AI that replaces their users' jobs, it seems reasonable to cannibalize those long-term objectives...
> What I am asking for: publish a basic GitHub repo with the hardware specs and connection protocols. Let the community build their own apps on top of it.
This concept works fine for the author's example of a kitchen scale, but fails when the device in question is something like a router that has secure boot with one key burned into e-fuses.
In that case we need both open software and a requirement that the manufacturer escrow signing keys with someone so that after EOL any software can be run.
Forcing the release of signing keys would be a security disaster. The first person to grab the expired domain for the auto update server for a IoT device now gets a free botnet.
The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
> Forcing the release of signing keys would be a security disaster.
Have you seen the state of embedded device security? It is already an unmitigated disaster.
> Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
Yes, it is what I want. I am perfectly aware of the potential downsides and what I am proposing is worth it. In our current era of enshittification, vendor pinky promises to implement a user-bypass in their signed boot chain is not good enough. Look at the Other OS controversy on the PS3 if you want an example of this in practice.
> The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
The vendor has implemented an internal pad on the laser-welded, weather sealed, IP-rated smart watch that must be shorted to disable secure boot. Opening the device to access this will essentially destroy it, but we preserved the vendor's secure boot signing keys so missioned accomplished!
This is very much not an option on most embedded devices. They allow one key to be burned once.
IIRC, a certain Marvell SoC datasheet says multiple key slots are supported, but the boot ROM only supports reading the first entry (so really, only one key is supported).
> Now, I'm not asking companies to open-source their entire codebase. That's unrealistic when an app is tied to a larger platform. What I am asking for: publish a basic GitHub repo with the hardware specs and connection protocols. Let the community build their own apps on top of it.
The actual proposal in this blog doesn’t make much sense. Having the specs of a device isn’t going to change much because they can be determined by anyone examining the PCB. Most devices don’t have a simple connection protocol, like the Spotify Car Thing used as an example.
I understand the idea as "provide what is necessary for someone to reuse the hardware". Just the bare minimum, like how to flash a firmware and a minimal firmware.
Now for many products, nobody would spend the time needed to make it actually work, but for some it may be nice.
But I agree that it is more complicated than it seems, and realistically that would be on a case by case basis.
Honestly between the ability to flash firmware, interface specs, and maybe PCB schematics that should be enough to use an old device for a motivated individual.
My personal pet example of this is old cameras, lenses, and digital backs. Plenty of great hardware out there that currently requires very extensive reverse engineering to use that would be made a lot easier with firmware & schematics.
Most systems now "fail closed" because they are based on a code signing chain of trust that has no exceptions. It would be better if some portion of these systems were made to "fail open" - you don't want a botnet to take over in this situation but you should be able to delegate code signing duties to a new party when the original one goes under or stops supporting a device.
In my experience, whenever you mandate open source software, you get software so unusable that it might as well be closed-source. Like, it doesn't compile, and they ignore all bug reports.
Dumping responsibility on "the community" could backfire in a big way. It sounds good at small scale but it becomes a form of entitlement if the whole industry does it.
It’s pointless anyway because there is always someone in the community who comes along and rips out support for old hardware. Because, you know, EOL, doesn’t matter that it’s a stationary target.
One great example/case for this would be Aura Frames (recommended to me by a few folks here when I posted an Ask HN) [0]
If the company disappears... what happens to the devices and the cloud storage?
I've been really enjoying the product (it's really well done, the mobile app works perfectly well) but it's a scary thought.
I also found this Reddit thread [1] with some language from the company supposedly saying they would do their best to launch alternative tooling if they disappeared, but I can't find this language anywhere else online.
I have had an itch to disect an Aura frame and do something akin to the Tonie Box jailbreak. But I am too afraid of being responsible for bricking our frame and I can't justify spending the money on one just for R&D.
> And here's the thing: with vibe-coding making development more accessible than ever, this isn't just for hardcore developers anymore. Regular users can actually tinker with this stuff now.
Have you tried pointing an LLM agent at a decompiled apk? It could probably write you protocol docs for it.
Dear EU Santa, please force Meta to open source the Facebook Portal as well so I can repurpose relatively decent hardware for something useful and fun, rather than e-waste.
if EOL hardware become open source and community can support it then community would extend that EOL product and making it extensively harder for older customer to buy new product
I love to see this future but knowing this, company would never do this
I actually think this is a great idea. Not even for "Open Source".
Can you imagine if UBNT had to open source its EOL boot chain, so that Cambium was legally entitled to roll its firmware for old Unifi kit? And Vice Versa?
The result might not be "Old hardware supported by the community" the result might be "Eternal product updates so we can legally prevent Cambium from taking our customers"
Open source isn’t going to happen on any real scale, because pretty much any non-trivial commercial product is going to have a ton of third party IP that the manufacturer has no right to give you.
What manufacturers should be required to do, at a minimum, is remove any impediment to you running whatever alternative software you choose.
I totally agree with the frustration of having hardware I would like to keep using but can't because it got EOL. Like a smart speaker or something.
But I don't know if there is a pragmatic way to approach that. I mean, I could also say "it should be illegal to produce e-waste", but what does that mean and how do we actually do it?
If you aren't looking at capturing 100% ewaste, then simple laws around liability and penalties for reduced functionality is all you'd need.
Simple things like "if an electronic device, through no fault of the owner, can no longer perform it's main function, then the owner is due a full refund. A company may escape the refund by placing all software required to run the product in the public domain."
It'd miss cases like fly by night companies, but you could catch big players like google disabling their thermostats for non-hardware reasons.
The only thing you'd achieve doing that is to change the "main function" of a device to somethings silly, like a thermostat being sold as an art decor with the optional additional of functioning as a thermostat too.
Where does it end, should EOL windows be open sourced because some software/games/hardware do not work on newer windows versions?
Open source windows 10 would cannibalise Microsoft’s long term objectives.
Given that Microsoft currently intends to productize Windows users' data to build AI that replaces their users' jobs, it seems reasonable to cannibalize those long-term objectives...
If that's one way to get to Microsoft abusive planned obsolescence and absurd e-waste, I take it
> What I am asking for: publish a basic GitHub repo with the hardware specs and connection protocols. Let the community build their own apps on top of it.
This concept works fine for the author's example of a kitchen scale, but fails when the device in question is something like a router that has secure boot with one key burned into e-fuses.
In that case we need both open software and a requirement that the manufacturer escrow signing keys with someone so that after EOL any software can be run.
Forcing the release of signing keys would be a security disaster. The first person to grab the expired domain for the auto update server for a IoT device now gets a free botnet.
The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
> Forcing the release of signing keys would be a security disaster.
Have you seen the state of embedded device security? It is already an unmitigated disaster.
> Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
Yes, it is what I want. I am perfectly aware of the potential downsides and what I am proposing is worth it. In our current era of enshittification, vendor pinky promises to implement a user-bypass in their signed boot chain is not good enough. Look at the Other OS controversy on the PS3 if you want an example of this in practice.
> The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
The vendor has implemented an internal pad on the laser-welded, weather sealed, IP-rated smart watch that must be shorted to disable secure boot. Opening the device to access this will essentially destroy it, but we preserved the vendor's secure boot signing keys so missioned accomplished!
The OTA firmware update keys ideally shouldn't be the same as the secure boot keys.
How about just allowing key enrollment with a physical button?
This is very much not an option on most embedded devices. They allow one key to be burned once.
IIRC, a certain Marvell SoC datasheet says multiple key slots are supported, but the boot ROM only supports reading the first entry (so really, only one key is supported).
> Now, I'm not asking companies to open-source their entire codebase. That's unrealistic when an app is tied to a larger platform. What I am asking for: publish a basic GitHub repo with the hardware specs and connection protocols. Let the community build their own apps on top of it.
The actual proposal in this blog doesn’t make much sense. Having the specs of a device isn’t going to change much because they can be determined by anyone examining the PCB. Most devices don’t have a simple connection protocol, like the Spotify Car Thing used as an example.
I understand the idea as "provide what is necessary for someone to reuse the hardware". Just the bare minimum, like how to flash a firmware and a minimal firmware.
Now for many products, nobody would spend the time needed to make it actually work, but for some it may be nice.
But I agree that it is more complicated than it seems, and realistically that would be on a case by case basis.
Honestly between the ability to flash firmware, interface specs, and maybe PCB schematics that should be enough to use an old device for a motivated individual.
My personal pet example of this is old cameras, lenses, and digital backs. Plenty of great hardware out there that currently requires very extensive reverse engineering to use that would be made a lot easier with firmware & schematics.
Most systems now "fail closed" because they are based on a code signing chain of trust that has no exceptions. It would be better if some portion of these systems were made to "fail open" - you don't want a botnet to take over in this situation but you should be able to delegate code signing duties to a new party when the original one goes under or stops supporting a device.
In my experience, whenever you mandate open source software, you get software so unusable that it might as well be closed-source. Like, it doesn't compile, and they ignore all bug reports.
"EOL hardware should mean open-source software"
It is if you buy carefully: I don't buy hardware that can't be used with linux or whatever I deem necessary. And then, there's the car...
Dumping responsibility on "the community" could backfire in a big way. It sounds good at small scale but it becomes a form of entitlement if the whole industry does it.
It’s pointless anyway because there is always someone in the community who comes along and rips out support for old hardware. Because, you know, EOL, doesn’t matter that it’s a stationary target.
One great example/case for this would be Aura Frames (recommended to me by a few folks here when I posted an Ask HN) [0]
If the company disappears... what happens to the devices and the cloud storage?
I've been really enjoying the product (it's really well done, the mobile app works perfectly well) but it's a scary thought.
I also found this Reddit thread [1] with some language from the company supposedly saying they would do their best to launch alternative tooling if they disappeared, but I can't find this language anywhere else online.
[0] https://news.ycombinator.com/item?id=45341781
[1] https://www.reddit.com/r/homeautomation/comments/1b8vei3/wha...
I have had an itch to disect an Aura frame and do something akin to the Tonie Box jailbreak. But I am too afraid of being responsible for bricking our frame and I can't justify spending the money on one just for R&D.
If you’re confident that you can reverse it, happy to throw $50 at this. It would be extremely great if you did this.
Anybody else want to crowdfund? :)
P.s. if you end up absolutely bricking it, but at least get one great blog post out of it, it’s still worth it ha
> And here's the thing: with vibe-coding making development more accessible than ever, this isn't just for hardcore developers anymore. Regular users can actually tinker with this stuff now.
Have you tried pointing an LLM agent at a decompiled apk? It could probably write you protocol docs for it.
Dear EU Santa, please force Meta to open source the Facebook Portal as well so I can repurpose relatively decent hardware for something useful and fun, rather than e-waste.
This is where I hope EU do their magic
I think bose did a wise thing with their speakers. Turns "company makes my purchase worthless" to "my purchase now has open source software".
...although it could be "no more product support, talk to random people on github"
actually, don't know why there couldn't be legislative or tax support for these kinds of things.
> tax support for these kinds of things
What are you hoping for with tax support?
write-off product if open sourced, or make it charitable or ...
nevermind, government rarely does this right.
Is there an RSS feed?
if EOL hardware become open source and community can support it then community would extend that EOL product and making it extensively harder for older customer to buy new product
I love to see this future but knowing this, company would never do this