This concept works fine for the author's example of a kitchen scale, but fails when the device in question is something like a router that has secure boot with one key burned into e-fuses.
In that case we need both open software and a requirement that the manufacturer escrow signing keys with someone so that after EOL any software can be run.
The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
The actual proposal in this blog doesn’t make much sense. Having the specs of a device isn’t going to change much because they can be determined by anyone examining the PCB. Most devices don’t have a simple connection protocol, like the Spotify Car Thing used as an example.
Now for many products, nobody would spend the time needed to make it actually work, but for some it may be nice.
But I agree that it is more complicated than it seems, and realistically that would be on a case by case basis.
But I don't know if there is a pragmatic way to approach that. I mean, I could also say "it should be illegal to produce e-waste", but what does that mean and how do we actually do it?
Simple things like "if an electronic device, through no fault of the owner, can no longer perform it's main function, then the owner is due a full refund. A company may escape the refund by placing all software required to run the product in the public domain."
It'd miss cases like fly by night companies, but you could catch big players like google disabling their thermostats for non-hardware reasons.
It is if you buy carefully: I don't buy hardware that can't be used with linux or whatever I deem necessary. And then, there's the car...
Have you tried pointing an LLM agent at a decompiled apk? It could probably write you protocol docs for it.
If the company disappears... what happens to the devices and the cloud storage?
I've been really enjoying the product (it's really well done, the mobile app works perfectly well) but it's a scary thought.
I also found this Reddit thread [1] with some language from the company supposedly saying they would do their best to launch alternative tooling if they disappeared, but I can't find this language anywhere else online.
[0] https://news.ycombinator.com/item?id=45341781
[1] https://www.reddit.com/r/homeautomation/comments/1b8vei3/wha...
...although it could be "no more product support, talk to random people on github"
actually, don't know why there couldn't be legislative or tax support for these kinds of things.
What are you hoping for with tax support?
I love to see this future but knowing this, company would never do this