I just wanted to shout out TRMNL.
They have an interesting product, and they’re trying to build a business that includes a lot of open source aspects.
The device that they sell is proprietary, but it’s also just an ESP32, screen, enclosure, and battery, with a custom PCB for convenience. They plan to add instructions to build your own device, and their firmware is open source under a GPLv3 license.
By default, their device connects to their servers, and they have a slick web configuration tool for people who don’t care about having smart devices call home, but you can easily modify the firmware to connect to your own self-hosted server instead. As of this evening, both the Phoenix and Sinatra server implementations are open source under an MIT license after I pointed out that they had no license in an issue, and they pretty much immediately updated the repositories.
There are two other repositories that they have not added a license to, but given their swift response, I’ll give them the benefit of the doubt, and I would expect them to be updated shortly.
They have not shared all of the plugins that are available on their hosted service for use on a self-hosted instance, but a few are available for use and there are many plugins made by others available as well!
As soon as they update those last two repositories, I plan to pre-order one (unlike the conceptually cool VU Dials who’s creators still have not added a license even after being called out by the co-creator of Rocky Linux).
This is very similar to what Home Assistant offers as a paid service. I don’t see this complaint thrown at them, though. Also, any system that uses authentication has “a built in way to lock it down”.
No, with home assistant they have a cloud server that has additional functionality that you can use or not. Home Assistant doesn’t restrict access to the software on device it’s running on.
With this, the device itself will not allow you to access its API endpoints without having a key that you need to purchase. And though they say it’s a one time purchase, who’s to stop them from releasing a critical security patch that invalidates the keys, even accidentally, or includes making the keys a monthly subscription going forward. Or what happens if that key gets exposed and you need them to generate a new one? Do you need to pay for that or is the device permanently compromised unless you build your own custom firmware?
You’re allowed to modify the firmware to use a self hosted server for that functionality without violating the license, which is better than nothing, but then it’s up to you to maintain your fork of the firmware. Why not just only require the key if you’re connecting to their server and allow you to select your own server without needing to modify and maintain a fork of the firmware?