I just wanted to shout out TRMNL.
They have an interesting product, and they’re trying to build a business that includes a lot of open source aspects.
The device that they sell is proprietary, but it’s also just an ESP32, screen, enclosure, and battery, with a custom PCB for convenience. They plan to add instructions to build your own device, and their firmware is open source under a GPLv3 license.
By default, their device connects to their servers, and they have a slick web configuration tool for people who don’t care about having smart devices call home, but you can easily modify the firmware to connect to your own self-hosted server instead. As of this evening, both the Phoenix and Sinatra server implementations are open source under an MIT license after I pointed out that they had no license in an issue, and they pretty much immediately updated the repositories.
There are two other repositories that they have not added a license to, but given their swift response, I’ll give them the benefit of the doubt, and I would expect them to be updated shortly.
They have not shared all of the plugins that are available on their hosted service for use on a self-hosted instance, but a few are available for use and there are many plugins made by others available as well!
As soon as they update those last two repositories, I plan to pre-order one (unlike the conceptually cool VU Dials who’s creators still have not added a license even after being called out by the co-creator of Rocky Linux).
$20 to unlock the API killed it for me. If it has a built in way yo lock it down, it’s not an open platform and is a great way for bugs to brick a device.
Charging a one time fee for the API seems like a decent way to ensure continued operation.
But if you don’t like it, you can run your own server
Problem for me is that there is some kind of restriction on accessing the device’s API at all and you pay extra for the key that will get created when you unlock it. This may mean that some kind of lock is in place on the device that has to have a key for it created. Even if they give you a key, what happens if an update removes that key’s validity, even unintentionally. I’ve had this happen with products in the past. A bug will restrict access to things or worst case, will totally brick the device because the lock is stuck in place.
Not saying this device has that problem, but the concept of a lock existing means it could intentionally for profit, maliciously by hacking, or unintentionally end up locked later, so I’m just against the concept in the first place. It’s a potential point of failure for no good reason but profit on a device that is supposed to be open. I’d happily accept if they changed a little extra for a device that had no lock at all. Just I don’t want a device with a lock on it.
Also, I’m not sure how having my own server helps here, in fact that’s my plan in the first place as I want to get the thing to interface with my own internal systems. Maybe I’m misunderstanding the implementation, but my understanding from the very brief information available is that you get on your device, connect to their server to pay a fee, and then a key is created for you and then you can access the endpoints running on the device either through the server or directly with REST calls. The alternative is to teardown the device and build your own custom firmware that uses different authentication mechanisms. I don’t really have the interest to mod the firmware and then have to maintain a fork for getting official updates. I just want to be able to be able to interface any servers I have with the device as I choose.
Checked the site quickly and didn’t find the information, but judging by the top-level comment, they don’t charge you if you want to use their cloud service, but if you want to “unlock” the ability to use someone else’s.
not quite.
If you buy their device, the cost to use their service is built-in to the cost of the device, so you get access to their service and all of the 3rd-party plugins at no extra charge.
If you would like to write your own plugins for their service, or access their service on one of their devices, but with custom firmware, you need to pay $20 one time for an API key to get access that is more flexible than the limited way the stock firmware communicates with their service.
From looking at the source code of the firmware, it seems like you can extract the “API key” that gets generated by your device with the stock firmware and would technically be able to hardcode that in custom firmware, but I don’t know if that gives the same level of access as the official API key that you pay for or if it against any TOS or anything.
If you are hosting a server yourself or are accessing a different server, you can very easily flash custom firmware that changes the target server, and there is no charge for that from TRMNL. The $20 is to pay for extra API calls to their servers over the lifetime of the device than what they accounted for in the purchase price.
In their documentation, they also briefly mention a recurring charge for API access if you want to use a DIY device with their hosted service, but I didn’t see any mention of that anywhere else as the documentation for DIY devices is yet to be fleshed out.
This is very similar to what Home Assistant offers as a paid service. I don’t see this complaint thrown at them, though. Also, any system that uses authentication has “a built in way to lock it down”.
No, with home assistant they have a cloud server that has additional functionality that you can use or not. Home Assistant doesn’t restrict access to the software on device it’s running on.
With this, the device itself will not allow you to access its API endpoints without having a key that you need to purchase. And though they say it’s a one time purchase, who’s to stop them from releasing a critical security patch that invalidates the keys, even accidentally, or includes making the keys a monthly subscription going forward. Or what happens if that key gets exposed and you need them to generate a new one? Do you need to pay for that or is the device permanently compromised unless you build your own custom firmware?
You’re allowed to modify the firmware to use a self hosted server for that functionality without violating the license, which is better than nothing, but then it’s up to you to maintain your fork of the firmware. Why not just only require the key if you’re connecting to their server and allow you to select your own server without needing to modify and maintain a fork of the firmware?
Damn. I would really love one of these, to show off books, show my daily tasks, etc. Really unfortunate its locked down.
Most apps stated in their website if not all are closed source