#006: Pebble’s Code is Free: Three Former Pebble Engineers Discuss Why It's Important (PART 2/2)

In today’s Coredump Session, the team reunites to unpack the behind-the-scenes lessons from their time building firmware at Pebble. This episode dives into the risks, decisions, and sheer grit behind a near-disastrous OTA update—and the ingenious hack that saved a million smartwatches. It’s a candid look at the intersection of rapid development, firmware stability, and real-world consequences.Key Takeaways:Pebble’s open approach to developer access often came at the cost of security best practices, reflecting early startup trade-offs.A critical OTA update bug almost bricked Pebble devices—but the team recovered using a clever BLE-based stack hack.Lack of formal security measures at the time (e.g., unsigned firmware) unintentionally enabled recovery from a serious update failure.Static analysis and test automation became top priorities following the OTA scare to prevent repeat incidents.The story reveals how firmware constraints (like code size and inline functions) can lead to high-stakes bugs.Investing in robust release processes—including version-to-version OTA testing—proved vital.Real security risks included impersonation on e-commerce platforms and potential ransom via malicious OTA compromise.The importance of "hiring your hackers" was humorously noted as a de facto security strategy.Chapters:00:00 Episode Teasers & Welcome01:22 Why Pebble’s Firmware Was Open (and Unsigned)05:01 The Security Tradeoffs That Enabled Speed11:00 The OTA Bug That Could Have Bricked Everything15:26 Hacking Our Way Out with BLE Stack Overflow17:47 Lessons Learned: Test Automation & Static Analysis26:30 How Pebble Built a Developer Ecosystem29:56 CloudPebble, Watchface Generator & Developer Tools42:55 Backporting Pebble 3.0 to Legacy Hardware49:02 The Bootloader Rewrite & Other Wild Optimizations53:31 Simulators, Robot Arms & Debugging in CI56:40 Firmware Signing, Anti-Rollback & Secure Update1:06:10 Coding in Rust? What We’d Do Differently Today1:08:28 Where to Start with Open Source Pebble Development⁠⁠Join the Interrupt SlackWatch this episode on YouTube⁠Suggest a Guest⁠⁠⁠Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

There are no comments yet.

Please log in to write the first comment.