Sign up to save your podcasts
Or
Share #006: Pebble’s Code is Free: Three Former Pebble Engineers Discuss Why It's Important (PART 2/2)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#006: Pebble’s Code is Free: Three Former Pebble Engineers Discuss Why It's Important (PART 2/2)
In today’s Coredump Session, the team reunites to unpack the behind-the-scenes lessons from their time building firmware at Pebble. This episode dives into the risks, decisions, and sheer grit behind a near-disastrous OTA update—and the ingenious hack that saved a million smartwatches. It’s a candid look at the intersection of rapid development, firmware stability, and real-world consequences.
Key Takeaways:
- Pebble’s open approach to developer access often came at the cost of security best practices, reflecting early startup trade-offs.
- A critical OTA update bug almost bricked Pebble devices—but the team recovered using a clever BLE-based stack hack.
- Lack of formal security measures at the time (e.g., unsigned firmware) unintentionally enabled recovery from a serious update failure.
- Static analysis and test automation became top priorities following the OTA scare to prevent repeat incidents.
- The story reveals how firmware constraints (like code size and inline functions) can lead to high-stakes bugs.
- Investing in robust release processes—including version-to-version OTA testing—proved vital.
- Real security risks included impersonation on e-commerce platforms and potential ransom via malicious OTA compromise.
- The importance of "hiring your hackers" was humorously noted as a de facto security strategy.
Chapters:
00:00 Episode Teasers & Welcome
01:22 Why Pebble’s Firmware Was Open (and Unsigned)
05:01 The Security Tradeoffs That Enabled Speed
11:00 The OTA Bug That Could Have Bricked Everything
15:26 Hacking Our Way Out with BLE Stack Overflow
17:47 Lessons Learned: Test Automation & Static Analysis
26:30 How Pebble Built a Developer Ecosystem
29:56 CloudPebble, Watchface Generator & Developer Tools
42:55 Backporting Pebble 3.0 to Legacy Hardware
49:02 The Bootloader Rewrite & Other Wild Optimizations
53:31 Simulators, Robot Arms & Debugging in CI56:40 Firmware Signing, Anti-Rollback & Secure Update
1:06:10 Coding in Rust? What We’d Do Differently Today
1:08:28 Where to Start with Open Source Pebble Development
Join the Interrupt Slack
Watch this episode on YouTube
Follow Memfault
- LinkedIn
- Bluesky
- Twitter
Other ways to listen:
Apple Podcasts
iHeartRadio
Amazon Music
GoodPods
Castbox
Visit our website
View all episodes
By MemfaultIn today’s Coredump Session, the team reunites to unpack the behind-the-scenes lessons from their time building firmware at Pebble. This episode dives into the risks, decisions, and sheer grit behind a near-disastrous OTA update—and the ingenious hack that saved a million smartwatches. It’s a candid look at the intersection of rapid development, firmware stability, and real-world consequences.
Key Takeaways:
- Pebble’s open approach to developer access often came at the cost of security best practices, reflecting early startup trade-offs.
- A critical OTA update bug almost bricked Pebble devices—but the team recovered using a clever BLE-based stack hack.
- Lack of formal security measures at the time (e.g., unsigned firmware) unintentionally enabled recovery from a serious update failure.
- Static analysis and test automation became top priorities following the OTA scare to prevent repeat incidents.
- The story reveals how firmware constraints (like code size and inline functions) can lead to high-stakes bugs.
- Investing in robust release processes—including version-to-version OTA testing—proved vital.
- Real security risks included impersonation on e-commerce platforms and potential ransom via malicious OTA compromise.
- The importance of "hiring your hackers" was humorously noted as a de facto security strategy.
Chapters:
00:00 Episode Teasers & Welcome
01:22 Why Pebble’s Firmware Was Open (and Unsigned)
05:01 The Security Tradeoffs That Enabled Speed
11:00 The OTA Bug That Could Have Bricked Everything
15:26 Hacking Our Way Out with BLE Stack Overflow
17:47 Lessons Learned: Test Automation & Static Analysis
26:30 How Pebble Built a Developer Ecosystem
29:56 CloudPebble, Watchface Generator & Developer Tools
42:55 Backporting Pebble 3.0 to Legacy Hardware
49:02 The Bootloader Rewrite & Other Wild Optimizations
53:31 Simulators, Robot Arms & Debugging in CI56:40 Firmware Signing, Anti-Rollback & Secure Update
1:06:10 Coding in Rust? What We’d Do Differently Today
1:08:28 Where to Start with Open Source Pebble Development
Join the Interrupt Slack
Watch this episode on YouTube
Follow Memfault
- LinkedIn
- Bluesky
- Twitter
Other ways to listen:
Apple Podcasts
iHeartRadio
Amazon Music
GoodPods
Castbox
Visit our website