#006: Pebble’s Code Is Free: Three Former Pebble Engineers Discuss Why It's Important (PART 2/2) Coredump Sessions podcast

#006: Pebble’s Code is Free: Three Former Pebble Engineers Discuss Why It's Important (PART 2/2)

5M ago 1:13:19

Content provided by Memfault. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Memfault or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

In today’s Coredump Session, the team reunites to unpack the behind-the-scenes lessons from their time building firmware at Pebble. This episode dives into the risks, decisions, and sheer grit behind a near-disastrous OTA update—and the ingenious hack that saved a million smartwatches. It’s a candid look at the intersection of rapid development, firmware stability, and real-world consequences.

Key Takeaways:

Pebble’s open approach to developer access often came at the cost of security best practices, reflecting early startup trade-offs.
A critical OTA update bug almost bricked Pebble devices—but the team recovered using a clever BLE-based stack hack.
Lack of formal security measures at the time (e.g., unsigned firmware) unintentionally enabled recovery from a serious update failure.
Static analysis and test automation became top priorities following the OTA scare to prevent repeat incidents.
The story reveals how firmware constraints (like code size and inline functions) can lead to high-stakes bugs.
Investing in robust release processes—including version-to-version OTA testing—proved vital.
Real security risks included impersonation on e-commerce platforms and potential ransom via malicious OTA compromise.
The importance of "hiring your hackers" was humorously noted as a de facto security strategy.

Chapters:

00:00 Episode Teasers & Welcome

01:22 Why Pebble’s Firmware Was Open (and Unsigned)

05:01 The Security Tradeoffs That Enabled Speed

11:00 The OTA Bug That Could Have Bricked Everything

15:26 Hacking Our Way Out with BLE Stack Overflow

17:47 Lessons Learned: Test Automation & Static Analysis

26:30 How Pebble Built a Developer Ecosystem

29:56 CloudPebble, Watchface Generator & Developer Tools

42:55 Backporting Pebble 3.0 to Legacy Hardware

49:02 The Bootloader Rewrite & Other Wild Optimizations

53:31 Simulators, Robot Arms & Debugging in CI56:40 Firmware Signing, Anti-Rollback & Secure Update

1:06:10 Coding in Rust? What We’d Do Differently Today

1:08:28 Where to Start with Open Source Pebble Development

⁠⁠Join the Interrupt Slack

Watch this episode on YouTube

⁠Suggest a Guest⁠⁠⁠

Follow Memfault

Other ways to listen:

⁠⁠Visit our website

16 episodes