MonkeyC is such a funky language to write. It's obviously modeled on top of java, just with some syntactic differences making it instead look like a mashup with javascript.<p>I get why they made their own high level language to some extent, instead of shoehorning in something else. But making your whole stack from scratch must lead to lots of holes like these.<p>But a very nice blog post. Learned loads more about what's going on under the hood, very interesting.<p>Weird how permissions is mainly a UI thing. Aka how they're used is that if you have them you can use them, and it's mainly a UI thing to just show the same list in the app store. So not really enforced. I guess the fix then is to make sure it's not possible to lie in the app store?
My sense, as someone who has written more than one CiQ app is that Garmin got caught completely by surprise with the popularity of 3rd party apps on wearable platforms and MonkeyC graduated from “interesting side project” to “critical ecosystem capability” in the space of a couple months, years ago. The early CiQ SDK versions had some truly <i>insane</i> conventions like using constants named “THAI_SPICY_HOT” for font sizes, and the development platform (as others have noted in this thread) has always been a barely functional tool chain with minimal error handling, no compiler optimization, no debugger, simulators that don’t match the device ROMs, etc etc.<p>For a long time this didn’t really matter since the Apple Watch and Garmin devices really appealed to two very different market segments - Garmin had a huge moat in first party fitness capabilities, maps, and battery life, and Apple had a huge moat in UX, their app ecosystem, the screen quality and device style, and smartwatch functionality.<p>Now, both companies are closing the gap in both directions on many of these aspects. It will be interesting to see what effect (if any) this will or will not have on the CiQ tooling and the CiQ ecosystem.
Anyone got a recommendation for fitness wearables where you can opt out of having to sign up with an account, and can export data out of it in open/standard formats?
I've long wished for a Cyanogenmod (LineageOS) for Garmin<p>But without source that can't ever happen I guess.<p>Also I think they encrypt firmware after the 5 series in the Fenix 6/7 models<p>Coros has proved it is possible to use cheap hardware to make clones but their metrics are supposedly nowhere near as good as the Firstbeat algorithms.
I’m very impressed by the level of technical detail in this post.<p>I’m somewhat surprised garmin made their own language for apps but considering the low power processors they target was their any other options?
Great article. I've owned a bunch of Garmin devices. Right now I'm not sure if any of them even support Connect IQ. When I tried Connect IQ the apps rarely did anything I much cared about.<p>If I cared about that kind of thing I'd be wearing an Apple Watch. I like the Garmin devices cause they're so much simpler and does the specific built in sports functionality very very well. They are also far more tailored towards being functional whether or not you have internet connectivity.<p>I would far far prefer Garmin to make Garmin Connect on iOS/Android work without internet connectivity than almost anything else. It's ridiculous the devices (this is not just watches) can't sync to the phone for you to review data on the phone if you there is no internet. What they do right now is send everything from the device right to the cloud, then have the phone download something else from the cloud.<p>In my case one of my devices (Edge 1030) is completely capable of mapping and navigation without any internet connectivity but you can't do anything on the phone with the data till you return to internet connectivity.<p>Garmin even has another app (Explore) that has mapping on the phone without internet connectivity once you download the maps. The mapping data in that app is amazing. Yet Garmin Connect only works with Apple Maps data, not Garmin's own map data. When you're on the Garmin device you get a vastly superior map compared to what Apple maps can provide!
> The Atredis' CVE-2020-27486 advisory explains that the news opcode allocates the string buffer based on the length specified in the string definition, and then proceeds to call strcpy to copy the string bytes. This can lead to memory corruption, since strcpy does not use the specified length and will only stop at the first null byte.<p>How can seemingly talented developers <i>KEEP MAKING THIS MISTAKE</i>? It is like almost every police officer shooting themselves in the foot with their service gun.
No “user/kernel mode”, yikes, esp when executing third party apps. I guess since all the third party code is executing in a VM, this could be much safer with verification up front and no dynamic code execution.