Hacker News new | past | comments | ask | show | jobs | submit login
On Liberating My Smartwatch from Cloud Services (bunniestudios.com)
468 points by zdw 9 months ago | hide | past | favorite | 186 comments

> The point of open source is not to ritualistically compile our stuff from source. It’s the awareness that technology is not magic: that there is a trail of breadcrumbs any of us could follow to liberate our digital lives in case of a potential hostage situation. Should we so desire, open source empowers us to create and run our own essential tools and services.

This is the best phrasing of this concept that I remember having seen.

Yes, FLOSS is about the power dynamic between users and developers.

Proprietary software gives developers power over users. Typically, Developers seek this power in order to extract money from users (sometimes in reasonable amounts, other times not). Unfortunately, power is abused. By empowering users with the option to take control of their own technology, FLO software provides strong protection against abuse -- developers need to weigh user-hostile decisions against the possibility of a fork.

I find it amusing to recall that Stallman's Free Software efforts were more or less kicked off by frustration with crappy closed-source printer drivers. 40 years later, being subjected to abusive behavior from your printer has become a near-universal experience.

When I worked on google wave, one of the most requested features was adding print support (to allow users to print waves). Printing support is a super simple feature (especially compared to "make it run faster on IE9"). But print support didn't occur to us at google because was ... well, of course we didn't think of it. Google (and most tech companies I imagine) work in paperless offices. We almost never try to print things ourselves so we didn't think of it or care.

I have a working theory that any software used by programmers will eventually get excellent (or be replaced with something excellent). And everything else stays vaguely mediocre.

Postgresql? Excellent. The tooling to allow non-programmers to edit data in postgres? Halfbaked. Sound cancellation in macbooks for video calls? Fantastic. The software bank tellers use? Garbage. Github? Fantastic. Github equivalent for non programmers (eg people with folders full of Word docs)? 404 not found.

Anyway, the fact that modern printer drivers are garbage should come as no surprise. Who amongst us cares enough to fix them? RMS was probably one of the last competent programmers who will bother writing clean, minimal printer drivers. I expect the world will become paperless before HP cleans up their act.

I have the same problem at the moment with my Wacom tablet - the hardware is great but the software is truly awful, and apparently it phones home regularly. Software for artists is unfortunately off the golden path.

> Printing support is a super simple feature

Ah, the tell of someone who has never implemented printing.

Pagination across different paper sizes when content is dynamic/interactive and includes things like section headers that you need keep with text and images and tables that users expect to not split across pages with their custom choices of margins, page-numbers, page titles etc. So many other issues like ensuring monochrome prints are legible, implementing print previews etc.

Oh boy. Some might think implementing math from papers is hard but no, it's this sort of thing. You'll be fixing problems with it for the life-time of the product.

Is that the realm of the driver?

It seems like the driver should detect paper size, broadcast a compatible print area/capabilities to something above, and then stand by to make any dot it can in the allowed area.

Why would the hardware driver need to deal with pagination, layout, or print previews (beyond advertising capabilities accurately)?

I've always imagined that drivers are hard on the hardware side. It is really difficult to reliably place dots on a page with the requisite precision/reliability at the price-point to which we have all become accustomed.

Of course, but in the case of Wave wouldn't it be sufficient to render the content as static HTML and let the browser worry about the rest?

Sure, that would make for a decent PoC. It's all the work that will come later as you discover the browser is NOT doing a good job that will be the problem.

If a browser fails to render HTML it's fair to say that's its makers' responsibility.

It may be different now, but it was not long ago that browsers would without remorse just let the printed page cut even images in half if a page break happened to be there. It seemed as if all they did was create an image of a length long enough to fit the printable content and just fed that to the printer. No smart layout at all.

If things are different now, it certainly was not during the brief time Wave was around.

Browsers don't normally work with paper-like pages, they work with essentially infinitely scrollable areas. So a browser layout engine is not in any way, shape or form optimized for laying out HTML + CSS in a printer friendly way, especially if you start having 'weird' requirements like A4 vs Letter, smart layout of tables across pages so that they are still readable etc.

In fact, in general, a human being must actually lay these things out by hand for print if that is the desired medium.

That doesn't matter. Layout is the job of the browser. If it sucks, it sucks. That is no reason for ugly hacks.

Which is an excellent attitude for a short PoC, but unimaginable for a paid product.

In the end, the user doesn't care. They want the printed page to be usable. If the browser makes it usable, excellent! If it doesn't, than the product is bad and an alternative must be found.

Sure, Google, being in control of Chrome, could implement a browser-level page layout engine.

Unfortunately, there is obviously no way to make a good general purpose layout engine, so that will never fly. Any site that wants to offer printing as a paid feautre must implement their own printable version, no question.

What was so special about Wave that a general purpose layout engine wouldn't be adequate?

Strong disagree. Software quality is driven almost entirely by either insane dedication from hobbyists or (more commonly) monetary incentives. Lots of businesses depend on Postgres so it's good. Github makes money off of providing a good product. Wacom has a total stranglehold on the market so they don't care because they know artists will put up with it.

Wacom is seeing a lot of their lunch get eaten by iPad Pros now, so hopefully they’ll be pressured to improve. I wish Apple could make Sidecar integration work at Wacom levels so I’d never have to use one of their devices again though.

I don't know enough about the APIs involved but - that seems like something you should be able to write as a pair of apps.

You'd need a native iPad app to capture and transmit pen events, and then something on the desktop side to receive the events and turn them into the equivalent wacom tablet events. How does wacom send tablet events to apps? Is it a named socket or something? It shouldn't be too hard to emulate. I wonder if anyone's made something like that in the app store.

Mind you, I'd much rather if Apple baked it into macos through Sidecar.

Wacom uses kernel extensions, which is another reason why I’d rather it be a first party solution. Not sure what Astropad uses because their service requires an overpriced subscription, has a bad UI, and only functions well with an extra peripheral.

But Sidecar is also pretty half-baked and Apple is flakey about supporting features like in general, so who knows how it will all pan out.

There is indeed an app, Duet Display Pro, that will relay Apple Pencil input to your Mac. I've only used it for its second screen functionality; no idea how well the pencil part works.

Amazon offices use absurd amounts of paper.... however it's mainly for raising desks and leveling monitors. Literally every desk has some thing up on a ream of paper. The actual paper document culture is moving online finally.

Ah, Google has solved half this problem by providing powered sit and stand desks. But people still use reams of paper to hold up their monitors.

Most people also position their monitor too high, to be fair. The top of the monitor should be at or slightly below eye level. If you reach out from your chair with your arm held level, that should be roughly in line with the middle of the screen, and your fintips should be ~10cm or a few inches away from the screen.

This seems wrong to me.

I very purposefully position my monitor so that my main console window is viewed, with my head level. It is also horizontally centred on the mid-left of that console.

This is because most text, eg bash work, vi of files or code, rests there.

In this way, my head is not tilted down, or eyes tilted down constantly. My head is mostly centred, and looking straight ahead.

I find that elsewise, my body follows the constant downward look, either slouching or the neck bent forwards.

Why do you belief your monitor should be positioned, so you are looking downward constantly?

Multiple ergonomics guides give the guidance I mentioned. Here’s a link to a few, but I encourage you to do your own research.

At the end of the day, if you’re finding that something helps to reduce long-term fatigue then it’s probably not too bad, but don’t forget that slouching in your chair feels good however it’s terrible ergonomically - this is similar. Comfortable short term, but not always long term.

All of these recommend at or slightly below eye level:







The search I ran in google was “monitor ergonomics gov”

The point isn’t that you should be looking downward, it is that you shouldn’t be looking upward. It creates eye and neck strain.

For me, constantly looking downward causes neck strain.

Hence the top of the monitor being at eye level, is problematic. I think the best scenario is most-often level.

I wonder, I grew up before laptops and smartphones. These often result is down-gazing a lot. Hmm.

Of course though, because the monitor and keyboard should be able to be raised and lowered independently. If you set the desk to a height that's suitable for the monitor, it may be too high for the keyboard.

I have a adjustable keyboard tray.

Amazon has powered desks in new buildings as well. It doesn't solve the monitor positioning problem esp with multi-monitors and evening things out.

> I have a working theory that any software used by programmers will eventually get excellent

Most programmers rarely using office suites and prefer to use plain text editors. This has gone so far that developers prefer a sadistically under-featured file-format (.md) to office files.

Personally, I prefer a lightweight, portable, easier to edit, technically just plain text file vs whatever mess of useless fonts/font sizes/unrelated garbage is crammed into a .odf/.docx file.

Literally anyone with a computer that has a ASCII or Unicode compatible text editor can open a .md file and get useful info.

Even better, add a little bit of lightweight extra tooling, and now you've generated a nice looking html page, if you need to make something with fancier presentation.

The only thing I miss is the ability to embed images in the md file itself, but even that is not hard to work around.

Obviously I keep software on hand that can deal with docx/odf, but I'd really rather just keep it simple, due to the fact that I'm stupid.

What you call underfeatured many would call correctly featured. A more complex format doesn't add value for most use cases, while being harder to reason with and correct issues in.

.md files avoid the copy paste font/size mess by being plain text and rendering in the reader's choice of font. Bold, italics, hyperlinks and such are all explicitly added, easy to Ctrl + F for and aren't hidden behind finicky context menus as in standard word processors.

Plain text formats do have advantages but Markdown is a pretty bad one.

> This has gone so far that developers prefer a sadistically under-featured file-format (.md) to office files.

And doesn't have a proper spec. The best we have is https://commonmark.org

I would say at least GFM's spec is reasonably detailed, given how much GitHub depends on it.


> I have a working theory that any software used by programmers will eventually get excellent (or be replaced with something excellent). And everything else stays vaguely mediocre.

Hmmm... I think.. sometimes. There's also software that gets excellent, becomes big, becomes profitable, and squeezes out everything else. Then becomes mediocre. word and google docs?

I would be unsurprised if a lot of drivers remain closed source to hide where the bodies are buried. There's probably a lot of dodgy hardware that's somewhat papered over with fixes in a 200Mb propriatery drivers-- much easier to filter the inbound data and build a workaround than ship everyone a new controller board when it turns out sending 0x08675309 grenades the print head.

SharePoint is actually reasonably effective.

It's certainly not non-existent.

(There's now browser based versions of MS Office apps that can simultaneously edit documents stored and automatically version controlled in SharePoint)

I dealt with SharePoint less than 5 years ago.

In some ways it was truly awful, to mention two examples:

- a reason for using it was to automatically apply Azure Information Protection to documents. All well and good until it turns out the mechanism can trivially be subverted, so trivially that we found out by accident by not following the exact login procedure.

- the usability makes is comparable to Oracle software. I have extensive experience with that too, but I can't say which is worse.

Version control for word documents is horrible though. To review each change it opens up a new word instance.

How do we get programmers to use bank teller software?

Alternatively, how do we teach bank tellers to program?

By teaching the current school aged kid's to program.

I seriously think the world would be better off if programming were seriously taught in schools, on a level equivalent to language, math, science, etc.

If we start with Scratch in early grade school and work up to C in high school, so many more people would be comfortable and efficient using computers, and would have the understanding necessary to understand the legislation of tech.

This would take a decade+ to pay off/have the bank tellers know to program, but it seems like the best long term plan.

I agree. Programming shouldn't be (just) thought of as engineering, but also as simply giving the computer complex instructions. There is also the story about RMS teaching secretaries to program Emacs by not telling them Lisp is a programming language.

> Programming shouldn't be (just) thought of as engineering, but also as simply giving the computer complex instructions.

I really like this phrasing. I'm not really an engineer. My code is mostly rough, but it is functional and does what I need it to. I don't program to build a skyscraper, I program so my computer can do a thing I need it to do.

Oh, y'all gotta pay for that.

> crappy closed-source printer drivers

It was about not being able to customize the behavior, lacking the access to source code, not about “crappiness.”

“ In 1980, Stallman and some other hackers at the AI Lab were refused access to the source code for the software of a newly installed laser printer, the Xerox 9700. Stallman had modified the software for the Lab's previous laser printer (the XGP, Xerographic Printer), so it electronically messaged a user when the person's job was printed, and would message all logged-in users waiting for print jobs if the printer was jammed. Not being able to add these features to the new printer was a major inconvenience, as the printer was on a different floor from most of the users. This experience convinced Stallman of people's need to be able to freely modify the software they use.[29]”


It was missing what would quickly be considered a standard feature, and one that was obviously necessary for the use case of a shared printer. That's driver crappiness. The only justification for a shared network printer with no user feedback mechanism is if nothing ever goes wrong with the printer and it always completes your job by the time you can get up and walk down the hall (and stairs, in this case) to pick it up.

> It was missing what would quickly be considered a standard feature

That is an anachronistic claim which sounds logical to the reader in 2020 but doesn’t match the environment of decades ago. The feature he added could have been based on, from perspective of the producer of the printer, completely non existing API.

That is, something available to different customers, but completely specific to the setup of every customer.

Additionally, it was the principle that mattered to RMS. One can often do some reverse engineering intervention to achieve the desired modification even based on the closed source, but it’s still against the conceptual advantages of working on the codebase which is by policy free. As in:

“Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software.”


The principle works even once the network messaging API in some environment is standardized and starts to allow some, from that point on, “standard feature”.

I think you misunderstood my use of the word "standard". I did not mean "standard" in the sense of complying to some particular RFC or anything like that. I meant that some kind of feedback/monitoring capability is de rigueur for that product segment, and that feature needs to be listed on the spec sheet for the product to be considered adequate. Even a completely proprietary network printing protocol needs to have a status reporting capability to be taken seriously.

I swear by secondhand Brother HL-2133’s

They’re $30 with barely used toner cartridge, and have worked no effort on Mac / Linux / Windows for me.

I have a brother printer that works with linux. It does as it's told.

Does anyone know a list of safe printers (can be second hand postscript laser printers) that do not phone home, embed invisible yellow dot patterns for unique identification and so forth?

> embed invisible yellow dot patterns...

Whoa, is this a thing? I know gov surveillance is in depth, but wow.

I'd love to read more, is there a good place to read about this?

See https://www.eff.org/issues/printers

Color laser printers can't be trusted.

Color inkjet printers probably can't either. Networked printers should not be granted internet access. The printer vendor is your enemy, not an ally.

Thanks for the link.

I've never trusted printer vendors (or any vendors to be honest.), and I don't give printers inet access, but the yellow dots are news to me.

...FLOSS is about the power dynamic between users and developers.

Developers rarely own the rights to their own code. It's actually about the power dynamic between capital and users. The Golden Rule ("He who has the gold, makes the rules") is nowhere more clear than in the software industry, with its lopsided clickthrough licenses and terms of service.

The first step in getting the rights to code you write is to realise that "Everything Is Negotiable".

https://sfconservancy.org/blog/2016/aug/04/everything-is-neg... https://sfconservancy.org/contractpatch/

By empowering users with the option to take control of their own technology, FLO software provides strong protection against abuse -- developers need to weigh user-hostile decisions against the possibility of a fork.

Unfortunately this isn't really true for large and complex FLOSS, e.g. web browsers. For a lot of the little user-hostile decisions they have taken, it would take me far more time to get the source and all its dependencies, figure out how to correctly build it (which can itself include a nontrivial toolchain with its own effort to set up), find where to make that tiny change I wanted to the source, and recompile and test; than to simply use a debugger to find the right place in the binary to modify directly.

Open-source doesn't necessarily mean easy to take control; and neither does closed source mean the opposite. I've been RE'ing for decades and wish more people knew about this valuable skill, because that's what gives you the true power to take control.

> Unfortunately this isn't really true for large and complex FLOSS, e.g. web browsers.

It is also true for web browsers; all it needs is one developer among the many thousands being able to build and distribute it.

> Open-source doesn't necessarily mean easy to take control

True, it should be more something like: "it won't be easy to use this source by yourself, but if the company decides to discontinue the product, you can still hire some developers to support and continue it, rather than throw in the trash everything you've based on it, which sometimes could mean your entire business". It rather makes hard for others to take away this control, a concept which is wonderfully explained by the GPL license document.

> I've been RE'ing for decades and wish more people knew about this valuable skill, because that's what gives you the true power to take control.

Agree 100% on this, but definitely not easy especially now that pretty much every damn product contains more horsepower and complexity than the Apollo missions computers. However, if you have books, resources, examples etc. for mere mortals on the subject, I'd love to take a look at them. That topic would probably deserve a post by itself.

>simply use a debugger to find the right place in the binary to modify directly

I reflect back and wonder why the systems I grew up with didn't have this capability built right in, like a keyboard interrupt in DOS that would pause execution and let you dive into the contents of memory, view the stack, or debug the decompiled version of a running program.

Maybe this kind of stuff just wasn't possible in the race to the bottom that was the 80s and 90s PC market, but as a child, I was really confused why I didn't have the tools necessary to "pop the hood" on anything other than BASIC programs—and that's assuming I was using a machine that had BASIC installed.

I'm sure the only thing I would have done with it at the time would have been to cheat at video games, defeat copy protection, and alter game dialog to be extremely crass, but I think it would have been extremely helpful in the development of my adult skill set.

The Apple 2 did have a machine-code monitor in ROM.

I agree with that. I have firefox cannot update to the latest version nags that I cannot get rid of. Looking at the source takes me down all sorts of false trails, let alone compiling the darn thing. sigh.

On the other hand, it is possible, and great groups of people have for instance de-googled chrome and fixed ubuntu.

> I've been RE'ing for decades and wish more people knew about this valuable skill

I want to learn. I've played around a bit with r2, doing a small patch on a unsupported piece of software, but that was nearly trivial.

Can you recommend any good places to get started?

doing a small patch on a unsupported piece of software, but that was nearly trivial.

That means you've already started. ;-)

I think it's hard to give recommendations regarding learning of RE in general, as I mainly do it a "scratch an itch" and "learn as you go" type of thing --- whether you need to interface with an unknown file format, change the behaviour of a piece of code, change a message in a UI, automate an aspect of a web app, etc. the exact knowledge you'll need will vary widely. However, in all those circumstances the basic idea is to gather knowledge about the target to get a vague understanding of how it works, and then dive in with the specific tools/knowledge you've gathered.

It's not about power dynamics, it's about liberty. And ultimately, liberty is about autonomy. Having the freedom to do what you choose if you so need to. Free as in freedom right? Stallman was always talking about liberty.

Potayto, potahto. As an example outside of computing, slavery — the antithesis of liberty/autonomy — is the manifestation of an extremely skewed power dynamic.

> It's not about power dynamics, it's about liberty.

There's no liberty without the power to preserve it.

Couldn't think of a better argument for the second amendment myself.

There's tyranny in parts of the US yet most of the second amendment lovers support what the Federal Government is doing (eg. in Portland or DC).

> yet most of the second amendment lovers

Clearly those are not actual second amendment lovers, they are deadly toy lovers, and therefor profess to love the second amendment.

There are those who actually believe in the ideals of the second amendment, the question is how many of them

A) Live in Portland/DC

B) Are willing to put their lives on the line for this.

I'd like to think that if I lived there I would be.

That came out of left field.

Why not both?

Yes, it is to protect liberty to do what you will with the software/source.

It is also to make sure that the developers of said software will be in a much more difficult situation when it comes to abusing the users of their software. Stallman talks about this as well.

Aren't those even the same thing? For users to have liberty implies a specific power dynamic between them and developers.

Indeed. I believe you've phrased it much better then I did.

Liberty for whom? Most of humanity is not economically privileged enough or digitally literate enough to utilise the available digital liberty, let alone able to know that it exists.

Need speech for your guns, guns for your speech; just the way it is.

Not that everything is a power dynamic, looking at life that way kills all your friends and family really quickly.

Yet FLOSS often has very poor UX - the users are very self selecting

You know what else tends to have poor ux in my experience? Overly priced specialized commercial software targeted towards a specific industry.

I think the worst i've ever experienced between floss and commercial software had to be the software to program the waterjet cnc at my last job. For some reason, half the menu items were in german, all the configuration was done in a text file where variables were a mix between english and german, the machine manufacturer stopped officially supporting the program and literally one person at their tech support office even knew how to use it and his knowledge had gotten pretty rusty. That program was an ugly, bug ridden, confusing mess that at one time cost lots of money.

According to the tech i talked to, it was written by one german guy who had a poor grasp of english, vanished years before and nobody knew how to contact him.

The CAM software that came with the 4wK laser I use at work had an amazing nesting algorithm, but was otherwise entirely unsuited to our needs.

SigmaTech make SigmaNest which, as of version 1.7, I feel confident in highly recommending.

And they’ve put on an additional team member for tech support in my region and I can now confidently praise that aspect of their business too.

We used alphacam for our routers, but my boss was delaying paying for another alphacam license for as long as possible. It was nearly $10k per license or something.

Similar price rang for SigmaNest for the features we use, ongoing maintenance is under AUD$5k per year which we’re happy with.

I’ll have a look at Alphacam.

> FLOSS often has very poor UX

For much of FLOSS software I would agree. However, almost any program I've used I would say is plenty adequate.

Of course, I would fall into those users you mention, so this probably doesn't mean much.

Pure proprietary < Mostly FLOSS < Pure FLOSS < Mostly proprietary

> liberate our digital lives in case of a potential hostage situation

> Should we so desire, open source empowers us to create and run our own essential tools and services

This person is describing the goals of Free Software and community-driven projects.

"Open Source" merely refers to using an OSI-approved license, without any implication about empowering users and improving the power balance.

This echoes how I think of Bitcoin; an alternative to government and private banking, not as a replacement but its very existence shifts the hostage-like power dynamics we have grown accustomed to.

Attention: We have a hostage situation. Might be a world record.

Adobe has entered the chat.

All joking aside, I recognize that this is strong language, but it certainly describes the tactics used.

Although obviously no one is in immediate physical danger, with the exception of medical equipment. Even that I'm not sure of, I've just heard hearsay.

But if you don't have the source, isn't it magic?

For me personally at least, discovering open source meant learning that even if something looks like magic, it has source code behind it somewhere. Nothing is magic, everything is science(or engineering), even if that is hidden/obscured from the end user.

As a result of this, anything can be reimplemented/replaced, if you or someone else have knowledge on how to do so. This in turn means that it is possible to escape from unethical services, thus the article.

> even if something looks like magic, it has source code behind it somewhere.

This is an incredibly important insight. When technologically illiterate people have difficulties with a gadget, it is extremely common that you can trace their difficulties back to their assumption that the workings of the gadget are magic: they don't attempt to form any kind of mental model for how the device might work, and end up making impossible and contradictory assumptions about it. Even an incorrect mental model would be more useful, because you'd be more conscious of making predictions and realizing that your predictions are wrong for a reason when the machine doesn't respond as expected.

This thread is a great example of why I think open-source is a distracter for true freedom: it emphasises the notion that source is somehow necessary to understand and modify software, when the truth is far from it.

Legal or not, you can always take a disassembler to a binary and find out the truth, just like you can do the same to other devices and understand their workings much like what the "true scientists" do[1]. Crackers and the security industry have been doing that for decades. PC magazines of the 80s and early 90s even told you how to patch your own software --- without source --- to accomplish certain things like fixing bugs or changing "annoyances".

I often wonder what the state of software would be like if Stallman emphasised the right to inspect and modify regardless of source code availability; perhaps there would be far less open-source projects, but people would have a much more intimate familiarity with how computers work in general.

If I can modify the binary, I don't need the source. Especially for large projects, where trying to figure out how to compile the exact same binary I already have and know works, along with its massive tree of dependencies, can be even more difficult compared to just opening it in a hex editor and patching a few bytes.

[1] It seems computer scientists mainly focus on construction unlike physicists, biologists, and chemists who focus on analysis first.

I would really like to see a "Right to Repair" for software.

You raise a valid point.

I still think open source is an important effort, editing/reading source code will always be more efficient then reverse engineering and modifying the binary.

That being said, I agree with much of what you say, and I am working on learning re/binary patching. Are there any good resources you could recommend?

Get a manual for your processors assembly and a description of the way binaries are organized for your operating system (Headers, sections). Try to build a minimal binary with c, analyze it, try to modify it. Find out what the appropriate tools are for your operating system.

> A bunch of my paddling friends recommended I try Strava. [...]

> The bad news is as I tried to create an account on Strava, all sorts of warning bells went off. The website is full of dark patterns, and when I clicked to deny Strava access to my health-related data, I was met with this tricky series dialog boxes

I noticed that most apps on the App Store all seem to want you to create an account. I get that that's how they primarily operate but I'm put off by it.

This might be a controversial opinion but I like that my runs with my Apple Watch are recorded in iOS on-device, without needing to use any of these third-party apps. And if you still want to share or even backup your runs, you can use apps like HealthFit¹ or RunGap² to export FIT files that contain GPS points and heart rate data, or export them directly via API to the service you want. If you _really_ want to DIY, you can write some scripts that extract them from the SQLite files in your iOS backups. But by default, everything is local only and you have the choice to do whatever you want with the data.

[1] https://apps.apple.com/us/app/healthfit/id1202650514

[2] https://www.rungap.com/

There’s also open source apps that can do this (but you have to build them and install using a developer certificate). It’s a shame though exporting workouts to gpx is not possible using the built in apps.

Aaron Christophel has a YouTube channel in which he shows how to replace the firmware of P8 smartwatches with custom firmware, over the air.

If you like his work .... you could support him by subscribing to his channel perhaps.









Great channel and much more than smart watch.

For anyone that's interested in doing this own visualization of .gpx files. This is GPLv3 licensed:


If you have an old Android phone laying around that can run at least android 5/6, there's lots of good tracking applications that can run persistently and create a .gpx file written to disk in a location of your choice under /sdcard/. May not even be necessary to purchase a smart watch if you don't want heart rate.

I recommend this one: https://play.google.com/store/apps/details?id=com.mendhak.gp...

One of the things I particularly like about that app is that it's fully configurable for how often you want it to get a GPS fix (has a direct impact on battery life), what filename prefix to create and where to create it, whether to create a new file every day or every session, and many other toggles and knobs in the options.

GPSLogger (the one walrus01 linked to) is a gem. I've been using it continuously for 7 years. Not all location trackers are the same.

It lets you log with cell tower but fall back to GPS if the accuracy is poor. Like walrus01 says, it's very configurable in how accurate you want it to be versus battery usage, or if you want to optimize it some way (like not record if it hasn't been moving).

While there were monthly crashes in the first two years I used it, the past 5 years it's been rock solid (running 24/7 with maybe one or two crashes for basically 5 years). You don't want to discover that one day the app hasn't been logging data for the past couple days. In comparison, the Android OS probably crashes about once a month for me.

It can automatically upload to various cloud storage places (Dropbox, Google Drive, but even FTP) so you can generate charts on a server with a script.

Truly open source, low battery usage, saves in multiple file formats, and the developer is active on Github with issues. Making a background mobile app is not easy because Android is constantly trying to reduce background battery drain or background process spyware.

I've stopped wearing my WearOS watch and it now serves as a smart clock for notifications on my desk[1] and fitbit or any other heart rate monitor(even Apple watch) hurts me[2]. So even inexpensive smart watches with open-source firmware (detailed below) where heart rate monitor can be disabled would serve my needs going forward.

Shout out to couple of smartwatch projects, which falls inline with the ethos of the author and anyone who agrees with it.

AsteroidOS[1] - open-source linux based smartwatch firmware. Nice UI/UX, Wayland, good number of hardware support including MTK6580 chipset based inexpensive watches. In my tests about a year back, although the watch with AsteroidOS itself was usable, the sync with the android app was unreliable and could be due to android itself or manufacturer's kill-policy.

PineTime[2] - $24.99, completely accessible, several RTOSes being built, Apps in Rust,Python etc.





Bangle.js - There seems to be another nRF52832 based open-source 'hackable' watch albeit double the price of PineTime but aimed at JS developers[5]!

Has anyone got this?


I have one. It's really nice to develop on and has lots of sensors/features. Dislikes: it's big, very big, and ugly, doesn't have an hardware step counter and the step detection algorithm embedded in Espruino doesn't work at all, the heart rate detection is OKish if you are still, but not very reliable either, battery doesn't last very long probably because of Espruino not being very careful at saving power. It's a fun device, but not great for more serious use.

I hope that the community will improve the software issues and that they will come up with a nicer hardware. Espruino on PineTime would be perfect.

Interesting, I didn't know Espruino (JS) smartwatch as USP has its takers.

It seems to ship directly from UK, Is it made completely in UK? So may be that explains double the price than other nRF52832 watches.

>doesn't have an hardware step counter

Did you buy an earlier version? Buy page lists pedometer[1].

>Dislikes: it's big, very big, and ugly

Ah! Where tech forgets fashion again...Google Glass(Gulp).


The watch is made in China, but the software is made by them.

The page says there's a pedometer but if you look at the datasheet of the accelerometer there isn't [1]. So it's computed in software (it's inside Espruino) but it's really basic. I have proposed Gordon, the author, an open source algorithm which I developed with some students (Oxford step counter), and he seems interested, but it takes some time to integrate and calibrate so, AFAIK, it's not there yet.

About the size, I don't really mind, it's quirky, but it definitely doesn't follow the latest trends in terms of fashion...

[1] https://www.espruino.com/Bangle.js+Technical

Hold on. So how does one go about retrieving the data from a Garmin watch?

Garmin app's insistence on always needing a connection to their servers has always been bothersome, but now that the servers are fubared, it turns out that I can't even get the data off the tracker and onto an iPhone, because that too somehow needs a server connection. Finding an alternative had suddenly became a high priority task.

As everyone else has said -- a USB connection is generally sufficient.

If you're looking to see inside the FIT files, here's my (unmaintained, single-purpose) repo for doing so (a wrapper to a perl library by Kiyokazu Suto that does all the work).


Using it, I've been able to parse the output from a VivoSmart HR and a Fenix 3HR. I was happy to see that the HN-linked article had gpsbabel support; I haven't yet checked to see whether gpsbabel extracts all the other channels, too.

There are FIT files for 24-hr data in addition to activities; the 24-hr data are among the most interesting to me.

Garmin makes really great hardware -- I hope that this incident spurs them to open the SDK and firmware further to improve the resilience of their products.

As others have said, you just plug it into any computer with a USB port. This is one edge Garmin has over some of its competitors. Most of the device functions are fully usable without any sort of internet access or even a phone.

This outage, ironically, highlights that strength. One can hope that Garmin is reminded of how valuable this interoperability is after this event and continues their commitment to it :)

My Fenix 5 shows up as a mass storage device when I plug in the usb cable to my computer. You can pull .fit files off that, which contain everything the watch records.

The Fenix 6 and 945 only support MTP, not mass storage. For those you need a third-party MTP client on macOS such as Android File Transfer.


I'll be damned, my Forerunner did show up as a mass storage device!

For whatever reason I assumed that the cable with its funny looking 4-contact clip was used just for charging the tracker.

Gotta say, this looks very promising. Thanks for the tip.

DCRainmaker has a specific guide for a range of Garmin watches and machines - https://www.dcrainmaker.com/2020/07/how-to-upload-your-garmi...

Not for Garmin, but I have saved my data from the servers for the Microsoft Band [https://jeffhuang.com/extracting_my_data_from_the_microsoft_...] and Hello Sense [https://jeffhuang.com/extracting_my_data_from_the_hello_sens...] before they both shut down. Basically, you can MITM to find the REST API calls, save the token, and mimic the calls to get your data.

I was thinking of one day editing the apps for wearables to direct them my own server, and then setting up a basic CRUD-like endpoint server to keep discontinued cloud-based wearables from becoming garbage by allowing them to have basic functionality. But haven't had the time, and would have to look into the legality of it first.

But haven't had the time, and would have to look into the legality of it first.

Random thoughts:

- anything to prevent the creation of more e-waste is much appreciated

- if you distribute only binary patches/diffs, you won't be in violation of distributing other's copyrighted IP

- don't let anyone tell you what you can or cannot do with the hardware you own

You just connect the usb part of the charger to a device. The garmin unit shows up as a storage device, and all activities are there as files. Can also add routes etc that way without using the app. If anything, Garmin is better in that regard compared to other brands.

This project is really interesting to liberate your smart watch.


Just wondering, is the original Gadgetbridge repo not willing to accept code to merge?

They're also on Matrix: https://matrix.to/#/!KlgIJeiotNGZkxSqRi:matrix.org

The main developer is very open to merging, so there must have been good reasons to not merge - I presume either code quality or requirements for network connection, which Gadgetbridge intentionally does not permit.

I've been using it since I acquired my first Pebble (then the Pebble Steel, then the Pebble Time Steel).

In fact I'm still using it, from my Mi Band 3, to the Mi Band 4 and now the Amazfit Bip.

The folks behind it are doing a great job, and I'm glad they're doing it.

I kind of regret buying a Fitbit, unfortunately it's not part of that list!

I’ve often said that if we convince ourselves that technology is magic, we risk becoming hostages to it. Just recently, I had a brush with this fate, but happily, I was saved by open source.

I was very pleased to discovered an open-source utility called gpsbabel (thank you gpsbabel! I donated!) that can unpack Garmin’s semi-(?)proprietary “.FIT” file format into the interoperable “.GPX” format.

...and how do you think that utility was created? They probably didn't have access to Garmin's source code or documentation for the format. They just "figured it out". Furthermore, whether that utility is open-source doesn't seem to matter here: it's just doing a format conversion.

but it was mostly a matter of finding the right open-source pieces and gluing them together with Python

Replace "open-source" with "freely usable", and the author would've probably been able to accomplish the same end-goal. Gluing together existing software, treating the pieces as black boxes, doesn't show off any advantages of open-source at all.

Don't get me wrong, I'm not against open-source; I'm just against this rising glorification of it as somehow a be-all and end-all of software freedom. What is worth praise, however, is the rising availability of freely usable software.

To go back to the author's first point, the best way to not "convince ourselves that technology is magic" is to start with a comprehensive low-level education: Computers are just dumb machines executing sequences of instructions, and in a non-hostile environment, you get to choose precisely what instructions they execute.

I think FIT is actually a (somewhat) documented format that's used by a number of non-Garmin devices as well, mostly GPS cycle computers. It's not really any more non-standard than the Garmin extension to GPX being used for heart rate after conversion. Probably a little harder to implement though, given that it's a terse space-optimized binary format. (Though maybe not, since XML namespaces seem to be involved.)

For those wondering, I just accessed and parsed a .FIT file.

I plugged my watch's charging cable into a USB port on my Linux rig (works the same for windows). Navigated to GARMIN. And immediately saw .FIT files.

To get to your activities, navigate to GARMIN->ACTIVITY. You should be able to see when the files were created, so you can figure out which one you want to view. Each is it's own activity.

Next you need a FIT file parser. I'm a NodeJS guy, so I did an NPM search and found "fit-file-parser". I made a quick project, and wrote out the code necessary.

In all of five minutes I had a JSON object with my run.

Maybe I should engineer a simple, single page HTML app to open, parse, and render the statistics? I feel like when I get done Connect will be back online and this will be an afterthought :P.

You might like GoldenCheetah.

I took my Fitbit off when Google announced the acquisition. Kinda hoping PineTime will be a good alternative when a more polished version becomes available.

I still have my Fitbit data and even my old Google location history backed up. I wish more projects focused on importing from takeouts of proprietary services.

I hadn't heard about google's attempt to acquire fitbit. It doesn't sound like it's gone through yet.


Yes. The screenshots of the dark pattern dialogs from the "anal probe as a service" site are great.

As I take my daily runs through the woods (with my Garmin 935!) I have been thinking about the near future and what a 2nd wave of COVID19 might bring. What if we end up with a France/Spain/Italy style hard lockdown? Like troops on the street type lockdown?, can't go out at all except to go directly to the store, neighbors calling 911 on neighbors who go outside (which is how my Italian friends tell me it was in Italy).

I could just go run in the woods in the dark, no-one would know right? And it's highly unlikely I'd be seen at night (a Spanish friend of mine ended up hiking several nights a week in the dark so he wouldn't be seen as he was going stir crazy being trapped inside).

But my GPS data would be uploaded to the cloud! They would know! There would be evidence, fed to the NSA! Would I hear their standard issue kicking in my door!

Of course I could just leave the Garmin at home, but I like my GPS and stats. So now I know how I can pull the data off watch, process it myself and remove it before it can be synced!

Thank you!

/s (a little bit)

Yesterday: We need backdoors for everyone's safety.

Tomorrow: We need everything to be cloud-only for everyone's safety.

I’ve been following bunnie since I was 11 years old in the days of the original Xbox. I hope others know how important knowledge sharing is. For me, I had no idea what was going on, but the fact that I could try to understand it was enough for me. I’m now 32, and an engineer. I didn’t have money, but this thing called Linux was free. Such great memories.

if anyone is interested, i have a project that allows you to process and visualize data from garmin devices (FIT files in general). it includes a command (ch2 fit records <filename>) that dumps the contents of a file. it's not got many users and is a little unpolished still, but recently i added docker support which makes it easier to try out.


I've not seen it mentioned yet in the discussion, but my preferred open source tool for analysing Garmin FIT files is ActivityLog2[1]. Written in Racket, it provides some very nice analysis tools for cycling, running and swimming. Regularly updated and decent blog posts on different aspects by the author.

[1] https://github.com/alex-hhh/ActivityLog2

"Since Garmin at least made money on the hardware, collecting my health data is just icing on the cake; for Strava, my health data is the cake."

I dont see a difference between what Garmin and Strava do to your data. Ultimately, Strava is trying to provide you some more insights using your health data. It ultimately depends whether you want it or not. Isn't this the same with all the services these days?

> Ultimately, Strava is trying to provide you some more insights using your health data. It ultimately depends whether you want it or not. Isn't this the same with all the services these days?

If this were all, they wouldn't need dark patterns to manipulat you into giving them their health data even though you actually want something completely different from the service.

Your heart rate is health data. Uploading an activity includes pulse data, which is useful to analyze to see performance etc. Not having health data on Strava would make the service meaningless. Stop spreading this FUD all over the thread. It's not a dark pattern, uploading this data is exactly what Strava is made for...

> uploading this data is exactly what Strava is made for...

Do the users know this as well?

Skimming Strava's homepage, all the UI that is shown is either generic social network stuff or about presenting location data - and this was also what OP expected the service to do.

The only text on the page that could imply health data being used are general statements about how Strava can "analyze your performance" and help you getting better.

There are no mentions at all about particular health data points such as heart rate. (But plenty of mention of location data points such as position, elevation or speed)

This does not indicate at all that collecting and analyzing health data is the main thing that Strava does.

> It's not a dark pattern, ...

Putting a user setting behind three redundant confirmation screens with confusing options is a dark pattern no matter the context.

If you skimmed Strava's homepage, the first feature listed [0] is "Track and analyze every aspect of your activity." with an animated heart beat. If you have to misrepresent Strava all the time to get your point across you should consider it might be invalid.

[0]: https://www.strava.com/features

I was looking at www.strava.com, not the /features page.

Even there, it's just this one image and the mention of "analyzing performance", the rest of the page describes the social network and location tracking aspects.

I'm not disputing that Strava offers services that analyze your health data. They clearly do and this wouldn't be a problem by itself. (If they don't pass on the data)

What I find disingenuous is that the marketing paints this as an optional feature that you could activate in addition to the main areas "location tracking" and "sports/health-focused social networking" - however, the actual sign-up flow (according to the OP) seems to go from a different premise: That analyzing health data is actually the core functionality of the site.

If they were marketing this as a site where you can analyze your health data, all would be fine. But then you could just make providing health data access a mandatory step of sign-up - users probably wouldn't be surprised since the service was obviously useless without access.

But pretending you're a general health/sporting portal with optional analysis functionality, then nagging the user into giving you access is shady.

Note: I didn't verify that the sign-up flow is still like this, so they might have shifted from being health focused when OP tried to sign up to being located focused now, I don't know. This would be better, even though it's not clear to me why they would have needed to nag in the first place.

> Ultimately, Strava is trying to provide you some more insights using your health data.

No, Strava is trying to monetize my data. That I can get some insights from their monetization attempts is incidental.

It's not that incidental. From what I can tell, Strava's business model is about selling users more detailed analysis of and insight into their own health and performance data.

That's like saying Google collects user data _only_ to improve search. We all know it goes much deeper than that.

I think what the author is trying to say here is that Garmin has a way of making money off them—selling hardware—and thus doesn't need to sell user data as well. Strava has no way of monetizing outside of selling user data.

I'm not sure this is entirely true though, I've seen hardware companies sell out their users for a few bucks. Likewise, Strava has ways to make money from users—via Strava Premium services.

I have no idea how well these particular companies handle data specifically so it's hard to say.

In addition to membership fees, Strava also gets revenue from marketing partnerships. Brands pay them to set up custom "challenges" which Strava users join to try and win prizes or contribute to charity. They also have sponsored integrations with several device vendors so that every activity you record with one of those devices is a clickable ad.

Strava turned off most of their free features and is now pretty much a subscription service.

That's a massive exaggeration. They turned off some features. The free offering is still very usable.

I pay monthly for Strava, so you are very wrong. You shouldn't spread false information.

So, it's not like the old meme about one being the product if one doesn't pay...

Did you reply to the wrong post?

> You shouldn't spread false information.

Curious about which part of my post you think is false. Perhaps you didn’t read my entire post and just blindly posted before you got the the second paragraph?

I'm a longtime user of hand-held GPS units for hiking and back-packing. Since before the time of wireless connectivity and social sports portals, these units have had USB cables and downloadable files--and fortunately still do. Garmin provides the BaseCamp software, which is just a local viewer for the files--admittedly, it doesn't have very good maps. But it has always had GPX export and seeing your tracks in Google Earth is way more compelling. So you get your own data on your own machine, and not on someone else's servers.

And this has been one of the reasons I haven't gone to smart-watches (the other is accuracy in terrain). You have to have the app on your phone and pair them together. Even if that workflow is still possible (as demonstrated by the article, it is a fall-back), the default is to require cloud processing. I don't want my tracks stored somewhere else, and even less so if there's a chance of accidentally sharing them publicly. I guess I don't get the sports stats (heart-rate, etc), but that's a small price to pay.

> The bad news is as I tried to create an account on Strava , all sorts of warning bells went off. The website is full of dark patterns ...

I'm glad I'm not the only one considering these warning signs, but also puzzled why not everybody thinks like that, especially with services that could hold your data hostage. Is it a lack of education, lack of care or careful risk/benefit analysis?

Lack of options - available, or known about. You learn about service X. Services online are usually non-substitutable (you can't use Fitbit service with Garmin watch, etc.), and often have network effects (all your runner friends are on Strava). So what is a regular person going to do? The choice is almost always binary: ignore the warning signs and sign up, or do without the entire category of experience altogether.

When I looked into quantified self IoT a few years back the monetization of the data as the primary component of the business model was ubiquitous. There was one kickstarter project for an open source wristband but it did not seem to get traction.

Has this changed at all? I love the idea of measuring myself in various ways but I want real-time and private access to my data.

So maybe people now realise they are buying services not devices. These devices are locked, either you share your most intimate data with their companies or they're unusable. Garmin is a bit of an exception here because they at least allow you to get the data via USB.

But they are very restrictive with API access. You have to apply for a developer access, and they won't give you any if you aren't a developer.

All the "modern" companies will give you an API access, a token and even API wrapper code in many languages in an instant. Garmin is very old-school here.

Very old school indeed. In my job we tried to approach them. They have a very interesting library that allows your app to connect to their devices and skip their app. It's for research only. They kindly offered us to use it but when we mentioned that our app was open source they pulled the offer. We tried to explain that we could bundle their library in a proprietary module but they didn't want to listen.

There is a free hardware/software Smartwatch project: https://www.pine64.org/pinetime/

Does this take data from the Garmin web API or directly from the watch hardware, without uploading it to Garmin?

I see a bunch of .fit files in <watch_name>/Primary/GARMIN/Activity/ when I plug my watch into a USB port on my PC. So, you can definitely get them off your device without connecting to Strava or Garmin Connect.

It takes it directly from the .fit file on the watch, uses some software to parse the file. You can get the .fit file on a windows machine by plugging the watch into it and accessing it like a USB.

Not sure about linux, but I've heard Mac requires some third party software.

No third party software needed on mac. The watch mounts as a mass storage device then you just copy the fit files off of it. You may have to check the watch settings and make sure that the USB setting is mass storage mode.

Edit: apparently some Garmin watches only support Media Transfer Protocol:



For these you have to use an MTP client on macOS such as Android File Transfer.

Linux works too.

Thanks for this. It’s exactly what I’m interested in as I play with my Garmin and kayak this summer! I loved Strava in the early days, but as it tries to be a full social network, it’s lost much of its charm for me. I’m more interested in routes and stats, than what some athlete is doing in Chamonix.

Cool, but you could also just use software such as GoldenCheetah or rubiTrack.

For a list of various utilities that work with fitness trackers: https://www.dcrainmaker.com/tools

Anyone knows if it's possible to do something similar with a Fitbit? Basically extracting the data without having to sync it with fitbit's servers?

If you have the Fitbit Ionic or Versa, you could develop your own watch app and companion app, where the watch app will extract sensor data and websocket it to the companion app, which in turn could pass the data to your own backend/database. The API documentation is quite good from Fitbit.

Gadgetbridge might support it.

>It’s exactly the data I need, in the format that I want; no more, and no less. Plus, the output is a single html file that I can share directly with nothing more than a simple link. No analytics, no cookies. Just the data I’ve chosen to share with you.

I click the link and am presented with the familiar blank page of needs-javascript. Oh dear. What has uBlock stopped this time?

* maxcdn.bootstrapcdn.com

* cdnjs.cloudflare.com

* rawcdn.githack.com (also a cookie from here)

* code.jquery.com

* cdn.jsdelivr.net

Not quite the "single html file, no analytics, no cookies" that was promised.

They were referring to the output file their code produces... Not the .fit parser.

The link I'm talking about is literally the hyperlink in the text "nothing more than a simple link". It leads to a file titled "speed-2020-07-21-16-10-44-map.html" which I assume is meant to be the output.

It's semantics.

The mapping tool outputs a single html file, that relies on stuff from other servers. But all they have to deal with is the single file (if you view source, the exercise data is stored in the file).

It's really not an interesting discussion. Maybe they could have used a better description, but it's not confusing or particularly misleading.

I am not sure how "no cookies" used to describe a link which attempts to set a cookie is anything except misleading.

Is it possible to get data off a Fitbit without uploading it to cloud?

I don't think so, unfortunately.

I mentioned that I do this, with gpsbabel on the Garmin thread the other day, but got downvoted. :(


You could just buy a watch. It comes pre-liberated.

The long unsubstantiated rant about Strava seemed unnecessary. It drowned the interesting part about how one can do cool visualizations tailored to one's own needs.

There are soo many ways to look st data. I use Garmin Connect, Training Peaks, Strava, Elevate. They all have something the other misses. Making a something myself tailored for me would be cool.

Edit: the reason I'm downplaying the attack on Strava, is that it doesn't really know that much. It knows the explicit activities synced, and whatever it can derive from that (where I live and work for instance). But Garmin, Polar, Fitbit etc knows sooo much more. My pulse and movements during the whole day which can be used to corroborate lots of stuff, when I sleep etc.

I thought the Strava rant was appropriate in demonstrating that bunnie was aware of and tried alternatives before he wrote his own software.

As for "unsubstatiated": part of it is _well_ substantiated: his screenshots clearly demonstrate Strava's questionable interface choices. :-)

As I've explained elsewhere here, uploading health data to Strava is the core feature it's used for. Asking for that is not a dark pattern, as it's pretty useless without..

100% agree.

The take that asking a question and verifying the decision twice isn't a "dark pattern" it's knowing that people often don't fully read. A true dark pattern is hiding the "confirm" button or swapping primary/secondary.

Also the part about "make fat returns by monetizing my private data, including my health information" is 100% unfounded. Strava monetizes VERY well off of adding additional features for subscribers like many services these days. I've been using Strava for a month free, and they do a really great balance of teasing the features you're missing out on without being too pushy.

The strava rant was a clear example of both surveilance capitalism and dark patterns in action. That was very clear demonstration why you should not trust public clouds.

I also don't see how any of it is "unsubstantiated".

> the reason I'm downplaying the attack on Strava, is that it doesn't really know that much

Oh so they only steal a little bit of the cash I have with me, not the whole thing. That's great!

Please don't twist words like that, it makes for a dumb debate.

Anyways, what one uploads to Strava is what one wants to share and have analyzed. If you don't give them permission to hold your health data, then it's no point in using the service. It's not really a dark pattern. It's not like it collects stuff about you in the background, one explicitly has to sync activities there. So you are wrong, they're not stealing a shit.

No, it's not stealing, that's true. However, if data is collected without consent or if you are manipulated into giving consent, you can make an analogy to stealing: A service that only tracks me a little doesn't exactly instill confidence.

(Whether or not manipulation was going on can be argued. I made my point in the other subthread)

I agree though that other services collect more stuff and that services like this can be very useful if you're still in control. (As far as the usefulness vs risk of cloud services goes - that is after all the whole topic of this thread. Also, even the most well-meaning business can be hacked.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact