I've been using Hugo for the past 3 years. Biggest lesson I learned is to just fork the theme you're using and don't use submodules. There's no rush in keeping your theme up to date. Also you have complete control over the theme when its forked. I've only had stuff break on occasion when updating to a newer version of Hugo, had to change a couple things with the theme which did not take too long to fix. Curious to see how comments will be implemented though. Does not sound straightforward to add to a SSG.
This. A theme is individual to the site regardless... I almost migrated my Drupal theme over directly but gave up realizing I had so many views-view-view-field-data-field-body-formatted style classes lol.
Some guides say to add submodules. I favor direct inclusion and just overriding layouts as you see fit.
Can’t help but laugh a bit. Not a great day for Ubisoft. Hopefully this didn’t ruin the holidays for too many employees. That would absolutely suck to get a call in for this.
Oh well. The whole thing has already been reverse engineered. Look up Loop or Trio or OpenAPS. Diabetic companies like Insulet have been very lax when it’s come to the hacking of their devices. This isn’t really that big a deal. What we need right now is help REing the Omnipod 5
I’m aware of a few people working on REing the Omnipod 5. The furthest issue that I have seen is that when a PDM/Omnipod 5 app signs into your insulet id, it gets a private key from the API which is stored in the keychain (and uses SSL pinning to prevent MiTM retrieval of the private key). When pairing with the pod they exchange public keys and then a derived key from the devices private key+pods public keys, but haven’t been able to get a copy of a private key yet to make further progress.
Anyway to follow the progress? I attended the Nightscout conference and asked around regarding this but no one really knew of any group to follow. Or really knew of the latest developments on this effort.
I am not aware of any public groups to follow the progress, I have just met a few people on the Loop Zulip and have talked with them every few months whenever people have time to look into it.
I'm thinking we probably need to get more organized and start picking up the pace with this. There are rumors, which of course I am not sure how credible, but word is that the Dash will be discontinued soon. Maybe we can add another channel to the Zulip to try to get things moving.
It seems to use the play integrity API when communicating with Insulet's servers which provide a private key to the PDM/app once it was registered with the user's account. However since the Pod doesn't have access to the internet, it has no way to check the play integrity signature AFAIK, so instead it checks that the certificate that the PDM/app presents to it is issued from the cert chain that it trusts.
Not all though, I've been looking at Minimed pump reverse engineering (which would be just reading glucose data, not controlling the pump), and that's not solved yet, at least not for the 780G. But I hope it will be, and perhaps I'll be able to contribute.
I don't work for Medtronic. But it's extremely unlikely that will happen. It's not merely a matter of reverse engineering -- after the original medtronic "hack" / reverse engineer efforts (the ones that lead to the original openAPS system being developed) the FDA put out new guidance on cybersecurity protections for insulin pumps.
The communication between your phone/pump or glucose sensor/pump is encrypted now for all newer devices.
> Diabetic companies like Insulet have been very lax when it’s come to the hacking of their devices
No it's true. Companies like Insulet and Dexcom could send out lawsuits to all the open source projects out there that involved REing. Dexcom's glucose share API was REed years ago, and Dexcom hasn't even tried updating or stopping the use of unofficial APIs. All I'm saying is that the companies really don't care at all.
reply