Coredump Sessions

• COREDUMP #009: Zephyr’s Meteoric Rise and What It Means for the Future of Embedded

  In today’s Coredump Session, we dive into the origins and evolution of Zephyr RTOS with Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation. From Intel’s early ambitions to a thriving global community, Kate unpacks how Zephyr grew into a leading open-source RTOS and what makes it uniquely resilient and developer-friendly. This conversation also explores the technical shifts shaping embedded development and how governance, safety, and collaboration continue to steer Zephyr’s trajectory.Speakers:Kate Stewart: Vice President of Dependable Embedded Systems, The Linux FoundationFrançois Baldassari: CEO & Founder, MemfaultThomas Sarlandie: Field CTO, MemfaultKey Takeaways:Zephyr was born from Intel’s desire for a scalable, secure, and open RTOS, evolving from Wind River roots.Early adoption of Linux-inspired practices, like Kconfig and "signed-off-by" contributions, lowered friction and encouraged community participation.The project’s governance model, emphasizing multi-vendor participation and elected leadership, prevents corporate capture and boosts resilience.Zephyr’s pragmatic reuse of tools like MCUboot accelerated development and expanded capabilities.Long-term support (LTS) releases—now extended to five years—make Zephyr production-friendly and aligned with regulatory demands like the CRA.Innovations like the Twister test framework and open testing infrastructure set Zephyr apart for visibility and maintainability.Zephyr thrives as complexity in embedded systems increases, filling the gap left by simpler RTOSes ill-suited for modern MCU workloads.Not every project is a fit for Zephyr—especially ultra-low-end 8-bit systems—but it excels in growing, connected device classes.Chapters:00:00 Introduction and Guest Introduction04:12 Building Zephyr: Intel’s Open RTOS Bet06:39 Governance That Guards Against Capture08:10 Borrowing From Linux, Avoiding Its Baggage09:41 What Makes Zephyr Different13:55 Zephyr in Production: LTS and Real-World Adoption16:15 Scaling with Twister and QEMU18:15 Taming Complexity Without Losing Performance35:45 SBOMs and the Future of Compliance38:20 A Head Start on Security Standards43:02 Inside Zephyr's Safety Certification Journey46:44 Real-World Use Cases and Industry Uptake50:25 What's Next for Zephyr and the RTOS Landscape53:12 Final Reflections and Closing Thoughts⁠⁠Join the Interrupt SlackWatch this episode on YouTube Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  59:17
• COREDUMP #008: Navigating the Changing IoT Security Landscape: A Survival Guide for Product Leaders

  In today's Coredump Session, we dive into the evolving landscape of IoT security regulations with Giovanni Alberto Falcione, CTO at Exine. From the impact of the EU's CRA to the complexities of OTA updates, Giovanni, François, and Thomas unpack what these new requirements mean for product engineers and how to navigate the increasingly stringent security landscape.Speakers:François Baldassari: CEO & Founder, MemfaultThomas Sarlandie: Field CTO, MemfaultGiovanni Alberto Falcione: CTO, ExeinKey Takeaways:The EU's Cyber Resilience Act (CRA) mandates stringent security measures for all connected devices marketed after December 2027, with a particular focus on runtime security monitoring.OTA updates are essential for mitigating vulnerabilities in the field but can also introduce challenges in regulatory compliance.Giovanni highlights that less than 1% of IoT device manufacturers actively monitor cybersecurity state awareness, a critical area of compliance under CRA.Implementing a Software Bill of Materials (SBOM) and tracking Common Vulnerabilities and Exposures (CVEs) are low-hanging fruit for product teams to start bolstering security.eBPF technology offers powerful, low-impact monitoring capabilities that can detect unauthorized activities at the syscall level without kernel-level intervention.Companies need to plan for at least five years of security updates under CRA, with potential for longer support based on device lifecycles.Even seemingly innocuous devices, like coffee makers, can pose significant cybersecurity risks as entry points for broader attacks.Giovanni emphasizes that while regulation can stifle innovation, it also raises the bar for security practices across the board.Chapters:00:00 Introduction and Guest Introduction02:30 The Unseen Costs of Cybersecurity Regulation04:40 OTA Updates: Security Savior or Hidden Risk07:21 CRA vs. Other Regulations: What Matters Most10:30 The Rise of Runtime Security Monitoring12:23 Why Manufacturers Are Freaking Out About CRA15:09 The Hidden Cost of Legacy Firmware17:30 Inside the Automotive Cybersecurity Playbook21:22 eBPF: The Next Frontier in IoT Security55:38 Coffee Machines, Coffee Attacks, and Unexpected Entry Points⁠⁠Join the Interrupt SlackWatch this episode on YouTube⁠⁠Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  58:04
• #007: AI, Open Source, and the Future of Embedded Development: How Much Code Will We Actually Write?

  In today's Coredump Session, we dive into a wide-ranging conversation about the intersection of AI, open source, and embedded systems with the teams from Memfault and Goliath. From the evolution of AI at the edge to the emerging role of large language models (LLMs) in firmware development, the panel explores where innovation is happening today — and where expectations still outpace reality. Listen in as they untangle the practical, the possible, and the hype shaping the future of IoT devices. Speakers:François Baldassari: CEO & Founder, MemfaultThomas Sarlandie: Field CTO, MemfaultJonathan Beri: CEO & Founder, GoliothDan Mangum: CTO, GoliothKey Takeaways:AI has been quietly powering embedded devices for years, especially in edge applications like voice recognition and computer vision.The biggest gains in IoT today often come from cloud-based AI analytics, not necessarily from AI models running directly on devices.LLMs are reshaping firmware development workflows but are not yet widely adopted for production-grade embedded codebases.Use cases like audio and video processing have seen the fastest real-world adoption of AI at the edge.Caution is warranted when integrating AI into safety-critical systems, where determinism is crucial.Cloud-to-device AI models are becoming the go-to for fleet operations, anomaly detection, and predictive maintenance.Many promising LLM-based consumer products struggle because hardware constraints and cloud dependence create friction.The future of embedded AI may lie in hybrid architectures that balance on-device intelligence with cloud support.Chapters:00:00 Episode Teasers & Welcome01:10 Meet the Panel: Memfault x Golioth02:56 Why AI at the Edge Isn’t Actually New05:33 The Real Use Cases for AI in Embedded Devices08:07 How Much Chaos Are You Willing to Introduce?11:19 Edge AI vs. Cloud AI: Where It’s Working Today13:50 LLMs in Embedded: Promise vs. Reality17:16 Why Hardware Can’t Keep Up with AI’s Pace20:15 Building Unique Models When Public Datasets Fail36:14 Open Source’s Big Moment (and What Comes Next)42:49 Will AI Kill Open Source Contributions?49:30 How AI Could Change Software Supply Chains52:24 How to Stay Relevant as an Engineer in the AI Era⁠⁠Join the Interrupt SlackWatch this episode on YouTubeFollow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  55:14
• #006: Pebble’s Code is Free: Three Former Pebble Engineers Discuss Why It's Important (PART 2/2)

  In today’s Coredump Session, the team reunites to unpack the behind-the-scenes lessons from their time building firmware at Pebble. This episode dives into the risks, decisions, and sheer grit behind a near-disastrous OTA update—and the ingenious hack that saved a million smartwatches. It’s a candid look at the intersection of rapid development, firmware stability, and real-world consequences.Key Takeaways:Pebble’s open approach to developer access often came at the cost of security best practices, reflecting early startup trade-offs.A critical OTA update bug almost bricked Pebble devices—but the team recovered using a clever BLE-based stack hack.Lack of formal security measures at the time (e.g., unsigned firmware) unintentionally enabled recovery from a serious update failure.Static analysis and test automation became top priorities following the OTA scare to prevent repeat incidents.The story reveals how firmware constraints (like code size and inline functions) can lead to high-stakes bugs.Investing in robust release processes—including version-to-version OTA testing—proved vital.Real security risks included impersonation on e-commerce platforms and potential ransom via malicious OTA compromise.The importance of "hiring your hackers" was humorously noted as a de facto security strategy.Chapters:00:00 Episode Teasers & Welcome01:22 Why Pebble’s Firmware Was Open (and Unsigned)05:01 The Security Tradeoffs That Enabled Speed11:00 The OTA Bug That Could Have Bricked Everything15:26 Hacking Our Way Out with BLE Stack Overflow17:47 Lessons Learned: Test Automation & Static Analysis26:30 How Pebble Built a Developer Ecosystem29:56 CloudPebble, Watchface Generator & Developer Tools42:55 Backporting Pebble 3.0 to Legacy Hardware49:02 The Bootloader Rewrite & Other Wild Optimizations53:31 Simulators, Robot Arms & Debugging in CI56:40 Firmware Signing, Anti-Rollback & Secure Update1:06:10 Coding in Rust? What We’d Do Differently Today1:08:28 Where to Start with Open Source Pebble Development⁠⁠Join the Interrupt SlackWatch this episode on YouTube⁠⁠Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  1:13:19
• #005: The Current Realities of Cellular IoT

  In today’s Coredump Session, we zoom in on the rapidly evolving world of cellular IoT—what’s working, what’s changing, and what developers should know. With expert insight from Fabien Korheim of ONES, the conversation breaks down MVNOs vs MNOs, dives into certification hurdles, explores connectivity trade-offs like NB-IoT vs LTE-M, and unpacks why cellular is quietly powering more devices than you think. Whether you're building metering devices or baby monitors, this one hits the full stack—from tech to business models.Key Takeaways:MVNOs simplify global IoT deployments by abstracting regional carrier relationships and reducing SKU complexity.LTE-M is currently the safest bet for low-power cellular applications, with 5G RedCap positioned as a future alternative.Certification processes are lighter with MVNOs, especially when using pre-approved modules.Cellular IoT is ideal where Wi-Fi isn’t guaranteed, like basements, forests, and mobile tracking.Consumer IoT has huge untapped potential—cellular can dramatically improve usability and reduce returns.Battery life and data costs are major design considerations, especially when scaling fleets globally.Multiradio devices and smart fallback strategies (e.g. BLE/Wi-Fi + Cellular) are becoming more common.Debugging tools and observability platforms are essential for maintaining reliability across networks, devices, and regions.Chapters:00:00 Episode Teasers & Intro02:34 MVNO vs MNO: What’s the Difference?06:28 Certifications, SIMs & Simplifying Deployment12:31 NB-IoT, LTE-M, LoRaWAN & Satellite—Explained23:43 5G for IoT: Hype or Here?27:14 Top Use Cases: Meters, Trackers & Wildlife33:28 The Big Opportunity: Cellular in Consumer Devices36:33 Business Models: Who Pays for Cellular?37:49 Getting Started: Kits, SIMs & Copy-Paste Firmware41:59 Common Mistakes & What to Watch in the Field47:15 What to Measure: Observability That Scales49:13 Q&A: Prioritization, Firmware Updates, RedCap & More⁠⁠Join the Interrupt SlackWatch this episode on YouTube Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  59:35

More Technology podcasts

Trending Technology podcasts

About Coredump Sessions