Coredump Sessions

• COREDUMP #008: Navigating the Changing IoT Security Landscape: A Survival Guide for Product Leaders

  In today's Coredump Session, we dive into the evolving landscape of IoT security regulations with Giovanni Alberto Falcione, CTO at Exine. From the impact of the EU's CRA to the complexities of OTA updates, Giovanni, François, and Thomas unpack what these new requirements mean for product engineers and how to navigate the increasingly stringent security landscape.Speakers:François Baldassari: CEO & Founder, MemfaultThomas Sarlandie: Field CTO, MemfaultGiovanni Alberto Falcione: CTO, ExeinKey Takeaways:The EU's Cyber Resilience Act (CRA) mandates stringent security measures for all connected devices marketed after December 2027, with a particular focus on runtime security monitoring.OTA updates are essential for mitigating vulnerabilities in the field but can also introduce challenges in regulatory compliance.Giovanni highlights that less than 1% of IoT device manufacturers actively monitor cybersecurity state awareness, a critical area of compliance under CRA.Implementing a Software Bill of Materials (SBOM) and tracking Common Vulnerabilities and Exposures (CVEs) are low-hanging fruit for product teams to start bolstering security.eBPF technology offers powerful, low-impact monitoring capabilities that can detect unauthorized activities at the syscall level without kernel-level intervention.Companies need to plan for at least five years of security updates under CRA, with potential for longer support based on device lifecycles.Even seemingly innocuous devices, like coffee makers, can pose significant cybersecurity risks as entry points for broader attacks.Giovanni emphasizes that while regulation can stifle innovation, it also raises the bar for security practices across the board.Chapters:00:00 Introduction and Guest Introduction02:30 The Unseen Costs of Cybersecurity Regulation04:40 OTA Updates: Security Savior or Hidden Risk07:21 CRA vs. Other Regulations: What Matters Most10:30 The Rise of Runtime Security Monitoring12:23 Why Manufacturers Are Freaking Out About CRA15:09 The Hidden Cost of Legacy Firmware17:30 Inside the Automotive Cybersecurity Playbook21:22 eBPF: The Next Frontier in IoT Security55:38 Coffee Machines, Coffee Attacks, and Unexpected Entry Points⁠⁠Join the Interrupt SlackWatch this episode on YouTube⁠⁠Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  58:04
• #007: AI, Open Source, and the Future of Embedded Development: How Much Code Will We Actually Write?

  In today's Coredump Session, we dive into a wide-ranging conversation about the intersection of AI, open source, and embedded systems with the teams from Memfault and Goliath. From the evolution of AI at the edge to the emerging role of large language models (LLMs) in firmware development, the panel explores where innovation is happening today — and where expectations still outpace reality. Listen in as they untangle the practical, the possible, and the hype shaping the future of IoT devices. Speakers:François Baldassari: CEO & Founder, MemfaultThomas Sarlandie: Field CTO, MemfaultJonathan Beri: CEO & Founder, GoliothDan Mangum: CTO, GoliothKey Takeaways:AI has been quietly powering embedded devices for years, especially in edge applications like voice recognition and computer vision.The biggest gains in IoT today often come from cloud-based AI analytics, not necessarily from AI models running directly on devices.LLMs are reshaping firmware development workflows but are not yet widely adopted for production-grade embedded codebases.Use cases like audio and video processing have seen the fastest real-world adoption of AI at the edge.Caution is warranted when integrating AI into safety-critical systems, where determinism is crucial.Cloud-to-device AI models are becoming the go-to for fleet operations, anomaly detection, and predictive maintenance.Many promising LLM-based consumer products struggle because hardware constraints and cloud dependence create friction.The future of embedded AI may lie in hybrid architectures that balance on-device intelligence with cloud support.Chapters:00:00 Episode Teasers & Welcome01:10 Meet the Panel: Memfault x Golioth02:56 Why AI at the Edge Isn’t Actually New05:33 The Real Use Cases for AI in Embedded Devices08:07 How Much Chaos Are You Willing to Introduce?11:19 Edge AI vs. Cloud AI: Where It’s Working Today13:50 LLMs in Embedded: Promise vs. Reality17:16 Why Hardware Can’t Keep Up with AI’s Pace20:15 Building Unique Models When Public Datasets Fail36:14 Open Source’s Big Moment (and What Comes Next)42:49 Will AI Kill Open Source Contributions?49:30 How AI Could Change Software Supply Chains52:24 How to Stay Relevant as an Engineer in the AI Era⁠⁠Join the Interrupt SlackWatch this episode on YouTubeFollow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  55:14
• #006: Pebble’s Code is Free: Three Former Pebble Engineers Discuss Why It's Important (PART 2/2)

  In today’s Coredump Session, the team reunites to unpack the behind-the-scenes lessons from their time building firmware at Pebble. This episode dives into the risks, decisions, and sheer grit behind a near-disastrous OTA update—and the ingenious hack that saved a million smartwatches. It’s a candid look at the intersection of rapid development, firmware stability, and real-world consequences.Key Takeaways:Pebble’s open approach to developer access often came at the cost of security best practices, reflecting early startup trade-offs.A critical OTA update bug almost bricked Pebble devices—but the team recovered using a clever BLE-based stack hack.Lack of formal security measures at the time (e.g., unsigned firmware) unintentionally enabled recovery from a serious update failure.Static analysis and test automation became top priorities following the OTA scare to prevent repeat incidents.The story reveals how firmware constraints (like code size and inline functions) can lead to high-stakes bugs.Investing in robust release processes—including version-to-version OTA testing—proved vital.Real security risks included impersonation on e-commerce platforms and potential ransom via malicious OTA compromise.The importance of "hiring your hackers" was humorously noted as a de facto security strategy.Chapters:00:00 Episode Teasers & Welcome01:22 Why Pebble’s Firmware Was Open (and Unsigned)05:01 The Security Tradeoffs That Enabled Speed11:00 The OTA Bug That Could Have Bricked Everything15:26 Hacking Our Way Out with BLE Stack Overflow17:47 Lessons Learned: Test Automation & Static Analysis26:30 How Pebble Built a Developer Ecosystem29:56 CloudPebble, Watchface Generator & Developer Tools42:55 Backporting Pebble 3.0 to Legacy Hardware49:02 The Bootloader Rewrite & Other Wild Optimizations53:31 Simulators, Robot Arms & Debugging in CI56:40 Firmware Signing, Anti-Rollback & Secure Update1:06:10 Coding in Rust? What We’d Do Differently Today1:08:28 Where to Start with Open Source Pebble Development⁠⁠Join the Interrupt SlackWatch this episode on YouTube⁠⁠Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  1:13:19
• #005: The Current Realities of Cellular IoT

  In today’s Coredump Session, we zoom in on the rapidly evolving world of cellular IoT—what’s working, what’s changing, and what developers should know. With expert insight from Fabien Korheim of ONES, the conversation breaks down MVNOs vs MNOs, dives into certification hurdles, explores connectivity trade-offs like NB-IoT vs LTE-M, and unpacks why cellular is quietly powering more devices than you think. Whether you're building metering devices or baby monitors, this one hits the full stack—from tech to business models.Key Takeaways:MVNOs simplify global IoT deployments by abstracting regional carrier relationships and reducing SKU complexity.LTE-M is currently the safest bet for low-power cellular applications, with 5G RedCap positioned as a future alternative.Certification processes are lighter with MVNOs, especially when using pre-approved modules.Cellular IoT is ideal where Wi-Fi isn’t guaranteed, like basements, forests, and mobile tracking.Consumer IoT has huge untapped potential—cellular can dramatically improve usability and reduce returns.Battery life and data costs are major design considerations, especially when scaling fleets globally.Multiradio devices and smart fallback strategies (e.g. BLE/Wi-Fi + Cellular) are becoming more common.Debugging tools and observability platforms are essential for maintaining reliability across networks, devices, and regions.Chapters:00:00 Episode Teasers & Intro02:34 MVNO vs MNO: What’s the Difference?06:28 Certifications, SIMs & Simplifying Deployment12:31 NB-IoT, LTE-M, LoRaWAN & Satellite—Explained23:43 5G for IoT: Hype or Here?27:14 Top Use Cases: Meters, Trackers & Wildlife33:28 The Big Opportunity: Cellular in Consumer Devices36:33 Business Models: Who Pays for Cellular?37:49 Getting Started: Kits, SIMs & Copy-Paste Firmware41:59 Common Mistakes & What to Watch in the Field47:15 What to Measure: Observability That Scales49:13 Q&A: Prioritization, Firmware Updates, RedCap & More⁠⁠Join the Interrupt SlackWatch this episode on YouTube Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  59:35
• #004: The Future of Edge AI and What it Means for Device Makers

  In today’s Coredump Session, we dive into the fast-evolving world of Edge AI and its real implications for device makers. From robots that detect humans to welding machines that hear errors, we explore the rise of intelligent features at the hardware level. The conversation spans practical tools, common developer traps, and why on-device AI might be the most underrated revolution in embedded systems today.Key Takeaways:Edge AI means real-time inference on embedded devices, not just “AI at the edge of the network.”Privacy, latency, and power efficiency are core reasons to use Edge AI over cloud processing.Hardware accelerators like the Cortex-M55 + U55 combo have unlocked GPU-like performance in microcontrollers.Battery-powered AI devices are not only possible—they're already shipping.Data collection and labeling are major bottlenecks, especially in real-world form factors.Start projects with data acquisition firmware and plan ahead for memory, power, and future use cases.Edge AI applications are expanding in healthcare, wearables, and consumer robotics.Business models are shifting, with AI driving recurring revenue and service-based offerings for hardware products.Chapters:00:00 Episode Teasers & Intro02:57 What Is Edge AI Anyway?06:42 Tiny Models, Tiny Devices, Big Impact10:15 The Hardware Leap: From M4 to M55 + U5515:21 Real-World Use Cases: From ECGs to Welding Bots17:47 Spec’ing Your Hardware for AI24:15 Firmware + Inference Frameworks: How It Actually Works26:07 Why Data Is the Hard Part34:21 Where Edge AI Will—and Won’t—Take Off First37:40 Hybrid Edge + Cloud Models40:38 Business Model Shifts: AI as a Service44:20 Live Q&A: Compatibility, Labeling, On-Device Training56:48 Final Advice: Think of AI as Part of the ProductJoin the Interrupt Slack⁠⁠⁠Watch this episode on YouTube⁠Follow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

  --------  

  58:06

More Technology podcasts

Trending Technology podcasts

About Coredump Sessions