Dear Reader,
I am looking back at a difficult year. 2025 was my worst year in 12 years of running my solo business. There are some good reasons.
- I spent 9 months managing the construction of our log house in St. Gallen (Styria, Austria). We’ll move in our new house on 16 January 2026. I’ll also move my business. EmbeddedUse will become a proper company called Small Step Systems GmbH. Stay tuned!
- At the end of 2023, I accepted a fixed-price project to implement a CRA-ready embedded Linux system for a Variscite iMX8M Plus SoM. My cautious estimate was 6 months. It took me 1.5 years and I couldn’t deliver everything. More severe than the financial loss was that I didn’t do enough marketing - writing posts and talking at conferences. Consequently, my sales pipeline was pretty empty in 2025.
- The economic uncertainty in 2025 caused by the imperialistic policies of Russia, China and the USA didn’t help. This makes businesses think twice with spending money.
Don’t worry. I have enough financial reserves and I am savvy enough to get out of this little slump.
Most importantly, I am looking forward to an exciting year 2026 in a new country. I hope you feel a similar excitement about the new year. Have a happy, healthy and successful 2026!
Enjoy reading,
Burkhard 💜
Who Defines Minimum Security for Default Products?
The short and sad answer is: The courts will decide what makes up the minimum set of security measures required for CRA compliance of default products. Manufacturers stand a good chance in court to lower the bar for required security measures, to water down the CRA and even to delay the application of the CRA. This is a very sad prospect, because the intent of the CRA - strengthening cybersecurity - is good, necessary and long overdue. However, the execution is lousy.