Proof-led field notes for teams evaluating IoT risk before rollout, security review, or another avoidable incident
These articles show how Combotto reasons from field evidence to audit scope, findings, backlog, and follow-through. The library is listed newest first so recent proof and shipping work stay easiest to find.
Notes from designing a functional prototype enclosure for the STM32 `B-L475E-IOT01A2` before field testing: which board details mattered, how documentation and real measurements shaped the print, and why service access, transport, and fast reprints mattered more than visual polish.
Field device packaging
See why a vented 3D printed enclosure matters once a dev-board prototype has to survive transport, airflow, service access, and repeated field handling.
A planning note for the next Combotto field demo: two B-L475E-IOT01A2 devices with SPSGRF-868 radios transmitting over 868 MHz, one receiver bridged by serial into a Raspberry Pi 5, and a longer-range telemetry path than Wi-Fi alone usually gives inside and around buildings.
Longer-range telemetry
See why the next field demo moves two STM32 nodes onto 868 MHz, lands the receiver on a Raspberry Pi 5 over serial, and tests whether building telemetry can reach farther than Wi-Fi comfortably allows.
A practical look at IoT Cyber Resilience Act readiness: public security reporting, release evidence, dependency review, and a clearer path from one serious issue to verified fixes.
Reporting readiness
See how disclosure intake, advisory publication, SBOM evidence, and one case-driven workflow now connect before September 11, 2026 pressure arrives.
I’m moving my reference IoT gateway from a Dell Linux dev machine to a Raspberry Pi 5 to validate boot, recovery, buffering, and observability on real edge hardware.
Edge runtime realism
See why dedicated edge hardware changes the right audit questions before customer or leadership pressure rises.
Captured field proof of a Rust IoT gateway on Raspberry Pi 5 handling three STM32 devices over MQTT/TLS, WAL backlog during broker outage, and clean recovery after broker return. Useful for teams evaluating IoT gateway reliability before rollout.
Field proof first
See how identity, outage handling, WAL backlog, and recovery behave under realistic gateway pressure before rollout.
The Combotto Audit Engine is now ready for pilot projects: canonical reports, run-to-run delta tracking, and alerts for regressions and expiring certificates—built to make Audit → Sprint → Retainer delivery faster and more verifiable.
Audit delivery mechanics
See how field evidence turns into findings, backlog priorities, deltas, and repeatable regression checks.
What breaks when an edge IoT gateway runs 24/7? Real operational lessons from running a secure edge-to-cloud system under intermittent connectivity, focusing on reliability, observability, and silent failure modes.
Operational failure patterns
See the silent reliability and telemetry issues that only surface once a gateway is left running continuously.
Edge-to-cloud systems without proper observability suffer from slow debugging and reactive incident response. Learn why logs alone fall short and how observability reduces risk.
Observability blind spots
See why missing metrics and traces turn incident response into guesswork and slow decisions down.
I created a structured IoT Architecture Audit Checklist. It captures the core principles of reliability, security, and observability, and provides a consistent process for evaluating device -> gateway -> cloud pipelines.
Audit scope reference
Use the checklist when you need a structured baseline for what should be inspected across the device-to-cloud path.
The newest posts should tell you quickly what has shipped, what was learned, and where an audit can help next.
This supporting panel now follows the same newest-first order as the main library. Use the helper text to decide whether the latest proof matches the pressure already building in your own system.
Newest proof
Start with the latest field, hardware, or workflow post when you want to see what has been tested and packaged most recently.
Pattern match
If one title mirrors the pressure in front of your team, use the helper note on that card to decide whether it is the right entry point.
Next step
When a post exposes an issue your team already feels, move straight to the audit conversation instead of treating the library like a long reading sequence.
If the blog surfaces issues your team is already feeling, turn that into a scoped audit conversation.
Share the architecture slice, the current risk or delivery pressure, and the decision window. Combotto replies with a fit check, a suggested audit scope, and the clearest next step.
