My wife and I moved our home and business from Mühldorf (Bavaria, Germany), to St. Gallen, (Styria, Austria). We created the company Small Step Systems… Read More »Moving to New Website: smallstepsystems.com
If a product is placed on the EU market before 11 December 2027 and is subject to a substantial modification after that date, it must satisfy all the rules of the Cyber Resilience Act (CRA) from the modification date onwards (Article 69.2). If we scrutinise this article, we detect its vulnerabilities. The definition of substantial modification is circular and hence largely void. Article 69.2 might even violate our constitutional right that law must not be applied retroactively.
Read More »How Pre-2028 Products Might Avoid the Cyber Resilience Act
As a machine or device manufacturer, you probably have some sleepless nights because of the Cyber Resilience Act (CRA). What do you have to do so that you can sell your products after 11 December 2027 and don’t have to pay penalties threatening the existence of your company?
Read More »Surviving the EU Cyber Resilience Act
The risk assessment of the essential product requirements is the most important, most time-consuming and least understood of CRA compliance. It answers a crucial question: Can you upgrade your embedded system to a current version, free it from exploitable vulnerabilities and keep it that way – with reasonable effort?
Read More »Overview: Risk Assessment of the Essential Product RequirementsMany embedded Linux systems use a Wayland compositor like Weston for window management. Qt applications act as Wayland clients. Weston composes the windows of the Qt applications into a single window and displays it on a screen. I still have to find a Yocto layer that does not start Qt applications as root. This violates the cybersecurity principle that every application should only run with the least privileges possible. Let us figure out how to run Qt applications as non-root users and make our system more secure.
Read More »Running Wayland Clients as Non-Root UsersOnce we have removed an item from a BitBake variable, we cannot re-append it. The evaluation of the following three assignments of the variable BB_VAR yields the same result, no matter in which order the assignments are executed.
# Code under someone else's control
BB_VAR ?= "x z"
BB_VAR:remove = "a y"
# Code under our control
BB_VAR:append = " y"
### Result: BB_VAR = "x z" instead of "x y z"