150,000 IoT systems a year: what 9 years of embedded taught me about reliability
Before .NET and GenAI I shipped industrial embedded firmware at the scale of ~150,000 systems per year - where a regression can't be fixed with a commit. The discipline that demands, and why I reapply it on critical server systems.
Related projectGecko - Embedded IoT firmware shipped on 150,000 systems a yearEnglish summary
Embedded firmware produced at scale can't be 'patched in prod': a regression ships to hundreds of thousands of physical devices and stays there. The article shows how that forces you to design invariants, margins and failure states before the feature - the exact rigor behind my critical .NET architectures (Vouch's cited-or-rejected invariant, OneRP's authoritative state, Matchr's AI cost control).
Key takeaways
Embedded reliability is designed up front, not patched after.
You think failure states first, the feature second.
That discipline transfers directly to critical backend systems.
Original long-form article
The long technical article is available in French with code, context and detailed examples. The English page gives the recruiter-readable summary and the main engineering points.
Open the French articleNext step
Sounds like something you need shipped? Let's talk.
I take on critical technical work — from scoping to production, no debt or lock-in once it's handed over. Fastest way to see if it fits: a 30-minute call.
I reply within 24h — often sooner.