llama.cpp for running local LLMs on Intel GPUs

As mentioned in my previous post, vLLM appears to be the official way forward for running LLMs on Intel GPUs. As described there, the supported models have good performance but the vLLM version lags behind and it can go months until a newly released model is supported. This can be a bit frustrating, when for example everyone is talking about GLM-4.7-Flash these days but you are not able to join in on the fun. Do not despair, llama.cpp comes to the rescue!

2026-02-18 LLMAIGenerative AIIntelGPUllama.cpp

Running Local LLMs on Intel GPUs

I try to have a pragmatic view on Large Language Models (LLMs), which I summarized in a previous post. In any case, I am very much interested in the technology and, long story short, bought an Intel Arc Pro B60 GPU for my home server. It is “an extremely well-balanced workstation card that performs well in classic CAD environments as well as in modern AI and content creation scenarios” as Igor Wallossek puts it in his very detailed and thorough review. For currently around 800€, it is expensive but one of the cheapest graphic cards with 24 GB of VRAM, which is important for generative AI applications. I have different applications in mind like web desktops that can handle, e.g., video editing and gaming, but testing to run LLMs fully local was the first thing on my list.

2026-01-23 LLMAIGenerative AIIntelGPUvLLM

NIS2 Technical Implementation: A Practical Guide to the Operational Layer

When I started writing my last post on the NIS2 Governance Layer, I originally gathered cybersecurity-relevant abbreviations like SIEM, XDR and IDS which belong to the operational layer. Quickly they became too many and I needed to split the posts. So this post is a concise top-down guide on important operational concepts that you can encounter when implementing the “Network and Information Systems Directive 2” (Directive (EU) 2022/2555), or short NIS2, in an organisation. I had the idea when reading ENISA’s NIS2 Technical Implementation Guidance. This post (or series) does not provide a complete picture on NIS2 but can be seen as a cheat sheet when reading ENISA’s guidance.

2026-01-06 NIS2ENISACybersecurityCompliance

A Sober Look at LLMs in Late 2025

The year of 2025 is getting close to its end. It has been almost exactly 3 years since ChatGPT was released, the application that made large language model (LLM) a term that is mentioned everywhere and in any context. Access to generative AI has become a commodity, or even pushed on users in many products. But what does an LLM actually do and what is performed by the application around it? Where do we stand in the battle of private and open models, and what does this mean? Do I even need generative AI and do LLMs improve my productivity no matter what I am working on?

2025-11-18 LLMAIGenerative AI

NIS2 Technical Implementation: A Practical Guide to the Governance Layer

Whether in business, technology or everyday life, abbreviations are ubiquitous. However, I personally think they are overused, spelled out too rarely, and inconsistent even within a given domain. Admittedly, abbreviations have their use cases like keeping complex tables concise. When reading ENISA’s NIS2 Technical Implementation Guidance, however, I became convinced that it might make sense to create an inventory of the most important abbreviations within the given security context. To improve my own understanding, and perhaps yours, I will not only list the abbreviations but provide a bit of context, and explain how the concepts relate.

2025-10-27 NIS2GRCTPRMSCRMBCMENISACybersecurityCompliance

What is Safety Of The Intended Functionality (SOTIF)?

When working with embedded software or hardware, you might have come in contact with functional safety. Functional safety deals with getting the risk of malfunctioning behaviour of your systems to a level that you can accept. In essence, malfunctioning behaviour means that your system does not work as intended, and when this happens in a safety-critical system like a car, it can threaten lifes. Unfortunately, getting the risk of malfunctioning behaviour to acceptable levels is tough. This is why international standards govern how safety-critical systems are developed. Instead of vibe coding driver assistance systems, the ISO 26262 standard series “Road vehicles – Functional safety” describes how road vehicles (say car, bus, truck, …) and their subsystems are expected to be built. On over 800 pages in 12 parts, ISO 26262 details expected processes that car manufacturers and suppliers are required to have in place like risk assessments, traceability in their requirements or verification and validation activities.

2025-09-25 SOTIFSafetyAutomotive

Practical Local Email Backups With Dovecot and imapsync

Digital resilience is mentioned a lot these days, and while I thought I was well-prepared I realized that I had a blind spot: my emails. The problem is that I have lots of them (> 50.000) and neither do I want to stop hoarding or pay an enterprise-tier service at a provider that I trust (I do pay the private-tier, though 🙂). For me, this meant to create a local backup but I still want it to behave like a standard email server which you can connect to with your favorite client. What behaves like an email server? An email server!

2025-08-26 Quick TipsDockerDovecotimapsync

Meshtastic – Testing the Mesh Network on the Swedish Countryside

I have been curious about Meshtastic for a while. Now that c’t Magazin (a popular German computer magazine) had a good cover story on it, it was finally time to test it. In the following, I will briefly introduce Meshtastic, present ready-to-go node alternatives, and report on my off-grid node including unexpected messenges from an airplane. Meshtastic Meshtastic is “An open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices”. It can be used for messaging – including outdoor, emergency, or blackout preparedness use cases – as well as remote monitoring or sensing applications.

2025-08-19 MeshtasticMesh NetworkLoRaOff-Grid

Managing Rust Dependencies for Supply Chain Security

As this post got a bit dense, these are my main takeaways for reducing supply chain risks: Reduce dependencies by adding only essential features and exploring lighter alternatives. Use lib.rs including cargo audit, cargo crev and cargo vet results to vet trustworthiness. Implement CI checks using cargo deny to automate policy enforcement. For high-risk projects, consider vendoring dependencies with cargo vendor. Managing dependencies is hard in any software project: Which dependencies should you choose, and when is it worth pulling in an external crate? How to keep track of updates, vulnerabilities, or a dependency ending up unmaintained? When building a product, this is not only a quality issue but with EU regulation like NIS 2 or CRA this even becomes a liability issue. This is not only about vulnerabilities that need to be fixed, but dependencies have become a direct cybersecurity target where malicious code is somehow injected into the software “supply chain”. This is a known problem, especially for languages with thriving package ecosystems.

2025-08-06 ProgrammingRustDependenciesSupply ChainCybersecurity

Rust Progress, if let and simple-ssg-rs

I am slowly but consistently learning Rust, reserving approximately an hour each day since my last post almost six weeks ago, and I think I am progressing OK. What follows is a recap of my learning path which might help, especially if you are experienced in C++ and contemplating learning Rust. I will also briefly talk about if let and introduce simple-ssg-rs, a static site generator (like Jekyll, Hugo or Zola) but much simpler and which I created for the sole purpose of exercising Rust.

2025-07-22 ProgrammingRustC++simple-ssg-rs