Marvin's Blog

llama.cpp for running local LLMs on Intel GPUs

marvin@damschen.net (Marvin Damschen) — Wed, 18 Feb 2026 20:07:45 +0100

This post explores llama.cpp as a flexible alternative to vLLM, enabling Intel Arc Pro B60 users to run recent models like GLM-4.7-Flash.

Running Local LLMs on Intel GPUs

marvin@damschen.net (Marvin Damschen) — Fri, 23 Jan 2026 20:07:45 +0100

Run gpt‑oss‑20b locally on Intel Arc Pro B60: guide, benchmarks, fan control and privacy‑first AI at home.

NIS2 Technical Implementation: A Practical Guide to the Operational Layer

marvin@damschen.net (Marvin Damschen) — Tue, 06 Jan 2026 19:43:05 +0100

Practical guide to NIS2 operations: how IAM, MFA, and SOC tools like SIEM and XDR help organisations meet obligations.

A Sober Look at LLMs in Late 2025

marvin@damschen.net (Marvin Damschen) — Tue, 18 Nov 2025 22:40:22 +0100

A balanced, hype-free analysis of Large Language Models in late 2025, examining their technical foundations, productivity impacts, the rise of open-weight models, and why an industry correction may be imminent.

NIS2 Technical Implementation: A Practical Guide to the Governance Layer

marvin@damschen.net (Marvin Damschen) — Mon, 27 Oct 2025 20:13:35 +0100

Practical guide to NIS2 governance: how GRC, TPRM/SCRM and BCM help organisations meet obligations.

What is Safety Of The Intended Functionality (SOTIF)?

marvin@damschen.net (Marvin Damschen) — Thu, 25 Sep 2025 20:44:56 +0200

When working with embedded software or hardware, you might have come in contact with functional safety. Functional safety deals with getting the risk of malfunctioning behaviour of your systems to a level that you can accept. In essence, malfunctioning behaviour means that your system does not work as intended, and when this happens in a safety-critical system like a car, it can threaten lifes. Unfortunately, getting the risk of malfunctioning behaviour to acceptable levels is tough. This is why international standards govern how safety-critical systems are developed. Instead of vibe coding driver assistance systems, the ISO 26262 standard series “Road vehicles – Functional safety” describes how road vehicles (say car, bus, truck, …) and their subsystems are expected to be built. On over 800 pages in 12 parts, ISO 26262 details expected processes that car manufacturers and suppliers are required to have in place like risk assessments, traceability in their requirements or verification and validation activities.

Practical Local Email Backups With Dovecot and imapsync

marvin@damschen.net (Marvin Damschen) — Tue, 26 Aug 2025 10:28:34 +0200

Digital resilience is mentioned a lot these days, and while I thought I was well-prepared I realized that I had a blind spot: my emails. The problem is that I have lots of them (> 50.000) and neither do I want to stop hoarding or pay an enterprise-tier service at a provider that I trust (I do pay the private-tier, though 🙂). For me, this meant to create a local backup but I still want it to behave like a standard email server which you can connect to with your favorite client. What behaves like an email server? An email server!

Meshtastic – Testing the Mesh Network on the Swedish Countryside

marvin@damschen.net (Marvin Damschen) — Tue, 19 Aug 2025 22:58:12 +0200

Testing Meshtastic off-grid in rural Sweden, including unexpected airplane messages using a solar node.

Managing Rust Dependencies for Supply Chain Security

marvin@damschen.net (Marvin Damschen) — Wed, 06 Aug 2025 20:42:26 +0200

As this post got a bit dense, these are my main takeaways for reducing supply chain risks:

Reduce dependencies by adding only essential features and exploring lighter alternatives.
Use lib.rs including cargo audit, cargo crev and cargo vet results to vet trustworthiness.
Implement CI checks using cargo deny to automate policy enforcement.
For high-risk projects, consider vendoring dependencies with cargo vendor.

Managing dependencies is hard in any software project: Which dependencies should you choose, and when is it worth pulling in an external crate? How to keep track of updates, vulnerabilities, or a dependency ending up unmaintained? When building a product, this is not only a quality issue but with EU regulation like NIS 2 or CRA this even becomes a liability issue. This is not only about vulnerabilities that need to be fixed, but dependencies have become a direct cybersecurity target where malicious code is somehow injected into the software “supply chain”. This is a known problem, especially for languages with thriving package ecosystems.

Rust Progress, if let and simple-ssg-rs

marvin@damschen.net (Marvin Damschen) — Tue, 22 Jul 2025 18:49:08 +0200

I am slowly but consistently learning Rust, reserving approximately an hour each day since my last post almost six weeks ago, and I think I am progressing OK. What follows is a recap of my learning path which might help, especially if you are experienced in C++ and contemplating learning Rust. I will also briefly talk about if let and introduce simple-ssg-rs, a static site generator (like Jekyll, Hugo or Zola) but much simpler and which I created for the sole purpose of exercising Rust.

Learning Rust

marvin@damschen.net (Marvin Damschen) — Sat, 07 Jun 2025 09:22:42 +0200

I have always had an interest in programming languages and concepts, mostly related to systems programming. That’s pretty much why I studied computer science. Even if I have never been employed as a programmer, I have created and contributed to several bigger projects during my time as a researcher (e.g., WayWise is a more recent open one). My goto language is C++ (11 or later), often paired with the Qt framework. Having worked with safety-critical systems during the last years, I have often thought that it is far too easy to introduce hard-to-debug bugs in C++ if you do not enforce certain rules (say MISRA C++) and wondered about alternatives.

About

marvin@damschen.net (Marvin Damschen) — Sat, 31 May 2025 13:08:58 +0200

Hi! I am Marvin and this is my blog about mostly technical topics (let’s see… 😊). I have previously blogged about bigger experiences of mine (now offline) like a research visit to the North Carolina State University (NCSU, USA) while I was a Ph.D. student at the Chair for Embedded Systems at Karlsruhe Institute of Technology (KIT, Germany). Katharina and I have also blogged together about our first years in Sweden 🇸🇪, our home since we moved here with our then 6 month old child in January 2020 (right before the pandemic really hit 😁). Today, we are a family of four living on the Swedish countryside (about an hour east of Gothenburg, right outside of Borås) and are feeling more Swedish by the day.

Research Experience

marvin@damschen.net (Marvin Damschen) — Sat, 31 May 2025 00:00:00 +0000

I have spent more than 10 years performing research, first at Karlsruhe Institute of Technology in Germany (‘14–‘19, earned a Ph.D. in Computer Science in ‘18), and then, more applied, at Research Institutes of Sweden (RISE, ‘20 – ‘25). During this time, I secured significant grants (> €1 million over 3 years), led complex projects and build effective teams, developed research infrastructure and prototypes as well as published influental research in the fields of embedded systems and safety-critical automation including cybersecurity and AI. Several works were motivated by EU regulations and industry standards. My contributions are summarized below.