{"title":"Wonder's Lab","link":[{"@attributes":{"rel":"alternate","href":"https:\/\/wonderfall.dev\/"}},{"@attributes":{"rel":"self","href":"https:\/\/wonderfall.dev\/index.xml"}}],"subtitle":"Recent content on Wonder's Lab","id":"https:\/\/wonderfall.dev\/","generator":"Hugo","language":"en-us","updated":"2025-02-20T10:00:00Z","author":{"name":"Wonderfall"},"rights":"[CC BY-SA 4.0](https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/)","entry":[{"title":"Some thoughts on autoregressive models","link":{"@attributes":{"rel":"alternate","href":"https:\/\/wonderfall.dev\/autoregressive\/"}},"id":"https:\/\/wonderfall.dev\/autoregressive\/","published":"2025-02-20T10:00:00Z","updated":"2025-03-08T02:15:56+09:00","summary":"Most generative AI models nowadays are autoregressive. That means they’re following the concept of next token prediction, and the transformer architecture is the current implementation that has been used for years now thanks to its computational efficiency. This is a rather simple concept that\u2019s easy to understand - as long as you aren’t interested in the details - everything can be tokenized and fed into an autoregressive (AR) model. And by everything, I mean everything: text as you’d expect, but also images, videos, 3D models and whatnot.","content":{"@attributes":{"type":"html"}}},{"title":"Setting up MTA-STS with a custom domain on Proton Mail","link":{"@attributes":{"rel":"alternate","href":"https:\/\/wonderfall.dev\/mta-sts\/"}},"id":"https:\/\/wonderfall.dev\/mta-sts\/","published":"2023-07-13T10:00:00Z","updated":"2025-03-03T22:32:10+01:00","summary":"To this date, Proton Mail doesn’t support MTA-STS for custom domains. While DANE for SMTP is a much better solution to the same problem, MTA-STS exists for a reason: many providers are slow at adopting DNSSEC. DNSSEC is essential to enabling standards such as DANE or SSHFP. Notably, Gmail still does not support DANE but has supported MTA-STS for years.\nTherefore, MTA-STS and DANE can complement each other, and you should ideally deploy both.","content":{"@attributes":{"type":"html"}}},{"title":"Securing OpenSSH keys with hardware-based authentication (FIDO2)","link":{"@attributes":{"rel":"alternate","href":"https:\/\/wonderfall.dev\/openssh-fido2\/"}},"id":"https:\/\/wonderfall.dev\/openssh-fido2\/","published":"2022-04-09T17:43:12Z","updated":"2025-03-02T17:46:30+01:00","summary":"Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they’re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They’re also easier to manage while enabling a form of decentralized authentication (it’s easy and painless to revoke them). So, what’s the next step? And more exactly, why would one need something even better?\nWhy? The main problem with SSH keys is that they’re not magic: they consist of a key pair, of which the private key is stored on your disk.","content":{"@attributes":{"type":"html"}}},{"title":"Docker and OCI: a humble hardening guide","link":{"@attributes":{"rel":"alternate","href":"https:\/\/wonderfall.dev\/docker-hardening\/"}},"id":"https:\/\/wonderfall.dev\/docker-hardening\/","published":"2022-03-30T21:23:12Z","updated":"2025-03-02T17:46:30+01:00","summary":"Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:\n- Hey, your software doesn’t work…\n- Sorry, it works on my computer! Can’t help you.\nWhether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries.","content":{"@attributes":{"type":"html"}}},{"title":"About","link":{"@attributes":{"rel":"alternate","href":"https:\/\/wonderfall.dev\/about\/"}},"id":"https:\/\/wonderfall.dev\/about\/","published":"0001-01-01T00:00:00Z","updated":"2025-03-02T17:46:30+01:00","summary":"You may call me “Wonderfall”. I was young and it sounded cool.\n$ whoami I'm just a random guy passing by on the Internet who is interested in all kinds of things. And as you can tell, I'm a nerd. $ ls -l content\/ technology security privacy rants photography pharmacology medicine science $ git config --get remote.origin.url https:\/\/github.com\/Wonderfall\/wonderfall.github.io ","content":{"@attributes":{"type":"html"}}}]}