{"version": "https://jsonfeed.org/version/1", "title": "/dev/posts/ - Archive for 2025", "home_page_url": "https://www.gabriel.urdhr.fr", "feed_url": "/2025/feed.json", "items": [{"id": "http://www.gabriel.urdhr.fr/2025/12/08/asymmetric-keys-and-siths/", "title": "Asymmetric keys and Siths", "url": "https://www.gabriel.urdhr.fr/2025/12/08/asymmetric-keys-and-siths/", "date_published": "2025-12-08T00:00:00+01:00", "date_modified": "2025-12-08T00:00:00+01:00", "tags": ["computer", "cryptography", "star-wars"], "content_html": "<p>Some (not so serious) cryptographic wisdom\nfrom a long time ago\u2026</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/09/22/reinforcement-learning-formulas/", "title": "Reinforcement Learning formulas cheat sheet", "url": "https://www.gabriel.urdhr.fr/2025/09/22/reinforcement-learning-formulas/", "date_published": "2025-09-22T00:00:00+02:00", "date_modified": "2025-09-22T00:00:00+02:00", "tags": ["computer", "machine-learning", "reinforcement-learning", "neural-networks"], "content_html": "<p>Cheat sheet for (some) reinforcement learning mathematical formulas and algorithms.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/08/22/concealing-xss-payload/", "title": "Concealing XSS payloads", "url": "https://www.gabriel.urdhr.fr/2025/08/22/concealing-xss-payload/", "date_published": "2025-08-22T00:09:04+02:00", "date_modified": "2025-08-22T00:09:04+02:00", "tags": ["computer", "security", "xss", "waf"], "content_html": "<p>PortSwigger <a href=\"https://portswigger.net/research/concealing-payloads-in-url-credentials\">\u201cConcealing payloads in URL credentials\u201d</a>\ntalks about concealing XSS payloads in URL credentials.\nThe nice thing is that this makes the payload invisible to WAFs and other server-side XSS filters.\nYou can actually conceal the payloads in other places</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/08/22/codingame-spring-challenge-2025/", "title": "Codingame Spring Challenge 2025", "url": "https://www.gabriel.urdhr.fr/2025/08/22/codingame-spring-challenge-2025/", "date_published": "2025-08-22T00:00:00+02:00", "date_modified": "2025-08-22T00:00:00+02:00", "tags": ["computer", "rust", "optimisation", "profiling", "flamegraph"], "content_html": "<p>My experience from the <a href=\"https://www.codingame.com/contests/spring-challenge-2025/\">Codingame Spring Challenge 2025</a>.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/08/20/unicode-tag-smuggling/", "title": "Testing Unicode Tag Smuggling in chatbots", "url": "https://www.gabriel.urdhr.fr/2025/08/20/unicode-tag-smuggling/", "date_published": "2025-08-20T00:00:00+02:00", "date_modified": "2026-01-16T01:06:36+01:00", "tags": ["computer", "security", "language-model", "LLM"], "content_html": "<p>Testing <a href=\"https://embracethered.com/blog/posts/2024/hiding-and-finding-text-with-unicode-tags\">ASCII smuggling</a>\nusing <a href=\"https://en.wikipedia.org/wiki/Tags_(Unicode_block)\">Unicode Tags</a>\non LLMs/chatbots.\nNothing new here.\nJust a short summary.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/07/08/books-2024/", "title": "Books I have read in 2024", "url": "https://www.gabriel.urdhr.fr/2025/07/08/books-2024/", "date_published": "2025-07-08T00:00:00+02:00", "date_modified": "2025-07-08T00:00:00+02:00", "tags": ["book", "cryptography", "society"], "content_html": "<p>Books I have read in 2024.\nTries to avoid spoiling as much as possible\nand therefore does not contain a very deep analysis or review of most books.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/07/08/keycloak-uma-vulnerabilities/", "title": "Keycloak UMA vulnerabilities", "url": "https://www.gabriel.urdhr.fr/2025/07/08/keycloak-uma-vulnerabilities/", "date_published": "2025-07-08T00:00:00+02:00", "date_modified": "2025-07-08T00:00:00+02:00", "tags": ["computer", "protocol", "web", "security", "oauth", "keycloak", "security", "uma", "openid-connect"], "content_html": "<p>Keycloak's UMA implementation seems tricky to me.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/05/14/llama.cpp-quickstart/", "title": "llama.cpp quickstart", "url": "https://www.gabriel.urdhr.fr/2025/05/14/llama.cpp-quickstart/", "date_published": "2025-05-14T23:12:16+02:00", "date_modified": "2025-05-14T23:12:16+02:00", "tags": ["computer", "machine-learning", "deep-learning", "language-model", "neural-networks", "LLM"], "content_html": "<p>How to quickly use llama.cpp for LLM inference (no GPU needed).</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/05/14/vllm-quickstart/", "title": "vLLM quickstart", "url": "https://www.gabriel.urdhr.fr/2025/05/14/vllm-quickstart/", "date_published": "2025-05-14T23:11:38+02:00", "date_modified": "2025-05-14T23:11:38+02:00", "tags": ["computer", "machine-learning", "deep-learning", "language-model", "neural-networks", "LLM"], "content_html": "<p>How to quickly use <a href=\"https://docs.vllm.ai/en/stable/\">vLLM</a> for LLM inference using CPU.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/31/invasion-czechoslovakia/", "title": "Invasion of Czechoslovakia in 1968", "url": "https://www.gabriel.urdhr.fr/2025/03/31/invasion-czechoslovakia/", "date_published": "2025-03-31T00:00:00+02:00", "date_modified": "2025-03-31T00:00:00+02:00", "tags": ["politic", "russia", "europe", "czechoslovakia", "ukraine", "society"], "content_html": "<p>On August 20 1968, Czechoslovakia was invaded by the armies of\nWarsaw Pact.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/18/uma-malicious-as/", "title": "Malicious authorization server attack in UMA\u00a02.0", "url": "https://www.gabriel.urdhr.fr/2025/03/18/uma-malicious-as/", "date_published": "2025-03-18T21:23:51+01:00", "date_modified": "2025-03-18T21:23:51+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "<p>In a <a href=\"https://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/\">previous post</a>,\nI described a pass-the-permission-ticket vulnerability in UMA\u00a02.0\nin which a malicious UMA resource server\ncould kindly ask a UMA client\nto give it access tokens actually intended for another UMA resource server.\nIn this post,\nI am describing a similar attack when the authorization server is malicious.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/", "title": "Pass-the-permission-ticket vulnerability in UMA\u00a02.0", "url": "https://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/", "date_published": "2025-03-18T21:23:50+01:00", "date_modified": "2025-03-18T21:23:50+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "<p>In the <a href=\"https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html\">User-Managed Access</a> (UMA) 2.0 protocol,\na malicious resource server (or a malicious server acting as a resource server)\ncan obtain a requesting party (access) token (RPT)\nintended for another UMA resource server\nfrom a UMA client\nby passing a permission ticket obtained from the target resource server to the UMA client.\nThis can compromise the privacy (confidentiality)\nand integrity of UMA protected resources.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/05/trump-post-truth/", "title": "Donald Trump's post-truth alternative facts about Ukraine", "url": "https://www.gabriel.urdhr.fr/2025/03/05/trump-post-truth/", "date_published": "2025-03-05T00:00:00+01:00", "date_modified": "2025-03-05T00:00:00+01:00", "tags": ["politic", "ukraine", "russia", "united-states", "society"], "content_html": "<p>Some notes about Donald Trump's 2025-02-19 weird statements about Ukraine and Volodymyr Zelenskyy.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/01/30/distillation/", "title": "Neural Network Distillation", "url": "https://www.gabriel.urdhr.fr/2025/01/30/distillation/", "date_published": "2025-01-30T00:00:00+01:00", "date_modified": "2025-01-30T00:00:00+01:00", "tags": ["computer", "machine-learning", "deep-learning", "neural-networks"], "content_html": "<p>Overview of neural network distillation\nas done in\n<a href=\"https://arxiv.org/abs/1503.02531\">\u201cDistilling the Knowledge in a Neural Network\u201d</a>\n(Hinton et al, 2014).</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/01/27/exposing-services-podman/", "title": "Exposing services in/out Podman containers", "url": "https://www.gabriel.urdhr.fr/2025/01/27/exposing-services-podman/", "date_published": "2025-01-27T00:00:00+01:00", "date_modified": "2025-01-27T00:00:00+01:00", "tags": ["computer", "linux", "system", "podman", "container", "security"], "content_html": "<p>Some more tips for interacting\nwith the <a href=\"https://man7.org/linux/man-pages/man7/namespaces.7.html\">namespaces</a>\nof <a href=\"https://podman.io/\">Podman</a> containers.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/01/07/transformer-decoder-language-models/", "title": "Transformer-decoder language models", "url": "https://www.gabriel.urdhr.fr/2025/01/07/transformer-decoder-language-models/", "date_published": "2025-01-07T00:00:00+01:00", "date_modified": "2025-09-23T22:22:00+02:00", "tags": ["computer", "machine-learning", "deep-learning", "language-model", "neural-networks", "reinforcement-learning", "LLM"], "content_html": "<p>Some notes on how <a href=\"https://arxiv.org/abs/1801.10198\">transformer-decoder</a> language models work,\ntaking GPT-2 as an example,\nand with lots references in order to dig deeper.\nThis is intended both as a a roadmap for understanding on how LLMs work\n(especially the ones using a transformer-decoder architecture)\nand a a summary/recap on the topic.</p>\n"}]}