Random links #11

Written on 14 February 2019, 11:03am

Tagged with: , , ,

  1. The misinterpretation of the Mehrabian theory
  2. The four stages of competence
  3. How to avoid death by PowerPoint

There is a theory attributed to Albert Mehrabian according to which the non-verbal communication (NVC) accounts for 93% of the overall communication. In other words, what you say has virtually no importance, while how you say it (the tone and the body language) is almost everything.
Without negating the importance of the NVC, it is quite clear that the Mehrabian theory only applies in limited cases. In fact, the theory itself states that it applies only to communication about feelings or attitudes. This video does a pretty good job to debunk the 7% myth.
That being said, I strongly believe that the delivery can make or break a presentation. Take the same content and have it presented by two random people and you’ll understand what I mean.

The learning circle (or the 4 stages of competence) is a very useful way to visualize the learning process:

The circle of learning. Image from impower.co.uk

Finally, a presentation about how you should do your presentations¬†ūüôā If you only have time to watch one video about improving your presentation skills, it should be this one:

David Phillips has become the leading Swedish figurehead in the art of making presentations

In a nutshell, keep in mind the following simple principles when working on your next slides:

  • use a dark background
  • add a single message per slide
  • use keywords or images, not sentences
  • use size to highlight the important elements
  • don’t use more than 5 objects per slide

That being said, you can deviate from the principles above in case you don’t present your slides on a stage in front of an audience. A slide like the one below could still make sense during a meeting where you brainstorm with other technical colleagues:

Target to your audience: if you’re talking to a bunch of other nerds, a slide like this can make sense and don’t bore anyone to death. But never show this on a stage!

10 things that I liked in 2018

Written on 31 December 2018, 12:50pm

Tagged with: , , , , , , ,

In the last day of the year, it’s time to look back at the year and highlight the things that enjoyed in 2018. For reference, here is the list from the last year.

1. Two books: Daemon and Freedom, by Daniel Suarez. Absolutely brilliant, I don’t know how I missed them for so many years. Here’s an excerpt:

The Code book from Simon Singh was probably the runner-up – a few months ago I ordered the printed version and read it again after 5 years.

2. My new notebook: Huawei Matebook x Pro. Say what you want about Huawei, but they came up with a brilliant device. Miles ahead of the premium-priced Macbooks, it fundamentally changed my workflow. Never been a tablet guy and probably never be, so the combination of an iPhone + an ultrabook like the Matebook works best for me.

3. WorkFlowy: an exponent of the makers (*) culture, WorkFlowy is a dead-simple, cross-platform note-taking app. The hierarchical structure of the notes makes it compatible with mind-mapping and I found myself using it in a variety of ways. For instance, I drafted the outline of this post in WorkFlowy. Others wrote books with it:

(*) the makers culture: Peter Levels https://levels.io/ https://makebook.io/
https://twitter.com/ajlkn https://carrd.co/

4. A place: the Austrian Alps in the summer time. I had the chance to spend about a week in the mountains. The combination of mountains, clean air, outdoor activities and clear blue sky is amazing. Just have a look:

5. Security. 2018 was the year I learned a lot about security. Went to a few classroom training sessions (CISM, CISSP, TLS), passed some challenging certification exams, and realized that (IT) security is a fascinating domain with a lot of brilliant people.

The IT industry rocks (as one of the security guys that I follow said today), and on top of that, the security aspects make things much more interesting to watch.

6. Simona Halep: not only for finally winning her Grand Slam, but also for having the capacity to remain competitive for a long time: never dropped out of the top 10 for over 5 years and currently number 1 for more than a year (with a brief 4-weeks interruption). Well deserved and very inspirational.

Simona Halep, Roland Garros 2018, Simple Dames, Finale, Photo : Nicolas Gouhier / FFT

7. Two series: Breaking Bad and Better Call Saul. I enjoyed watching Breaking Bad when it was released on Netflix, and found the Better Call Saul a very good continuation of the series. Now that Better Call Saul is over, I went back to re-watch Breaking Bad – it’s amazing how a few years and another prequel change the perspective.


8. Jurgen Klopp. He joined Liverpool 3 years ago and built an amazing team around him. One can learn a lot about leadership just by listening to his interviews. Humble and determined, he’s a perfect fit for Liverpool and you can sense how everybody around the club loves him.


9. The iPhone X – because the dimensions are finally right, and, more importantly, because its camera allowed me to take some amazing photos throughout the year: https://www.flickr.com/photos/dorin_moise

10. Tesla Model S. Finally, I left this at the end because it offered me some very mixed feelings. As I said in a recent post, the car is really amazing and it offers an experience that you will not find anywhere else. But the quality of the support services is disappointing here in Belgium. I hope that things will improve, even though I’m not holding my breath.

Here’s for a brilliant 2019 and remember, in the end it’s all about getting better.

TLS Training London – day 2

Written on 8 September 2018, 02:07pm

Tagged with: , , , ,

Again, some notes about the second day of the excellent TLS Training delivered by Scott Helme. 

  • symmetric encryption is fast. AES is fast enough for transferring large amounts of encrypted data (ex. streaming)
  • asymmetric encryption is slow, therefore it’s only used for the authentication, in the beginning of the secured session¬†
  • ¬†RSA algorithm was actually invented 4 years before:¬†The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978. Clifford Cocks, an English mathematician working for the British intelligence agency Government Communications Headquarters (GCHQ), had developed an equivalent system in 1973, but this was not declassified until 1997.
  • Hashing: SHA256 (a subset of the SHA-2 family) is considered strong enough. Alternatives for the future are SHA384 and SHA512 (longer digests), but if the SHA-2 is fundamentally broken, then the SHA-3 family (Keccak) comes to the rescue. It’s like a never-ending cat vs mouse game between cryptographers and cryptanalysts.¬†
  • The CAs store their private keys in HSMs and rarely rotate them (a lifetime of a few decades is not uncommon)
  • There is a good analogy between digital certificates and passports
  • X509 is the standard describing the structure of the digital certificates. Currently at version 3, it introduced extensions (arbitrary metadata of key + values pairs). Example of an extension: the SAN (Subject Alternative Names) – where a number of domains can be given on top of the common name (CN). In fact, Google Chrome only looks at the SAN when parsing a certificate.
  • The certificate chain is typically composed of the Root CA certificate, then the Intermediate CA certificate(s) and finally, the end-entity certificate (the leaf). The last intermediate certificate has the ‘path length’ parameter set to 0 (it’s children can only be leaves).
  • The Root CA certificates are provided by the client (stored in the browser or OS), while the intermediate CA and end-entity certificates are provided by the server(the intermediate CA cert – for performance reasons)
  • It takes on average 5-6 years to become a Root CA. And if you want this, you must work with the following 5 relying parties carrying a set of root keys in their trust store: Apple, Google, Java, Mozilla, Microsoft. Let’s Encrypt started in 2016 and it’s not yet a Root CA; they are currently using another root CA to cross-sign their certificates (IdenTrust).¬†
  • The Web PKI is governed by the CAB Forum – an entity where the¬† Certificate Authorities and the major browsers are represented.
To be continued…