Rants shouldn't be taken too seriously
Extra:
- announce at the beginning if it's an open-source tool, a commercial tool or just a theoretical concept.
Use the proper presentation software (right)Niki Skene
Powerpoint, keynote, Prezi and others. When to use what software? Is there a difference? Click your way thru a fast and comprehensive presentation about the proper use of the right software.
"Technical challenges"? More like horrors!
Let's explore first the technical debt of old file formats,
with the evolution of the "MP3" format.
Then we go through more recent forms of file format abuses and tools:
polyglots, polymocks, and crypto-polyglots.
Last, an overview of recent collisions and other forms of art with MD5.
They say that with file formats, "specs are enough".
Should we laugh, cry or run away screaming?
Presented at Digital Preservation Coalition's CyberSec & DigiPres event.
Use the proper presentation software (right)Niki Skene
Powerpoint, keynote, Prezi and others. When to use what software? Is there a difference? Click your way thru a fast and comprehensive presentation about the proper use of the right software.
"Technical challenges"? More like horrors!
Let's explore first the technical debt of old file formats,
with the evolution of the "MP3" format.
Then we go through more recent forms of file format abuses and tools:
polyglots, polymocks, and crypto-polyglots.
Last, an overview of recent collisions and other forms of art with MD5.
They say that with file formats, "specs are enough".
Should we laugh, cry or run away screaming?
Presented at Digital Preservation Coalition's CyberSec & DigiPres event.
You are *not* an idiot ~ or maybe we're all idiots.
Keynote at NorthSec 2021.
Talking about school, failure, success, diploma, impostor syndrom, manipulators, burn out, suicide, and how to deal with them.
The talk delivery was more personal, the slides are kept generic.
The recording is available @ https://youtu.be/Iu70J49bPlE?t=20869 (starts at 5:47:49)
Demystifying hash collisions.
Pass the Salt, 1st July 2019.
video @ https://passthesalt.ubicast.tv/videos/kill-md5-demystifying-hash-collisions/
Hack.Lu, 22 October 2019.
video @ https://www.youtube.com/watch?v=JXazRQ0APpI
Beyond your studies ~ You studied X at Y. now what?
HackPra, July 2018
A student's life ago, the author somehow managed to graduate.
On the way, he made a lot of mistakes -- and he still does.
A few people since called him 'successful', but LOL, if only they knew....
And now, the author will do another (big!) mistake:
instead of hiding in shame as he probably should,
he'll share his mistakes with anyone bored enough to attend,
in the hope that he's the last person to ever look that dumb to commit such mistakes.
If you're a genius and you know what to do in life, please skip this. Seriously.
If, like the author at the time, you wonder WTF is going on with graduation, professional work and life, then hopefully you learn a few things. Maybe.
Btw the author is 42 (WTF - old!).
Maybe that will help to provide a few answers.
Presented at Troopers 2016.
When Infosec and Digipres share interests...
TL;DR
- Attack surface with file formats is too big.
- Specs are useless (just a nice ‘guide’), not representing reality.
- We can’t deprecate formats because we can’t preserve and we can’t define how they really work
- We need open good libraries to simplify landscape, and create a corpus to express the reality of file format, which gives us real “documentation”.
- Then we can preserve and deprecate older format, which reduces attack surface.
- From then on, we can focus on making the present more secure.
- We don't need new formats: reality will diverge from the specs anyway - we need 'alive' (up to date, traceable) specs.
AKA "How people can create better video games via hacks"
Presented at Hack.Lu's Cryptoparty4kids 2015
Fallback slides: this was actually presented with videos and sound
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elizabeth Buie - Older adults: Are we really designing for our future selves?
On giving technical presentations (a rant)
1. my 2c (rant) on giving
technical presentations
my first and last text-only slidedeck ;)
hastily typed by
Ange Albertini
www.corkami.com
2. disclaimer:
I’m no award-winning
presenter
but I saw too many ‘awesome presentations’
where the person on stage just read out loud a
blog post
instead of giving a good presentation.
and they presented the same thing the month before.
TBH we were just listening to show respect
for the technical level of the presenter,
3. reminder:
don’t take it personally
just a generic rant from a normal guy:
I have no cert, no fancy education,
I never presented at $LeetCon
you can close this window now.
4.
5. tell a story…
rehearse a lot…
a picture is worth…
bullet points…
don’t be an assh*le...
the usual advice
6. <insert fancy title here>
with buzzwords!
or cool sentences like:
“...for fun & profit”
“yo dawg, I herd you like...”
How many great music bands called their first albums “1”, “2”, “3”...
did that matter ?
7. my bio is awesome
I’ve been XX years in the industry
I code/break stuff
my employer is awesome and hiring
does saying that make any difference?
8. let’s make my bio bigger
with really unrelated stuff
wow, so you’re awesome at $sport ?
ever heard Tom Morello mentioning he
attended Harvard during a concert ?
or Brian May talking about astrophysics
between 2 songs ?
9. my life is awesome
AKA: do you really need yet another real life pic?
I’m really happy to see a picture of your desk!
oohh, I have the same mousepad !
and that toy that anybody can get at thinkgeek!!
just for a prezo that can be summarized in 5 mins?
11. use non-technical analogies
when possible
we’re techies, but it’s always nice to be able
to explain it to non-techies.
and our kids.
12. refrain from showing
something too technical
if only one person in the audience gets it,
then better just mention it
and put it in an extra document
13. it’s about following an argument,
not random knowledge stuffing
don’t show off with unrelated stuff,
it’s just a distraction
despite the potential WOW effect
14. showing code doesn’t
make it always better
processing any programming language takes
time,
so you may want to:
- focus on describing what’s happening
- show the code in extra ‘offline’ document
15. clean-up screenshots
do you really need to show IDA offsets?
(or the full IDE/desktop/whatever)
every time?
nvm, we can set ProcessDetails=0 in eyes.cfg
16. limit text as much as possible
AKA: are you a lawyer redacting a EULA?
keep extra details for an extra document such as :
- extra slides after the conclusion
- offline version of the slides
- article
- detailed blog post
17. but this deck is text-only !!!
it wasn’t presented live anywhere ;)
18. slides shouldn’t be boring.
PoCs should be sexy.
but it’s OK, if you have nothing to show.
(or just add another meme !!!)
19. add another meme plz
they’re so funny !!
we’ve never seen them before !!
20. “sorry, I started my
slides yesterday”
“I’m too leet for those of you who invested a
lot of effort to come and attend”
21. “this is the same
presentation I did last year”
“I’m too leet to make some extra effort”
or maybe
“the person who did the actual research had
no more time for it,
I’m just the show puppet”
22. “I actually improved this prezo,
but I kept it for $leetcon”
“I’m really too leet for you, s*ckers”
23. “I don’t have the time for
fancy slides”
a suggestion to save your precious time:
- go back to your work desk
- paste your slides’ text into pastebin
- tweet the link
voilà!
24. demos failure can
happen to everyone
but at least, a fallback slide/video recording
would have been nice
aka “when a guitar string is broken on stage,
the drummer starts a solo”
25. you may never be
completely ready...
but well prepared may be enough...
26. make a test presentation
with your friends
to feel more comfortable…
to see the public’s reaction…
to answer further questions in advance...
29. reminder:
don’t take rants seriously
we still love you for your awesome research
provided it’s really awesome, that is:
not just your fancy smile or haircut.