[Dailydave] Dry Runs

Tue Apr 14 23:25:07 EDT 2015

I strongly agree with your general comments about dry-run throughs. I'm
surprised no other security conference (that I know of) has borrowed the
approach.

One of the problems I have with Prezi is hinted at by your 1(b). Prezi
doesn't lend itself to easy organization of thoughts in that it's up to you
to provide all the structure. I often start with an outlining app first and
then migrate to prezi when I use it, but that's not efficient. Also, the
infinite zooming can certainly be useful, but I think it often ends up
being distracting more often than clarifying.

One alternative I like is reveal.js (https://github.com/hakimel/reveal.js/).

It allows easy hierarchical organization (in two-axes at least), and has
other added bonuses like being plain text and therefore convenient for
version control, viewable anywhere without proprietary software (heck, it
works fine on mobile platforms even -- a good way to test your minimum font
sizes). Oh -- I don't think I showed it off during our dry-run through, but
you can also zoom out of the whole presentation when you want to quickly
navigate to a particular slide and that's where the hierarchical structure
is extra handy for quick navigation. Also, prezi doesn't do this:
http://lab.hakim.se/reveal-js/#/10/4

There's all sorts of generator scripts from structured markup like Markdown
(https://github.com/webpro/reveal-md) or org-mode (
https://github.com/yjwen/org-reveal) that are even more convenient for
simple editing of the initial slide content which helps for quick
outlining, version control, etc. That helps a ton with the separation of
presentation and content that Jacob referenced, but LaTeX can get annoying.

There's also a few other .js based presentation frameworks that have
similar capabilities to prezi if you're up for experimentation, like
impress.js (http://bartaz.github.io/impress.js/#/bored), strut.io (
http://strut.io/) which is an almost-wysiwyg like editor for a couple of
these frameworks, though it's a bit buggy.

-- 
jordan

On Wed, Apr 8, 2015 at 9:54 AM, Dave Aitel <dave at immunityinc.com> wrote:

> When hacking professionally, you model everything very carefully, run
> your tools and methodology against the systems, and then revisit
> multiple times as you optimize against your known defensive threats.
> That's just how professionals work. And I find it funny that INFILTRATE
> is the first conference in our sphere that requires a pre-conference
> WebEx dry run. I'm going to bullet-list a few things we see a lot just
> so everyone knows:
>
> 1. Use Prezi. You don't HAVE to because I know it makes you feel like a
> hippie, but it also makes for better presentations. This is for three
> reasons:
>    a. Zoom. Zoom. MORE ZOOM. Zoom is the most key feature in a
> presentation but so few people use it because in every other
> presentation software it is super impossible to do.
>    b. Hierarchical presentations. PPT and Keynote take your nice
> pyramid-like thoughts which are connected naturally and then flatten
> them into a line of slides. You get a MUCH better presentation by being
> able to subtly show the true shape of your thoughts.
>    c. It is much easier and faster to create a Prezi than a good PPT.
> This means more time thinking about what you are trying to represent and
> less time fixing how big the fonts are in slide 50.
>
> That doesn't mean there aren't downsides to Prezi. But overall it is a
> massive step forwards.
>
> 2. Contrast in your text. No more yellow on white please. People's eyes
> are not good and what you see on a washed out projection is not as good
> as what you see on your screen.
>
> 3. Gliffy.com . That way your diagrams look great and you have MORE of
> them. More diagrams done more easily usually makes for a much better
> presentation.
>
> 4. Be more offensive. Don't worry as much about SELLING your idea but
> think more about showing the metrics behind your success. We usually ask
> at the end for more NUMBERS. How does your technique compare to other
> things that generate numbers? Feel free to call people out. You can name
> names in your research. You can say "I dont' think this works the way
> they say it does."
>
> 5. Think bigger picture. So many people talk about their technique but
> don't talk about what that level of success means for the larger world.
> We want to see "if the level of effort for X is so small, what does that
> mean for people trying Y?" What are the defenders going to do next to
> stop you? Is this something really easy for them, or really hard?
>
> 6. People do movies instead of demos, but they make the font in the
> movie terminals the default, instead of GIANT SO BIG FONT THAT WE CAN
> SEE IT. Please when you make a demo movie for a presentation, make the
> fonts 20% larger than you think they need to be for a blind person to
> read them from the back row.
>
> 7. More screenshots, with big fonts in them. People love to see
> screenshots because they illustrate your bullet-list points very clearly
> sometimes (i.e. what are the arguments to that thing you wrote again?).
>
> -dave
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150414/bd0c4928/attachment.html>