Friendship Incorporated


How did my friends amazed me again ? In one week, a single week. And what to learn from that…

But first. The story. I had to move in a new flat, quite quickly. I had low possibility to reuse my old furnitures. That move was sudden enough that I did not manage to make saving to pay new fridge, shelves, new every basic things that should go into a flat. I contacted my best friends, the closer circle and some broader, mentioning. “Dear friends, I have to move somewhere and I have nothing. What could I get from you, that you would be ready to give me, for free. Having in mind that I don’t want you to miss to make money with second hands market, and that I don’t want you to miss anything, once that thing will be gone.” I mentionned clearly that I would not have money to balance that donation, but would definitely have open bar sessions to the ones giving a hand (and the others trying to). And the miracle was. In less then a week, I got from those friends enough furnitures, washing machine, beds, sofa, sheet and dishes to start living in my new flat. In addition, I got from those friends help for repairing, painting and washing that new home.

So. The lessons. One could think that alcool is ruling the world, as I offered open bar in my new home and got so much success. Another one might see that me and my friends have invented a super cool startup that is disrupting Ikea and second hand furniture market. But I believe that something else happened. Few things I feel important to notice :

  • Demonstration of solidarity was made. In my thank-you email, I listed around 20 people in my close circle that helped or gave. This includes only friends. Yes, they had in common a profile of quadra, middle class, familly built, they could afford to do so. But still. Their answer was generous …
  • We are really diving in a surplus society, an affluent society. Each of us has definitely much more then what he needs. This is why I got so much things from  attic, basements. Of course, I did not filter, I took everything, without imposing any criteria.
  •  I am leaving now with basic things in my flat. Few furnitures, a table, some chairs, coffee cups and wine glasses for my friends coming, some vintage dishes, internet connection and my books. That is leading to a great satisfaction, I realize now how material things have overloaded my life those last years.
  • Hey ! All happened with no need of an app. This happened in my close circle, in real life, eyes in eyes, smiling and having great live discussions. I could have gone through donation nice application, I could have used my circle of virtual friends on social network. But I realised that the wealth was also in my real life proximity friends.

Of course, this is the beginning of something, we might discuss that again in one year and see if this “light life” is still suitable for me and my familly. But I got from that situation some great quality life improvement; being able to focus on what matters. And this is another reason to thank my friends, and whisper here to them “I love you”.

Note : That new situation is also triggering some questions on the way I use my time and how my digital life in progressing, some more thoughts to share soon…

Middle Life Crisis Toolbox : about resilience


Some of the things I have looked at those days is resilience. How can you survive bad moments, build again, start from scratch, after an incident that is affecting you (whatever its cause). Again, just like for bad emotion, or anger, here are some articles I identified as bringing some pieces of answers. Those are not *the* answer, but an opportunity to deal with notions and play with it.

For the ones looking for the ideal and theoritical conditions for resilience. Here is a good way to start : some short lists with 5 entries or 10 entries (for the bravest ones). This is an opportunity to catch what resilience means, and why it could matter. Sounds like a magic recipe. Each of us could identify what item corresponds to his natural tilt and what item is missing and may potentially be considered.

For the ones who needs to silence their constant self-criticism, in order to find peace and listen to themseves. Here is an interesting blog on how we sometimes kill ourselves by being to harsh on ourselves. To tease you, here is an extract :  “We know virtually nothing about ourselves because we judge ourselves before we have a chance to see ourselves (as though in panic).” Hum, hum ?

For the ones locked by conflicts and emotion, and who wants to get rid of that. I liked that blog post about managing your emotion. The most interesting point of that story is this notion of “a story hurts you, because it clashes with a story sensitive to you”. So let’s find our sensitive stories. In addition, I found crucial this idea of victim and villain caracter that we ususally allocate in conflict (guess who is the victim ?). The author suggests to make a shift in that, and try to ignore those roles (easy to say, I admit, but why not trying…).

For the ones, fan of analogy with working conditions, and believing that not to fall is the key. It is actually to recover which maters the most. This is what is explained in this Harvard Business Review blog, about work. It suggests to have real breaks. So could we in our personnal lives. Resilience Is About How You Recharge, Not How You Endure

And for everyone, think about that a second…


Machine Learning pour les simples humains…


Début Décembre, Nicolas Courtier m’a invitée à présenter devant un parterre d’avocat-e-s et de juristes plus ou moins averti-e-s les bases de l’intelligence artificielle. Ce colloque “Droit et Numérique” avait pour vocation plus large de faire état de la loi et des questionnements sur les disruptions technologiques telles que smart city, big data, machine learning et blockchain. Je ne peux que vous encourage à aller consulter le storify issu de cette journée riche en partage de compétence ou encore de parcourir mon court article sur quelques unes des questions évoquées (in english). Mais je partage également avec vous, cher lecteur assidu, la session que j’ai animée.

Machine learning, kézako. Le machine learning est un sous-catégorie de l’intelligence artificielle, ce qui ne rend pas le sujet moins intéressant. Cette discipline consiste à prédire le comportement d’un système, d’un humain, à partir d’un modèle – plus ou moins précis. Il s’agit donc de s’appuyer sur le passé pour prédire le futur. Oui, enterrons tout de suite notre fantasme d’une machine apprenante, en auto gestion, et qui règlerait les peines du monde à notre place. Parceque le machine learnign se nourrit du passé, précisément, le machine learning nécessite d’avoir une très grande quantité de données, de très bonne qualité. Et oui, le machine learning exige la quantité *et* la qualité. Pour en finir avec les grands principes, afin de déployer une solution à base de machine learning, il vous faut donc, du logiciel qui décrira le modèle de votre système, des data et un data scientist qui affinera le modèle.

Les promesses du machine learning. Elles sont de différents ordres, selon les cas d’usage, mais on peut songer à dupliquer la compétence humaine (comprendre, dupliquer un expert qui a fait de longues études, comme un médecin, un avocat, un travailleur dont la valeur repose sur la connaissance factuelle), on peut également songer à faire mieux que l’humain (en allant chercher des corrélations entre des événements auxquelles le cerveau humain n’aurait pas songé). Dans le domaine des services, c’est la même chose, le machine learning peut améliorer un service (par exemple une recherche par mot clé, ou une recommandation de produits dans un catalogue) ou encore en créer de nouveaux (une gestion intelligente des trolls sur Twitter par exemple).

Les applications gourmandes de machine learning. Potentiellement toutes. Mais les premiers acheteurs de la technologie sont le marketing (la prospection, le contenu sur mesure, le service après vente, le chat automatique…), les services de recommendation/search/match, le monde de la sécurité (pour la prédictions des risques, des fraudes). Tous les espoirs et fantasmes sont permis sur les domaines de la santé (la quêtes de l’immortalité et des diagnostics, meilleurs et au bon moment) et les voitures intelligentes …

Le machine learning, une science qui s’invente. Comme toutes les autres disciplines qui émergent et sont projetées dans notre monde, le machine learning est soumis aux courants hype tels que l’open source, le crowdfunding, le cloud, la création de communauté… La multiplication des initiatives autours du machine learning pour le rendre plus efficace, plus lisible, plus accessible, sont autant d’opportunité d’enrichir cette science.

Bref. Le machine learning est une technologie nouvellement sous les spots de l’actualité, comme blockchain, big data l’ont été ces derniers mois. C’est également une nouvelle opportunité d’agiter les modèles qui décrivent et conduisent notre monde. C’est l’introduction d’un usage encore plus intensif de la données, la fameuse richesse de notre siècle, et c’est également l’acceptation de plus de prédictif, d’à peu près, dans un monde complexe. Une tendance et des usages à observer de près donc…

Et les slides ? Machine learning pour les simples humains, version slide, c’est par ici. Enjoy !

Law and digital disruptions, examples of machine learning and smart city


As part of the amazing opportunities I get with my job, I have been invited to a one-day workshop, organized by the AFDIT, the french association of lawyers, specialized in IT and computing systems  (part of the International Federation of Computer Law Association IFCLA). This day aimed to have lawyers discussing the impact of technology on the laws, in public area or business area. The perimeter of the discussion was europe and US, thus some speakers from all around the world came and shared their experience. In order to educate and progress on major 2016 topics, the organizers, Nicolas Courtier and Yves Léon, selected the themes of the day as : smart cities, artificial intelligence and blockchain. Here are some interesting elements that were raised all along the day.

Smart city, what does it means ? We all heard about smart city : it is the promise to improve town management, population mobility, citizen service offer, by connecting all possible pieces of information and building some tailor-made services. That is the vision that some local politicians promoted during the day (Caroline Pozmentier, Stéphane Paoli), together with some French Tech actors. The other way to see it, explained by Art Langer from Columbia University is to position citizen in the middle of the town dynamic. By offering him or her better mobility, frictionless social relation, great work opportunities, better democracy, (which is great news for the humans). That vision suggests a potential coming race, among towns, to become the most attractive town in the world, in order to maintain growth in economics and population. All those improved services will be based on large data collection operations, or interconnection of databases. In order to do so, service providers may be required to have private and public actors collaborating, canvassing the city, the citizen and grab appropriate information. And then came the question of the privacy, which might be one of the most challenging questions in that model where the consumer is a citizen.

Big data privacy challenge in smart city. The relevance of the smart city services are relying on the consolidation of a set of data, for which confidentiality and anonymity are hard to garantee. In addition, this mixing of data set triggers the question of ownership and liability. Who would be owning the data and would be responsible for the the failure of data maintenance ? That question would any way have to be answered with the coming european regulation on privacy. As Massimo Attoresi from explained, this regulation mandates that all actors of a service handling data (collecting, processing, storing or destroying) have to take care of the data, by having clear process for user opt-in, transparency in usage, fairness in collection, data minimization (the less you take, the best it is), storage limitation, integrity and confidentiality and inform the user about potential leaks or incident. How to explain a clear purpose of data retention, when you don’t know which service will come from your data collection ? How can you assess the risks, when you have a dynamic system, with cross-system responsability ? How can you garantee anonimity when so much information, including geo-localized ones are collected ? Interesting questions that smart cities will have to answer…

Smart city opportunities. In case citizen consider smart cities as life improvment, some ways to roll out smart city could come with great benefit for the society. Without ignoring potential threat to citizen privacy coming with smart city, Philippe Mouron drafted for us some positive aspects of it. The idea to integrate citizen into service design could be a great way to improve service relevance. In addition, the collection of data, and the fact that data belong to the citizen may accelerate the movment of open data. Philippe advocated also for a better mixing og legal and tech know how in the lifecycle of devices, in order to make sure, that all do see an interest in “the silence of the chips” (aka, users being in control for stopping data collection and leak towards to servers).

What about machine learning ? We discussed during that day the concept of machine learning. I reminded the audience its basic principles. You know. The fact that machine learnng is a sub-categoty of artificial intelligence, which consists in predicting the future (or the most probable one), based on past data. I listed the required skills and tools to roll out machine learning based services (aka, software, some good pieces of data, a smart scientist fine tuning your model). I reminded the audience the first use cases benefiting the machine learning, which are marketing, search and recommendation, security, health and smart cars. One of the main take away that I asked people to remind was the fact that we were switching from a determinist world (where each line of code is describing a possible situation, and where programs take well know roads), toward a world where we describe our environment with a model, with more or less errors and accuracy. Based, on that I took the opportunity to raise questions that machine learning triggers for me, such as privacy, liability and error management. And I got few answers from the other speakers.

What could be the legal impact of machine learning ? @rubin demonstrated how the machine learning could impact the legal business, replacing some assets of the lawers and potentially introducing a better undertanding of risk and gains around trials. Rubin also reminded that the law was not designed for robots, but for human and insuring fair interactions among humans, including in business situation, leveraging on technology. He gave some intersting perspectives on how to pave the way towards a mastered artificial intelligence deployment, based on few principles. Clear responsability, transparence of artificial intelligence in decision making (specially for the ones suffering the decision), efficient maintenance and regular audit of the artifial intelligence systems involved in services, and lastly, a permanent possibility to challenge the results of services based on artificial intelligence. Those principles based on good will and fair relation were good to hear and could be integrated in any strategy embedding machine learning, now.

My take away from that leal and tech workshop. Yes, definitely, mixing of perspectives and visions are key to have everyone progressing in understanding a transversal topic such as technoogy in society. And. The topic of ethic in software is definitely an additional item to add in our watch list, together with the privacy expectations.


Pitch and Play !

Pitch and Pitch. Last week I have been part if a gemalto team organizing a hackathon, on security topic, with some great dev, tech architects, product managers and marketing folks. We spent 3 days playing the game of being a start up. And, obviously, we had to play the game of the pitch. This kind of standard exercice, where a jury expects from you, all the energy, all the positive power, to decide to bet on your project. That formal presentation mandates that you cover important stuff such as purpose of your project, ultimate value proposition, amazing business model, and potentially unveiling your heart, to convince everyone that investors can trust you, in rolling out the stuff you promised, to make them rich. Well, that is a short sumup of a pitch, but here is the spirit. And that is usually a lot of pressure.

Play and Pitch. This is where I believe the PitchCards project could help. I had a chance to handle a beta version. That PitchCards project is a game. It is about helping pitchers to pitch, with no fear. The purpose of the game, is to pitch on a pure exotic project. A project that you have to invent in 10 minutes by collecting, eyes closed, 3 cards. One for indicating which type of project you will work on (a connected device, a car, …) and two others that will express a domain, or a target (babies, dinosaur, …). Once your pitch is ready, you will have to pitch, present it in front of the other players. Purpose, business model, and all the nice story your imagination built. Your audience will listen carefully, and will have to feedback how was your pitch. this is trigerred by choosing random questions from a card deck. Where did you look at ? Did you breath correctly ? What is your motivation ? …

Pitch and Learn. I believe that this game is sooooo relevant in this special timing of a hackathon. This is a way to train your attitude, to educate your voice and your mindset to present something fun, removing the fear and the giant-attachement every startupers has with its own project. It is much more easy to receive a question related to your talk efficiency, while dealing with a fantaisist project, then speaking about the super-idea you have been working on during 3 days or 3 months, isnt’it ?

Buy the project. The PitchCards project will go live in January and you will have a chance to sponsor it, as it will land on Kickstarter. In the meantime, the team made of Will and Camille will improve, train, pitch and redesign the cards and concept. But definitely, as a beta tester I enjoyed, the concept and the spirit ! You might also, if you have any interest in pitch fun.

Is Hardware Based Secure Web Services a lost quest ? No. Well…


As co-chair of the W3C community group aiming to offer to web developers the possibility to access to services provided by hardware token, I am receiving some questions on a regular basis about where does this work go …

Well. Executive summary. The good reasons for allowing a web app to access to secure services stored in a harware token, and the possible ways to implement that in browsers are ready. But this is still not in the W3C planet. This is in a form of a report, edited by Sébastien Bahloul, a Morpho guy, and discussed with W3C Community Group members.

In details. The good reasons for allowing a web developers to access to keys stored in a hardware toke, or to trigger a signature which can not be repudiated are detailed in the report. There are some specific industry examples, such as government e-services, or e-banking services, or commercial transaction, which requires legal binding, such as online signature. The potential users of this feature are legions. Basically, the european regulation, named eIDAS “regulates electronic signatures, electronic transactions, involved bodies and their embedding processes to provide a safe way for users to conduct business online like electronic funds transfer or transactions with public services”. To deploy such services on the web, the web developer needs to have some mean to access hardware token (or the web will miss that digital european trust promise). Other countries such as Bolivia, Uruguay, Argentina and Peru are also requiring similar technology.

The technical aspects. The technical proposal embedded in this report is made of two technical features. First. A way to implement the W3C Web Crypto API in hardware token. this is to allow the generation and the usage of a cryptographic key inside a token belonging to the user. Second. A way to digitally sign a transaction with a a key, again stored in a hardware token, and performing the signature confirmation via an interface the user can trust. Those two services are some of the building blocks to have a trusted web, where the user is in control of the credentials used to cipher or sign some data.

So what is wrong ? Well. This set of usages and technical feature were presented to a large group of W3C members during last W3C TPAC. And, nothing amazing happened. The browser makers were kindly requested to have a look at it. But they demonstrated low interest, while this topic has been discussed since september 2014. There might have a cultural problem here behing the slow progress of this topic in W3C. The online access to european government services is not a priority for the major browser makers. In addition most of the actors of the security have managed some hacks to be able to use smart cards or hardware token, like plugins. But this era is over, as plugins maintenance and attacks are getting more sensitive.

And what is next ? Next is about gathering the companies and countries interested in that feature, and start to demonstrate W3C that there is an important question here : do we want the web to get in the secure services, as requested by online signature and government services ? So if you are part of the actors believing this web feature is key, join the Hardware Based Secure Services CG, so that we can collectively work on creating a Working Group in W3C…

What’s happening with the W3C Web Crypto API ?


Well. The specification is finished !

[here a cheering to Ryan Sleevi, Mark Watson, Harry Halpin, who actually led the editorial stuff during this 4 years work].

Where is it ? You can read the most recent version here. It is this version that will be submitted to the W3C Director (Tim Berners Lee), in order to make it a real W3C recommendation. Crossing fingers.

Is it real ? Yes. During the lifetime of the spec we got major browser makers contributing and monitoring, aka, Google, Microsoft, Mozilla. Thus it is implemented. See

Where is the interoperability proof ? The test coverage can be found here.

So. What is the future ? Consider things are moving on, and the group will soon enter its maintenance mode. the next action, once the specification is a Recommendation will be to listen to the market and add any new algorithm that will be widely used.

Thanks ! That was a long and passionated work in W3C. Thanks to all members and individuals who contributed…



Middle Life Crisis Toolbox : anger screwdriver


“Anger is how we seek to create an illusion of control where we feel none.” Martha Nussbaum

I have been looking after anger and anger this week. Here is what I found and liked.

On what is happening in our body when we get angry. This is where we should know the basics of the race happening between cortex and amygdala. The interesting part of this article relates also to the time requested during the anger pic and our return to a calm state. This is where we are still vulnerable to anger again. Well, read that  and understand your body :

On how to get angry a lot. That video is a list of common tricks to put ourselves into great anger. Garanteed result. Funny and so true…

On the reasons why we get angry.Anger begins with the many imperfections of existence“. In this section of the “Book of Life”, one can understand where anger starts and why it should get all our attention, and support. As you may get, expressing anger is expressing suffering. And the best thing to do, may be to try to understand (and relax a bit, too).

On the bridge between anger and creativity. This is a set of wise views on anger. One I like is “The internal living flame of anger always illuminates what we belong to, what we wish to protect and what we are willing to hazard ourselves for.” David Whyte. Some other interesting philosophical thoughts can be read here

On anger, forgiveness, and lovers. I can not refrein myself to reference another post from Brain Picking, about Martha Nussbaum views, which deals with anger in the specific context of lovers, where trust and links give a special sense and violence to anger. One can also find in this post, that anger and self respect, which have been linked for a lot of philosopher is challenged. Please have a read here :

Hope it helps !

Note : Picture “les pieds au mur” (foot on the wall) by Robert Doisneau

Note : other more general Middle Life Crisis ressources are available here

Non-violent security talk for small and medium business @ BlendWebMix

This week I was in a web conference, named #BlendWebMix, which gathers all kind of actors of the web economy, from investors to tech, including designers, influencers, politics, startupers, … Very diverse type of talks were given, 80, and 1800 people attended the event. I was selected to give a very short presentation on privacy and security. My challenge was : convincing a broad audience that the privacy was something each of us, as workers, should take action for, in 13 minutes. Here is the core of my message.

I am fed up with the usual talk in security which says ‘provide privacy by implementing some security or you will burn in the hell of bad reputation companies, together with Madison, Target, Yahoo, and potentially bankrupts”. You know, that Fear Uncertainty and Doubt (FUD). I tried another angle. I tried the non-violent path. And I believe there are two good reasons why people should give a chance (and budget and effort) to the privacy.



The first reason can be found on the optimistic side of the life. The good reputation. I have the feeling that in this digital storm of hacks, global attacks, social media bashing, the companies taking action to preserve the privacy of the users are playing a good game. And the user may know. And the user may appreciate it. And it may be a competitive advantage to invest and get rewarded for it.


The second reason is the data protection, as defined by the european comission. There is a new directive that mandates every company to allow its user to keep an eye on their data. It is the result of long discussions related to the value of the citizen privacy in our digital world. That regulation will be applicable in May 2018, to all European companies or all non-european companies handling some European citizen data. Well, yes, 2018 is after tomorrow. Which gives you only tomorrow to ramp up in good practices and get ready. The threat if you are not compliant with the regulation will directly touch your wallet, as fees could go up to 4% of your benefits, as a company. Universities and public services are also submitted to this regulation.

What does this regulation say ? It says that users will have to explicitly opt-in for registering their data, they will be able to control what you are doing with the data, they will have the right to modify and delete their data. In addition the data portability will have to be provided. Finally, users will have to be informed about any breach related to their data. Data in this context, means any piece of information which characterized the user, name, address, but also geo-localisation, social media activity, any digital evidence left by the user that you are collecting.

Who is submitted to this regulation ? Any company which collects, process, transmit, store the data. This means, you, but also anyone touching the data closely of by far. For example, the monetization partners (ads), or your cloud providers.  Now you see what could be the impact !

This is where I started a new technic for getting the audience sensitive to the message. I asked them to pause a second, to close their eyes, to breathe, and think about one of their user. Lea, 30 years old, digital, agile, conscious citizen, caring about her privacy. I asked the audience to answer in the secret of their mind and heart, eyes still closed, the following questions : do you know what are the data from Lea that you are taking in your super-super application or service ? Do you know where are Lea’s data stored ? When was the last time you had a conversation about privacy and security at work ? I mean, not on Twitter, being scandalized by the global surveillance of the states, but wondering, in your own framework. Some of the people in the audience smiled, and I felt some of the questions touched of them. What about you ?.


Always targeting to convince the audience in a smooth way to take action for the privacy of their user. I reminded that it was important for them to identify the data, understand their life cycle in their own service life cycle, define some weak points (aka, any entry point, transfert, storage…) and protect those points. The thing is that of you are a small company, you may not know where to start. My key message was. Well. Start with pragmatic stuff.

First. Talk about security, create conversation around it. For example. Make a 2 hours meeting with the project manager or whoever in the company coded the solution, with a global view. And together make a status of the different security measure done up to know. Make an accurate status.

Second. Look for security champion(s) in your team. Basically the one(s) who had a security training at school or who had the chance to work on a security sensitive project in the past and may share with others.

Third. Write a process. It could be a paper sheet on the cafeteria reminding, i) before you ship a new feature, ask John (the security champion) to have a code review, ii) before you sign a deal with a company, check its track record in security, …. Or it could be a professional methodology for bigger companies. Well, the objective is just to make sure that the question of the security is handled in the product life cycle, at company scale, and taken into account in the delays and deals. This relates to create a security company culture.

Fourth. Engage conversation with your partners, providers, ask them the basic question on their security investment. They might be able to prove that they actually take care of it. With certification, or being able to tell you a nice story about their effort in that matter. Just like any company should be prepared to.

Fifth. Crash test your product. Some bug bounties platform are now existing. You can submit your product, it will be attacked by some hackers, and if some security vulnerabilities are found, you will be informed. The next level or complementary action could be to perform an audit of your code, or have actual security certification (but I guess that if you are on a market where security certification scheme exists, you might already be a security aware company).

Sixth. Have a monitoring of the security news. Read some newspapers specialize din sec, or some forum alerting on vulnerabilities. It would be a pity that all you service bim-bam-boum is based on a framework which has been seriously hacked, and that you are not aware of.

In the end. Six possible concrete actions. To be rolled out by any non-expert security. I asked again the audience to close their eyes. And to pick in that list one action, just one action. And promise, in the secret of their mind to do it, Monday morning, when coming back in the office.Hoping next Monday some SMB will enter the way of improving privacy of their services….

Note : all picture copyrighted Garry Winogrand