👋 Hi, this is Mathias, back from holidays 😎 with your weekly drop of the 1% best, most actionable, and timeless resources to grow as an engineering or product leader. Handpicked from the best authors and companies. Guaranteed 100% GPT-free content.

Did a friend send this to you? Subscribe to get these weekly drops directly in your inbox. Read the archive for even more great content. Also: I share these articles daily on LinkedIn.

How to do Great Work by Paul Graham

A life-changing and driving read for ambitious people.

📗 How to do Great Work by Paul Graham (Viaweb, Y Combinator, and many more) is an essay and a recipe for ambitious people on how to get the most out of work. Great work is impactful towards your ambitions and ideally also impactful to the entire world or a subset of it.

"If you collected lists of techniques for doing great work in a lot of different fields, what would the intersection look like? I decided to find out by making it."

It's a fascinating piece filled with deep thoughts and insight from someone who has given much thought to the topic and advised many people.

I usually try to summarize the articles I share, but this one cannot be summarized. Reading it is a journey towards your ambitions and personal fulfillment. Getting to the end already means something about you. I assume few people do.

Still, here are a few thought-provoking quotes:

"What should your projects be? Whatever seems to you excitingly ambitious. [...] What are you excessively curious about — curious to a degree that would bore most other people? That's what you're looking for."

"The three most powerful motives are curiosity, delight, and the desire to do something impressive. Sometimes they converge, and that combination is the most powerful of all."

"Writing a page a day doesn't sound like much, but if you do it every day you'll write a book a year. That's the key: consistency. [...] If you do work that compounds, you'll get exponential growth. [...] Learning, for example, is an instance of this phenomenon: the more you learn about something, the easier it is to learn more."

"Consciously cultivate your taste in the work done in your field. Until you know which is the best and what makes it so, you don't know what you're aiming for. And that is what you're aiming for, because if you don't try to be the best, you won't even be good."

Read the full essay on PG's blog

What is a Merkle Tree?

"It is useful to think of computing the Merkle tree as computing a collision-resistant hash function, which takes n inputs (e.g., files) and outputs the Merkle root hash."

A Merkle tree is a recursive tree of hashes from a set of leaf elements we want to guarantee integrity of. Each element's content is hashed and used to build that tree from the leaves to the root hash. That root hash is effectively a collision-resistant representation of the entire collection of elements.

"The beauty of Merkle trees is that a prover, who has a large set of data can convince a verifier, who has access to the set's Merkle root hash, that a piece of data is in this large set by giving the verifier a Merkle proof."

What's the Merkle proof? Simply put, it's the set of complementary node hashes needed to rebuild the root hash, starting for the element being verified. In the example below, given h1,8 (the Merkle root hash), verifying h4 would only require three hashes: h3, h1,2, and h5,8. It seems trivial on eight elements but scales very well to millions.

📗 Alin Tomescu's What is a Merkle Tree defines that data structure that is foundational to many distributed systems by giving three examples: integrity of a set of files, Bitcoin transaction verification, and corruption detection when transmitting data. The perfect combination of applied theory!

Read the full article

The difference between root certificate authorities, intermediates, and resellers

As we live in a post-Lets Encrypt world, SSL certificates aren't the currency they once were. Yet they still are invaluable to secure the Internet.

That security revolves around the essential concept of trust with some cryptography on top. Browsers only accept certificates for HTTPS webpages if they were issued by a publicly-trusted SSL certificate authority. But how does it work? Who are these Certificate Authorities, and why are so many?

"There are two types of CA certificates: root and intermediate."

"Root CA certificates, also known as "trust anchors" or just "roots", are shipped with your browser."

"Intermediate CA certificates [...] are certificates with the "CA" boolean set to true in the Basic Constraints extension, and which were issued by a root or another intermediate."

Intermediate CA certificates recursively point to other certificates. If the recursion ends with a trusted root CA certificate, browsers know they're trusted. Simple. So why are there so many different issuers but so few trusted root CAs (Firefox trusts around 50 organizations)?

Because SSL certificates have long been a lucrative business, with many different models that are complex to tell apart:

1. Root CAs often have their own business selling certificates.

2. But they can also issue "external" intermediate certificates to other organizations that can issue certificates, too.

3. Or open a reseller API for anyone to sell certificates issued by the CA.

And the entire thing is recursive!

📗 Andrew Ayer's The Difference Between Root Certificate Authorities, Intermediates, and Resellers describes the ecosystem around certificate issuance. Even in a world where Lets Encrypt enables any organization to generate trusted certificates for free, these intermediates and resellers still have immense businesses.=

Read the full article on Andrew's blog