0:00:00.000,0:00:09.240
31C3 Title, no sound

0:00:09.240,0:00:12.031
Alright, welcome! So, welcome again[br]from me. It's great to be here!

0:00:12.031,0:00:15.520
So many people, even to this late hour.[br]I've been told, this is the prime time.

0:00:15.520,0:00:21.940
That is awesome, at 11 p.m. I'm David,[br]I'm a Computer Scientist from Bonn.

0:00:21.940,0:00:24.470
And we just can start with the things[br]that happened so far at the congress.

0:00:24.470,0:00:28.449
If you happened to be here at the congress

0:00:28.449,0:00:31.420
or watched sessions on stream - [br]welcome again

0:00:31.420,0:00:35.570
to the colleagues on the internet - then [br]there will be always devices that one

0:00:35.570,0:00:39.509
does not like so much to use.[br][Laughter]

0:00:39.509,0:00:42.930
Who participated in the sessions of Tobias[br]Engel and Karsten Nohl, does indeed use

0:00:42.930,0:00:47.600
his mobile phone less confident.[br]And who was with starbug afterwards, will

0:00:47.600,0:00:51.899
not like to use iris scanners or finger [br]print scanners anymore and may use gloves[br]

0:00:51.899,0:00:56.000
more frequently now.[br]So here a little disclaimer:

0:00:56.000,0:01:01.940
If someone has an intimate relation to[br]his photocopier

0:01:01.940,0:01:07.810
and tends to keep it like that, should[br]refrain from participating this session.

0:01:07.810,0:01:12.340
We will do three things during this session.[br]First of all we will

0:01:12.340,0:01:17.260
get to know one of most prevalent and[br]dangerous bugs of the last years.

0:01:17.260,0:01:20.920
Secondly, we will comprehend the bug. [br]That is in a manner

0:01:20.920,0:01:25.390
nerds and muggels will understand. [br]And last but not least, for the activists

0:01:25.390,0:01:30.060
among us - may be some present here - [br]we will deduct some rules

0:01:30.060,0:01:34.210
that may apply to a single person that will [br]handle a powerful opponent,

0:01:34.210,0:01:38.860
just like a global player. [br]But in your case

0:01:38.860,0:01:42.690
it can be something completely different.[br]That's why I will describe precisely

0:01:42.690,0:01:45.950
how this dispute evolved over time and

0:01:45.950,0:01:49.770
what kind of mistakes I made.[br]The talk's kind of structured

0:01:49.770,0:01:53.500
like a novel. First, there's a prologue, [br]for the conspiracy theorists

0:01:53.500,0:02:00.620
among you. The year is 2008.

0:02:00.620,0:02:05.600
In summer 2008 the US were[br]having the primaries for presidential[br]election.

0:02:05.600,0:02:09.009
Barack Obama was in the running against[br]Hillary Clinton. In the US, like here,

0:02:09.009,0:02:14.220
there's lots of intrigue in politics.[br]So there were a few anonymous emails,

0:02:14.220,0:02:18.450
that should benefit Mrs. Clinton. Those[br]mails claimed, among other things,

0:02:18.450,0:02:23.260
that Obama had been born in Kenia als a[br]Kenian citizen. That would make him fomally

0:02:23.260,0:02:28.060
unfit to be president. To become president[br]of the US, you have to be

0:02:28.060,0:02:33.550
'natural born citizen' of the US. What[br]exactly a 'natural born citizen' is

0:02:33.550,0:02:39.060
the Americans themselves even don't[br]really fully know. But there's a whole

0:02:39.060,0:02:43.780
Wiki article about the controversy,[br]where you can read all about it.

0:02:43.780,0:02:48.720
Two things generally acknowleged:[br]First, one's to be American.

0:02:48.720,0:02:51.560
Second, one's to also be that at time of[br]birth. So when I come to the US,

0:02:51.560,0:02:55.740
newly naturalized, that doesn't work.[br]That Obama's second name

0:02:55.740,0:02:59.120
is Hussein was somewhat[br]suboptimal too in that context.

0:02:59.120,0:03:04.640
(laughs).[br]Obama obviously had an interest in

0:03:04.640,0:03:07.850
ending that 'argument' as quickly as[br]possible. So he made his birth certificate

0:03:07.850,0:03:12.269
publicly available. I say 'short birth[br]certificate' because,

0:03:12.269,0:03:15.580
when he was born, a short and a long one[br]were made. The short one ist shown here on

0:03:15.580,0:03:20.369
the left, you see it behind me. And I[br]in front of me.

0:03:20.369,0:03:24.140
But good conspiracy theorists aren't[br]distracted by facts.

0:03:24.140,0:03:34.279
(laughter and applause)

0:03:34.279,0:03:37.420
Immediatly, there are accusations[br]the birth certificate's faked.

0:03:37.420,0:03:40.489
Supposedly, there was a stamp missing, and[br]... and ... and. Whatever you can

0:03:40.489,0:03:45.030
come up with. You all can come up with it.

0:03:45.030,0:03:47.910
On the right, you see a few car stickers[br]by Obama's enemies.

0:03:47.910,0:03:51.760
The lowermost explicitly calls for the[br]birth certificate. The theory that Obama

0:03:51.760,0:03:56.590
shouldn't be allowed to be president,[br]is rather wide-spread in the US.

0:03:56.590,0:04:00.040
Obama won the primaries, and the following[br]election, but the dispute

0:04:00.040,0:04:05.799
simmered on. There was a whole scene of[br]birthers

0:04:05.799,0:04:13.739
that wanted to prove Obama's actually not[br]American.

0:04:13.739,0:04:17.500
After the whole thing hadn't calmed down[br]fo two and a half years - Obama already [br]being

0:04:17.500,0:04:24.300
president for some time - in 2011 he had [br]all of it. He published the scan of

0:04:24.300,0:04:28.000
the long version of the birth certificate,[br]on the right in the picture. You can[br]already see

0:04:28.000,0:04:32.500
there's much more information in it, and[br]you could think: They'll leave him alone[br]now.

0:04:32.500,0:04:37.900
But far from it.[br]Shortly after the release[br]there were accusations

0:04:37.900,0:04:43.010
the birth certificate was [br]a clumly forgery.[br]Let's take a closer look.

0:04:43.010,0:04:47.490
The left picture is a strong enhancemt[br]of the red box in the right picture.

0:04:47.490,0:04:52.240
The numbers six and four are visible. [br]These numbers have sharp,[br]pixel-perfect edges.

0:04:52.240,0:04:57.450
Yes, it's even visible on the projector.[br]And the numers are uniformly colored.

0:04:57.450,0:05:00.380
On their right side the number one[br]is blurred and colored unevenly.

0:05:00.380,0:05:04.710
The one is as you would expect a scan[br]in reality. Why is there such[br]

0:05:04.710,0:05:09.670
a difference between two numbers in [br]one and the same row of numbers?

0:05:09.670,0:05:13.889
A few more examples. [br]Again one can see numbers [br]with sharp edges

0:05:13.889,0:05:18.930
or these ticking boxes in contrast to[br]normal, slightly blurred numbers

0:05:18.930,0:05:23.720
and boxes. I drew some red boxes[br]the ticking boxes

0:05:23.720,0:05:27.121
and the 'and'. [br]There one can see a kind of shift.[br]And it does really look

0:05:27.121,0:05:31.389
as though somebody drew this using Paint.[br]Meaning the ancient one, [br]I am sure you remeber

0:05:31.389,0:05:35.440
from your childhood. MS Paint on[br]Windows 3.11. [br]I used to sit at my father's workplace

0:05:35.440,0:05:41.099
at work and stole his working hours.[br]Or this one,

0:05:41.099,0:05:44.540
particulary beautiful. [br]This section of the frame [br]is from the stamp at the bottom.

0:05:44.540,0:05:49.430
There's a typo, in the stamp. Yeah sure,[br]makes sense. We have heard that one before,

0:05:49.430,0:05:53.460
typo in the stamp. I mean of course one [br]would think it's a fraud

0:05:53.460,0:05:56.240
the way it looks. And at the same time[br]think that the intern

0:05:56.240,0:05:58.969
at the White House is too stupid[br]to use Photoshop.

0:05:58.969,0:06:02.020
Laughter

0:06:02.020,0:06:06.979
Concerning PR this was a massive failure of course.[br]According to a Gallup poll

0:06:06.979,0:06:12.651
in 2011, [br]5% of Americans believed, Obama was

0:06:12.651,0:06:17.440
definitely not born in the US. And a [br]further 8% thought, that he [br]was 'probably not'

0:06:17.440,0:06:22.420
born in the US. Well that didn't work out.[br]The White House had to

0:06:22.420,0:06:27.769
back up pretty badly. To this day they get[br]requests because of this. This was the prologue.

0:06:27.769,0:06:38.450
We will now move on to the main trial[br]and jump in time to 2013.

0:06:38.450,0:06:44.139
On the 24th of June 2013 [br]a company, I was friends with, called me

0:06:44.139,0:06:48.950
The had two big Xerocs Workcentres.[br]Xerocs Workcentres are

0:06:48.950,0:06:53.550
those giant buisness copiers, that stand [br]everywhere nowadays. They are connected via WIFI,

0:06:53.550,0:06:58.050
can scan, print, copy, mail and [br]cost as much as a small car.

0:06:58.050,0:07:01.590
These printers aren't the ones your [br]grandma uses, but have

0:07:01.590,0:07:05.550
a few hundred users per device,[br]maybe more. In this picture

0:07:05.550,0:07:10.530
you can see a construction plan. [br]The black areas aren't original, I just

0:07:10.530,0:07:14.900
cencored those afterwards,[br]since I would not have been allowed

0:07:14.900,0:07:20.230
to use it. I marked three spots [br]in yellow on the plans.

0:07:20.230,0:07:24.560
These spots are standardized blocks[br]containing the squarefootage

0:07:24.560,0:07:27.960
of the room. These spots will become more[br]important soon. The company

0:07:27.960,0:07:32.050
told me: "Hey David, [br]when we scan a construction plan

0:07:32.050,0:07:35.260
the numbers change. [br]Could you take a look at it?"

0:07:35.260,0:07:40.250
Laughter

0:07:40.250,0:07:44.890
On the left side, that's me.[br]Laughter

0:07:44.890,0:07:52.160
Applause

0:07:52.160,0:07:55.220
At this point I have to add, that the relationship[br]with them is really good. I worked my way

0:07:55.220,0:07:57.990
through my computer sience degree.[br]Of course my parents also

0:07:57.990,0:08:02.759
contributed, I won't deny that. But I[br]did IT-Service for the company and

0:08:02.759,0:08:05.520
they were really nice all the time [br]and of course I thought they were screwing with me.

0:08:05.520,0:08:12.870
For sure. Copier changes numbers?? [br]Of course, makes sense. We've heard that before.

0:08:12.870,0:08:15.639
They said: "Yes, come over [br]and take a look at it.

0:08:15.639,0:08:19.449
We need the device,[br]it has to work."

0:08:19.449,0:08:23.421
So I drove over there and took a look.[br]Still being a bit

0:08:23.421,0:08:31.229
on the watch for the joke. [br]They have a Xerox Workcentre 7535.

0:08:31.229,0:08:34.000
Here are the three marked spots [br]in the original, before scanning.

0:08:34.000,0:08:37.760
I am not sure how good you can read it,[br]so I will read it out loud.

0:08:37.760,0:08:43.850
On the top it says 14.13 sqm (square meter)[br]in the middle it's 21.11 sqm,

0:08:43.850,0:08:49.380
and at the bottom 17.42 sqm. [br]So I put the plans in the Workcentre

0:08:49.380,0:08:55.510
and scanned it. And here are the [br]same spots after the scan.

0:08:55.510,0:09:02.870
Laughter and Applause

0:09:02.870,0:09:07.529
Interesting. Suddenly all rooms [br]are 14.13 sqm big.

0:09:07.529,0:09:11.120
I thought this can't be right. [br]Completely impossible. This isn't happening.

0:09:11.120,0:09:15.720
I was still thinking they are [br]screwing with me. (laughs)

0:09:15.720,0:09:19.440
While scanning the - to clear[br]that out from the beginning, since I

0:09:19.440,0:09:23.360
got that question a dozen times [br]in the internet- While scanning the text [br]detection

0:09:23.360,0:09:28.040
was turned of. The number substitution [br]takes place in the raw pixel data.

0:09:28.040,0:09:33.730
The company also had a second [br]Workcentre, the 7556.

0:09:33.730,0:09:37.690
Thats bigger and faster.[br]Aside from these two kinds of Workcentres,

0:09:37.690,0:09:41.290
that I mention here in the beginning,[br]there are a lot more. It is

0:09:41.290,0:09:45.342
a gigantic family of devices.[br]In contrast to the smaller device

0:09:45.342,0:09:52.000
which spat out the same numbers every time,...[br](laughs)

0:09:52.000,0:09:58.279
the larger one gave out different[br]ones every time. (Laughter)

0:09:58.279,0:10:01.550
It is bigger and has more CPU power.

0:10:01.550,0:10:03.730
(Laughter)

0:10:03.730,0:10:07.010
Look at those rows and how [br]the values change. At "Stelle 2",

0:10:07.010,0:10:11.700
that is the middle row, [br]first and last it's 14.13 sqm.

0:10:11.700,0:10:16.320
And in the middle 21.11, once.[br]That would have been the correct value btw.

0:10:16.320,0:10:19.490
There is a chance to get it right.[br](Laughter)

0:10:19.490,0:10:23.060
In the other rows it looks similar.

0:10:23.060,0:10:26.900
In case one of you needs one of [br]those NSA random generators....

0:10:26.900,0:10:29.360
(laughs)

0:10:29.360,0:10:34.930
Applause

0:10:34.930,0:10:37.700
Keep in mind, that actually this [br]is no...

0:10:37.700,0:10:39.950
I am laughing as well, but it is no[br]laughing matter.

0:10:39.950,0:10:43.030
Note that the numbers are set [br]into the layout perfectly. The error

0:10:43.030,0:10:46.880
was only noticed, because an[br]obviously bigger room had

0:10:46.880,0:10:50.130
a smaller square footage than [br]a smaller one next to it.

0:10:50.130,0:10:55.529
There's a broom cupboard with[br]100 sqm and next to it a ball room

0:10:55.529,0:10:58.730
with 4 sqm. [br](Laughter)

0:10:58.730,0:11:02.060
It hardly gets any meaner.[br]The layout looks perfect.

0:11:02.060,0:11:05.280
I do realise that the writing is [br]really small. Don't you

0:11:05.280,0:11:08.720
thinks this is some mean corner case[br]and I was working on

0:11:08.720,0:11:13.520
for three month, just to finally[br]stick it up to Xerox.

0:11:13.520,0:11:16.329
We will look at other examples.[br]This is the original case

0:11:16.329,0:11:20.120
in which the bug was originally noticed,[br]and I didn't want to keep it from you.

0:11:20.120,0:11:24.420
Here's the next one.[br]This is an expense register.

0:11:24.420,0:11:27.880
(Laughter)

0:11:27.880,0:11:31.340
Two sixes became eights.

0:11:31.340,0:11:33.420
It's funny, I released the picture[br]it on my website,

0:11:33.420,0:11:36.430
and I said: " Here a six became an eight."

0:11:36.430,0:11:38.830
Then I get an e-mail:[br]"No, on the top there's another."

0:11:38.830,0:11:47.260
(loud laughing and applause)

0:11:47.260,0:11:52.200
Again perfectly set.[br]Why was it noticed this time?

0:11:52.200,0:11:55.860
Because the numbers are supposed to[br]be sorted by size.

0:11:55.860,0:11:58.280
What I want to say is

0:11:58.280,0:12:00.800
it is impossible to notice. If I give[br]you some columns of numbers

0:12:00.800,0:12:03.750
that don't make any noticable sense.[br]Then you could obviously

0:12:03.750,0:12:07.889
not see, that there's wrong numbers.[br]It's always around there being

0:12:07.889,0:12:12.390
semantic criteria, to make it[br]noticable. To make it

0:12:12.390,0:12:16.199
obviously implausible. Otherwise[br]you have no chance to notice.

0:12:16.199,0:12:18.420
Slowly I became a little worried.

0:12:18.420,0:12:23.870
The neck length increases. To not let[br]this be some random events, I started

0:12:23.870,0:12:28.990
working to reproduce the error on [br]purpose. IT guy style

0:12:28.990,0:12:33.460
invested a night and generated [br]number columns in different

0:12:33.460,0:12:36.890
sizes and fonts. I scanned those and [br]experimented for

0:12:36.890,0:12:42.570
a few hours. And, indeed, [br]the error accurs again.

0:12:42.570,0:12:45.670
These are my random numbers.[br]We will be able to work with those

0:12:45.670,0:12:48.491
some more.[br]The eights marked in yellow

0:12:48.491,0:12:54.100
should be sixes and do not [br]belong there. Let's stay ourselfes shortly.

0:12:54.100,0:12:58.300
I promised you in the introduction, that [br]I would

0:12:58.300,0:13:02.740
lay out the entire interaction with Xerox, [br]that would follow, over time

0:13:02.740,0:13:07.590
and tell you, how I felt at the corresponding[br]times and emphasize the things

0:13:07.590,0:13:12.120
that according to my experience are [br]extremely important

0:13:12.120,0:13:15.450
when confronting a giant opponent.[br]And I will keep that promise.

0:13:15.450,0:13:19.060
I will tell you why at all times. [br]But now I will

0:13:19.060,0:13:22.150
say one thing up front. This thing[br]I will discuss in different ways [br]through the entire presentation.

0:13:22.150,0:13:29.680
What never helps in my point of view[br]is unfriendly twittering and hating.

0:13:29.680,0:13:34.800
(self-concious applause)

0:13:34.800,0:13:39.490
It's really nice that you are applauding,[br]I wasn't sure that would happen.

0:13:39.490,0:13:40.490
(laughter)

0:13:40.490,0:13:42.860
I have nothing against twitter as such.[br]Nothing at all.

0:13:42.860,0:13:45.220
But if you want to achieve something,[br]you make yourself vulnerable

0:13:45.220,0:13:48.410
with such behaviour. And above [br]all you won't be taken seriously.

0:13:48.410,0:13:52.470
You can always be accused of[br]not wanting a proper discussion.

0:13:52.470,0:13:55.380
That won't fit in 140 letters,[br]no matter what any of you say.

0:13:55.380,0:14:01.580
(applause)

0:14:01.580,0:14:04.829
Secondly you can always be accused[br]of seeking attention

0:14:04.829,0:14:08.269
for yourself. Because almost [br]everything is public on twitter.

0:14:08.269,0:14:11.470
At the most twitter is useful for [br]establishing first contact, when you

0:14:11.470,0:14:15.010
ask for an e-mail adress or a phone number.[br]If I don't recommend twitter,

0:14:15.010,0:14:19.649
what do I recommend? [br]Much more serious and straight foreward

0:14:19.649,0:14:23.610
is erverything, that is not public.[br]That way one shows willingness to work

0:14:23.610,0:14:27.490
rationaly and not urge to scream around.[br]That's mail or phone calls.

0:14:27.490,0:14:34.580
So we called the Xerox support.[br]Several times ...

0:14:34.580,0:14:39.889
Often ... We phoned uo all the levels[br]up to the top level

0:14:39.889,0:14:45.639
in Dublin - nobody knew [br]anything.

0:14:45.639,0:14:49.420
We also sought personal contact.[br]Staff from the local Xerox retailer

0:14:49.420,0:14:54.730
came over. That's not Xerox themselves,[br]but a retail and support company.

0:14:54.730,0:14:58.660
Thay were shocked - of course, right?[br]And then they tried to reproduce it

0:14:58.660,0:15:03.200
themselves.[br]Zack! They reproduced it...

0:15:03.200,0:15:11.320
(laughter and applause)

0:15:11.320,0:15:15.360
That was .. we are laughing now.[br]They were standing there

0:15:15.360,0:15:18.320
heads hanging low. You are standing [br]there selling these things

0:15:18.320,0:15:20.889
and suddenly you question your existence.

0:15:20.889,0:15:25.510
That's not cool at all. At Xerox[br]- not the support company,

0:15:25.510,0:15:29.779
but the entire, big Xerox, 140.000[br]employees,

0:15:29.779,0:15:34.649
there was surprise, but no efforts[br]were made

0:15:34.649,0:15:40.949
to help us or the retail company.[br]Meaning they were cautious of the problem.

0:15:40.949,0:15:44.759
(laughs)[br](laughter)

0:15:44.759,0:15:47.829
So there were no signs at all [br]of greater interest

0:15:47.829,0:15:50.381
and no advice, as for solving [br]the problem. Then one guy came

0:15:50.381,0:15:55.310
from Xerox Central, who updated the [br]software, we had an acient one

0:15:55.310,0:15:58.250
installed. He installed the new software,[br]problem was still there.

0:15:58.250,0:16:01.120
I thought: "Great, now we know[br]the problem existed in the fimware

0:16:01.120,0:16:05.680
three years ago until today." Hmmm.

0:16:05.680,0:16:08.459
When for more than a week nothing [br]happened on Xerox's side

0:16:08.459,0:16:11.330
that promised hope, I thought:[br]"Now you have been accommodating enough!"

0:16:11.330,0:16:16.540
So I wrote a blog article in German and English

0:16:16.540,0:16:21.399
about what I just told you about.[br]In this article I offered

0:16:21.399,0:16:25.889
test documents to download. The readers can[br]print, scan and check whether

0:16:25.889,0:16:30.699
they are affected or not. With that [br]the spread of the story started.

0:16:30.699,0:16:34.420
I have to add, my blog is not really huge[br], really not. It has around

0:16:34.420,0:16:38.990
500-1000 readers per day. That's [br]not a huge amount, but also not nothing

0:16:38.990,0:16:42.160
and the most readers are computer [br]scientists of some form, I know that from the e-mails

0:16:42.160,0:16:48.339
I get. On the bottom of my slides from now[br]on you can see a line.

0:16:48.339,0:16:51.462
This line will continuously move [br]further to the right. Thats a

0:16:51.462,0:16:56.389
plot of the klicks. It's not meant [br]to show off with clicks, but

0:16:56.389,0:16:59.620
in context it's great to see, at what[br]time one gets attention in what way

0:16:59.620,0:17:04.529
and also to see how fast it fades.[br]We will show that immediately.

0:17:04.529,0:17:08.369
This small bump - yes, it's visible. [br]The line

0:17:08.369,0:17:12.709
moved to the right and there's a [br]peak of 3000 hits/hour.

0:17:12.709,0:17:15.400
Those numbers are from Google Analytics,[br]I have been told, one has

0:17:15.400,0:17:18.459
to multiply them by two, but for order of[br]magnitude it's enough.

0:17:18.459,0:17:21.989
On the 2nd and 3rd of August the story[br]hit on several tech-blogs.

0:17:21.989,0:17:26.029
At this point I declare the long-known[br]fefe as tech-blog.

0:17:26.029,0:17:28.810
(laughter)

0:17:28.810,0:17:32.110
I know, I know, there's the first protest.[br]But I will agree on the fact,

0:17:32.110,0:17:36.860
that fefe is read by a lot of IT-poeple.[br]Alright, I am

0:17:36.860,0:17:41.300
not hearing any more protest. The peak[br]you see here is because of blog.fefe.de .

0:17:41.300,0:17:44.770
The message spreads, and I get [br]more and more mails from readers

0:17:44.770,0:17:49.520
that are affected. The most concerning is[br]that I get e-mails with confirmations

0:17:49.520,0:17:52.980
for a lot of Xerox-Workcentres[br]that I don't even know.

0:17:52.980,0:17:54.260
(laughter)

0:17:54.260,0:17:57.570
I told you before these things are [br]one giant family of products. Very slowly

0:17:57.570,0:18:02.429
I realise, that this could turn into[br]something bigger eventually.

0:18:02.429,0:18:06.830
Lesson learned: It was good to [br]release the test-documents online

0:18:06.830,0:18:10.120
with the article. Would the users not [br]have been able to check for themselves

0:18:10.120,0:18:16.020
using the test-documents, the story would [br]never have had an impact like it would soon have.

0:18:16.020,0:18:19.450
On the 4th of August the story arrived in [br]tech-portals around the world.

0:18:19.450,0:18:23.070
In the slide is Hacker News by [br]Y-Combinator, that's one of the biggest

0:18:23.070,0:18:28.540
of this kind, you probably know it.[br]From now on I get hundreds of technically

0:18:28.540,0:18:32.991
versed e-mails a day. I say "technically versed",[br]because there were also others

0:18:32.991,0:18:38.250
that were less technical.[br]Over the entire time I

0:18:38.250,0:18:41.350
spend days to channel and sort[br]the news

0:18:41.350,0:18:45.590
I get. This enabled me to [br]continue the reporting

0:18:45.590,0:18:50.500
in a professionaly and to get to the[br]roots of the bug with professional help.

0:18:50.500,0:18:53.720
The whole thing becomes an avalanche[br]and I am not allowed to sleep any more.

0:18:53.720,0:18:57.350
Cause the US press is on the phone constantly.[br]You must not think that US- journalists

0:18:57.350,0:19:01.500
ever realise, that there's a thing[br]called time zones ....

0:19:01.500,0:19:10.450
(laughter and applause)

0:19:10.450,0:19:13.630
Here's another anecdote. One would[br]think the US media journalists are

0:19:13.630,0:19:17.230
competitors. Meaning if one had a special [br]information he would not pass

0:19:17.230,0:19:20.850
it on to the others, right? As soon as the [br]colleague from ABC had my phone number

0:19:20.850,0:19:24.860
ALL of them had it. I tell you, it's [br]incredible! (laughs)

0:19:24.860,0:19:30.510
Lesson learned: Write these things in[br]multiple languages! Important are English

0:19:30.510,0:19:35.010
for the international space. Also the language [br]of the home market of the company,

0:19:35.010,0:19:39.410
you are confronting. In my case thats the [br]USA, so English, again

0:19:39.410,0:19:43.400
two birds with one stone.[br]By the way: in the US Xerox is so strong

0:19:43.400,0:19:48.280
that "to copy" is called "to xerox" there.[br]They really say that

0:19:48.280,0:19:51.019
in everyday conversation. The same way[br]we say: "Hand me a Tempo! (cotton tissue)",

0:19:51.019,0:19:55.160
just to give you an impression of how much[br]repute the company and the brand

0:19:55.160,0:19:59.410
has there. And when in the world [br]of technology something like this goes around

0:19:59.410,0:20:06.240
what's next? Mass media[br](some laughing)

0:20:06.240,0:20:10.970
And there you get the whole package.[br]We'll just click through here to

0:20:10.970,0:20:14.440
illustrate it. This list is in no way[br]complete, there were thousands of

0:20:14.440,0:20:17.720
articles suddenly, all over the world.[br]And if I show an article, then

0:20:17.720,0:20:20.750
- just as a disclaimer - it doesn't make[br]a statement about the date of publishing

0:20:20.750,0:20:23.490
statement about the date of publishing,[br]I just make it in a way that's good for the show

0:20:23.490,0:20:25.350
(some laughter)

0:20:25.350,0:20:29.840
Browsing, here is Heise, of course[br]that joys me as a computer scientist,

0:20:29.840,0:20:33.530
they covered the whole story in five[br]articles or so.

0:20:33.530,0:20:37.720
ZDF Hyperland, yes? I'm demonstrating[br]the german press a bit here.

0:20:37.720,0:20:40.440
The german press was very[br]reserved. The most articles

0:20:40.440,0:20:42.910
were in fact from abroad. [br]Therefore the comment

0:20:42.910,0:20:47.320
about the "home market". But here[br]a small anecdote about the german press.

0:20:47.320,0:20:51.480
A journalist told me that he wanted to[br]bring the story to the "Tagesschau".

0:20:51.480,0:20:56.549
They told him "Yeah, hmm, it's alright.[br]But for this we want it to happen

0:20:56.549,0:21:00.200
during real copying, and not just[br]during scanning!"

0:21:00.200,0:21:09.030
(laughter and applause)

0:21:09.030,0:21:14.000
If anyone from the "Tagesschau" is [br]watching, this applause is for you!

0:21:14.000,0:21:15.080
(laughter)

0:21:15.080,0:21:18.851
So I think: You geniuses![br]Pro Tip: If you print a scan,

0:21:18.851,0:21:21.940
then you have a copy![br](laughter)

0:21:21.940,0:21:24.470
With the difference, that such a [br]saved scan can cause

0:21:24.470,0:21:28.610
harm even years later.[br]But please! So I thought,

0:21:28.610,0:21:32.920
no "Tagesschau" story, it's going[br]around the world already anyways,

0:21:32.920,0:21:36.790
not my problem if they are the only[br]ones not covering it.

0:21:36.790,0:21:41.789
Lesson learned: Stay professional and[br]sovereign. Don't just bloat things

0:21:41.789,0:21:45.530
out of thirst for attention.[br]Every one of you can probably name

0:21:45.530,0:21:48.350
some affaire, that went [br]rather well

0:21:48.350,0:21:50.630
for whoever made it public,[br]and then in the

0:21:50.630,0:21:54.140
decisive moment he tasted[br]blood and made something up.

0:21:54.140,0:21:59.730
That's bad of course. Oh well.[br]The Economists, that's really

0:21:59.730,0:22:03.530
vintage, I liked this title:[br]"Lies, damned lies and scans"

0:22:03.530,0:22:09.950
That comes from Tom Sawyer:[br]"Lies, damned lies and statistics"

0:22:09.950,0:22:12.380
Now PR wise, we're at a point[br]where it's expensive.

0:22:12.380,0:22:15.980
The Economists has influence.[br]ABC News - even more expensive.

0:22:15.980,0:22:18.500
There are the colleagues with[br]their phones.

0:22:18.500,0:22:23.620
BBC, CNBC.[br]Suddenly, it was everywhere.

0:22:23.620,0:22:26.480
My powerpoint is lagging, here[br]it is again. Business Week,

0:22:26.480,0:22:32.890
that is a popular economy [br]magazine. I'll recall here,

0:22:32.890,0:22:37.930
until now, no reaction from Xerox.[br]Yes, three days in business,

0:22:37.930,0:22:42.590
worldwide. No reaction! And when you[br]take that long, the tone gets

0:22:42.590,0:22:47.539
really rough. I quote: "On the scale[br]of things, that are too terrible

0:22:47.539,0:22:50.370
to imagine, document altering[br]scanners are somewhere

0:22:50.370,0:22:52.500
up there with meat [br]eating bacteria."

0:22:52.500,0:23:02.990
(laughter)

0:23:02.990,0:23:07.760
They are actually writing this in the[br]Business Week! (laughs)

0:23:07.760,0:23:10.020
So I was called my a friend of [br]mine, listen you have to

0:23:10.020,0:23:14.640
read this. Great! Imagine,[br]there's Peter Coy, he's editor there,

0:23:14.640,0:23:18.530
that we will see again a few more [br]times over the course of this talk.

0:23:18.530,0:23:23.910
So, my blog article is now at[br]about 100.000 visitors per day.

0:23:23.910,0:23:28.250
And still, no feedback from [br]Xerox. In the meantime

0:23:28.250,0:23:31.780
I was able to explain, with the help [br]of many reader-mails,

0:23:31.780,0:23:35.870
what's happening at all.[br]And that's what I am telling you now,

0:23:35.870,0:23:39.559
so we make a small excourse[br]about image compression.

0:23:39.559,0:23:43.380
Here we have a test image,[br]that I made. It's a

0:23:43.380,0:23:47.890
sundew, with a fly on it, that's[br]a plant. The fly as well as the

0:23:47.890,0:23:52.009
text belong to this test image.[br]For us to have a nice variety of pictures.

0:23:52.009,0:23:57.769
Data transfer costs time, money[br]and storage. Image consist,

0:23:57.769,0:24:01.559
compared to text, of a great amount[br]of data. And to send and save pictures

0:24:01.559,0:24:06.260
completely uncompressed would[br]be really expensive.

0:24:06.260,0:24:10.310
And images are sent everywhere, yes?[br]The use is there for every one

0:24:10.310,0:24:13.880
of us. I tell you, it goes to the highest[br]possible scenarios.

0:24:13.880,0:24:16.630
Just recently there was a giant[br]coverage, and even an

0:24:16.630,0:24:20.430
investigation by the government,[br]just because a former member of

0:24:20.430,0:24:24.550
the parliament transferred pictures.[br](laughter)

0:24:24.550,0:24:28.680
(laughs)[br]So now, this member of the parliament

0:24:28.680,0:24:33.530
can't wait for his pictures forever, [br]so we have to compress the image data.

0:24:33.530,0:24:34.710
(laughs again)

0:24:34.710,0:24:38.680
Listen here![br](laughs stupidly)

0:24:38.680,0:24:45.000
(applause)

0:24:45.000,0:24:48.990
Now we have two parts of my test[br]image. One image part

0:24:48.990,0:24:53.240
and one text part. And I enhanced[br]it so much you can see individual

0:24:53.240,0:24:57.179
pixels. This is so we can see what [br]go wrong with different compression

0:24:57.179,0:25:01.890
methods. There is lossless [br]compression. Here the

0:25:01.890,0:25:04.720
image data stays as is, it is[br]just somehow stored more

0:25:04.720,0:25:09.300
efficient. Or we accept losses,[br]so, changes in the image data,

0:25:09.300,0:25:15.789
to "squish" the data and make it[br]even smaller.

0:25:15.789,0:25:20.550
Here are the popular[br]GIF-images.

0:25:20.550,0:25:26.540
Can I have a small hand sign, who[br]thinks that GIF has lossy compression?

0:25:26.540,0:25:29.540
Wow, that's a lot! Almost everyone.

0:25:29.540,0:25:32.600
GIF is a lossless compression[br]method.

0:25:32.600,0:25:36.090
The downside is, it only supports[br]256 colours.

0:25:36.090,0:25:39.220
The here shown lower quality stems not [br]from the image being saved

0:25:39.220,0:25:42.440
as a GIF, but from the colour[br]reduction.

0:25:42.440,0:25:45.640
To be able to see it better, I [br]reduced the colour amount to 16.

0:25:45.640,0:25:48.730
Here you see it nicely, uiuiui. So.

0:25:48.730,0:25:53.029
The finished image is saved pixel[br]for pixel, and then LZW compressed.

0:25:53.029,0:25:57.000
LZW is an old compression algorithm,[br]similar to ZIP.

0:25:57.000,0:26:01.130
GIF is very suited for graphics with few[br]colours. And because pixels are still

0:26:01.130,0:26:04.580
saved completely one by one,[br]sharp edges are well

0:26:04.580,0:26:09.030
represented. You can see, the [br]text looks pretty good. It's less good

0:26:09.030,0:26:14.490
in photographs, as you can see. Most[br]widespread are JPEG images. And JPEG

0:26:14.490,0:26:19.920
is lossy. The original image doesn't get[br]saved pixel for pixel anymore,

0:26:19.920,0:26:25.480
but instead gets split into 8x8[br]pixel blocks. And every block then

0:26:25.480,0:26:29.080
gets approximated with cosinus-waves.[br]How exactly this works mathematically,

0:26:29.080,0:26:32.299
we can spare ourselves from here.[br]But it is good to know, that this

0:26:32.299,0:26:36.240
kind of compression, it's good for[br]pictures, but bad for sharp edges,

0:26:36.240,0:26:40.730
as you can see in the letters, yes,[br]you can see artifacts, you can see

0:26:40.730,0:26:44.000
some stains around it. But usually[br]this would be full of artifacts,

0:26:44.000,0:26:48.160
the image. I can hold up[br]my notebook or so.

0:26:48.160,0:26:51.530
Long story short. Depending on the[br]type of image, certain compression

0:26:51.530,0:26:56.059
methods are good, and[br]others aren't.

0:26:56.059,0:27:00.491
That's why there is the JBig2-fomat.[br]This is one of the special words, that I

0:27:00.491,0:27:04.670
wrote down in three variants for the[br]translators.

0:27:04.670,0:27:08.970
Here you can dissect one image in[br]multiple sub images. The red

0:27:08.970,0:27:12.789
circled here as an example. These are[br]sub images. These sub images we call

0:27:12.789,0:27:17.800
"patches", english for "Flicken".[br]As we see, there are parts of the image,

0:27:17.800,0:27:22.039
that don't belong to any patch.[br]That's pretty cool, because

0:27:22.039,0:27:24.700
the data for these won't [br]need to be saved at all.

0:27:24.700,0:27:29.890
You just say, background white. The joke[br]here is, these seperate patches, you can

0:27:29.890,0:27:34.520
compress these with multiple[br]compression methods.

0:27:34.520,0:27:38.970
The text patches, for example with GIF, [br]I'll show it just very roughly here.

0:27:38.970,0:27:44.680
You probably can't use GIF in JBig2.[br]But the principle stays.

0:27:44.680,0:27:50.540
And the photo patch for example with JPEG.[br]Every patch its suited compression method.

0:27:50.540,0:27:54.160
That's a real advancement. I probably[br]won't have to explain anyone here,

0:27:54.160,0:27:58.669
that with this you will know, which patch[br]contains what, get a good

0:27:58.669,0:28:04.050
quality, and probably a[br]smaller file size. So,

0:28:04.050,0:28:08.140
if you dissect the image into patches[br]anyway, you might as well use a

0:28:08.140,0:28:13.039
completely new high tech compression[br]method. You can dissect the original image

0:28:13.039,0:28:17.990
much finer, and have every individual[br]letter as its own patch.

0:28:17.990,0:28:20.669
That's a lot of patches.[br]A whole lot of patches.

0:28:20.669,0:28:23.690
And you can do this with text[br]pages and books. And its used,

0:28:23.690,0:28:26.910
I didn't just make that up now.

0:28:26.910,0:28:32.240
So next we see, which patches [br]are similar to each other.

0:28:32.240,0:28:36.440
This step is called "pattern matching".[br]I have marked four patches with arrows

0:28:36.440,0:28:40.720
here. These patches are very similar.[br]No wonder, you will say.

0:28:40.720,0:28:45.770
All of them are small "e"s. They are[br]only different by a few pixels.

0:28:45.770,0:28:50.110
Through this pattern matching, you get [br]a group of similar symbols.

0:28:50.110,0:28:54.620
For this group, you only really save one[br]of those symbols, and that is

0:28:54.620,0:28:58.240
used over and over in the[br]compressed image.

0:28:58.240,0:29:02.820
Instead of his brothers. From these four[br]marked "e"s, only one would be

0:29:02.820,0:29:06.850
really saved, and then replaced all[br]the other ones. This way you can really

0:29:06.850,0:29:10.500
save a lot of data, with minimal[br]quality loss.

0:29:10.500,0:29:14.159
Here is the final product. Looks still[br]good, doesn't it? No artifacts

0:29:14.159,0:29:19.870
visible. Takes a lot less data than[br]without pattern matching.

0:29:19.870,0:29:24.910
Did you see that? The pattern matching[br]thinks the I is similar to the small L,

0:29:24.910,0:29:28.980
so you can replace that with it.[br]This happens, when pattern matching

0:29:28.980,0:29:39.519
works inaccurate. [br]Did you see this too?

0:29:39.519,0:29:43.590
These are incredibly dangerous[br]mistakes.

0:29:43.590,0:29:46.520
Usual compression errors are not[br]so bad. Then one letter is

0:29:46.520,0:29:52.470
unreadable. You see it, and you know that[br]something went wrong, "scan again please".

0:29:52.470,0:29:56.740
But here you have actual wrong data, that[br]looks flawless. And they get layoutet in

0:29:56.740,0:30:01.780
perfectly because of the similarities.[br]You have to actually read this, to

0:30:01.780,0:30:05.659
notice the mistake. And even then,[br]you can only see the mistake,

0:30:05.659,0:30:09.000
when the document becomes obviously[br]implausible, like in the blueprint.

0:30:09.000,0:30:12.920
I don't know about you guys. But I don't[br]read through all of my scans,

0:30:12.920,0:30:18.890
that I take, just to see if it has[br]any mistakes.

0:30:18.890,0:30:22.059
But my friends, a politician that would[br]have to gloss over this,

0:30:22.059,0:30:26.010
he would say: "Scan a medicine [br]dosing with a Xerox-device

0:30:26.010,0:30:29.130
in a retirement home, and there is[br]a high chance that in no time

0:30:29.130,0:30:31.620
you'll relieve the pension funds."[br](laughter)

0:30:31.620,0:30:39.890
(applause)

0:30:39.890,0:30:43.679
Now it is clear, that this also related to[br]security. Until now, you could have

0:30:43.679,0:30:47.490
asked, why does David hold a speech about[br]copying machines on the congress?

0:30:47.490,0:30:50.340
But this is actually about a severe[br]failure of a company,

0:30:50.340,0:30:55.270
that is a serious security issue.[br]Is anyone here from Berlin?

0:30:55.270,0:30:58.080
Maybe a hand sign?

0:30:58.080,0:31:00.779
What did the blueprints for the[br]airport get scanned with?

0:31:00.779,0:31:10.240
(laughter and applause)

0:31:10.240,0:31:14.590
But you know what? Airports,[br]medicine, rockets, airplanes...

0:31:14.590,0:31:19.220
As big as this is, that's all trivial.[br]It gets interesting at the question,

0:31:19.220,0:31:22.510
where those scans got used in court[br]as evidence, that

0:31:22.510,0:31:27.429
can be reexamined now.[br]Or the other way around,

0:31:27.429,0:31:30.820
if one of you sues me with a [br]Xerox-scan, from now on I'll just

0:31:30.820,0:31:34.800
tell you: "Ah, you know what,[br]it's faulty!" (laughs)

0:31:34.800,0:31:37.610
Now you can look for the[br]original first, to prove me

0:31:37.610,0:31:41.890
otherwise. I can't prove anymore,[br]that that part of the scan also

0:31:41.890,0:31:45.969
comes from the part of the paper[br]that you expect it to be from.

0:31:45.969,0:31:50.500
The legal value is zero! There's hundreds[br]of thousands of industrial copiers

0:31:50.500,0:31:54.610
worldwide. Those are business devices, [br]every machine has many users, even more

0:31:54.610,0:31:59.190
documents that were made by it, that were[br]distributed whereever. And so you can

0:31:59.190,0:32:03.200
have an idea, a large company called[br]me, their letter processing works so,

0:32:03.200,0:32:07.500
that incoming leters just get scanned[br]immideately by machines,

0:32:07.500,0:32:10.479
and from there on they only exist[br]electronically. Have fun, if

0:32:10.479,0:32:14.470
those contain errors. So, we come[br]back to the implications later again.

0:32:14.470,0:32:20.610
But for now, back to the story. It's the[br]5th of August. We are three days after

0:32:20.610,0:32:25.700
the first impact, and on the third day god[br]created, finally yes, a life sign

0:32:25.700,0:32:30.189
by Xerox. Now, they are[br]watching after all man! (laughs)

0:32:30.189,0:32:34.209
(applause)

0:32:34.209,0:32:36.740
Thank you (laughs)

0:32:36.740,0:32:40.020
The PR of Xerox Germany calls me.[br]The talk is very unproductive.

0:32:40.020,0:32:42.799
They can't do anything without the [br]americans. At first,

0:32:42.799,0:32:45.750
they though it was a joke. I say,[br]it's not. And then

0:32:45.750,0:32:48.540
we said, we will stay in contact.[br](laughs)

0:32:48.540,0:32:52.679
(laughter and applause)

0:32:52.679,0:32:58.309
And so, the day after, 6th of August,[br]for the first time it really had a punch.

0:32:58.309,0:33:00.950
In the morning, I get a screenshot[br]by a reader, from

0:33:00.950,0:33:05.170
one of the details from the admin panel[br]of his Xerox-copiers. There they talk

0:33:05.170,0:33:11.399
about letter replacement. Aha! For the[br]record, now. We can all learn this

0:33:11.399,0:33:13.920
here: There are three PDF[br]compression levels.

0:33:13.920,0:33:18.949
These are called "Normal", "Higher",[br]and "High". Very marketing appropriate.

0:33:18.949,0:33:24.600
So, "Normal" is the mode, that compresses[br]the most. The reader says:

0:33:24.600,0:33:27.649
on "Normal", the error occurs, in the[br]higher levels it doesn't.

0:33:27.649,0:33:34.040
My tests seem to comfirm this. I say it[br]extra vague here, more on it later.

0:33:34.040,0:33:38.340
(pauses to drink)

0:33:38.340,0:33:41.190
I promised you to show you the [br]moods over this situation,

0:33:41.190,0:33:44.890
in case something like it ever happens[br]to you. And really: In the first moment

0:33:44.890,0:33:49.110
my heart dropped into my gut.[br]I was scared shitless, to be the idiot

0:33:49.110,0:33:51.770
that didn't read the manual, yes?[br](laughter)

0:33:51.770,0:33:55.110
Because there is still no[br]official Xerox-statement, and I got

0:33:55.110,0:33:58.400
a tip from the press, that Xerox says[br]exactly this in their statement.

0:33:58.400,0:34:03.940
Lesson Learned: What's the difference[br]between inside and outside view?

0:34:03.940,0:34:07.809
Exactly this. No? Surely you think:[br]"Hello? Why is David so agigated,

0:34:07.809,0:34:10.310
it's clear that this type of document[br]error should

0:34:10.310,0:34:13.710
never have happened, not even [br]unknowingly." But from the inside...

0:34:13.710,0:34:18.960
It looks different. Despite being scared,[br]it's important: Stay calm, act rational.

0:34:18.960,0:34:22.349
Because of anxious moments like this,[br]it's important that previously you

0:34:22.349,0:34:26.990
never screech and de-escalate.[br]Never rabble beforehand.

0:34:26.990,0:34:29.670
If you were always sovereign,[br]you can appear confident,

0:34:29.670,0:34:33.410
and in doubt, calmy and publically ask:[br]"Well, boys? Why did the

0:34:33.410,0:34:36.489
support not tell me this[br]two weeks ago, eh?"

0:34:36.489,0:34:41.770
Lesson Learned: Appear professional[br]from the start, never hate. I'll repeat

0:34:41.770,0:34:46.730
that again. So, now,[br]defense to the front. I presented

0:34:46.730,0:34:50.580
the screenshot as a possible workaround[br]and advised: Turn compression

0:34:50.580,0:34:53.801
on "Higher". Additionally I wrote,[br]that I was wondering a bit,

0:34:53.801,0:34:57.250
why the support couldn't say this[br]to me over the course of a whole week.

0:34:57.250,0:35:01.400
I also criticized, that the setting is [br]called "Normal". (laughs)

0:35:01.400,0:35:04.750
And the possible consequences[br]I showed to you, of course those stay,

0:35:04.750,0:35:07.210
because on the scan you can't [br]see, that it might

0:35:07.210,0:35:12.579
contain errors. The goal was, to give the[br]thing a spin, before Xerox fights back.

0:35:12.579,0:35:18.310
It follows a telephone conference with[br]Rick Dastin. (murmur)

0:35:18.310,0:35:22.520
I see, he is known in the audience,[br]the vice president worldwide of Xerox.

0:35:22.520,0:35:24.990
And Franics Tse, one of their[br]chief engineers, that

0:35:24.990,0:35:28.570
was handling the image compression.[br]Guys, the boss does support himself!

0:35:28.570,0:35:37.299
(laughter and applause)

0:35:37.299,0:35:41.740
Rick Dastin was in fact the first person[br]that work at Xerox,

0:35:41.740,0:35:45.300
that I got officially told by, that[br]the letter replacement was

0:35:45.300,0:35:49.900
in fact already known by Xerox. So,[br]if you'd like to know, what the

0:35:49.900,0:35:53.250
support can't tell you after a week, then[br]you say: "I want to

0:35:53.250,0:35:56.960
talk to Rick Dastin!"[br](laughter)

0:35:56.960,0:36:00.160
And here, it was revealed that[br]the theory, that the pattern matching

0:36:00.160,0:36:03.680
was at fault, was true. Dastin also[br]confirmed, that the pattern matching

0:36:03.680,0:36:07.880
is only used in "Normal" mode.[br]So after a bit of discussion, it was

0:36:07.880,0:36:12.330
also clear, that the support fucked up,[br]and the name

0:36:12.330,0:36:16.680
"Normal" might be badly chosen. I then[br]suggested "Experimental".

0:36:16.680,0:36:25.250
(laughter and applause)

0:36:25.250,0:36:28.970
Maybe here: I'm really in a good mood,[br]and this is a lot of fun,

0:36:28.970,0:36:31.480
and we are all laughing, but in [br]that moment I was

0:36:31.480,0:36:35.530
just more nervous. Not that you[br]think it would be different for you.

0:36:35.530,0:36:41.190
There I'll be completely honest. And then[br]comes a clear "RTFM" from Xerox.

0:36:41.190,0:36:43.990
First: "Normal" mode, David,[br]is not even a factory setting!

0:36:43.990,0:36:48.030
Dear customers, you're all stupid.[br]Who would set it to such thing!

0:36:48.030,0:36:51.620
Second: That letters can get swapped,[br]that is explained in the manual,

0:36:51.620,0:36:56.490
on two seperate occasions.[br]Dear customers: double stupid!

0:36:56.490,0:36:59.750
For the factory setting: Of course[br]that's only a half truth. For the

0:36:59.750,0:37:03.990
customer, factory setting is, what the [br]device gets delivered with. Xerox doesn't

0:37:03.990,0:37:08.340
supply to big customers. Those sales[br]go over third parties.

0:37:08.340,0:37:12.309
If you order a Xerox-copier, you do it[br]over another company,

0:37:12.309,0:37:15.789
that isn't Xerox, and they will advise[br]you and there you can configure

0:37:15.789,0:37:19.800
whatever before they ship it. And for the[br]manual: The notice is in some manuals

0:37:19.800,0:37:26.190
indeed. But then I looked closer: On page[br]107 and 328 in the text, yes?

0:37:26.190,0:37:29.800
Now we are all old enough to know, how[br]many people will read a 300 page

0:37:29.800,0:37:34.470
manual, before handling a printer.[br](laughter)

0:37:34.470,0:37:39.050
I also thought, that copiers generally[br]shouldn't be designed in a way, so

0:37:39.050,0:37:42.679
those errors can occur at all.[br]That can't be, no one expects that.

0:37:42.679,0:37:49.090
(applause)

0:37:49.090,0:37:53.330
The answer was: "Yes, it can be!"[br](laughter)

0:37:53.330,0:37:55.890
"The market wants it this way,[br]errors would just..."

0:37:55.890,0:38:01.100
(laughter)

0:38:01.100,0:38:04.810
That was indeed a statement, that[br]was said exactly like this. I quote here,

0:38:04.810,0:38:07.940
but of course that only related to small [br]file sizes. And errors

0:38:07.940,0:38:11.300
would also be very rare. But I would be[br]right, you can't prove, that a

0:38:11.300,0:38:14.840
document is free of errors. So, all in all[br]the talk had a nice

0:38:14.840,0:38:18.500
atmosphere. They really didn't try to[br]squash me legally or so.

0:38:18.500,0:38:21.740
They listened very nicely, the talk was[br]super long too, 45 minutes

0:38:21.740,0:38:26.530
or so. And then I let myself get[br]caught by them, like an amateur.

0:38:26.530,0:38:29.910
You have to consider, I had never done[br]anything on a scale like this.

0:38:29.910,0:38:34.050
And with a company like Xerox, they have[br]professionals. I was already wondering,

0:38:34.050,0:38:37.849
why we were talking so peacefully for such[br]a long time. Dastin is the vice

0:38:37.849,0:38:41.640
president of a worldwid operating[br]company after all. And he probably

0:38:41.640,0:38:48.960
has other stuff to do. And now it turns[br]out, during the phone talk,

0:38:48.960,0:38:54.670
Xerox published a statement.[br]Not bad at all. During that time

0:38:54.670,0:38:58.590
I couldn't react after all. And it[br]had the beautiful title "Always listening

0:38:58.590,0:39:03.190
to our customers"... right at the moment![br](laughs)

0:39:03.190,0:39:06.151
And they write in their statement, for[br]error free files, please

0:39:06.151,0:39:09.590
use a compression setting of[br]at least "Higher", and the error

0:39:09.590,0:39:14.020
would be written about in the manual.[br]RTFM. Lesson learned: Have someone

0:39:14.020,0:39:19.200
watch the side of the enemy.[br]So I wrote my own article,

0:39:19.200,0:39:21.732
about the contents of the phone call,[br]the one that

0:39:21.732,0:39:25.480
I just told you about. Well, and then[br]I also wrote,

0:39:25.480,0:39:29.109
that I don't think they're off[br]the hook yet. And now?

0:39:29.109,0:39:32.371
This could've been over here.[br]When a single blogger goes up

0:39:32.371,0:39:37.230
against a giant company, it[br]usually ends one of three ways, when

0:39:37.230,0:39:40.300
the company shoots back: Either the[br]blogger gives in after,

0:39:40.300,0:39:44.280
or the public sides with the company,[br]or the public

0:39:44.280,0:39:47.040
loses interest, when the company[br]shot back.

0:39:47.040,0:39:53.342
Every one of you can now think of three[br]stories, where it was like this.

0:39:53.342,0:39:56.930
But none of this happened. You see[br]the giant increase at the bottom. The

0:39:56.930,0:40:02.520
story was on the cover of Slashdot.[br]And the press, luckily,

0:40:02.520,0:40:06.320
also had their attention on me.[br]Here for example, Heise writes, that I

0:40:06.320,0:40:09.510
offered the workaround even before Xerox.[br](laughs)

0:40:09.510,0:40:15.999
(laughter and applause)

0:40:15.999,0:40:19.060
I'll exceed my time limit a bit.

0:40:19.060,0:40:23.270
Or also, bone dry, "Spiegel". They wrote:[br]"So so, Xerox knew about the problem

0:40:23.270,0:40:27.451
for years?" (laughs dumbly)[br]That's really... If you sit in

0:40:27.451,0:40:30.400
PR of a company, and this[br]happens to you, I guarantee

0:40:30.400,0:40:34.089
you don't need to take vacation[br]for the rest of the year.

0:40:34.089,0:40:39.120
But it gets real funny, when the story[br]arrives at internet humour.

0:40:39.120,0:40:42.420
I won't withhold this from you. I don't [br]know who of you has lived in

0:40:42.420,0:40:45.750
the US before. In german, we have the[br]vulgar saying: "Now the shit is

0:40:45.750,0:40:51.830
steaming". And the americans say[br]"Shit hits the fan".

0:40:51.830,0:40:55.170
The day after this story is on the[br]front page of Reddit. The circled

0:40:55.170,0:40:58.770
comments brings the most eloquent[br]version of "Shit hits the fan", that I

0:40:58.770,0:41:07.000
have ever seen.[br](laughter)

0:41:07.000,0:41:09.859
Yes, but what he says, is true. I already[br]said it earlier.

0:41:09.859,0:41:14.530
When a company is depending on document[br]digitalization, and you think about it,

0:41:14.530,0:41:19.390
who isn't these days, then we have a[br]problem. They can shut down the

0:41:19.390,0:41:23.440
company, if they are unlucky. For[br]example, I was called by the management

0:41:23.440,0:41:28.119
of a state archive. They created their [br]archive with Xerox devices, and what did

0:41:28.119,0:41:30.940
they do then? They thew away the[br]originals. Ye?

0:41:30.940,0:41:32.850
(spiteful laughter)

0:41:32.850,0:41:37.760
Now they stand there, with an empty gaze[br]in front of their scanner fleet, and then

0:41:37.760,0:41:42.700
they can check all their documents for[br]plausability. But even otherwise the

0:41:42.700,0:41:45.609
internet humour is amazing.[br](laughter)

0:41:45.609,0:41:56.189
(applause)

0:41:56.189,0:41:58.560
Even the involved provide[br]the humour themselves.

0:41:58.560,0:42:01.890
If you, as the Xerox vice president, [br]get the same interviews all day,

0:42:01.890,0:42:04.370
maybe mistakes happen.[br]This one's pretty good. You

0:42:04.370,0:42:09.599
don't need to read, I'll read it out real[br]quick. Of all things, in front of BBC

0:42:09.599,0:42:12.171
Dastin tried to explain. He[br]said: "You know, all this is

0:42:12.171,0:42:15.810
half so bad, this "Normal" [br]compression mode, it can

0:42:15.810,0:42:19.260
produce errors, but almost no one[br]uses that, only the military or some

0:42:19.260,0:42:26.249
oil drilling platform."[br](laughter and applause)

0:42:26.249,0:42:31.710
Yeah, what could go wrong?[br](laughs childlike)

0:42:31.710,0:42:34.170
So, now we have...[br](laughter)

0:42:34.170,0:42:37.089
(laughs)[br]Now we all noticed,

0:42:37.089,0:42:40.790
that errors on oil drilling platforms in[br]the USA were a bit neglected

0:42:40.790,0:42:45.960
lately. Now we all laughed. And I did[br]say - I want to keep my

0:42:45.960,0:42:50.440
word - laughing is ok, but[br]malice is inappropriate,

0:42:50.440,0:42:55.140
even malice is hating. And, try to imagine[br]you in Dastin's shoes. If you were

0:42:55.140,0:42:58.280
interviewed about the same thing for 14[br]hours, you'd make a mistake too.

0:42:58.280,0:43:02.880
And of course, that mistake will be talked[br]about. Dastin said to me afterwards,

0:43:02.880,0:43:06.450
they misquoted him, and I don't have[br]any reason not to believe him.

0:43:06.450,0:43:09.122
Just to protect him a bit here:[br]He probably didn't have

0:43:09.122,0:43:12.780
a good day.[br]So, let's continue.

0:43:12.780,0:43:15.690
This tech-portal is glad that[br]catpics don't seem to

0:43:15.690,0:43:18.900
be affected.[br](laughter)

0:43:18.900,0:43:23.160
Notice the way it's written, as if they[br]make sure, yes, as if they don't

0:43:23.160,0:43:25.360
know really, maybe catpics are[br]affected after all.

0:43:25.360,0:43:27.910
(murmur)[br]And here's a new press statement

0:43:27.910,0:43:31.670
by Xerox. The public pressure was so[br]big, that Xerox said:

0:43:31.670,0:43:34.520
"Ah well, you know what, maybe we[br]should rather do a patch

0:43:34.520,0:43:38.130
where we remove pattern matching".[br]Legally recognizing the mistake however,

0:43:38.130,0:43:41.380
they never did. Even until now.[br]Since it was in the manual.

0:43:41.380,0:43:44.569
That's how it is by the way. If it's in[br]the manual, it's ok. For

0:43:44.569,0:43:50.960
microwave, it's written, you[br]can't dry your cat in this.

0:43:50.960,0:43:53.960
Here is another newspaper article.[br]And when you waited so long,

0:43:53.960,0:43:57.380
even a patch won't save you from[br]mockery. Now the newspapers start

0:43:57.380,0:43:59.440
including misprints[br]in titles on purpose.

0:43:59.440,0:44:01.510
(laughter)

0:44:01.510,0:44:04.190
Let's go back to Xerox's statement,[br]because they write

0:44:04.190,0:44:09.500
a clear, important declaration. You will [br]not see letter replacement,

0:44:09.500,0:44:14.819
if you set your compression to at least[br]"Higher", at minimum 200 dpi.

0:44:14.819,0:44:18.680
Xerox published documents, in which it[br]is clearly stated, that pattern matching

0:44:18.680,0:44:24.450
is only used in "Normal" compression mode,[br]and not in the two higher ones.

0:44:24.450,0:44:27.500
But now here this whole time I've been [br]thinking, I'm sure I also

0:44:27.500,0:44:29.930
saw it in the higher modes.[br]Different readers

0:44:29.930,0:44:33.609
told me as well. But I just can't[br]reproduce it on my two local

0:44:33.609,0:44:37.260
devices. But one thing[br]is for sure:

0:44:37.260,0:44:41.319
If letters get replaced in higher modes as[br]well, then absolutely everyone

0:44:41.319,0:44:45.610
would be affected. And Xerox would have[br]miscommunicated. Then we would

0:44:45.610,0:44:50.040
have a much bigger problem worldwide.[br]So I don't just publish my worry as

0:44:50.040,0:44:54.580
a rumour. Decency also dictates[br]that. So, but now one of my

0:44:54.580,0:45:00.220
friends in a company in Bonn, my [br]former living place, looked at

0:45:00.220,0:45:07.160
his Xerox Workcentre 7545. I'll look up[br]the numbers later! (laughs dumbly)

0:45:07.160,0:45:11.251
And because it was my former place[br]of residence, we went there and

0:45:11.251,0:45:14.300
took my test numbers, and scanned [br]them in the mode "Higher",

0:45:14.300,0:45:19.080
that's the factory setting, and we even[br]chose 300 dpi as a resolution,

0:45:19.080,0:45:22.700
for text, you'll agree with me, [br]that's quite generous.

0:45:22.700,0:45:28.280
Zack - The yellow numbers are wrong.[br](laughter)

0:45:28.280,0:45:31.240
That's not all by the way. I just marked[br]a few here that I saw.

0:45:31.240,0:45:35.739
I won't go through 500.000 numbers[br]and mark all wrong ones.

0:45:35.739,0:45:38.070
But you see, how common the errors are.[br]I repeat:

0:45:38.070,0:45:42.540
In compression mode "Higher" with 300 dpi.[br]Now we take the blue rectangle and

0:45:42.540,0:45:47.270
enhance it. Here are groups of numbers [br]marked in red - oh, you only see it

0:45:47.270,0:45:52.540
in light pink now, but you see it - [br]that are identical to the pixel.

0:45:52.540,0:45:56.990
Such thing is very unlikely. If you[br]scan the same number multiple times,

0:45:56.990,0:46:01.970
it will almost always look slightly[br]diferent. So, pixel identical numbers

0:46:01.970,0:46:04.680
in a high quantity means, that numbers [br]get reused, that's

0:46:04.680,0:46:08.970
a clear sign of pattern matching.[br]So different from Xerox's statement,

0:46:08.970,0:46:13.240
we also have pattern matching that's[br]used here. One reader once even told

0:46:13.240,0:46:17.349
me of an interactive visualization,[br]that makes same numbers visible.

0:46:17.349,0:46:19.449
Yes, let's see if it...[br]- Yes! - there it is.

0:46:19.449,0:46:22.290
And now I can hover over it here with[br]my mouse pointer, and

0:46:22.290,0:46:28.650
we'll make everything red, where[br]a number was reused.

0:46:28.650,0:46:31.290
I won't make it too long, I'm already[br]a bit in overtime.

0:46:31.290,0:46:37.420
It's because you always applaud so nicely.[br]Which I enjoy. (laughs)

0:46:37.420,0:46:42.790
(applause)

0:46:42.790,0:46:47.020
But here you can see, how many numbers[br]can really be wrong.

0:46:47.020,0:46:50.360
From here on it's clear: Hundreds of[br]thousands of devices, on factory

0:46:50.360,0:46:54.050
settings are affected, and the fun is[br]really over. With this you can really

0:46:54.050,0:46:57.310
hit a company hard. And I didn't [br]want to publish this without

0:46:57.310,0:47:00.080
searching a talk first. And I [br]wanted to make sure, that I

0:47:00.080,0:47:02.960
didn't make a mistake. [br]I didn't want to be able to be

0:47:02.960,0:47:06.980
sued for millions in stock price here.[br]So I recorded the whole process

0:47:06.980,0:47:10.170
of the wrong number generation on video,[br]and put it on youtube as an

0:47:10.170,0:47:14.030
unlisted video. I sent the link to [br]Francis Tse, one of the chief

0:47:14.030,0:47:19.190
engineers that I mentioned earlier.[br]And of course they were

0:47:19.190,0:47:22.740
thunderstruck. From here on the thing[br]is really all encompassing. Francis

0:47:22.740,0:47:26.980
confirmed over phone, that I did all[br]right indeed. And Xerox was cooperative,

0:47:26.980,0:47:30.190
but they also wanted me to wait until[br]they reproduced the error.

0:47:30.190,0:47:33.580
But I also remembered, that during our[br]last telephone call,

0:47:33.580,0:47:37.630
I felt a bit fucked with. So I [br]said, my people,

0:47:37.630,0:47:41.000
it won't be like last time now.[br]"I have the blog article done,

0:47:41.000,0:47:44.720
and the video is already uploaded."[br](laughter)

0:47:44.720,0:47:47.940
(laughs)[br]And when you...

0:47:47.940,0:47:53.800
(applause)

0:47:53.800,0:47:56.840
"Don't take offense, but I request to be[br]included from now on,

0:47:56.840,0:48:00.540
because I also treat you fair."[br]So we agreed on the thing,

0:48:00.540,0:48:03.300
and now you see what it brings to[br]not hate in advance. If

0:48:03.300,0:48:07.870
you shat on them beforehand on Twitter,[br]it's clear they say "Come, screw you!"

0:48:07.870,0:48:11.109
After that, there was about six hours [br]back and forth calls. We had

0:48:11.109,0:48:15.809
calls over and over. They tried to [br]reproduce the error with my help.

0:48:15.809,0:48:18.720
For me it was evening, I spent the [br]night on the phone in the office

0:48:18.720,0:48:22.480
and didn' eat anything but the cookies[br]that layed around. At some point Francis

0:48:22.480,0:48:27.820
calls again, and says completely[br]dumbfounded "Yep, we reproduced it."

0:48:27.820,0:48:31.060
Errors on factory settings, then[br]there was silence on both sides.

0:48:31.060,0:48:35.230
We were just all shocked. [br]And you know what was found parallel?

0:48:35.230,0:48:39.140
The Code for the compression scan is[br]eight years old. That's how long the bug

0:48:39.140,0:48:43.450
was out in the wild.[br]Eight years.

0:48:43.450,0:48:46.000
Yes, they were a bit dumbfounded. [br]And I said: "Here's

0:48:46.000,0:48:48.980
my blog article, please read it and[br]confirm, what legal safety

0:48:48.980,0:48:51.310
I have for publishing[br]this."

0:48:51.310,0:48:56.510
(laughter and applause)[br](gasps of laughter)

0:48:56.510,0:49:01.360
No, so...[br]this error is extremely dangerous.

0:49:01.360,0:49:04.910
I didn't want to wait any longer. Here's[br]the article, and that's what

0:49:04.910,0:49:08.740
they did. And I was allowed to publish[br]the article before them, even. That's

0:49:08.740,0:49:12.180
pretty unique. And you will agree [br]with me, don't hate: If that's what

0:49:12.180,0:49:15.640
you reach with this, then that's[br]good. A conversation between adults.

0:49:15.640,0:49:20.460
Lesson learned: Negotiate in the [br]right moment. This is the next

0:49:20.460,0:49:23.960
Xerox press statement. I'll[br]increase my speed a bit.

0:49:23.960,0:49:26.470
Xerox, of course, commented right after[br]this as well.

0:49:26.470,0:49:29.329
They retract their earlier[br]communication, thank me, and

0:49:29.329,0:49:32.550
say, that now first of all they'll see,[br]how big the thing really is.

0:49:32.550,0:49:35.780
And from there on they were always nice[br]in the statements, and

0:49:35.780,0:49:40.040
overall the climate was very constructive.[br]This is the next Slashdot article.

0:49:40.040,0:49:42.340
It's getting surreal, [br]just look at the titles!

0:49:42.340,0:49:45.560
After the back and forth, it doesn't[br]matter for be with Slashdot

0:49:45.560,0:49:50.630
what Xerox says, but what they[br]confirm to me. (laughter)

0:49:50.630,0:49:54.350
And here again is our snappy[br]Peter Coy from Business Week.

0:49:54.350,0:49:56.809
But now... One more, I do[br]have on more.

0:49:56.809,0:50:00.920
I mean, a compression mode![br](laughter)

0:50:00.920,0:50:03.910
Doesn't really matter now. But on[br]August 11th the proof for the

0:50:03.910,0:50:06.810
error also occuring on "Highest" [br]mode succeeds.

0:50:06.810,0:50:10.310
Even a quality conscious user in the[br]last eight years, that wanted to

0:50:10.310,0:50:13.760
produce beauttiful PDFs, couldn't[br]avoid it. And to be honest,

0:50:13.760,0:50:17.400
after my informations the error [br]doesn't occurr on TIFFs.

0:50:17.400,0:50:22.040
I don't want to make it look worse than it[br]is. No one takes TIFFs, of course,

0:50:22.040,0:50:26.510
they're gigantic. On August 12th Xerox[br]admits publically, that it's a matter of

0:50:26.510,0:50:30.030
an eight year old system error.[br]And announces the patch again.

0:50:30.030,0:50:34.820
But of course they are deep in the[br]whole thing, legally. And when it's

0:50:34.820,0:50:38.879
midday in the USA, it's night time here.[br]And so in the middle of the night, when

0:50:38.879,0:50:43.680
visitors of this speech are usually awake,[br]Dastin and Tse called me on

0:50:43.680,0:50:48.510
my phone, and wanted to tell me first,[br]which I have to say, I found incredibly

0:50:48.510,0:50:51.510
nice of them, that they found the bug,[br]and they'll roll out new

0:50:51.510,0:50:54.179
software. And there you can see[br]that the relation really

0:50:54.179,0:50:57.819
got better. This is the patch download[br]page by Xerox. Here you can see

0:50:57.819,0:51:01.310
how many devices are affected.[br]Note the "X"e, that's whole

0:51:01.310,0:51:06.549
device families![br](laughter)

0:51:06.549,0:51:10.220
So, the press is reporting again.[br]The computer magazine CT writes

0:51:10.220,0:51:14.540
an article, and calls the whole thing[br]"Scannergate". And here is

0:51:14.540,0:51:18.480
one last kick from our[br]beloved Peter Coy.

0:51:18.480,0:51:21.570
He sounds so sarcastic, but[br]unfortunately he's completely right.

0:51:21.570,0:51:25.839
Eight years of production of scanned,[br]archived documents could contain

0:51:25.839,0:51:29.510
these errors, and cause harm until[br]forever. Hundreds of thousands

0:51:29.510,0:51:34.160
of deviced and companies worldwide. We[br]live in a society, where now,

0:51:34.160,0:51:37.770
as we are speaking, the transition[br]from a world of paper into a mix of

0:51:37.770,0:51:41.410
paper and digital is happening.[br]And the translator

0:51:41.410,0:51:44.890
between the two worlds, that's[br]deviced by Xerox workcentres.

0:51:44.890,0:51:47.910
It'll be with us for a long time.[br]Now the most important thing:

0:51:47.910,0:51:51.430
I already said, that Xerox has a [br]decentralized supply over third parties.

0:51:51.430,0:51:54.869
Personally, I have no reason to believe[br]that the patch reached

0:51:54.869,0:51:59.140
a lot of devices. So: Spread the word![br]At the end of this talk there will be URLs,

0:51:59.140,0:52:04.440
where you can get more info [br]and see more. It's almost

0:52:04.440,0:52:08.259
the end... Besides all the "Lessons[br]learned", there's one "Lesson" that I

0:52:08.259,0:52:11.599
haven't mentioned yet.[br]I always got disbelieving looks,

0:52:11.599,0:52:14.730
that I didn't take any money for the[br]thing. One manager even said,

0:52:14.730,0:52:18.950
I'm "pretty dumb". About that, two things.[br]First, it's generally hard to make money

0:52:18.950,0:52:23.899
with something like this. Even if you want[br]With no proof you won't be taken serious.

0:52:23.899,0:52:27.410
And with the proof, you'll mostly just [br]find the bugfix directly, and then

0:52:27.410,0:52:29.690
you won't get any money either.

0:52:29.690,0:52:32.770
And second: Companies don't know[br]friends. If I had taken money,

0:52:32.770,0:52:37.460
it would've somehow been made public[br]and could've been used against me.

0:52:37.460,0:52:40.520
And it would've brought be in a[br]position hard to negotiate.

0:52:40.520,0:52:43.599
But I wanted this error to be fixed.[br]And last but not least,

0:52:43.599,0:52:47.770
the community helped me, and[br]they didn't get money either.

0:52:47.770,0:52:49.520
I'd do it like this[br]again, but...

0:52:49.520,0:52:53.370
(cheering)

0:52:53.370,0:52:57.930
...at the end of the day, everyone has[br]to decide that for themselves. If you

0:52:57.930,0:53:01.369
would do it differently, then that's ok.[br]I just want to say in advance,

0:53:01.369,0:53:05.040
you bring yourself in a weaker[br]negotiation position. That's all

0:53:05.040,0:53:09.170
the "Lessons learned" again. I won't[br]reiterate them again now.

0:53:09.170,0:53:13.300
They're here so you can download the[br]presentation, and still have them.

0:53:13.300,0:53:17.100
And now we close the circle to the[br]start, and with that we are done.

0:53:17.100,0:53:21.530
At the start, there's the prologue with[br]Obama's birth certificate. Here it is,

0:53:21.530,0:53:25.700
the "long form birth certificate". Shortly[br]after the Xerox-saga, journalists from

0:53:25.700,0:53:28.809
the "Reality Check" USA wrote me, if[br]the Xerox bug could've been

0:53:28.809,0:53:32.830
the reason for the "forgery".[br]And they did a whole lot of

0:53:32.830,0:53:36.680
detective work. For example, the Obamas[br]published their tax documents, shortly

0:53:36.680,0:53:41.690
before the birth certificate. It was scanned[br]by a Xerox Workcentre 7655.

0:53:41.690,0:53:45.859
Tja, and further technical [br]attributes spoke for

0:53:45.859,0:53:48.680
a Xerox scanner. And the "Reality [br]Check" guys asked me, if

0:53:48.680,0:53:53.100
I could ask Xerox about it, since[br]I had such good contacts. And Xerox...

0:53:53.100,0:53:57.090
(laughter)[br]And Xerox asked for understanding,

0:53:57.090,0:54:00.059
that they really didn't want to [br]deal with this now... (laughs)

0:54:00.059,0:54:03.119
...and I left it alone. And now I'll[br]prepare for my

0:54:03.119,0:54:08.470
congress speech, for this talk today,[br]yeah, I look in the PDFs again,

0:54:08.470,0:54:11.930
and there's the exact copied, yeah[br]the exact letters in there, that were

0:54:11.930,0:54:16.280
a sign by Xerox for pattern matching[br]back then. And I look on the internet

0:54:16.280,0:54:20.000
pages, and there it also says something[br]about letter doubling. Here's two exact

0:54:20.000,0:54:24.420
same boxes. Notice the indents on it.[br]Now, make your own image here

0:54:24.420,0:54:26.839
But I think it could be, that[br]this conspiracy

0:54:26.839,0:54:31.720
is hereby over and done. And with this,[br]it only remains for me to say thanks, for

0:54:31.720,0:54:33.560
spending a whole hour with me!

0:54:33.560,0:54:44.019
(applause)

0:54:44.019,0:54:50.739
If everyone keeps clapping, it'll[br]take even longer!

0:54:50.739,0:54:55.120
So... (laughs)

0:54:55.120,0:54:58.750
Up there you'll find another link for[br]the Xerox saga. Pass it on!

0:54:58.750,0:55:01.260
And down here a link to my page.[br]There I'll publish

0:55:01.260,0:55:05.210
the presentation online. Maybe tomorrow.[br]I won't go into the WIFI here! (laughs)

0:55:05.210,0:55:06.660
(laughter)

0:55:06.660,0:55:09.010
And take care of evil copiers!

0:55:09.010,0:55:12.730
Herald: Okay, thanks first of all,[br]for this amazing talk!

0:55:12.730,0:55:16.360
I think it was very interesting[br]for everyone.

0:55:16.360,0:55:19.530
Everyone on the way out, please[br]hurry and close the doors after.

0:55:19.530,0:55:25.250
And be quiet.

0:55:25.250,0:55:28.030
For the questions, I'd like to start[br]with the ones from the internet.

0:55:28.030,0:55:30.000
From our Signal Angel.

0:55:30.000,0:55:33.790
Signal Angel: Thanks![br]And a great applause from the internet,

0:55:33.790,0:55:38.240
you couldn't hear it now. But there[br]was a lot of positive feedback.

0:55:38.240,0:55:41.460
And also the plea to publish the [br]presentation, especially

0:55:41.460,0:55:42.859
the symbol images were well [br]recived.

0:55:42.859,0:55:44.929
Daniel: It will happen, on my page, latest[br]tomorrow. Definitely.

0:55:44.929,0:55:46.720
Signal Angel: Very good, thanks. Two[br]questions from me.

0:55:46.720,0:55:51.520
The first question is, does Xerox have[br]a technical difference between

0:55:51.520,0:55:55.310
Scanning, Printing and Copying?[br]Or is it always the same thing?

0:55:55.310,0:55:58.989
Daniel: So, scanning, there paper comes[br]in and for printing it comes out, ne?

0:55:58.989,0:56:00.439
(laughter)

0:56:00.439,0:56:03.540
No, so, for printing, you just [br]recieve the printing data.

0:56:03.540,0:56:06.570
I don't know about anything being[br]compressed afterwards again.

0:56:06.570,0:56:10.630
Scanning - here there are different modes.[br]The PDF modes, there are three, that

0:56:10.630,0:56:16.869
I mentioned earlier. And copying - In my[br]view it's not like this, that it always

0:56:16.869,0:56:21.640
happens during printing, because there you[br]don't compress. You see how I mean it, yes?

0:56:21.640,0:56:24.930
I'm sure I would have recieved some [br]reports if it was like that.

0:56:24.930,0:56:27.920
And that's why I don't think the process of[br]copying itself is affected. But

0:56:27.920,0:56:33.180
that wouldn't be so bad anyways, because[br]there are no documents that get archieved here.

0:56:33.180,0:56:37.520
Signal Angel: Okay, and the second question:[br]Are there any definitive

0:56:37.520,0:56:40.430
harms that happened because of this bug?

0:56:40.430,0:56:41.790
Did you ever recieve and feedback[br]regarding this?

0:56:41.790,0:56:43.730
Daniel: I have feedback, the ones that[br]I named earlier.

0:56:43.730,0:56:47.220
And of course a few more. I'm of course[br]not going to say any names.

0:56:47.220,0:56:50.559
But... So, I can only say this much:

0:56:50.559,0:56:54.910
You have to imagine yourself in the place[br]of the company that's affected here.

0:56:54.910,0:56:58.680
Your files might be good for the trash.

0:56:58.680,0:57:01.790
Will you make this public?[br]No, you will request compensation

0:57:01.790,0:57:05.490
from Xerox in silence, and not write[br]any of this on your

0:57:05.490,0:57:08.891
website, because then it will fall back to you,[br]that our data

0:57:08.891,0:57:12.349
is faulty. No one will ask you, if that[br]was a Xerox copier now.

0:57:12.349,0:57:15.400
So I don't expect there to be a grand[br]reveal now, if it can be

0:57:15.400,0:57:17.809
avoided. If some random bridge on[br]a highway collapses now

0:57:17.809,0:57:19.490
that would of course be a different[br]matter.

0:57:19.490,0:57:22.490
Signal Angel: Okay, thanks again![br]Daniel: Gern!

0:57:22.490,0:57:24.760
Herald: Good, then I'd suggest we continue[br]at microphone 2,

0:57:24.760,0:57:26.190
at the first person.

0:57:26.190,0:57:29.609
Question: Just a short question. This is[br]probably a technique that gets used

0:57:29.609,0:57:31.980
by many. Did you ever try this[br]with devices

0:57:31.980,0:57:33.730
from other companies?

0:57:33.730,0:57:38.190
Daniel: I had a great quantity of reports[br]from other companies. But if you

0:57:38.190,0:57:41.819
take on a thing of this scale, you'll[br]become a victim of spin doctoring.

0:57:41.819,0:57:44.220
And all of it turned out to be false,[br]Here, again:

0:57:44.220,0:57:48.910
Stay sovereign, don't just pump out[br]rumours. Here none of it was true,

0:57:48.910,0:57:51.579
and in concrete cases it wasn't the [br]compression method itself,

0:57:51.579,0:57:56.500
but the fact that there was indeed[br]another bug.

0:57:56.500,0:57:58.500
Herald: Good, then 3 please!

0:57:58.500,0:58:02.039
Question: Hello? Thanks for the talk,[br]it was pretty cool.

0:58:02.039,0:58:06.410
I just wonder about the thing, the bug[br]being there somehow for eight years.

0:58:06.410,0:58:10.500
Did you look on search engines, did[br]others... I mean, I can't

0:58:10.500,0:58:13.730
imagine that for eight years no one[br]saw it, because

0:58:13.730,0:58:17.670
as you say, on a blueprint, [br]there you can see pretty quickly, so...

0:58:17.670,0:58:20.400
or maybe other people messaged you,[br]because they had seen it before,

0:58:20.400,0:58:23.220
or maybe they said, hey I noticed this[br]before, Xerox said,

0:58:23.220,0:58:27.650
yes, higher compression, then they were[br]lucky and it worked.

0:58:27.650,0:58:31.120
Daniel: So, it was, first of all hard to[br]discover. Second of all,

0:58:31.120,0:58:36.540
it was known for the mode "Normal".[br]It was on purpose, they even knew about it

0:58:36.540,0:58:41.670
And that's why it was hard to recognize the[br]real bug, because Xerox...

0:58:41.670,0:58:45.470
The support that knew - mine didn't know - [br]always blamed it on the

0:58:45.470,0:58:48.740
"Normal" setting. And then it's plausible,[br]then I tell you:

0:58:48.740,0:58:50.670
"Yes, you used the "Normal" setting, [br]take another one, then

0:58:50.670,0:58:55.870
the error will occur less,[br]you'll probably be lucky there"

0:58:55.870,0:58:59.559
So I think, that indeed, that the[br]bug was discovered for the first time...

0:58:59.559,0:59:02.770
Question: So, no one contacted you, with[br]"Hey, I've seen this before" or so?

0:59:02.770,0:59:06.700
Daniel: No, no one. In the whole[br]storm, no.

0:59:06.700,0:59:08.870
Herald: Okay, next up again from[br]the 2 please.

0:59:08.870,0:59:11.660
Question: Moin, thanks for the presentation[br]from me as well. Was very cool.

0:59:11.660,0:59:12.810
Daniel: Sure.

0:59:12.810,0:59:15.310
Question: Short question, you said,[br]you didn't do it for money...

0:59:15.310,0:59:16.310
Daniel: Correct.

0:59:16.310,0:59:18.380
Question: ...and somehow... I find it[br]very noble, very cool. But

0:59:18.380,0:59:20.550
did they ever offer you something[br]from their side?

0:59:20.550,0:59:21.950
Daniel: No, they didn't.[br]No one there...

0:59:21.950,0:59:23.640
Question: Not even a job or anything?

0:59:23.640,0:59:26.062
Daniel: Well, there I can in fact hold [br]Xerox a bit. They didn't offer

0:59:26.062,0:59:29.089
me anything. I couldn't have accepted[br]it anyways

0:59:29.089,0:59:34.760
by that logic. That's why it was totally [br]fine. In that long night, where we

0:59:34.760,0:59:37.849
had the phone call, they were ready[br]to have me fly in. But

0:59:37.849,0:59:41.339
I honestly don't know anything about[br]copiers either. Not my main job.

0:59:41.339,0:59:45.220
I can show them the bug, but[br]I can't repair it. So...

0:59:45.220,0:59:46.829
Question: Ok, but if they would have[br]flown you in, why not

0:59:46.829,0:59:49.230
work with them together and try[br]to solve the thing?

0:59:49.230,0:59:53.850
Daniel: Jo, I could've done that. But[br]I couldn't have contributed anything.

0:59:53.850,0:59:56.420
Because, they have to find the bug in[br]their code themselves. It was clear that

0:59:56.420,0:59:59.450
something happened. I can't help with[br]that. I'd just sit around.

0:59:59.450,1:00:01.080
So I also said it just like that.

1:00:01.080,1:00:02.849
Question: That makes sense.

1:00:02.849,1:00:06.329
Daniel: Yes, and flying 2x intercontinential[br]for that... I don't know.

1:00:06.329,1:00:09.211
Question: Yes, but if they paid I would've[br]done it.

1:00:09.211,1:00:11.420
Daniel: I admit, I also overthought it[br]again. But I had

1:00:11.420,1:00:18.480
also stuff to do job wise, and[br]it wouldn't have worked out.

1:00:18.480,1:00:20.730
Herald: Good, next up 3 again.

1:00:20.730,1:00:24.410
Question: Well, I have a copier at home,[br]and I have a very

1:00:24.410,1:00:27.850
intimate relationship with it.[br]Are there any reports, that

1:00:27.850,1:00:30.950
some tried it with their home copiers,

1:00:30.950,1:00:32.890
and then went "Oh Sh...?"

1:00:32.890,1:00:37.069
Daniel: I don't know of any reports like [br]that. It only affected the things that

1:00:37.069,1:00:42.380
I just showed. Workcentre, ColourCube.[br]All big things.

1:00:42.380,1:00:44.010
basically.[br]Question: Okay.

1:00:44.010,1:00:47.500
Daniel: This JBig2 in Hardware, [br]that's also

1:00:47.500,1:00:49.889
I think very expensive to [br]implement.

1:00:49.889,1:00:52.170
Question: Okay, thanks![br]Daniel: Jo!

1:00:52.170,1:00:54.900
Herald: And 3 again please!

1:00:54.900,1:01:00.270
Question: Maybe a cool crows research[br]task

1:01:00.270,1:01:05.209
Is maybe to look through[br]those manuals,

1:01:05.209,1:01:09.900
to collect. Who had access, which[br]year does it show

1:01:09.900,1:01:14.760
up in the documentation at all, is it[br]really

1:01:14.760,1:01:19.150
that old, so eight years, or maybe [br]only four years?

1:01:19.150,1:01:23.030
They only noticed four years ago, and [br]thought, hm, it's cheaper, we print

1:01:23.030,1:01:27.280
new handbooks, and leave the software[br]as it is. Because it's more expensive,

1:01:27.280,1:01:28.580
to roll out new firmware.

1:01:28.580,1:01:30.410
Daniel: There's a theory, that here a bug[br]was declared a feature.

1:01:30.410,1:01:33.180
I can confirm that. But I don't have[br]proof for it. I want to say that very

1:01:33.180,1:01:37.540
clearly. But seriously, who would[br]design a scanner,

1:01:37.540,1:01:43.520
that swaps around numbers? Only if it[br]was just for the military (laugsh)

1:01:43.520,1:01:46.200
Herald: Okay, I think one last question.[br]Then 2 again.

1:01:46.200,1:01:48.450
Question: Not really a question, but more[br]of a suggestion for the presentation,

1:01:48.450,1:01:52.330
in case you present it again.[br]It's really great.

1:01:52.330,1:01:55.329
You have this scale, with accesses to[br]your website at the bottom.

1:01:55.329,1:01:57.880
I wondered, during the talk, if maybe[br]you could also do that

1:01:57.880,1:02:00.990
with the stock price of Xerox?[br](Daniel laughs)

1:02:00.990,1:02:03.580
Daniel: It wasn't that bad. I mean,[br]that PR section of them

1:02:03.580,1:02:08.350
handled it pretty well despite the[br]world wide attention they had.

1:02:08.350,1:02:12.099
I mean, that's really an error, where you[br]could think, this is

1:02:12.099,1:02:14.980
a danger for the whole company. It's their[br]bread and butter business.

1:02:14.980,1:02:17.890
But it didn't turn out that way. We will[br]see, I could've put

1:02:17.890,1:02:20.600
such a live stock price curve in the[br]presentation. I don't know,

1:02:20.600,1:02:24.230
what's happening on the internet right[br]now. But good suggestion, thanks!

1:02:24.230,1:02:26.450
Herald: Okay, we also have questions from[br]the internet.

1:02:26.450,1:02:27.550
Therefore I'd also like to...

1:02:27.550,1:02:28.960
Signal Angel: I just have one more[br]question from the internet. Are

1:02:28.960,1:02:33.250
there are statistics or numbers, [br]about how high

1:02:33.250,1:02:35.420
the likeliness of such an error is?

1:02:35.420,1:02:38.210
Daniel: Well, you saw the page I told [br]you about. That was the case

1:02:38.210,1:02:42.380
with font size 7 or 8. I don't know[br]anymore, where I got it really

1:02:42.380,1:02:44.280
niceöy reproduced. But when...

1:02:44.280,1:02:47.279
Signal Angel: But... Numbers, thatr's not a normal page[br]now is it?

1:02:47.279,1:02:49.220
Daniel: It was all numbers, but[br]of course it's also possible with

1:02:49.220,1:02:53.150
similar letters. But it can happen too.[br]I don't have any statistics.

1:02:53.150,1:02:55.880
For the numbers the 6 and 8 are[br]affected the most. But real

1:02:55.880,1:02:58.960
error percentages, I don't have.[br]But you can see, what's possible.

1:02:58.960,1:03:03.039
So I have... I didn't try for[br]hours on end, until I found the

1:03:03.039,1:03:05.950
page with many yellow points. I[br]scanned ONE page, and then it

1:03:05.950,1:03:09.980
was like that. Yeah? So it's not like[br]you have to look for it forever.

1:03:09.980,1:03:12.610
Question: Yes, thanks!

1:03:12.610,1:03:15.990
Herald: Alright, I think we are done[br]then.

1:03:15.990,1:03:18.961
Then please another big applause[br]for the lecturer!

1:03:18.961,1:03:20.361
(applause)

1:03:20.361,1:03:21.121
Daniel: Thanks!

1:03:21.121,1:03:28.721
(longer applause)

1:03:28.721,1:03:30.641
31C3 Credits with no audio

1:03:30.660,1:03:40.000
Subtitles created on amara.org in the[br]year 2017 - 2022 by multiple collaborators