David Kriesel: Don't Trust a Scan, That You Didn't Fake Yourself

Edit subtitles

0:00 - 0:09

31C3 Title, no sound
0:09 - 0:12

Alright, welcome! So, welcome again
from me. It's great to be here!
0:12 - 0:16

So many people, even to this late hour.
I've been told, this is the prime time.
0:16 - 0:22

That is awesome, at 11 p.m. I'm David,
I'm a Computer Scientist from Bonn.
0:22 - 0:24

And we just can start with the things
that happened so far at the congress.
0:24 - 0:28

If you happened to be here at the congress
0:28 - 0:31

or watched sessions on stream -
welcome again
0:31 - 0:36

to the colleagues on the internet - then
there will be always devices that one
0:36 - 0:40

does not like so much to use.
[Laughter]
0:40 - 0:43

Who participated in the sessions of Tobias
Engel and Karsten Nohl, does indeed use
0:43 - 0:48

his mobile phone less confident.
And who was with starbug afterwards, will
0:48 - 0:52

not like to use iris scanners or finger
print scanners anymore and may use gloves
0:52 - 0:56

more frequently now.
So here a little disclaimer:
0:56 - 1:02

If someone has an intimate relation to
his photocopier
1:02 - 1:08

and tends to keep it like that, should
refrain from participating this session.
1:08 - 1:12

We will do three things during this session.
First of all we will
1:12 - 1:17

get to know one of most prevalent and
dangerous bugs of the last years.
1:17 - 1:21

Secondly, we will comprehend the bug.
That is in a manner
1:21 - 1:25

nerds and muggels will understand.
And last but not least, for the activists
1:25 - 1:30

among us - may be some present here -
we will deduct some rules
1:30 - 1:34

that may apply to a single person that will
handle a powerful opponent,
1:34 - 1:39

just like a global player.
But in your case
1:39 - 1:43

it can be something completely different.
That's why I will describe precisely
1:43 - 1:46

how this dispute evolved over time and
1:46 - 1:50

what kind of mistakes I made.
The talk's kind of structured
1:50 - 1:54

like a novel. First, there's a prologue,
for the conspiracy theorists
1:54 - 2:01

among you. The year is 2008.
2:01 - 2:06

In summer 2008 the US were
having the primaries for presidential
election.
2:06 - 2:09

Barack Obama was in the running against
Hillary Clinton. In the US, like here,
2:09 - 2:14

there's lots of intrigue in politics.
So there were a few anonymous emails,
2:14 - 2:18

that should benefit Mrs. Clinton. Those
mails claimed, among other things,
2:18 - 2:23

that Obama had been born in Kenia als a
Kenian citizen. That would make him fomally
2:23 - 2:28

unfit to be president. To become president
of the US, you have to be
2:28 - 2:34

'natural born citizen' of the US. What
exactly a 'natural born citizen' is
2:34 - 2:39

the Americans themselves even don't
really fully know. But there's a whole
2:39 - 2:44

Wiki article about the controversy,
where you can read all about it.
2:44 - 2:49

Two things generally acknowleged:
First, one's to be American.
2:49 - 2:52

Second, one's to also be that at time of
birth. So when I come to the US,
2:52 - 2:56

newly naturalized, that doesn't work.
That Obama's second name
2:56 - 2:59

is Hussein was somewhat
suboptimal too in that context.
2:59 - 3:05

(laughs).
Obama obviously had an interest in
3:05 - 3:08

ending that 'argument' as quickly as
possible. So he made his birth certificate
3:08 - 3:12

publicly available. I say 'short birth
certificate' because,
3:12 - 3:16

when he was born, a short and a long one
were made. The short one ist shown here on
3:16 - 3:20

the left, you see it behind me. And I
in front of me.
3:20 - 3:24

But good conspiracy theorists aren't
distracted by facts.
3:24 - 3:34

(laughter and applause)
3:34 - 3:37

Immediatly, there are accusations
the birth certificate's faked.
3:37 - 3:40

Supposedly, there was a stamp missing, and
... and ... and. Whatever you can
3:40 - 3:45

come up with. You all can come up with it.
3:45 - 3:48

On the right, you see a few car stickers
by Obama's enemies.
3:48 - 3:52

The lowermost explicitly calls for the
birth certificate. The theory that Obama
3:52 - 3:57

shouldn't be allowed to be president,
is rather wide-spread in the US.
3:57 - 4:00

Obama won the primaries, and the following
election, but the dispute
4:00 - 4:06

simmered on. There was a whole scene of
birthers
4:06 - 4:14

that wanted to prove Obama's actually not
American.
4:14 - 4:18

After the whole thing hadn't calmed down
fo two and a half years - Obama already
being
4:18 - 4:24

president for some time - in 2011 he had
all of it. He published the scan of
4:24 - 4:28

the long version of the birth certificate,
on the right in the picture. You can
already see
4:28 - 4:32

there's much more information in it, and
you could think: They'll leave him alone
now.
4:32 - 4:38

But far from it.
Shortly after the release
there were accusations
4:38 - 4:43

the birth certificate was
a clumly forgery.
Let's take a closer look.
4:43 - 4:47

The left picture is a strong enhancemt
of the red box in the right picture.
4:47 - 4:52

The numbers six and four are visible.
These numbers have sharp,
pixel-perfect edges.
4:52 - 4:57

Yes, it's even visible on the projector.
And the numers are uniformly colored.
4:57 - 5:00

On their right side the number one
is blurred and colored unevenly.
5:00 - 5:05

The one is as you would expect a scan
in reality. Why is there such
5:05 - 5:10

a difference between two numbers in
one and the same row of numbers?
5:10 - 5:14

A few more examples.
Again one can see numbers
with sharp edges
5:14 - 5:19

or these ticking boxes in contrast to
normal, slightly blurred numbers
5:19 - 5:24

and boxes. I drew some red boxes
the ticking boxes
5:24 - 5:27

and the 'and'.
There one can see a kind of shift.
And it does really look
5:27 - 5:31

as though somebody drew this using Paint.
Meaning the ancient one,
I am sure you remeber
5:31 - 5:35

from your childhood. MS Paint on
Windows 3.11.
I used to sit at my father's workplace
5:35 - 5:41

at work and stole his working hours.
Or this one,
5:41 - 5:45

particulary beautiful.
This section of the frame
is from the stamp at the bottom.
5:45 - 5:49

There's a typo, in the stamp. Yeah sure,
makes sense. We have heard that one before,
5:49 - 5:53

typo in the stamp. I mean of course one
would think it's a fraud
5:53 - 5:56

the way it looks. And at the same time
think that the intern
5:56 - 5:59

at the White House is too stupid
to use Photoshop.
5:59 - 6:02

Laughter
6:02 - 6:07

Concerning PR this was a massive failure of course.
According to a Gallup poll
6:07 - 6:13

in 2011,
5% of Americans believed, Obama was
6:13 - 6:17

definitely not born in the US. And a
further 8% thought, that he
was 'probably not'
6:17 - 6:22

born in the US. Well that didn't work out.
The White House had to
6:22 - 6:28

back up pretty badly. To this day they get
requests because of this. This was the prologue.
6:28 - 6:38

We will now move on to the main trial
and jump in time to 2013.
6:38 - 6:44

On the 24th of June 2013
a company, I was friends with, called me
6:44 - 6:49

The had two big Xerocs Workcentres.
Xerocs Workcentres are
6:49 - 6:54

those giant buisness copiers, that stand
everywhere nowadays. They are connected via WIFI,
6:54 - 6:58

can scan, print, copy, mail and
cost as much as a small car.
6:58 - 7:02

These printers aren't the ones your
grandma uses, but have
7:02 - 7:06

a few hundred users per device,
maybe more. In this picture
7:06 - 7:11

you can see a construction plan.
The black areas aren't original, I just
7:11 - 7:15

cencored those afterwards,
since I would not have been allowed
7:15 - 7:20

to use it. I marked three spots
in yellow on the plans.
7:20 - 7:25

These spots are standardized blocks
containing the squarefootage
7:25 - 7:28

of the room. These spots will become more
important soon. The company
7:28 - 7:32

told me: "Hey David,
when we scan a construction plan
7:32 - 7:35

the numbers change.
Could you take a look at it?"
7:35 - 7:40

Laughter
7:40 - 7:45

On the left side, that's me.
Laughter
7:45 - 7:52

Applause
7:52 - 7:55

At this point I have to add, that the relationship
with them is really good. I worked my way
7:55 - 7:58

through my computer sience degree.
Of course my parents also
7:58 - 8:03

contributed, I won't deny that. But I
did IT-Service for the company and
8:03 - 8:06

they were really nice all the time
and of course I thought they were screwing with me.
8:06 - 8:13

For sure. Copier changes numbers??
Of course, makes sense. We've heard that before.
8:13 - 8:16

They said: "Yes, come over
and take a look at it.
8:16 - 8:19

We need the device,
it has to work."
8:19 - 8:23

So I drove over there and took a look.
Still being a bit
8:23 - 8:31

on the watch for the joke.
They have a Xerox Workcentre 7535.
8:31 - 8:34

Here are the three marked spots
in the original, before scanning.
8:34 - 8:38

I am not sure how good you can read it,
so I will read it out loud.
8:38 - 8:44

On the top it says 14.13 sqm (square meter)
in the middle it's 21.11 sqm,
8:44 - 8:49

and at the bottom 17.42 sqm.
So I put the plans in the Workcentre
8:49 - 8:56

and scanned it. And here are the
same spots after the scan.
8:56 - 9:03

Laughter and Applause
9:03 - 9:08

Interesting. Suddenly all rooms
are 14.13 sqm big.
9:08 - 9:11

I thought this can't be right.
Completely impossible. This isn't happening.
9:11 - 9:16

I was still thinking they are
screwing with me. (laughs)
9:16 - 9:19

While scanning the - to clear
that out from the beginning, since I
9:19 - 9:23

got that question a dozen times
in the internet- While scanning the text
detection
9:23 - 9:28

was turned of. The number substitution
takes place in the raw pixel data.
9:28 - 9:34

The company also had a second
Workcentre, the 7556.
9:34 - 9:38

Thats bigger and faster.
Aside from these two kinds of Workcentres,
9:38 - 9:41

that I mention here in the beginning,
there are a lot more. It is
9:41 - 9:45

a gigantic family of devices.
In contrast to the smaller device
9:45 - 9:52

which spat out the same numbers every time,...
(laughs)
9:52 - 9:58

the larger one gave out different
ones every time. (Laughter)
9:58 - 10:02

It is bigger and has more CPU power.
10:02 - 10:04

(Laughter)
10:04 - 10:07

Look at those rows and how
the values change. At "Stelle 2",
10:07 - 10:12

that is the middle row,
first and last it's 14.13 sqm.
10:12 - 10:16

And in the middle 21.11, once.
That would have been the correct value btw.
10:16 - 10:19

There is a chance to get it right.
(Laughter)
10:19 - 10:23

In the other rows it looks similar.
10:23 - 10:27

In case one of you needs one of
those NSA random generators....
10:27 - 10:29

(laughs)
10:29 - 10:35

Applause
10:35 - 10:38

Keep in mind, that actually this
is no...
10:38 - 10:40

I am laughing as well, but it is no
laughing matter.
10:40 - 10:43

Note that the numbers are set
into the layout perfectly. The error
10:43 - 10:47

was only noticed, because an
obviously bigger room had
10:47 - 10:50

a smaller square footage than
a smaller one next to it.
10:50 - 10:56

There's a broom cupboard with
100 sqm and next to it a ball room
10:56 - 10:59

with 4 sqm.
(Laughter)
10:59 - 11:02

It hardly gets any meaner.
The layout looks perfect.
11:02 - 11:05

I do realise that the writing is
really small. Don't you
11:05 - 11:09

thinks this is some mean corner case
and I was working on
11:09 - 11:14

for three month, just to finally
stick it up to Xerox.
11:14 - 11:16

We will look at other examples.
This is the original case
11:16 - 11:20

in which the bug was originally noticed,
and I didn't want to keep it from you.
11:20 - 11:24

Here's the next one.
This is an expense register.
11:24 - 11:28

(Laughter)
11:28 - 11:31

Two sixes became eights.
11:31 - 11:33

It's funny, I released the picture
it on my website,
11:33 - 11:36

and I said: " Here a six became an eight."
11:36 - 11:39

Then I get an e-mail:
"No, on the top there's another."
11:39 - 11:47

(loud laughing and applause)
11:47 - 11:52

Again perfectly set.
Why was it noticed this time?
11:52 - 11:56

Because the numbers are supposed to
be sorted by size.
11:56 - 11:58

What I want to say is
11:58 - 12:01

it is impossible to notice. If I give
you some columns of numbers
12:01 - 12:04

that don't make any noticable sense.
Then you could obviously
12:04 - 12:08

not see, that there's wrong numbers.
It's always around there being
12:08 - 12:12

semantic criteria, to make it
noticable. To make it
12:12 - 12:16

obviously implausible. Otherwise
you have no chance to notice.
12:16 - 12:18

Slowly I became a little worried.
12:18 - 12:24

The neck length increases. To not let
this be some random events, I started
12:24 - 12:29

working to reproduce the error on
purpose. IT guy style
12:29 - 12:33

invested a night and generated
number columns in different
12:33 - 12:37

sizes and fonts. I scanned those and
experimented for
12:37 - 12:43

a few hours. And, indeed,
the error accurs again.
12:43 - 12:46

These are my random numbers.
We will be able to work with those
12:46 - 12:48

some more.
The eights marked in yellow
12:48 - 12:54

should be sixes and do not
belong there. Let's stay ourselfes shortly.
12:54 - 12:58

I promised you in the introduction, that
I would
12:58 - 13:03

lay out the entire interaction with Xerox,
that would follow, over time
13:03 - 13:08

and tell you, how I felt at the corresponding
times and emphasize the things
13:08 - 13:12

that according to my experience are
extremely important
13:12 - 13:15

when confronting a giant opponent.
And I will keep that promise.
13:15 - 13:19

I will tell you why at all times.
But now I will
13:19 - 13:22

say one thing up front. This thing
I will discuss in different ways
through the entire presentation.
13:22 - 13:30

What never helps in my point of view
is unfriendly twittering and hating.
13:30 - 13:35

(self-concious applause)
13:35 - 13:39

It's really nice that you are applauding,
I wasn't sure that would happen.
13:39 - 13:40

(laughter)
13:40 - 13:43

I have nothing against twitter as such.
Nothing at all.
13:43 - 13:45

But if you want to achieve something,
you make yourself vulnerable
13:45 - 13:48

with such behaviour. And above
all you won't be taken seriously.
13:48 - 13:52

You can always be accused of
not wanting a proper discussion.
13:52 - 13:55

That won't fit in 140 letters,
no matter what any of you say.
13:55 - 14:02

(applause)
14:02 - 14:05

Secondly you can always be accused
of seeking attention
14:05 - 14:08

for yourself. Because almost
everything is public on twitter.
14:08 - 14:11

At the most twitter is useful for
establishing first contact, when you
14:11 - 14:15

ask for an e-mail adress or a phone number.
If I don't recommend twitter,
14:15 - 14:20

what do I recommend?
Much more serious and straight foreward
14:20 - 14:24

is erverything, that is not public.
That way one shows willingness to work
14:24 - 14:27

rationaly and not urge to scream around.
That's mail or phone calls.
14:27 - 14:35

So we called the Xerox support.
Several times ...
14:35 - 14:40

Often ... We phoned uo all the levels
up to the top level
14:40 - 14:46

in Dublin - nobody knew
anything.
14:46 - 14:49

We also sought personal contact.
Staff from the local Xerox retailer
14:49 - 14:55

came over. That's not Xerox themselves,
but a retail and support company.
14:55 - 14:59

Thay were shocked - of course, right?
And then they tried to reproduce it
14:59 - 15:03

themselves.
Zack! They reproduced it...
15:03 - 15:11

(laughter and applause)
15:11 - 15:15

That was .. we are laughing now.
They were standing there
15:15 - 15:18

heads hanging low. You are standing
there selling these things
15:18 - 15:21

and suddenly you question your existence.
15:21 - 15:26

That's not cool at all. At Xerox
- not the support company,
15:26 - 15:30

but the entire, big Xerox, 140.000
employees,
15:30 - 15:35

there was surprise, but no efforts
were made
15:35 - 15:41

to help us or the retail company.
Meaning they were cautious of the problem.
15:41 - 15:45

(laughs)
(laughter)
15:45 - 15:48

So there were no signs at all
of greater interest
15:48 - 15:50

and no advice, as for solving
the problem. Then one guy came
15:50 - 15:55

from Xerox Central, who updated the
software, we had an acient one
15:55 - 15:58

installed. He installed the new software,
problem was still there.
15:58 - 16:01

I thought: "Great, now we know
the problem existed in the fimware
16:01 - 16:06

three years ago until today." Hmmm.
16:06 - 16:08

When for more than a week nothing
happened on Xerox's side
16:08 - 16:11

that promised hope, I thought:
"Now you have been accommodating enough!"
16:11 - 16:17

So I wrote a blog article in German and English
16:17 - 16:21

about what I just told you about.
In this article I offered
16:21 - 16:26

test documents to download. The readers can
print, scan and check whether
16:26 - 16:31

they are affected or not. With that
the spread of the story started.
16:31 - 16:34

I have to add, my blog is not really huge
, really not. It has around
16:34 - 16:39

500-1000 readers per day. That's
not a huge amount, but also not nothing
16:39 - 16:42

and the most readers are computer
scientists of some form, I know that from the e-mails
16:42 - 16:48

I get. On the bottom of my slides from now
on you can see a line.
16:48 - 16:51

This line will continuously move
further to the right. Thats a
16:51 - 16:56

plot of the klicks. It's not meant
to show off with clicks, but
16:56 - 17:00

in context it's great to see, at what
time one gets attention in what way
17:00 - 17:05

and also to see how fast it fades.
We will show that immediately.
17:05 - 17:08

This small bump - yes, it's visible.
The line
17:08 - 17:13

moved to the right and there's a
peak of 3000 hits/hour.
17:13 - 17:15

Those numbers are from Google Analytics,
I have been told, one has
17:15 - 17:18

to multiply them by two, but for order of
magnitude it's enough.
17:18 - 17:22

On the 2nd and 3rd of August the story
hit on several tech-blogs.
17:22 - 17:26

At this point I declare the long-known
fefe as tech-blog.
17:26 - 17:29

(laughter)
17:29 - 17:32

I know, I know, there's the first protest.
But I will agree on the fact,
17:32 - 17:37

that fefe is read by a lot of IT-poeple.
Alright, I am
17:37 - 17:41

not hearing any more protest. The peak
you see here is because of blog.fefe.de .
17:41 - 17:45

The message spreads, and I get
more and more mails from readers
17:45 - 17:50

that are affected. The most concerning is
that I get e-mails with confirmations
17:50 - 17:53

for a lot of Xerox-Workcentres
that I don't even know.
17:53 - 17:54

(laughter)
17:54 - 17:58

I told you before these things are
one giant family of products. Very slowly
17:58 - 18:02

I realise, that this could turn into
something bigger eventually.
18:02 - 18:07

Lesson learned: It was good to
release the test-documents online
18:07 - 18:10

with the article. Would the users not
have been able to check for themselves
18:10 - 18:16

using the test-documents, the story would
never have had an impact like it would soon have.
18:16 - 18:19

On the 4th of August the story arrived in
tech-portals around the world.
18:19 - 18:23

In the slide is Hacker News by
Y-Combinator, that's one of the biggest
18:23 - 18:29

of this kind, you probably know it.
From now on I get hundreds of technically
18:29 - 18:33

versed e-mails a day. I say "technically versed",
because there were also others
18:33 - 18:38

that were less technical.
Over the entire time I
18:38 - 18:41

spend days to channel and sort
the news
18:41 - 18:46

I get. This enabled me to
continue the reporting
18:46 - 18:50

in a professionaly and to get to the
roots of the bug with professional help.
18:50 - 18:54

The whole thing becomes an avalanche
and I am not allowed to sleep any more.
18:54 - 18:57

Cause the US press is on the phone constantly.
You must not think that US- journalists
18:57 - 19:02

ever realise, that there's a thing
called time zones ....
19:02 - 19:10

(laughter and applause)
19:10 - 19:14

Here's another anecdote. One would
think the US media journalists are
19:14 - 19:17

competitors. Meaning if one had a special
information he would not pass
19:17 - 19:21

it on to the others, right? As soon as the
colleague from ABC had my phone number
19:21 - 19:25

ALL of them had it. I tell you, it's
incredible! (laughs)
19:25 - 19:31

Lesson learned: Write these things in
multiple languages! Important are English
19:31 - 19:35

for the international space. Also the language
of the home market of the company,
19:35 - 19:39

you are confronting. In my case thats the
USA, so English, again
19:39 - 19:43

two birds with one stone.
By the way: in the US Xerox is so strong
19:43 - 19:48

that "to copy" is called "to xerox" there.
They really say that
19:48 - 19:51

in everyday conversation. The same way
we say: "Hand me a Tempo! (cotton tissue)",
19:51 - 19:55

just to give you an impression of how much
repute the company and the brand
19:55 - 19:59

has there. And when in the world
of technology something like this goes around
19:59 - 20:06

what's next? Mass media
(some laughing)
20:06 - 20:11

And there you get the whole package.
We'll just click through here to
20:11 - 20:14

illustrate it. This list is in no way
complete, there were thousands of
20:14 - 20:18

articles suddenly, all over the world.
And if I show an article, then
20:18 - 20:21

- just as a disclaimer - it doesn't make
a statement about the date of publishing
20:21 - 20:23

statement about the date of publishing,
I just make it in a way that's good for the show
20:23 - 20:25

(some laughter)
20:25 - 20:30

Browsing, here is Heise, of course
that joys me as a computer scientist,
20:30 - 20:34

they covered the whole story in five
articles or so.
20:34 - 20:38

ZDF Hyperland, yes? I'm demonstrating
the german press a bit here.
20:38 - 20:40

The german press was very
reserved. The most articles
20:40 - 20:43

were in fact from abroad.
Therefore the comment
20:43 - 20:47

about the "home market". But here
a small anecdote about the german press.
20:47 - 20:51

A journalist told me that he wanted to
bring the story to the "Tagesschau".
20:51 - 20:57

They told him "Yeah, hmm, it's alright.
But for this we want it to happen
20:57 - 21:00

during real copying, and not just
during scanning!"
21:00 - 21:09

(laughter and applause)
21:09 - 21:14

If anyone from the "Tagesschau" is
watching, this applause is for you!
21:14 - 21:15

(laughter)
21:15 - 21:19

So I think: You geniuses!
Pro Tip: If you print a scan,
21:19 - 21:22

then you have a copy!
(laughter)
21:22 - 21:24

With the difference, that such a
saved scan can cause
21:24 - 21:29

harm even years later.
But please! So I thought,
21:29 - 21:33

no "Tagesschau" story, it's going
around the world already anyways,
21:33 - 21:37

not my problem if they are the only
ones not covering it.
21:37 - 21:42

Lesson learned: Stay professional and
sovereign. Don't just bloat things
21:42 - 21:46

out of thirst for attention.
Every one of you can probably name
21:46 - 21:48

some affaire, that went
rather well
21:48 - 21:51

for whoever made it public,
and then in the
21:51 - 21:54

decisive moment he tasted
blood and made something up.
21:54 - 22:00

That's bad of course. Oh well.
The Economists, that's really
22:00 - 22:04

vintage, I liked this title:
"Lies, damned lies and scans"
22:04 - 22:10

That comes from Tom Sawyer:
"Lies, damned lies and statistics"
22:10 - 22:12

Now PR wise, we're at a point
where it's expensive.
22:12 - 22:16

The Economists has influence.
ABC News - even more expensive.
22:16 - 22:18

There are the colleagues with
their phones.
22:18 - 22:24

BBC, CNBC.
Suddenly, it was everywhere.
22:24 - 22:26

My powerpoint is lagging, here
it is again. Business Week,
22:26 - 22:33

that is a popular economy
magazine. I'll recall here,
22:33 - 22:38

until now, no reaction from Xerox.
Yes, three days in business,
22:38 - 22:43

worldwide. No reaction! And when you
take that long, the tone gets
22:43 - 22:48

really rough. I quote: "On the scale
of things, that are too terrible
22:48 - 22:50

to imagine, document altering
scanners are somewhere
22:50 - 22:52

up there with meat
eating bacteria."
22:52 - 23:03

(laughter)
23:03 - 23:08

They are actually writing this in the
Business Week! (laughs)
23:08 - 23:10

So I was called my a friend of
mine, listen you have to
23:10 - 23:15

read this. Great! Imagine,
there's Peter Coy, he's editor there,
23:15 - 23:19

that we will see again a few more
times over the course of this talk.
23:19 - 23:24

So, my blog article is now at
about 100.000 visitors per day.
23:24 - 23:28

And still, no feedback from
Xerox. In the meantime
23:28 - 23:32

I was able to explain, with the help
of many reader-mails,
23:32 - 23:36

what's happening at all.
And that's what I am telling you now,
23:36 - 23:40

so we make a small excourse
about image compression.
23:40 - 23:43

Here we have a test image,
that I made. It's a
23:43 - 23:48

sundew, with a fly on it, that's
a plant. The fly as well as the
23:48 - 23:52

text belong to this test image.
For us to have a nice variety of pictures.
23:52 - 23:58

Data transfer costs time, money
and storage. Image consist,
23:58 - 24:02

compared to text, of a great amount
of data. And to send and save pictures
24:02 - 24:06

completely uncompressed would
be really expensive.
24:06 - 24:10

And images are sent everywhere, yes?
The use is there for every one
24:10 - 24:14

of us. I tell you, it goes to the highest
possible scenarios.
24:14 - 24:17

Just recently there was a giant
coverage, and even an
24:17 - 24:20

investigation by the government,
just because a former member of
24:20 - 24:25

the parliament transferred pictures.
(laughter)
24:25 - 24:29

(laughs)
So now, this member of the parliament
24:29 - 24:34

can't wait for his pictures forever,
so we have to compress the image data.
24:34 - 24:35

(laughs again)
24:35 - 24:39

Listen here!
(laughs stupidly)
24:39 - 24:45

(applause)
24:45 - 24:49

Now we have two parts of my test
image. One image part
24:49 - 24:53

and one text part. And I enhanced
it so much you can see individual
24:53 - 24:57

pixels. This is so we can see what
go wrong with different compression
24:57 - 25:02

methods. There is lossless
compression. Here the
25:02 - 25:05

image data stays as is, it is
just somehow stored more
25:05 - 25:09

efficient. Or we accept losses,
so, changes in the image data,
25:09 - 25:16

to "squish" the data and make it
even smaller.
25:16 - 25:21

Here are the popular
GIF-images.
25:21 - 25:27

Can I have a small hand sign, who
thinks that GIF has lossy compression?
25:27 - 25:30

Wow, that's a lot! Almost everyone.
25:30 - 25:33

GIF is a lossless compression
method.
25:33 - 25:36

The downside is, it only supports
256 colours.
25:36 - 25:39

The here shown lower quality stems not
from the image being saved
25:39 - 25:42

as a GIF, but from the colour
reduction.
25:42 - 25:46

To be able to see it better, I
reduced the colour amount to 16.
25:46 - 25:49

Here you see it nicely, uiuiui. So.
25:49 - 25:53

The finished image is saved pixel
for pixel, and then LZW compressed.
25:53 - 25:57

LZW is an old compression algorithm,
similar to ZIP.
25:57 - 26:01

GIF is very suited for graphics with few
colours. And because pixels are still
26:01 - 26:05

saved completely one by one,
sharp edges are well
26:05 - 26:09

represented. You can see, the
text looks pretty good. It's less good
26:09 - 26:14

in photographs, as you can see. Most
widespread are JPEG images. And JPEG
26:14 - 26:20

is lossy. The original image doesn't get
saved pixel for pixel anymore,
26:20 - 26:25

but instead gets split into 8x8
pixel blocks. And every block then
26:25 - 26:29

gets approximated with cosinus-waves.
How exactly this works mathematically,
26:29 - 26:32

we can spare ourselves from here.
But it is good to know, that this
26:32 - 26:36

kind of compression, it's good for
pictures, but bad for sharp edges,
26:36 - 26:41

as you can see in the letters, yes,
you can see artifacts, you can see
26:41 - 26:44

some stains around it. But usually
this would be full of artifacts,
26:44 - 26:48

the image. I can hold up
my notebook or so.
26:48 - 26:52

Long story short. Depending on the
type of image, certain compression
26:52 - 26:56

methods are good, and
others aren't.
26:56 - 27:00

That's why there is the JBig2-fomat.
This is one of the special words, that I
27:00 - 27:05

wrote down in three variants for the
translators.
27:05 - 27:09

Here you can dissect one image in
multiple sub images. The red
27:09 - 27:13

circled here as an example. These are
sub images. These sub images we call
27:13 - 27:18

"patches", english for "Flicken".
As we see, there are parts of the image,
27:18 - 27:22

that don't belong to any patch.
That's pretty cool, because
27:22 - 27:25

the data for these won't
need to be saved at all.
27:25 - 27:30

You just say, background white. The joke
here is, these seperate patches, you can
27:30 - 27:35

compress these with multiple
compression methods.
27:35 - 27:39

The text patches, for example with GIF,
I'll show it just very roughly here.
27:39 - 27:45

You probably can't use GIF in JBig2.
But the principle stays.
27:45 - 27:51

And the photo patch for example with JPEG.
Every patch its suited compression method.
27:51 - 27:54

That's a real advancement. I probably
won't have to explain anyone here,
27:54 - 27:59

that with this you will know, which patch
contains what, get a good
27:59 - 28:04

quality, and probably a
smaller file size. So,
28:04 - 28:08

if you dissect the image into patches
anyway, you might as well use a
28:08 - 28:13

completely new high tech compression
method. You can dissect the original image
28:13 - 28:18

much finer, and have every individual
letter as its own patch.
28:18 - 28:21

That's a lot of patches.
A whole lot of patches.
28:21 - 28:24

And you can do this with text
pages and books. And its used,
28:24 - 28:27

I didn't just make that up now.
28:27 - 28:32

So next we see, which patches
are similar to each other.
28:32 - 28:36

This step is called "pattern matching".
I have marked four patches with arrows
28:36 - 28:41

here. These patches are very similar.
No wonder, you will say.
28:41 - 28:46

All of them are small "e"s. They are
only different by a few pixels.
28:46 - 28:50

Through this pattern matching, you get
a group of similar symbols.
28:50 - 28:55

For this group, you only really save one
of those symbols, and that is
28:55 - 28:58

used over and over in the
compressed image.
28:58 - 29:03

Instead of his brothers. From these four
marked "e"s, only one would be
29:03 - 29:07

really saved, and then replaced all
the other ones. This way you can really
29:07 - 29:10

save a lot of data, with minimal
quality loss.
29:10 - 29:14

Here is the final product. Looks still
good, doesn't it? No artifacts
29:14 - 29:20

visible. Takes a lot less data than
without pattern matching.
29:20 - 29:25

Did you see that? The pattern matching
thinks the I is similar to the small L,
29:25 - 29:29

so you can replace that with it.
This happens, when pattern matching
29:29 - 29:40

works inaccurate.
Did you see this too?
29:40 - 29:44

These are incredibly dangerous
mistakes.
29:44 - 29:47

Usual compression errors are not
so bad. Then one letter is
29:47 - 29:52

unreadable. You see it, and you know that
something went wrong, "scan again please".
29:52 - 29:57

But here you have actual wrong data, that
looks flawless. And they get layoutet in
29:57 - 30:02

perfectly because of the similarities.
You have to actually read this, to
30:02 - 30:06

notice the mistake. And even then,
you can only see the mistake,
30:06 - 30:09

when the document becomes obviously
implausible, like in the blueprint.
30:09 - 30:13

I don't know about you guys. But I don't
read through all of my scans,
30:13 - 30:19

that I take, just to see if it has
any mistakes.
30:19 - 30:22

But my friends, a politician that would
have to gloss over this,
30:22 - 30:26

he would say: "Scan a medicine
dosing with a Xerox-device
30:26 - 30:29

in a retirement home, and there is
a high chance that in no time
30:29 - 30:32

you'll relieve the pension funds."
(laughter)
30:32 - 30:40

(applause)
30:40 - 30:44

Now it is clear, that this also related to
security. Until now, you could have
30:44 - 30:47

asked, why does David hold a speech about
copying machines on the congress?
30:47 - 30:50

But this is actually about a severe
failure of a company,
30:50 - 30:55

that is a serious security issue.
Is anyone here from Berlin?
30:55 - 30:58

Maybe a hand sign?
30:58 - 31:01

What did the blueprints for the
airport get scanned with?
31:01 - 31:10

(laughter and applause)
31:10 - 31:15

But you know what? Airports,
medicine, rockets, airplanes...
31:15 - 31:19

As big as this is, that's all trivial.
It gets interesting at the question,
31:19 - 31:23

where those scans got used in court
as evidence, that
31:23 - 31:27

can be reexamined now.
Or the other way around,
31:27 - 31:31

if one of you sues me with a
Xerox-scan, from now on I'll just
31:31 - 31:35

tell you: "Ah, you know what,
it's faulty!" (laughs)
31:35 - 31:38

Now you can look for the
original first, to prove me
31:38 - 31:42

otherwise. I can't prove anymore,
that that part of the scan also
31:42 - 31:46

comes from the part of the paper
that you expect it to be from.
31:46 - 31:50

The legal value is zero! There's hundreds
of thousands of industrial copiers
31:50 - 31:55

worldwide. Those are business devices,
every machine has many users, even more
31:55 - 31:59

documents that were made by it, that were
distributed whereever. And so you can
31:59 - 32:03

have an idea, a large company called
me, their letter processing works so,
32:03 - 32:08

that incoming leters just get scanned
immideately by machines,
32:08 - 32:10

and from there on they only exist
electronically. Have fun, if
32:10 - 32:14

those contain errors. So, we come
back to the implications later again.
32:14 - 32:21

But for now, back to the story. It's the
5th of August. We are three days after
32:21 - 32:26

the first impact, and on the third day god
created, finally yes, a life sign
32:26 - 32:30

by Xerox. Now, they are
watching after all man! (laughs)
32:30 - 32:34

(applause)
32:34 - 32:37

Thank you (laughs)
32:37 - 32:40

The PR of Xerox Germany calls me.
The talk is very unproductive.
32:40 - 32:43

They can't do anything without the
americans. At first,
32:43 - 32:46

they though it was a joke. I say,
it's not. And then
32:46 - 32:49

we said, we will stay in contact.
(laughs)
32:49 - 32:53

(laughter and applause)
32:53 - 32:58

And so, the day after, 6th of August,
for the first time it really had a punch.
32:58 - 33:01

In the morning, I get a screenshot
by a reader, from
33:01 - 33:05

one of the details from the admin panel
of his Xerox-copiers. There they talk
33:05 - 33:11

about letter replacement. Aha! For the
record, now. We can all learn this
33:11 - 33:14

here: There are three PDF
compression levels.
33:14 - 33:19

These are called "Normal", "Higher",
and "High". Very marketing appropriate.
33:19 - 33:25

So, "Normal" is the mode, that compresses
the most. The reader says:
33:25 - 33:28

on "Normal", the error occurs, in the
higher levels it doesn't.
33:28 - 33:34

My tests seem to comfirm this. I say it
extra vague here, more on it later.
33:34 - 33:38

(pauses to drink)
33:38 - 33:41

I promised you to show you the
moods over this situation,
33:41 - 33:45

in case something like it ever happens
to you. And really: In the first moment
33:45 - 33:49

my heart dropped into my gut.
I was scared shitless, to be the idiot
33:49 - 33:52

that didn't read the manual, yes?
(laughter)
33:52 - 33:55

Because there is still no
official Xerox-statement, and I got
33:55 - 33:58

a tip from the press, that Xerox says
exactly this in their statement.
33:58 - 34:04

Lesson Learned: What's the difference
between inside and outside view?
34:04 - 34:08

Exactly this. No? Surely you think:
"Hello? Why is David so agigated,
34:08 - 34:10

it's clear that this type of document
error should
34:10 - 34:14

never have happened, not even
unknowingly." But from the inside...
34:14 - 34:19

It looks different. Despite being scared,
it's important: Stay calm, act rational.
34:19 - 34:22

Because of anxious moments like this,
it's important that previously you
34:22 - 34:27

never screech and de-escalate.
Never rabble beforehand.
34:27 - 34:30

If you were always sovereign,
you can appear confident,
34:30 - 34:33

and in doubt, calmy and publically ask:
"Well, boys? Why did the
34:33 - 34:36

support not tell me this
two weeks ago, eh?"
34:36 - 34:42

Lesson Learned: Appear professional
from the start, never hate. I'll repeat
34:42 - 34:47

that again. So, now,
defense to the front. I presented
34:47 - 34:51

the screenshot as a possible workaround
and advised: Turn compression
34:51 - 34:54

on "Higher". Additionally I wrote,
that I was wondering a bit,
34:54 - 34:57

why the support couldn't say this
to me over the course of a whole week.
34:57 - 35:01

I also criticized, that the setting is
called "Normal". (laughs)
35:01 - 35:05

And the possible consequences
I showed to you, of course those stay,
35:05 - 35:07

because on the scan you can't
see, that it might
35:07 - 35:13

contain errors. The goal was, to give the
thing a spin, before Xerox fights back.
35:13 - 35:18

It follows a telephone conference with
Rick Dastin. (murmur)
35:18 - 35:23

I see, he is known in the audience,
the vice president worldwide of Xerox.
35:23 - 35:25

And Franics Tse, one of their
chief engineers, that
35:25 - 35:29

was handling the image compression.
Guys, the boss does support himself!
35:29 - 35:37

(laughter and applause)
35:37 - 35:42

Rick Dastin was in fact the first person
that work at Xerox,
35:42 - 35:45

that I got officially told by, that
the letter replacement was
35:45 - 35:50

in fact already known by Xerox. So,
if you'd like to know, what the
35:50 - 35:53

support can't tell you after a week, then
you say: "I want to
35:53 - 35:57

talk to Rick Dastin!"
(laughter)
35:57 - 36:00

And here, it was revealed that
the theory, that the pattern matching
36:00 - 36:04

was at fault, was true. Dastin also
confirmed, that the pattern matching
36:04 - 36:08

is only used in "Normal" mode.
So after a bit of discussion, it was
36:08 - 36:12

also clear, that the support fucked up,
and the name
36:12 - 36:17

"Normal" might be badly chosen. I then
suggested "Experimental".
36:17 - 36:25

(laughter and applause)
36:25 - 36:29

Maybe here: I'm really in a good mood,
and this is a lot of fun,
36:29 - 36:31

and we are all laughing, but in
that moment I was
36:31 - 36:36

just more nervous. Not that you
think it would be different for you.
36:36 - 36:41

There I'll be completely honest. And then
comes a clear "RTFM" from Xerox.
36:41 - 36:44

First: "Normal" mode, David,
is not even a factory setting!
36:44 - 36:48

Dear customers, you're all stupid.
Who would set it to such thing!
36:48 - 36:52

Second: That letters can get swapped,
that is explained in the manual,
36:52 - 36:56

on two seperate occasions.
Dear customers: double stupid!
36:56 - 37:00

For the factory setting: Of course
that's only a half truth. For the
37:00 - 37:04

customer, factory setting is, what the
device gets delivered with. Xerox doesn't
37:04 - 37:08

supply to big customers. Those sales
go over third parties.
37:08 - 37:12

If you order a Xerox-copier, you do it
over another company,
37:12 - 37:16

that isn't Xerox, and they will advise
you and there you can configure
37:16 - 37:20

whatever before they ship it. And for the
manual: The notice is in some manuals
37:20 - 37:26

indeed. But then I looked closer: On page
107 and 328 in the text, yes?
37:26 - 37:30

Now we are all old enough to know, how
many people will read a 300 page
37:30 - 37:34

manual, before handling a printer.
(laughter)
37:34 - 37:39

I also thought, that copiers generally
shouldn't be designed in a way, so
37:39 - 37:43

those errors can occur at all.
That can't be, no one expects that.
37:43 - 37:49

(applause)
37:49 - 37:53

The answer was: "Yes, it can be!"
(laughter)
37:53 - 37:56

"The market wants it this way,
errors would just..."
37:56 - 38:01

(laughter)
38:01 - 38:05

That was indeed a statement, that
was said exactly like this. I quote here,
38:05 - 38:08

but of course that only related to small
file sizes. And errors
38:08 - 38:11

would also be very rare. But I would be
right, you can't prove, that a
38:11 - 38:15

document is free of errors. So, all in all
the talk had a nice
38:15 - 38:18

atmosphere. They really didn't try to
squash me legally or so.
38:18 - 38:22

They listened very nicely, the talk was
super long too, 45 minutes
38:22 - 38:27

or so. And then I let myself get
caught by them, like an amateur.
38:27 - 38:30

You have to consider, I had never done
anything on a scale like this.
38:30 - 38:34

And with a company like Xerox, they have
professionals. I was already wondering,
38:34 - 38:38

why we were talking so peacefully for such
a long time. Dastin is the vice
38:38 - 38:42

president of a worldwid operating
company after all. And he probably
38:42 - 38:49

has other stuff to do. And now it turns
out, during the phone talk,
38:49 - 38:55

Xerox published a statement.
Not bad at all. During that time
38:55 - 38:59

I couldn't react after all. And it
had the beautiful title "Always listening
38:59 - 39:03

to our customers"... right at the moment!
(laughs)
39:03 - 39:06

And they write in their statement, for
error free files, please
39:06 - 39:10

use a compression setting of
at least "Higher", and the error
39:10 - 39:14

would be written about in the manual.
RTFM. Lesson learned: Have someone
39:14 - 39:19

watch the side of the enemy.
So I wrote my own article,
39:19 - 39:22

about the contents of the phone call,
the one that
39:22 - 39:25

I just told you about. Well, and then
I also wrote,
39:25 - 39:29

that I don't think they're off
the hook yet. And now?
39:29 - 39:32

This could've been over here.
When a single blogger goes up
39:32 - 39:37

against a giant company, it
usually ends one of three ways, when
39:37 - 39:40

the company shoots back: Either the
blogger gives in after,
39:40 - 39:44

or the public sides with the company,
or the public
39:44 - 39:47

loses interest, when the company
shot back.
39:47 - 39:53

Every one of you can now think of three
stories, where it was like this.
39:53 - 39:57

But none of this happened. You see
the giant increase at the bottom. The
39:57 - 40:03

story was on the cover of Slashdot.
And the press, luckily,
40:03 - 40:06

also had their attention on me.
Here for example, Heise writes, that I
40:06 - 40:10

offered the workaround even before Xerox.
(laughs)
40:10 - 40:16

(laughter and applause)
40:16 - 40:19

I'll exceed my time limit a bit.
40:19 - 40:23

Or also, bone dry, "Spiegel". They wrote:
"So so, Xerox knew about the problem
40:23 - 40:27

for years?" (laughs dumbly)
That's really... If you sit in
40:27 - 40:30

PR of a company, and this
happens to you, I guarantee
40:30 - 40:34

you don't need to take vacation
for the rest of the year.
40:34 - 40:39

But it gets real funny, when the story
arrives at internet humour.
40:39 - 40:42

I won't withhold this from you. I don't
know who of you has lived in
40:42 - 40:46

the US before. In german, we have the
vulgar saying: "Now the shit is
40:46 - 40:52

steaming". And the americans say
"Shit hits the fan".
40:52 - 40:55

The day after this story is on the
front page of Reddit. The circled
40:55 - 40:59

comments brings the most eloquent
version of "Shit hits the fan", that I
40:59 - 41:07

have ever seen.
(laughter)
41:07 - 41:10

Yes, but what he says, is true. I already
said it earlier.
41:10 - 41:15

When a company is depending on document
digitalization, and you think about it,
41:15 - 41:19

who isn't these days, then we have a
problem. They can shut down the
41:19 - 41:23

company, if they are unlucky. For
example, I was called by the management
41:23 - 41:28

of a state archive. They created their
archive with Xerox devices, and what did
41:28 - 41:31

they do then? They thew away the
originals. Ye?
41:31 - 41:33

(spiteful laughter)
41:33 - 41:38

Now they stand there, with an empty gaze
in front of their scanner fleet, and then
41:38 - 41:43

they can check all their documents for
plausability. But even otherwise the
41:43 - 41:46

internet humour is amazing.
(laughter)
41:46 - 41:56

(applause)
41:56 - 41:59

Even the involved provide
the humour themselves.
41:59 - 42:02

If you, as the Xerox vice president,
get the same interviews all day,
42:02 - 42:04

maybe mistakes happen.
This one's pretty good. You
42:04 - 42:10

don't need to read, I'll read it out real
quick. Of all things, in front of BBC
42:10 - 42:12

Dastin tried to explain. He
said: "You know, all this is
42:12 - 42:16

half so bad, this "Normal"
compression mode, it can
42:16 - 42:19

produce errors, but almost no one
uses that, only the military or some
42:19 - 42:26

oil drilling platform."
(laughter and applause)
42:26 - 42:32

Yeah, what could go wrong?
(laughs childlike)
42:32 - 42:34

So, now we have...
(laughter)
42:34 - 42:37

(laughs)
Now we all noticed,
42:37 - 42:41

that errors on oil drilling platforms in
the USA were a bit neglected
42:41 - 42:46

lately. Now we all laughed. And I did
say - I want to keep my
42:46 - 42:50

word - laughing is ok, but
malice is inappropriate,
42:50 - 42:55

even malice is hating. And, try to imagine
you in Dastin's shoes. If you were
42:55 - 42:58

interviewed about the same thing for 14
hours, you'd make a mistake too.
42:58 - 43:03

And of course, that mistake will be talked
about. Dastin said to me afterwards,
43:03 - 43:06

they misquoted him, and I don't have
any reason not to believe him.
43:06 - 43:09

Just to protect him a bit here:
He probably didn't have
43:09 - 43:13

a good day.
So, let's continue.
43:13 - 43:16

This tech-portal is glad that
catpics don't seem to
43:16 - 43:19

be affected.
(laughter)
43:19 - 43:23

Notice the way it's written, as if they
make sure, yes, as if they don't
43:23 - 43:25

know really, maybe catpics are
affected after all.
43:25 - 43:28

(murmur)
And here's a new press statement
43:28 - 43:32

by Xerox. The public pressure was so
big, that Xerox said:
43:32 - 43:35

"Ah well, you know what, maybe we
should rather do a patch
43:35 - 43:38

where we remove pattern matching".
Legally recognizing the mistake however,
43:38 - 43:41

they never did. Even until now.
Since it was in the manual.
43:41 - 43:45

That's how it is by the way. If it's in
the manual, it's ok. For
43:45 - 43:51

microwave, it's written, you
can't dry your cat in this.
43:51 - 43:54

Here is another newspaper article.
And when you waited so long,
43:54 - 43:57

even a patch won't save you from
mockery. Now the newspapers start
43:57 - 43:59

including misprints
in titles on purpose.
43:59 - 44:02

(laughter)
44:02 - 44:04

Let's go back to Xerox's statement,
because they write
44:04 - 44:10

a clear, important declaration. You will
not see letter replacement,
44:10 - 44:15

if you set your compression to at least
"Higher", at minimum 200 dpi.
44:15 - 44:19

Xerox published documents, in which it
is clearly stated, that pattern matching
44:19 - 44:24

is only used in "Normal" compression mode,
and not in the two higher ones.
44:24 - 44:28

But now here this whole time I've been
thinking, I'm sure I also
44:28 - 44:30

saw it in the higher modes.
Different readers
44:30 - 44:34

told me as well. But I just can't
reproduce it on my two local
44:34 - 44:37

devices. But one thing
is for sure:
44:37 - 44:41

If letters get replaced in higher modes as
well, then absolutely everyone
44:41 - 44:46

would be affected. And Xerox would have
miscommunicated. Then we would
44:46 - 44:50

have a much bigger problem worldwide.
So I don't just publish my worry as
44:50 - 44:55

a rumour. Decency also dictates
that. So, but now one of my
44:55 - 45:00

friends in a company in Bonn, my
former living place, looked at
45:00 - 45:07

his Xerox Workcentre 7545. I'll look up
the numbers later! (laughs dumbly)
45:07 - 45:11

And because it was my former place
of residence, we went there and
45:11 - 45:14

took my test numbers, and scanned
them in the mode "Higher",
45:14 - 45:19

that's the factory setting, and we even
chose 300 dpi as a resolution,
45:19 - 45:23

for text, you'll agree with me,
that's quite generous.
45:23 - 45:28

Zack - The yellow numbers are wrong.
(laughter)
45:28 - 45:31

That's not all by the way. I just marked
a few here that I saw.
45:31 - 45:36

I won't go through 500.000 numbers
and mark all wrong ones.
45:36 - 45:38

But you see, how common the errors are.
I repeat:
45:38 - 45:43

In compression mode "Higher" with 300 dpi.
Now we take the blue rectangle and
45:43 - 45:47

enhance it. Here are groups of numbers
marked in red - oh, you only see it
45:47 - 45:53

in light pink now, but you see it -
that are identical to the pixel.
45:53 - 45:57

Such thing is very unlikely. If you
scan the same number multiple times,
45:57 - 46:02

it will almost always look slightly
diferent. So, pixel identical numbers
46:02 - 46:05

in a high quantity means, that numbers
get reused, that's
46:05 - 46:09

a clear sign of pattern matching.
So different from Xerox's statement,
46:09 - 46:13

we also have pattern matching that's
used here. One reader once even told
46:13 - 46:17

me of an interactive visualization,
that makes same numbers visible.
46:17 - 46:19

Yes, let's see if it...
- Yes! - there it is.
46:19 - 46:22

And now I can hover over it here with
my mouse pointer, and
46:22 - 46:29

we'll make everything red, where
a number was reused.
46:29 - 46:31

I won't make it too long, I'm already
a bit in overtime.
46:31 - 46:37

It's because you always applaud so nicely.
Which I enjoy. (laughs)
46:37 - 46:43

(applause)
46:43 - 46:47

But here you can see, how many numbers
can really be wrong.
46:47 - 46:50

From here on it's clear: Hundreds of
thousands of devices, on factory
46:50 - 46:54

settings are affected, and the fun is
really over. With this you can really
46:54 - 46:57

hit a company hard. And I didn't
want to publish this without
46:57 - 47:00

searching a talk first. And I
wanted to make sure, that I
47:00 - 47:03

didn't make a mistake.
I didn't want to be able to be
47:03 - 47:07

sued for millions in stock price here.
So I recorded the whole process
47:07 - 47:10

of the wrong number generation on video,
and put it on youtube as an
47:10 - 47:14

unlisted video. I sent the link to
Francis Tse, one of the chief
47:14 - 47:19

engineers that I mentioned earlier.
And of course they were
47:19 - 47:23

thunderstruck. From here on the thing
is really all encompassing. Francis
47:23 - 47:27

confirmed over phone, that I did all
right indeed. And Xerox was cooperative,
47:27 - 47:30

but they also wanted me to wait until
they reproduced the error.
47:30 - 47:34

But I also remembered, that during our
last telephone call,
47:34 - 47:38

I felt a bit fucked with. So I
said, my people,
47:38 - 47:41

it won't be like last time now.
"I have the blog article done,
47:41 - 47:45

and the video is already uploaded."
(laughter)
47:45 - 47:48

(laughs)
And when you...
47:48 - 47:54

(applause)
47:54 - 47:57

"Don't take offense, but I request to be
included from now on,
47:57 - 48:01

because I also treat you fair."
So we agreed on the thing,
48:01 - 48:03

and now you see what it brings to
not hate in advance. If
48:03 - 48:08

you shat on them beforehand on Twitter,
it's clear they say "Come, screw you!"
48:08 - 48:11

After that, there was about six hours
back and forth calls. We had
48:11 - 48:16

calls over and over. They tried to
reproduce the error with my help.
48:16 - 48:19

For me it was evening, I spent the
night on the phone in the office
48:19 - 48:22

and didn' eat anything but the cookies
that layed around. At some point Francis
48:22 - 48:28

calls again, and says completely
dumbfounded "Yep, we reproduced it."
48:28 - 48:31

Errors on factory settings, then
there was silence on both sides.
48:31 - 48:35

We were just all shocked.
And you know what was found parallel?
48:35 - 48:39

The Code for the compression scan is
eight years old. That's how long the bug
48:39 - 48:43

was out in the wild.
Eight years.
48:43 - 48:46

Yes, they were a bit dumbfounded.
And I said: "Here's
48:46 - 48:49

my blog article, please read it and
confirm, what legal safety
48:49 - 48:51

I have for publishing
this."
48:51 - 48:57

(laughter and applause)
(gasps of laughter)
48:57 - 49:01

No, so...
this error is extremely dangerous.
49:01 - 49:05

I didn't want to wait any longer. Here's
the article, and that's what
49:05 - 49:09

they did. And I was allowed to publish
the article before them, even. That's
49:09 - 49:12

pretty unique. And you will agree
with me, don't hate: If that's what
49:12 - 49:16

you reach with this, then that's
good. A conversation between adults.
49:16 - 49:20

Lesson learned: Negotiate in the
right moment. This is the next
49:20 - 49:24

Xerox press statement. I'll
increase my speed a bit.
49:24 - 49:26

Xerox, of course, commented right after
this as well.
49:26 - 49:29

They retract their earlier
communication, thank me, and
49:29 - 49:33

say, that now first of all they'll see,
how big the thing really is.
49:33 - 49:36

And from there on they were always nice
in the statements, and
49:36 - 49:40

overall the climate was very constructive.
This is the next Slashdot article.
49:40 - 49:42

It's getting surreal,
just look at the titles!
49:42 - 49:46

After the back and forth, it doesn't
matter for be with Slashdot
49:46 - 49:51

what Xerox says, but what they
confirm to me. (laughter)
49:51 - 49:54

And here again is our snappy
Peter Coy from Business Week.
49:54 - 49:57

But now... One more, I do
have on more.
49:57 - 50:01

I mean, a compression mode!
(laughter)
50:01 - 50:04

Doesn't really matter now. But on
August 11th the proof for the
50:04 - 50:07

error also occuring on "Highest"
mode succeeds.
50:07 - 50:10

Even a quality conscious user in the
last eight years, that wanted to
50:10 - 50:14

produce beauttiful PDFs, couldn't
avoid it. And to be honest,
50:14 - 50:17

after my informations the error
doesn't occurr on TIFFs.
50:17 - 50:22

I don't want to make it look worse than it
is. No one takes TIFFs, of course,
50:22 - 50:27

they're gigantic. On August 12th Xerox
admits publically, that it's a matter of
50:27 - 50:30

an eight year old system error.
And announces the patch again.
50:30 - 50:35

But of course they are deep in the
whole thing, legally. And when it's
50:35 - 50:39

midday in the USA, it's night time here.
And so in the middle of the night, when
50:39 - 50:44

visitors of this speech are usually awake,
Dastin and Tse called me on
50:44 - 50:49

my phone, and wanted to tell me first,
which I have to say, I found incredibly
50:49 - 50:52

nice of them, that they found the bug,
and they'll roll out new
50:52 - 50:54

software. And there you can see
that the relation really
50:54 - 50:58

got better. This is the patch download
page by Xerox. Here you can see
50:58 - 51:01

how many devices are affected.
Note the "X"e, that's whole
51:01 - 51:07

device families!
(laughter)
51:07 - 51:10

So, the press is reporting again.
The computer magazine CT writes
51:10 - 51:15

an article, and calls the whole thing
"Scannergate". And here is
51:15 - 51:18

one last kick from our
beloved Peter Coy.
51:18 - 51:22

He sounds so sarcastic, but
unfortunately he's completely right.
51:22 - 51:26

Eight years of production of scanned,
archived documents could contain
51:26 - 51:30

these errors, and cause harm until
forever. Hundreds of thousands
51:30 - 51:34

of deviced and companies worldwide. We
live in a society, where now,
51:34 - 51:38

as we are speaking, the transition
from a world of paper into a mix of
51:38 - 51:41

paper and digital is happening.
And the translator
51:41 - 51:45

between the two worlds, that's
deviced by Xerox workcentres.
51:45 - 51:48

It'll be with us for a long time.
Now the most important thing:
51:48 - 51:51

I already said, that Xerox has a
decentralized supply over third parties.
51:51 - 51:55

Personally, I have no reason to believe
that the patch reached
51:55 - 51:59

a lot of devices. So: Spread the word!
At the end of this talk there will be URLs,
51:59 - 52:04

where you can get more info
and see more. It's almost
52:04 - 52:08

the end... Besides all the "Lessons
learned", there's one "Lesson" that I
52:08 - 52:12

haven't mentioned yet.
I always got disbelieving looks,
52:12 - 52:15

that I didn't take any money for the
thing. One manager even said,
52:15 - 52:19

I'm "pretty dumb". About that, two things.
First, it's generally hard to make money
52:19 - 52:24

with something like this. Even if you want
With no proof you won't be taken serious.
52:24 - 52:27

And with the proof, you'll mostly just
find the bugfix directly, and then
52:27 - 52:30

you won't get any money either.
52:30 - 52:33

And second: Companies don't know
friends. If I had taken money,
52:33 - 52:37

it would've somehow been made public
and could've been used against me.
52:37 - 52:41

And it would've brought be in a
position hard to negotiate.
52:41 - 52:44

But I wanted this error to be fixed.
And last but not least,
52:44 - 52:48

the community helped me, and
they didn't get money either.
52:48 - 52:50

I'd do it like this
again, but...
52:50 - 52:53

(cheering)
52:53 - 52:58

...at the end of the day, everyone has
to decide that for themselves. If you
52:58 - 53:01

would do it differently, then that's ok.
I just want to say in advance,
53:01 - 53:05

you bring yourself in a weaker
negotiation position. That's all
53:05 - 53:09

the "Lessons learned" again. I won't
reiterate them again now.
53:09 - 53:13

They're here so you can download the
presentation, and still have them.
53:13 - 53:17

And now we close the circle to the
start, and with that we are done.
53:17 - 53:22

At the start, there's the prologue with
Obama's birth certificate. Here it is,
53:22 - 53:26

the "long form birth certificate". Shortly
after the Xerox-saga, journalists from
53:26 - 53:29

the "Reality Check" USA wrote me, if
the Xerox bug could've been
53:29 - 53:33

the reason for the "forgery".
And they did a whole lot of
53:33 - 53:37

detective work. For example, the Obamas
published their tax documents, shortly
53:37 - 53:42

before the birth certificate. It was scanned
by a Xerox Workcentre 7655.
53:42 - 53:46

Tja, and further technical
attributes spoke for
53:46 - 53:49

a Xerox scanner. And the "Reality
Check" guys asked me, if
53:49 - 53:53

I could ask Xerox about it, since
I had such good contacts. And Xerox...
53:53 - 53:57

(laughter)
And Xerox asked for understanding,
53:57 - 54:00

that they really didn't want to
deal with this now... (laughs)
54:00 - 54:03

...and I left it alone. And now I'll
prepare for my
54:03 - 54:08

congress speech, for this talk today,
yeah, I look in the PDFs again,
54:08 - 54:12

and there's the exact copied, yeah
the exact letters in there, that were
54:12 - 54:16

a sign by Xerox for pattern matching
back then. And I look on the internet
54:16 - 54:20

pages, and there it also says something
about letter doubling. Here's two exact
54:20 - 54:24

same boxes. Notice the indents on it.
Now, make your own image here
54:24 - 54:27

But I think it could be, that
this conspiracy
54:27 - 54:32

is hereby over and done. And with this,
it only remains for me to say thanks, for
54:32 - 54:34

spending a whole hour with me!
54:34 - 54:44

(applause)
54:44 - 54:51

If everyone keeps clapping, it'll
take even longer!
54:51 - 54:55

So... (laughs)
54:55 - 54:59

Up there you'll find another link for
the Xerox saga. Pass it on!
54:59 - 55:01

And down here a link to my page.
There I'll publish
55:01 - 55:05

the presentation online. Maybe tomorrow.
I won't go into the WIFI here! (laughs)
55:05 - 55:07

(laughter)
55:07 - 55:09

And take care of evil copiers!
55:09 - 55:13

Herald: Okay, thanks first of all,
for this amazing talk!
55:13 - 55:16

I think it was very interesting
for everyone.
55:16 - 55:20

Everyone on the way out, please
hurry and close the doors after.
55:20 - 55:25

And be quiet.
55:25 - 55:28

For the questions, I'd like to start
with the ones from the internet.
55:28 - 55:30

From our Signal Angel.
55:30 - 55:34

Signal Angel: Thanks!
And a great applause from the internet,
55:34 - 55:38

you couldn't hear it now. But there
was a lot of positive feedback.
55:38 - 55:41

And also the plea to publish the
presentation, especially
55:41 - 55:43

the symbol images were well
recived.
55:43 - 55:45

Daniel: It will happen, on my page, latest
tomorrow. Definitely.
55:45 - 55:47

Signal Angel: Very good, thanks. Two
questions from me.
55:47 - 55:52

The first question is, does Xerox have
a technical difference between
55:52 - 55:55

Scanning, Printing and Copying?
Or is it always the same thing?
55:55 - 55:59

Daniel: So, scanning, there paper comes
in and for printing it comes out, ne?
55:59 - 56:00

(laughter)
56:00 - 56:04

No, so, for printing, you just
recieve the printing data.
56:04 - 56:07

I don't know about anything being
compressed afterwards again.
56:07 - 56:11

Scanning - here there are different modes.
The PDF modes, there are three, that
56:11 - 56:17

I mentioned earlier. And copying - In my
view it's not like this, that it always
56:17 - 56:22

happens during printing, because there you
don't compress. You see how I mean it, yes?
56:22 - 56:25

I'm sure I would have recieved some
reports if it was like that.
56:25 - 56:28

And that's why I don't think the process of
copying itself is affected. But
56:28 - 56:33

that wouldn't be so bad anyways, because
there are no documents that get archieved here.
56:33 - 56:38

Signal Angel: Okay, and the second question:
Are there any definitive
56:38 - 56:40

harms that happened because of this bug?
56:40 - 56:42

Did you ever recieve and feedback
regarding this?
56:42 - 56:44

Daniel: I have feedback, the ones that
I named earlier.
56:44 - 56:47

And of course a few more. I'm of course
not going to say any names.
56:47 - 56:51

But... So, I can only say this much:
56:51 - 56:55

You have to imagine yourself in the place
of the company that's affected here.
56:55 - 56:59

Your files might be good for the trash.
56:59 - 57:02

Will you make this public?
No, you will request compensation
57:02 - 57:05

from Xerox in silence, and not write
any of this on your
57:05 - 57:09

website, because then it will fall back to you,
that our data
57:09 - 57:12

is faulty. No one will ask you, if that
was a Xerox copier now.
57:12 - 57:15

So I don't expect there to be a grand
reveal now, if it can be
57:15 - 57:18

avoided. If some random bridge on
a highway collapses now
57:18 - 57:19

that would of course be a different
matter.
57:19 - 57:22

Signal Angel: Okay, thanks again!
Daniel: Gern!
57:22 - 57:25

Herald: Good, then I'd suggest we continue
at microphone 2,
57:25 - 57:26

at the first person.
57:26 - 57:30

Question: Just a short question. This is
probably a technique that gets used
57:30 - 57:32

by many. Did you ever try this
with devices
57:32 - 57:34

from other companies?
57:34 - 57:38

Daniel: I had a great quantity of reports
from other companies. But if you
57:38 - 57:42

take on a thing of this scale, you'll
become a victim of spin doctoring.
57:42 - 57:44

And all of it turned out to be false,
Here, again:
57:44 - 57:49

Stay sovereign, don't just pump out
rumours. Here none of it was true,
57:49 - 57:52

and in concrete cases it wasn't the
compression method itself,
57:52 - 57:56

but the fact that there was indeed
another bug.
57:56 - 57:58

Herald: Good, then 3 please!
57:58 - 58:02

Question: Hello? Thanks for the talk,
it was pretty cool.
58:02 - 58:06

I just wonder about the thing, the bug
being there somehow for eight years.
58:06 - 58:10

Did you look on search engines, did
others... I mean, I can't
58:10 - 58:14

imagine that for eight years no one
saw it, because
58:14 - 58:18

as you say, on a blueprint,
there you can see pretty quickly, so...
58:18 - 58:20

or maybe other people messaged you,
because they had seen it before,
58:20 - 58:23

or maybe they said, hey I noticed this
before, Xerox said,
58:23 - 58:28

yes, higher compression, then they were
lucky and it worked.
58:28 - 58:31

Daniel: So, it was, first of all hard to
discover. Second of all,
58:31 - 58:37

it was known for the mode "Normal".
It was on purpose, they even knew about it
58:37 - 58:42

And that's why it was hard to recognize the
real bug, because Xerox...
58:42 - 58:45

The support that knew - mine didn't know -
always blamed it on the
58:45 - 58:49

"Normal" setting. And then it's plausible,
then I tell you:
58:49 - 58:51

"Yes, you used the "Normal" setting,
take another one, then
58:51 - 58:56

the error will occur less,
you'll probably be lucky there"
58:56 - 59:00

So I think, that indeed, that the
bug was discovered for the first time...
59:00 - 59:03

Question: So, no one contacted you, with
"Hey, I've seen this before" or so?
59:03 - 59:07

Daniel: No, no one. In the whole
storm, no.
59:07 - 59:09

Herald: Okay, next up again from
the 2 please.
59:09 - 59:12

Question: Moin, thanks for the presentation
from me as well. Was very cool.
59:12 - 59:13

Daniel: Sure.
59:13 - 59:15

Question: Short question, you said,
you didn't do it for money...
59:15 - 59:16

Daniel: Correct.
59:16 - 59:18

Question: ...and somehow... I find it
very noble, very cool. But
59:18 - 59:21

did they ever offer you something
from their side?
59:21 - 59:22

Daniel: No, they didn't.
No one there...
59:22 - 59:24

Question: Not even a job or anything?
59:24 - 59:26

Daniel: Well, there I can in fact hold
Xerox a bit. They didn't offer
59:26 - 59:29

me anything. I couldn't have accepted
it anyways
59:29 - 59:35

by that logic. That's why it was totally
fine. In that long night, where we
59:35 - 59:38

had the phone call, they were ready
to have me fly in. But
59:38 - 59:41

I honestly don't know anything about
copiers either. Not my main job.
59:41 - 59:45

I can show them the bug, but
I can't repair it. So...
59:45 - 59:47

Question: Ok, but if they would have
flown you in, why not
59:47 - 59:49

work with them together and try
to solve the thing?
59:49 - 59:54

Daniel: Jo, I could've done that. But
I couldn't have contributed anything.
59:54 - 59:56

Because, they have to find the bug in
their code themselves. It was clear that
59:56 - 59:59

something happened. I can't help with
that. I'd just sit around.
59:59 - 60:01

So I also said it just like that.
60:01 - 60:03

Question: That makes sense.
60:03 - 60:06

Daniel: Yes, and flying 2x intercontinential
for that... I don't know.
60:06 - 60:09

Question: Yes, but if they paid I would've
done it.
60:09 - 60:11

Daniel: I admit, I also overthought it
again. But I had
60:11 - 60:18

also stuff to do job wise, and
it wouldn't have worked out.
60:18 - 60:21

Herald: Good, next up 3 again.
60:21 - 60:24

Question: Well, I have a copier at home,
and I have a very
60:24 - 60:28

intimate relationship with it.
Are there any reports, that
60:28 - 60:31

some tried it with their home copiers,
60:31 - 60:33

and then went "Oh Sh...?"
60:33 - 60:37

Daniel: I don't know of any reports like
that. It only affected the things that
60:37 - 60:42

I just showed. Workcentre, ColourCube.
All big things.
60:42 - 60:44

basically.
Question: Okay.
60:44 - 60:48

Daniel: This JBig2 in Hardware,
that's also
60:48 - 60:50

I think very expensive to
implement.
60:50 - 60:52

Question: Okay, thanks!
Daniel: Jo!
60:52 - 60:55

Herald: And 3 again please!
60:55 - 61:00

Question: Maybe a cool crows research
task
61:00 - 61:05

Is maybe to look through
those manuals,
61:05 - 61:10

to collect. Who had access, which
year does it show
61:10 - 61:15

up in the documentation at all, is it
really
61:15 - 61:19

that old, so eight years, or maybe
only four years?
61:19 - 61:23

They only noticed four years ago, and
thought, hm, it's cheaper, we print
61:23 - 61:27

new handbooks, and leave the software
as it is. Because it's more expensive,
61:27 - 61:29

to roll out new firmware.
61:29 - 61:30

Daniel: There's a theory, that here a bug
was declared a feature.
61:30 - 61:33

I can confirm that. But I don't have
proof for it. I want to say that very
61:33 - 61:38

clearly. But seriously, who would
design a scanner,
61:38 - 61:44

that swaps around numbers? Only if it
was just for the military (laugsh)
61:44 - 61:46

Herald: Okay, I think one last question.
Then 2 again.
61:46 - 61:48

Question: Not really a question, but more
of a suggestion for the presentation,
61:48 - 61:52

in case you present it again.
It's really great.
61:52 - 61:55

You have this scale, with accesses to
your website at the bottom.
61:55 - 61:58

I wondered, during the talk, if maybe
you could also do that
61:58 - 62:01

with the stock price of Xerox?
(Daniel laughs)
62:01 - 62:04

Daniel: It wasn't that bad. I mean,
that PR section of them
62:04 - 62:08

handled it pretty well despite the
world wide attention they had.
62:08 - 62:12

I mean, that's really an error, where you
could think, this is
62:12 - 62:15

a danger for the whole company. It's their
bread and butter business.
62:15 - 62:18

But it didn't turn out that way. We will
see, I could've put
62:18 - 62:21

such a live stock price curve in the
presentation. I don't know,
62:21 - 62:24

what's happening on the internet right
now. But good suggestion, thanks!
62:24 - 62:26

Herald: Okay, we also have questions from
the internet.
62:26 - 62:28

Therefore I'd also like to...
62:28 - 62:29

Signal Angel: I just have one more
question from the internet. Are
62:29 - 62:33

there are statistics or numbers,
about how high
62:33 - 62:35

the likeliness of such an error is?
62:35 - 62:38

Daniel: Well, you saw the page I told
you about. That was the case
62:38 - 62:42

with font size 7 or 8. I don't know
anymore, where I got it really
62:42 - 62:44

niceöy reproduced. But when...
62:44 - 62:47

Signal Angel: But... Numbers, thatr's not a normal page
now is it?
62:47 - 62:49

Daniel: It was all numbers, but
of course it's also possible with
62:49 - 62:53

similar letters. But it can happen too.
I don't have any statistics.
62:53 - 62:56

For the numbers the 6 and 8 are
affected the most. But real
62:56 - 62:59

error percentages, I don't have.
But you can see, what's possible.
62:59 - 63:03

So I have... I didn't try for
hours on end, until I found the
63:03 - 63:06

page with many yellow points. I
scanned ONE page, and then it
63:06 - 63:10

was like that. Yeah? So it's not like
you have to look for it forever.
63:10 - 63:13

Question: Yes, thanks!
63:13 - 63:16

Herald: Alright, I think we are done
then.
63:16 - 63:19

Then please another big applause
for the lecturer!
63:19 - 63:20

(applause)
63:20 - 63:21

Daniel: Thanks!
63:21 - 63:29

(longer applause)
63:29 - 63:31

31C3 Credits with no audio
63:31 - 63:40

Subtitles created on amara.org in the
year 2017 - 2022 by multiple collaborators

Title:: David Kriesel: Don't Trust a Scan, That You Didn't Fake Yourself
Description:: http://media.ccc.de/browse/congress/2014/31c3_-_6558_-_de_-_saal_g_-_201412282300_-_traue_keinem_scan_den_du_nicht_selbst_gefalscht_hast_-_david_kriesel.html

Copiers, that spontaneously change numbers in the document: In August 2013 it was revealed, that almost all of the Xerox Scan Copiers replace numbers and letters during the scan. Because it is nearly impossible to detect such errors as a user, the bug is extremely dangeeous, and stayed undicovered for a long time: It existed in the wild for eight years.

David Kriesel

more » « less
Video Language:: German
Duration:: 01:03:41

	C3Subtitles edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast
	C3Subtitles edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast
	Anouk Martinez edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast
	Anouk Martinez edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast
	Anouk Martinez edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast
	Anouk Martinez edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast
	Anouk Martinez edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast
	Anouk Martinez edited English subtitles for David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast

Show all

English subtitles

Revisions

Revision 22 Edited

C3Subtitles

David Kriesel: Don't Trust a Scan, That You Didn't Fake Yourself

Revisions

Our website uses cookies

Operating cookies (Required)