Don’t Do Live Demos, Do Live-Looking Demos

Live demos are risky. A single mistake can waste the audience’s time. Pre-recorded videos can feel dull. A good balance is a staged live demo that keeps things safe but engaging.

I’ve been doing live demos of the open-source tools I create for a long time. At DEF CON alone, I’ve done five different demos in five years. (By my count, that’s a world record.) But in recent years, I stopped doing live demos. Now, I do staged demos that look live.

In the early years, I believed I had to do live demos no matter what. I thought that if I prepared well, nothing would go wrong. But I saw many demos fail for unexpected reasons. The turning point for me was a talk I attended at DEF CON. The room was packed. People were even standing. Most of the talk depended on a live demo, but the virtual machine didn’t boot. The whole presentation failed. People left the room disappointed and angry. Their time was wasted.

After that, I thought it’s always better to show a pre-recorded video. But then I realized it doesn’t create the same excitement as a live demo. When viewers see video controls, they feel less excited because they know everything is already prepared. They might also think the presenter didn’t put in much effort.

In 2023, I was going to demo my promptmap tool at Black Hat Europe Arsenal. However, promptmap runs slowly by design and isn’t very deterministic. Sometimes it gives impressive and fun results, but other times it can be a bit boring. Because of that, I decided not to do a live demo. I didn’t want the audience to wait and then see an unimpressive outcome. I also didn’t want to show a pre-recorded video as it would make the audience lose interest.

I found the perfect solution: The demo will look live, but it won’t be. The audience will think it’s live and feel excited, while I’ll stay relaxed knowing everything is planned and nothing can go wrong. I took the output of an exciting result from the tool and wrote a Python script that prints the same thing with short pauses. When I ran it, it looked like a live demo, but it wasn’t. I was able to show the tool without any errors and the audience loved it.

This year at DEF CON 33, I used local asciinema recordings. I even acted like, “I hope it finds a vulnerability there,” even though I already knew the result. But it was better for the audience. They felt excited. A demo error would just waste their time.

Meta’s Demo Incident

As you all remember, the Meta Ray-Ban glasses failed during the live demo. If I were them, I would have done a staged demo. For example, in the meal preparation scene, instead of using real image processing and AI, I would write code to play pre-recorded sentences about the meal. People wouldn’t know it was pre-recorded, and they would still get excited.