Hacker News new | past | comments | ask | show | jobs | submit login
Defcon stiffs badge HW vendor, drags FW author offstage during talk (twitter.com/mightymogomra)
534 points by dmitrygr 39 days ago | hide | past | favorite | 177 comments



I followed the link, and while there is a video of someone getting dragged off stage, I can't really verify the other claims.

But even so, dragging a presenter off stage is sus. And doesn't seem smart because even if the other claims are not true, I'm tempted to never attend Defcon if that's what they do.


I can verify. I was the one dragged off. I wrote the firmware for the badge. All of it.


I think it’s so amazingly awesome that you just went outside and held an unofficial talk!

Read your blog/article about the badge project yesterday and it was such a good read, even for a not-much-of-a-hardware-guy like me.


Can you please explain the timeline of events here?


Edit: someone summarized it better: https://www.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_...

Approx:

Entropic is engaged to make hw. I am asked (unofficially) to do sw.

Entropic works for free but does charge for parts and subcontracted stuff . Eventually defcon stops paying. Entropic is uninvited from badge talk. Their logo is ground out of plastic case. Their logo hidden in publicity photos of pcb.

Tempers are high. I implement the Easter egg. This is months ago cause thats how long one needs to pre-flash chips.

Time passed. Defcon still working on their game last moment. They had volunteers reflash badges cause they didn’t make the real pre flashing deadline. I forgot about the screen entirely more or less.

Day of con. I spend all day helping debug badge issues. Push updates. Help people. Even pushed an update from plane on way to con to fix some things.

Badge talk time. Half an hour before defcon tells me no talk for me cause someone found the Easter egg screen and they are pissed. I show up anyways since it was promised.

I get dragged off stage.

I hold talk outside answering questions.

Next steps: I have no contact with defcon. They never bothered to. Normally: who cares? I get to talk, people get to play with badges. Nobody cares.

But… I got kicked out, and… they have no license to my firmware they are distributing. Likely DMCA notice.


Man. I've never been to defcon, but it's been more than a passing curiosity ever since the first real announcement[0] crossed my BBS in '93.

And recently I've had a string of bad, unalterable, and irrevocably-permanent events occur in my life. And yet, I'm very pleased to say that your write-up on your experiences with the RP2350[1] presented a small but meaningfully-positive thing for me to look forward to.

Please be well -- and don't take any guff from these swine[2].

[0] https://media.defcon.org/DEF%20CON%201/DEF%20CON%201%20annou...

[1] https://dmitry.gr/?r=06.%20Thoughts&proj=11.%20RP2350

[2] https://www.barnesandnoble.com/w/fear-and-loathing-in-las-ve...


Defcon is a waste of time. Nerds pay walled from their friends.


When I was young (in the 90s) visiting defcon was a bucket list item.

In 2024 not sure I’d really see the point, there are other conferences I’d likely enjoy more and mostly that itch is scratched by YT.

The on I’d still like to visit in person is fosdem and given I’m in the UK that one would be much easier.


Is blackhat more serious and better?


Blackhat is even more of a pay-to-play corporate event.A few years ago, someone paid to do a talk on time traveling crypto and the CEO of trail of bits(iirc) stood up and called him out on the spot over the nonsense tech.

Defcon has a lot more grassroots stuff, but it's grown to a size that it cannot avoid the corporate BS anymore. It's probably one of the biggest and most disruptive conferences in Vegas, venues don't like having 1000s of hackers hanging around slot machines.


Maybe they should just move away from Vegas. I don't know why people choose that spot. Why not some place with better view?


A friend said "getting out of vegas would mean losing half the point of going to bh/defcon (which is getting your company to pay for you to go to vegas)"


The people that go there for that reason are probably not the ones you want there anyway.

And most corp trips are to black hat, not def con.

I've been offered a trip to black hat before and asked if I could go to def con as well but no. I was thinking of just staying longer on my own dime but we got a travel ban for cost cutting reasons so the whole thing never happened. I wasn't really interested in black hat anyway so I didn't care, I hate corporate PR.

But Vegas to me is a detractor. I hate gambling. I'd love it if it were in NYC or something. Much easier from Europe too.


> And most corp trips are to black hat, not def con.

not true in the vulnerability research space.

Actual engineers are sent to defcon because blackhat talks are advertisements, not educational presentations.


Oh that's good to hear.

I worked in a "blue team" and we would only get travel approvals for black hat. Even though I've never been as I didn't want to and I was hesitant to visit the US. Black Hat doesn't interest me precisely for the reason you mentioned. I don't want sales pitches, I want unrestricted flow of technical information without marketing motives.


You’re not required to gamble. I bet I’ve spent a grand total of $20 on slots over the years of attending Def Con. It’s not my thing.


Oh I know but the whole city is about that. It just puts me off.


I get it. You’ve gotta walk past it to get to anything.


Imagine wanting to go to Las Vegas in the summer. Dumb as bricks.


“Do you want to go to a sweltering hot city filled with casinos situated in the middle of a desert, in the middle of summer?”

Any one of those things sounds unpleasant to me, let alone all 3 at once.


Oh please, it's not like nerds go outside anyway ;)


I appreciate the sarcasm because you are right, we have Toor Camp, Chaos Camp, EMF Camp, and others. I think we could use more time outside. Cheers!


It's relatively cheap to get there from most places, and they have the space and facilities for conferences of this size.


Shmoocon had it right providing Shmoo balls.


Chaos Communication Congress is the one worth going to.


True, especially because it's so much easier here in Europe.

The only problem is it's in an extremely expensive period of the year for hotel stays. For that reason I've never actually been.


Already excited for the next Chaos Camp!


And next year is WHY2025 <3


Perhaps I'll see you there! I moved to NL a year ago and have been trying to find my circle.


EMF Camp 2026 too!


Why’d they be pissed about people donating money to the people they didn’t want to pay :/

I just don’t see how they lose anything there (or rather, don’t see how they lose anything there that they lose a hundred times more of by their actual actions, namely reputation).


Every niche convention either stops existing or transitions into a business that slowly gets rid of all the fun stuff that created it in the first place.


The CCC congress is still going strong, but it wouldn't work without the many volunteers and non-profit CCC behind it.


There is not just the big end of year congress, but also lots of smaller events organised and run by regional CCC (like) groups in Europe e.g. MRMCD, EasterHegg, the Dutch camps changing the name every time (next one is WHY2025).


> Every niche convention either stops existing or transitions into a business that slowly gets rid of all the fun stuff that created it in the first place.

It parallels what Ivan Illich said about revolutions, namely that if a revolution survives it will turn into a system that stifles the same freedoms it supported.

Aka, either you die the hero, or see yourself become the corporate stooge/villain.


Hackers themselves became corpos- or worse work for the intelligence agencies.


Not really. The Dutch hacker camps have been pretty constant (save for 2021 for Covid reasons). Run by mostly volunteers yes but basically every participant is a volunteer. It's part of the fun.

They've not really shrunk or significantly grown and are really opposed to corporate and government interests (as Fox-IT found out in 2013)


The British are doing good stuff as well with EMF.


Absolutely. They're a bit more maker than hacker focused but for me that's a good thing.

I just don't really like going to the UK anymore since Brexit. It just puts me off because the main driver of it was xenophobia. I've avoided it, I have not been there at all since Brexit. I probably won't ever go there again unless there's a serious change. Of course none of this is on the EMF community which is great, I've met many of them at other things.

As for the hacker camps I only really go to the Netherlands ones. The Congress is too expensive for me with the hotels around Christmas and with my lack of car it's hard to go camping in Germany so I've never been to the chaos camp either. Within Holland it's been easier because they've recently been at locations near me.


Cop mentality.


Commercial copyright infringement has a per instance statutory minimum.

Demand the minimum for every badge distributed — as even if you later provided licenses to holders, DC had no license when distributing the copies as merchandise at their for-pay event.


Do this, but absolutely get an attorney. Careful wording is required to avoid the crime of blackmail/extortion.


Why do you think they don't have a license from Entropic in the contract they both agreed to? Unless they are utterly incompetent, their contract with Entropic covered this and if Enrtopic delivered firmware that they don't have rights to, that's on them, not on Def Con. Anything that comes to Def Con just results in a lawsuit against Entropic. Additionally, he apparently wrote the code on the plane prior to his arrival and then worked to get it on all the badges. That's going to make it pretty hard to argue that they don't have permission to distribute the badges with this code on them.


There is no firmware or software mentioned in any signed contracts actually. :popcorn:


Statutory damages are per work infringed, not per infringing copy.


You left out the part where the "Goons" physically touched you, and forcibly removed you from a location against your will. The "Goons" have no authority to carry out such an act. And there's video footage. Congratulations on winning the lawsuit!


"and forcibly removed you from a location against your will"

Not saying they were morally or ethically right, or smart to do this at all - but legally there usually is a right to remove a unwanted person from your stage with the help of your own security.


Yeah, pretty sure if you’re asked to leave an event and you refuse, they can have you escorted out even if you dig in your heels.


... but can you tell me who is legally allowed to physically touch you in that escorting process?


Under german law, it would be anyone officially acting as security on that property. (It does not have to be a professional security, it can be anyone from staff filling in that role).

The police does not want to be called, for every bouncer action.

It can get into a grey area, if violence will happen, the security may not simply beat someone out - but grabbing and forcefully moving or carrying out is legal. But if there is serious resistance and the security unable to handle it in a nonescalating way, then they would need to call the police. But usually, the bouncers would just get brutal, then. Attacking security gives them some freedom to act.

If other people are endangered by someone, very different scenario, anyone can (and must if possible) stop violence.

Source: short stunt as a professional security


In Canada, in our Criminal Code,if you order someone to leave the inside of your home, and they refuse / do not?

They have committed assault against you.

This serves two purposes. The first is, a crime has been committed. The second is, you may now defend yourself.

I'm sure there is something similar in common law for other buildings. EG control of a space.

(I know nothing of this incident, just speaking generically.)


They do have the authority to do that. They ask you to leave. If you say no then you're trespassing and can be physically removed.

How do you think bouncers work?


OK, everything aside, thank you for your absolutely amazing work and the inspiring writing you do about it!

Reading about rePalm has changed my definition of what monumental effort looks like.

(You should absolutely add that you managed to get PalmOS running on the badges in question!)


Thank you for the clarification, Defcon has some explaining to do given they make good money on the con. Things have definitely changed.


Ah, defcon drama! Old ones used to be much better anyway.


When they stopped having first time presenters to do a shot of vodka before their talks I stopped caring. That was the end of real defcon.


I don't know why people think this, you're not the first person I've heard it from either.

First, I literally saw them do shots during a talk yesterday for some first-time presenters. Secondly that WASN'T the "old defcon" either! Drinking is a relatively new tradition in the history of the con. I've spoken twice. Once at DC 17 (no shot offered) and once at DC 23 (shots were offered). There's video proof:

No drinking, DC 17: https://www.youtube.com/watch?v=okPWY0FeUoU Asked to drink, opted for a coin instead (we were asked beforehand): https://youtu.be/6dmvtbrM6hs?feature=shared&t=1153


Last years I “had to” do a shot of Malört before stepping up to the podium.

(“Had to” means a friend offered me one, laughed, and said “aw, c’mon”. I could’ve easily said no.)


The ninja badges even had games you could play where you fight other users if I recall correctly. (Mid 2000’s?)


Wild, but not surprising. Heard a lot of bad stuff from the village heads some years ago already about DC organization.


Sounds like a fiasco. Have to wonder why parts and subcontractors aren't getting paid


If that’s true, crucify them for piracy. Why would DMCA apply here?


They are Illegally distributing copies of my firmware on their badges


DMCA is probably irrelevant.

This is textbook copyright infringement. $150k statutory damages plus, at the court's discretion, legal costs and fees. And that is just the result of civil action. You could probably find a prosecutor who would love pursue criminal action against the conference to appear strong on cybersecurity.

There is a reason why even large corporations, which often play chicken with lesser laws, are extremely careful about copyright infringement. The law has real teeth if the infringer has significant wealth.

https://www.copyright.gov/title17/92chap5.html#504


If they don't have a licence to distribute your software, it's plain copyright infringement. The same as selling photocopies of a book.

The DMCA criminalises breaking DRM, or providing tools to do so, such as distributing a tool to remove the DRM from an e-book.


The Digital Millennium Copyright Act also does have provisions related to copyright infringement, not just circumvention devices.


This link is directly to the comment, I believe.

https://www.reddit.com/r/Defcon/comments/1eoe4u7/comment/lhe...


Time to make your own Defcon.

With blackjack. And...


Which black hat, and webhooks!


With black hat*


....I mean, you're already in Vegas, so...


Missed a couple crucial details

>I show up anyways since it was promised.

-you get asked to leave the stage

-you refused to leave the stage

-you told them they'd have to drag you off stage to get you to leave

>I get dragged off stage.


One part of me wants you to DMCA the living daylight out of them. The other part is currently seeding torrents and thinks copyright is kinda dumb. Anyway, shitty thing to do by the defcon people.


I have been giving out licenses to the firmware to anybody who asks in the unofficial badge hacking discord. :) also my signature on the badge acts as a nontransferable license to the firmware in source and binary. i signed maybe a thousand today at my unofficial talk outside after i was dragged out.


did they end up paying Entropic in the months that passed ?


No. But beyond money, the credit hurts more. Having your company name scratches out of plastic molds is … oof.


Sounds like there's more going on though. They must have had a reason for not paying? Especially considering the apparent anger with which they removed all references to them. I mean, if they simply ran out of money and couldn't pay they wouldn't be so angry because it was really their own fault.

I'd love to hear their sides of that story. (Both Def Con and Entropic). I'm curious now.

I'm sorry you got roped into this conflict too though. I have great respect for your work.


this is some pretty ugly stuff.

If you are in contact with any of the Entropic folks, maybe point them to this or the r/ thread so that they can provide more context.


Can I buy a badge or similar hardware after the con?


Yes, actually, if you know someone there they were selling extras:

https://defcon.org/html/links/dc-news.html


No. It's for participants.

Though I'm sure you can find them on eBay.



Oof, Defcon organizers even SWATted him?


It sounds like they called the police, that is not swatting. Swatting is a specific tactic where you abuse the minimal training and disposition to violence of US police forces to attempt to murder people by reporting that they’re armed and/or threatening violence.

Claiming the calling the police on someone is swatting, even though US police routinely execute people unprovoked attacks, is not swatting. The difference is the intent - the intent of swatting is terrorism and murder.


Come on. Calling the cops is nothing like Sweating.


It's SWATting when you try to pit the cops against innocent people.


No, it's not. Let's not dillute the term. SWATing someone is calling in a fake situation on a person that earns them a visit, specifically, from SWAT. Hostage situation, bomb threat, etc. are the usual means of doing so.

Calling the police is not SWATing someone.


I don't think so.

When people get SWATed, usually a fake call is made, were the police are told that a murder was already committed by the caller and that we will kill everyone on sight. Thus the police expect real danger, brings the big guns and their trigger happy attitude, kick the door in and are more likely to kill the victim.

It's not SWATing if the police come to handle a disturbance. The SWAT team need to be deployed for a SWATing.

Anyone could have called the cops too. A gathering of 100 people can make people nervous. But I wouldn't be surprised if Defcon called them too.


How isn't it? SWATting is nothing more then calling the police and sending them out to somewhere you known nothing is going on as an attack dog. This seems extremely similar to what has happened here.


> SWATting is nothing more then calling the police and sending them out to somewhere you known nothing is going on as an attack dog

Bullshit.

Swatting is:

> the action or practice of making a prank call to emergency services in an attempt to bring about the dispatch of a large number of armed police officers to a particular address.

The cops response for like, someone disturbing the peace or someone playing loud music in the middle of the night, is nothing like when the SWAT team comes with automatic weapon, full body armor and flash bangs, expecting to be shot at, as promised by the phrank call.


I would definitely say calling the police on someone you know is doing nothing wrong could be considered " a prank call to emergency services in an attempt to bring about the dispatch of a large number of armed police officers to a particular address.". I definitely don't think it can be waved away with bullshit. People in the US are routinely shot for no reason at all. Any contact with police should be taken extremely seriously.


I was at this talk, someone (you I guess) left at the beginning of this talk. To the audience it was not clear what happened,


Nice work keeping the easter egg spirit alive. How would one trigger the easter egg?


FN button to open menu

select "ABOUT" and press "A" to enter about screen

Press "SELECT" button there despite that not being listed as a valid input.


Yeah, after some more digging, it does appear to be you.

I do wish I had more context from the video, but at this point, it's getting hard to imagine any good reason for Defcon to do what they did. Assuming that you weren't threatening someone in the audience or something like that. Doubtful, from the way you've been talking.

Anyway, it looks like good stuff. Wish I had some Game Boy games to try it.


I threatened nobody.


Yeah, I hope it was clear that I don't think you did that.


Why is it up to you to determine who is telling the truth? Why do you need to dig or investigate?

Anyways, just seemed odd.


I would counter that by asking why would any of us not want to dig or investigate claims and assertions made in 2024? It’s hugely important to approach life with a critical mindset these days, and something we should all be doing.


I don't think that's how he meant it, but rather that we all need to read/watch and evaluate credibility on our own, because this is the internet.


You always trust what someone on the internet tells you?


I’m sorry to hear this happened to you.

One cannot lay even a finger on another person, ever, let alone jostle someone just because they don’t like what they are saying.

It doesn’t matter if they are “security”. It’s assault and battery just the same as if I shove grandma out the way to get to the bus!


This is Dmitry Grinberg[1] some of whose absolutely amazing projects (like, running Palm OS on other devices) have recently gotten some traction here on HN.

(In particular, he managed to get Palm OS running on the badges in question).

If there's one person whose credibility I wouldn't doubt on those matters, it's him.

[1] https://dmitry.gr


Subsequent related thread:

DEF CON's response to the badge controversy - https://news.ycombinator.com/item?id=41211519 - Aug 2024 (41 comments)


Streisand effect strikes again

Option A: let the dude have his talk. Nobody hears about it beyond the walls of defcon. Move along.

Option B: uninvite and call security. Guy becomes instant personality on reddit and hn. I didn't know that defcon had become a shitty, small minded operation that abuses volunteer time and can't take an Easter egg, well now I do!

Well played...


I stopped paying attention a few years ago because their leadership was visibly heading in this direction.

It's always kind of frustrating to see programmers and other software people participating/defending that kind of thing considering logic is our whole game to begin with.


The premise of ‘tech people’ not at all succumbing to the same shortcomings as any other human is utterly language and the source of so much undeserved hubris in this industry. Developers are some of the worst, ‘illogical’ people I’ve ever met, especially when it comes to anything interpersonal.


I think this was going to blow up no matter what. Every single badge...


I'm pretty sure it would've stayed a defcon thing


IANAL, but I'm skeptical that Dmitry's interpretation that Defcon has no license is correct. It sounds like Dmitry sent them firmware images with the mutual expectation that those will be used on badges, and they invited him to the Badge talk which could be considered consideration. That should constitute a contract, either verbal, or through concludent acts. This should give Defcon the right to use Dmitry's on the badges, but not modify it. So legally the whole thing would probably be considered a contract dispute, not use of unlicensed software.

Defcon will probably argue that including the easter egg was some kind breach of duty of Dmitry's part, and gave them the right to remove him from the talk, and modify the firmware to remove the easter egg. My expectation is that courts would decide that Defcon has the right to use the firmware, but will require them to pay some kind of compensation for not living up to their side of the bargain.


IMO the thing that may matter most here is the PR effect on Defcon. It's the badge - every attendee takes this thing home and engages with it. It's a talking point, memento and representation of the spirit of the conference.

That's an unmitigated PR disaster for Defcon. It doesn't matter to this who was right or wrong or what laws were broken, even if somehow all legally ended up in Defcon's favour, the damage to the brand is huge, enduring and set aside from those issues.

To address this, whoever at Defcon ultimately actioned this series of events should be held to account, for this PR aspect, and the matter immediately and publicly handed to someone with an appropriate understanding of Defcon's culture & reputation.


It seems to have been Dark Tangent[0] (aka Jeff Moss), the creator and organizer of Blackhat and Defcon.

https://x.com/dmitrygr/status/1822126826606739678


You can rescind license to use the software if you haven't been paid consideration, you do not and should not have to wait for a court to say so.


This is a silly take. Unless there was a contact written down, DefCon gets to remove this guy for any reason or even no reason.

The incentive to not do it is because it makes them look like power-tripping maniacs, which is what happened.

I've never been to the conference but now I think I'll never want to go.


And this guy gets to rescind his license for nonpayment.


Who does he get to recind the license from?

Did Defcon contract with Entropic Engineering for hardware and software? Or did Defcon contract with EE for Hardware and non-contract it from Dmitry?

If it is the former, Defcon could say "you need to work that out with EE and if it turns out that EE wants to revoke the license for the software, we'll have our lawyers talk with your lawyers about what is in the contract."

If its the later, then things get trickier and more difficult in many different directions.

Based on https://old.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_... "/u/dmitrygr wrote the firmware for the badges as well at the behest of Entropic" - its the former. And so if anyone is in trouble with the licensing, it's Entropic for not having a contract with Dmitry and providing the software to Defcon." Defcon used it, with the understanding that they had a license to the firmware.


> Defcon used it, with the understanding that they had a license to the firmware.

Until constructive notice as to otherwise.


This would depend on the contract that DEFCON has (had) with Entropic Engineering and what the deliverables were.

It may turn out that Entropic would be the one paying the penalty and footing the bill if one of the people they worked with decided to change the license.

Revoking or changing that license afterwards may fall on the vendor rather than the distributor to make things right.

While this isn't likely to be something anyone is going to come out smelling like roses out of... my crystal ball says that Entropic is going to come out the worse for it.

Having a "volunteer" working for a for profit company has hints of FLSA violations ( https://www.reddit.com/r/Defcon/comments/1ep00ln/comment/lhj... ). Having a person that Entropic is working with for embedded software put in easter eggs that went counter to the SOW becomes difficult. Entropic relying on software that has a license of "as long as the software author is ok with it" may complicate future business relationships with other clients.


Yes, very much depends on indemnification.


Isn't it kind of too late at that point? If i understand correctly, this notice came after the badges were already distributed. Like maybe that would work for future uses of the software, but i don't think constructive notice can be retroactive.


Um, removing a person who’s giving a talk is a completely different action from the distribution of (potentially) unlicensed software.

DEFCON may well have many reasons and legal recourses to stop a talk from occurring. But if they do not meet the terms of the contract for the IP, then the author/developer/manufacturer is entirely free to pursue action against them.

Now it’s possible the developers had not watched Mike Monteiro’s “fuck you pay me” talk (https://creativemornings.com/talks/mike-monteiro--2/1), but assuming that the claims in this tweet are remotely accurate you can bet that - assuming they can get someone to do it at all - next years defcon badge will be produce by someone with a contract that has the only sane language: “no transfer of any IP or right to distribute occurs until receipt of full payment”


> the distribution of (potentially) unlicensed software

The creator didn't revoke the license until after the badges were distributed.


Minor addendum due to being outside of the edit window.

The “um,” start to this was unnecessarily shitty/passive aggressive and I just noticed it when I was checking for replies, so apologies for that attitude.

The issue I was wanting to address is that the reply was talking about removing the speaker as if that is relevant to the OP’s comment about IP, etc and in hindsight I guess I assumed a bad faith argument and responded to that assumed intent rather than the actual comment.


If including an Easter egg voids the contract, then they should also start a class action against Microsoft for frivolously including a flight simulator in excel.


It would be surprising to me that even if DEFCON could be considered to have a license, that that license would be irrevocable. At the end of the day they have received work product for free which they do not own and the owner is saying they can’t distribute it.


Here's a direct link to him being dragged off the stage:

https://x.com/dmitrygr/status/1822124650547257637

It's definitely somewhat aggressive. Way to burn bridges.


Is there a non-twitter link? Blocks me because I have DNS adblock+using mobile browser.


While it doesn't show you any thread context, for media tweets like the video one linked if you paste the URL into a site like https://savetwitter.net/en it will spit out the video file to watch as well as telling you the text of that tweet (although, testing it with that tweet on my phone just now I had to select the title and paste it elsewhere to see as the page truncated the visible amount to fit phone width).



Looked the opposite of aggressive to me. Smiles all around.


He's being carried off. He's only smiling because of how ridiculous it makes the organisers look


He is rudely forced down a stair. That could have gone very wrong.



It also runs PalmOS. I published images for that.


I heard they didn't pay you in full. This is so sad. Why did they do that?


I believe the hardware designer was stiffed (according to some threads on Twitter)? There doesn't seem to be a summary of what happened anywhere, but from the reactions I've seen, it looks like DEFCON didn't pay a vendor for badge hardware, and the firmware has an easter egg showing that vendor.

Not sure why the dragging off the stage happened.


I worked for free. They didn’t pay hardware vendor (guys who made the physical badge) and removed their name from plastics and invitation to talk


> Why did they do that?

I'm confused by the rationale of questioning the OP about someone else's motivations.


Yes and no, they may have been informed in a non-public setting on _why_ DEFCON has refused to pay.

DEFCON themselves is likely to not state a reason publicly, so getting a "here's what I was told by DEFCON" is likely the closest thing that we're going to get for an answer.


Even if they don’t pay, removing credit for work done is NOT ok. Work was done. Badge exists. Entropic made it


I read it as tinged with the implication that the wronged party must have done something to deserve it. In retrospect, perhaps I was being too sensitive.


Put aside the fact that that’s awesome, that doesn’t sound like the safest thing on Earth to contract out.


The same Defcon that allowed NSA director Keith Alexander to keynote.

I even live in Vegas now and I don’t go anymore.


The event being named after a US military meeter to indicate how far away the US is from nuclear war should already be an indication.

There are some good people there but also a lot of people who do not care what happens with what they build and look away when it would be time to speak up.


> The event being named after a US military meeter to indicate how far away the US is from nuclear war should already be an indication.

It's a clear reference to the movie WARGAMES more than a direct reference to the real world US military itself.


To be fair, there are a lot of hackers who work and/or worked for various intelligence agencies, either directly or as a contractor.

Some of them are people who have also clearly been hackers before and after their work there.

Was it weird? Absolutely. But let’s not pretend the government doesn’t hire hackers. It’s our biggest employer.


entropic put out their own statement as well: https://www.entropicengineering.com/defcon-32-statement


Oh, that clears up a lot. Now we only need to know why Defcon felt like they could just suddenly stop paying.


Do you have a writeup or something? Twitter videos don’t really load anymore this year.


This needs way way way way more context.


Yep. Not sure why this is downvoted, but as an outsider to DefCon, I'm not sure what's going on here just looking at the tweet.


Seeing as you’re in the thread Dmitry, what was the Kindle bug referenced here? Sounds interesting.

https://news.ycombinator.com/item?id=41207740


See my reply below.


Is there more context? Who wrote the original software? Were they paid or it was voluntary work? How they detected the additional screen?


I feel like this is a good spot to mention that Dmitry's a friggin beast when it comes to engineering. As that Tweetster put it: "Dmitry is an insanely skilled dude. Easily on par with Carmack or Karpathy IMO. They almost had to delay the original Kindle Fire tablet because of a rare bug that all the king's horses and all the king's men couldn't fix in 6 months, but Dmitry nailed it in a few days"

Summary of the events unfolding by Sargonas on Reddit:

Maybe this will help with a listed summary of the known facts from first hands accounts. I am leaving gaps where there has just been speculation or second hand unverifiable information, and welcome anyone with first-hand knowledge of those aspects to comment below me to fill in the gaps. I'm merely presenting the facts as we have them from first-hand accounts (mostly from reddit and discord), without personal opinion or bias (hopefully, human nature is a tricky thing.)

Entropic Engineering designed and built the circuitry of the badges, physically. They were either only partially, or not at all, paid by DEFCON for this work, contrary to whatever formal agreement they had in place. (Other amazingly talented individuals create the silk screen design, the shells, and the game, but are totally removed from this drama so I'm leaving them out of it.) Subsequently, all references to them have been removed in various materials, and even one of their logos was removed from the silk screen. (apparently small one may be left under the battery? but I can't check because I affixed mine to the board to stop it's shifting.)

dmitrygr wrote the firmware for the badges as well

Somewhere along the way, Entropic was cut out of the process and left to the side by DEFCON in a way that left Entropic feeling burned and under/un paid for their non-trivial work (according to some comments below it is 6 figure sum, but this is second hand info).

Dmitry felt this was unfair, and put an easter egg into the badge code. This easter egg simply comments that Entropic engineered the badges, and had their credits removed everywhere, with an address for donations if you wish to support them. This was entirely Dmitrys doing as a gesture of thanks to the Entropic team.

This easter egg more or less flew under the radar until EoD friday.

Friday evening, after spending most of his day traveling to DEFCON and writing a 1.5 update in his spare time on his flight to fix some issues, Dmitry was up on stage with the other badge creators about to present the usual badge talk, when word of the Easter egg went around (likely due to him including some slides on his portion of the presentation about it.)

DEFCON staff had Goons escort Dmitry off stage shortly before the talk started, delaying the talk some.

during the talk, a comment was made about “unauthorized code“ being on the badges.

Dmitry setup himself on the sidewalk outside the hall, and basically held his own mini talk about the work he did and Entropics contributions.

At some point, LVMPD showed up. It is unclear to me personally who issued the call but second hand info says it was DEFCON staff. They noted Dmitry was simply talking to people (albiet nearly 100 of them) on a public sidewalk, outside a building owned by the county, and nothing was really amiss, and left shortly after.

Dmitry, in his (likely valid) opinion feels this whole situation has not been handled well, and since his code was written free of charge, without any signed agreements with DEFCON or consequently any rights assignments, has announced that he intends to assert his legal ownership of the code (which is his right under us copyright law). As a result, he will gladly issue a non-transferable right to the code to any attendee who asks him for one, but is no longer going to "turn a blind eye" to the fact DEFCON does not have a legal license to his code, and instead look into taking actions that are within his power to take to clarify their lack of ownership of the code on the badges. (I believe in discord he may have gone so far as to say DMCA, but I need to double-check.)

bearing this in mind this does add a curious wrinkle to the statement about “unauthorized code” from DEFCON given… The obvious.


Can confirm. Dmitry saved the Fire tablet by finding an error in TI’s BSP while J.S. documented the repro steps, and gave me the info to get it fixed. This was during manufacture, 3 days before public release iirc.

He also rescued the Bowser pinmux that I had screwed up. And stepped in when the display IP didn’t work. And a ton of other heroic engineering.

The early Fire Phone engineering team was really talented and Dmitry was the best.


Thanks for the summary. Why was Entropic not paid or cut out?


Am I missing something about how this story went missing from the front page? There is at least one story with less points posted 12 hours earlier that is still visisble there.

https://archive.is/dtRg2 https://archive.is/8HK5y https://archive.is/yk5uU

Is there any transparency that could tell us why this change was made?


I just read the timeline of events at https://old.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_...

Frankly… i’m not surprised. The whole industry is filled with this kind of fascistoid attitude now. Every organization takes any chance they can to silence opinions they don’t like (and this happens both left and right).

I see from the link above that the POLICE was called on dmitrygr for… speaking to people in a public space?

Really?

Defcon has gone from outcast meeting to full mainstream and interest-preserving. Kinda lost all of its hacker attitude, and this is proof.


I've watched defcon and ccc a lot over the years... was this the first time a presenter has been physically dragged off stage?


Stallman arguably was, one time at FOSDEM. Not over some disagreement, he just wouldn't stop talking and make room for the next speaker :-)


[flagged]


I was not in the crowd so I can't say anything more about that. That said,

> This dude, as a contractor-for-hire, injected unwanted code he calls "just an easter egg" in the final firmware of the badge. This "unwanted code" is a screen asking for bitcoin donations and self-aggrandizing himself.

If this is how you feel about an easter egg I suspect you misunderstand the point of DEF CON. Maybe the organizers of the conference do too.


Nah there is a difference between fun and light thing to find, and asking for money and disrupting an event.


Asking for money for other people, who created the badge - and had all their credit ereased. He put the credit back in as the easter egg.

https://news.ycombinator.com/item?id=41207469


This is quite an angry comment. Do you have evidence to support your allegations? So far, other accounts indicate Dimitry has not done what you've accused him of: https://www.reddit.com/r/Defcon/comments/1eoe4u7/comment/lhe....

Besides what other commenters wrote, I think it'd odd to gloss over Defcon stiffing their Badge HW vendor while attacking Dmitry, Defcon's other business partner, for not having "a responsible business dispute".


Are you sure Dmitry was a paid contractor? Let's see if Defcon disputes that Dmitry was basically asked to informally work on a friends and family basis.

Where are you getting this information that Dmitry was a paid contractor?


It's a bit of inference on my part, I'll give you that but the premise doesn't make sense if he wasn't paid.

If he was working as an unpaid volunteer with the "compensation" being a part of a talk on stage... What was he protesting before the event even started when he injected the screen asking for money? That's a pretty garbage thing to do, but he did it before the consequence he claimed he was protesting.


> What was he protesting before the event even started when he injected the screen asking for money?

The hardware vendor was stiffed and Defcon scratched their trademark from the badges, so this man added an easter egg asking for donations to them, not himself, as far as I understood.


Maybe he was protesting that the hardware creator didn’t get paid? That’s the story I’ve read in the comments here.


> This dude, as a PAID contractor-for-hire

Could you please tell us your source on that? Specifically that he was paid for developing the software.


I was not paid and I was not a contractor. No contract. No money.


> "He walked on stage and started yelling at the presenters. He was asked to leave by multiple groups of security staff and refused to leave while interrupting the talk. He demanded he be physically removed. The staff security eventually acquiesced to his demands."

Did you do these things ?


From my read, Dmitry didn't upset his audience, excluding the flagged TrueDuality commenter. Rather, after Dimitry's protest and physical removal, a bunch of the audience went outside to listen to his impromptu talk on the sidewalk.


None of this happened and thankfully video of my entire time on stage exists. The talk had not even started yet when they dragged me off…


Yep, figured as much from the video. Good that you clarified to not leave such accusation unanswered.


A-holes and opinions; we all got them. From your comment, I see you located both tonight.


It sounds like he did the Easter egg as a form of protest.

Were the presenters he yelled at people who he was protesting against?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: