return to table of content

Defcon stiffs badge HW vendor, drags FW author offstage during talk

gavinhoward
56 replies
13h37m

I followed the link, and while there is a video of someone getting dragged off stage, I can't really verify the other claims.

But even so, dragging a presenter off stage is sus. And doesn't seem smart because even if the other claims are not true, I'm tempted to never attend Defcon if that's what they do.

dmitrygr
54 replies
13h32m

I can verify. I was the one dragged off. I wrote the firmware for the badge. All of it.

nipponese
42 replies
13h24m

Can you please explain the timeline of events here?

dmitrygr
35 replies
13h18m

Edit: someone summarized it better: https://www.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_...

Approx:

Entropic is engaged to make hw. I am asked (unofficially) to do sw.

Entropic works for free but does charge for parts and subcontracted stuff . Eventually defcon stops paying. Entropic is uninvited from badge talk. Their logo is ground out of plastic case. Their logo hidden in publicity photos of pcb.

Tempers are high. I implement the Easter egg. This is months ago cause thats how long one needs to pre-flash chips.

Time passed. Defcon still working on their game last moment. They had volunteers reflash badges cause they didn’t make the real pre flashing deadline. I forgot about the screen entirely more or less.

Day of con. I spend all day helping debug badge issues. Push updates. Help people. Even pushed an update from plane on way to con to fix some things.

Badge talk time. Half an hour before defcon tells me no talk for me cause someone found the Easter egg screen and they are pissed. I show up anyways since it was promised.

I get dragged off stage.

I hold talk outside answering questions.

Next steps: I have no contact with defcon. They never bothered to. Normally: who cares? I get to talk, people get to play with badges. Nobody cares.

But… I got kicked out, and… they have no license to my firmware they are distributing. Likely DMCA notice.

ssl-3
5 replies
12h56m

Man. I've never been to defcon, but it's been more than a passing curiosity ever since the first real announcement[0] crossed my BBS in '93.

And recently I've had a string of bad, unalterable, and irrevocably-permanent events occur in my life. And yet, I'm very pleased to say that your write-up on your experiences with the RP2350[1] presented a small but meaningfully-positive thing for me to look forward to.

Please be well -- and don't take any guff from these swine[2].

[0] https://media.defcon.org/DEF%20CON%201/DEF%20CON%201%20annou...

[1] https://dmitry.gr/?r=06.%20Thoughts&proj=11.%20RP2350

[2] https://www.barnesandnoble.com/w/fear-and-loathing-in-las-ve...

iwontberude
4 replies
9h43m

Defcon is a waste of time. Nerds pay walled from their friends.

markus_zhang
3 replies
5h31m

Is blackhat more serious and better?

MSFT_Edging
2 replies
4h43m

Blackhat is even more of a pay-to-play corporate event.A few years ago, someone paid to do a talk on time traveling crypto and the CEO of trail of bits(iirc) stood up and called him out on the spot over the nonsense tech.

Defcon has a lot more grassroots stuff, but it's grown to a size that it cannot avoid the corporate BS anymore. It's probably one of the biggest and most disruptive conferences in Vegas, venues don't like having 1000s of hackers hanging around slot machines.

markus_zhang
1 replies
1h26m

Maybe they should just move away from Vegas. I don't know why people choose that spot. Why not some place with better view?

nicolas_17
0 replies
18m

A friend said "getting out of vegas would mean losing half the point of going to bh/defcon (which is getting your company to pay for you to go to vegas)"

Aeolun
4 replies
12h49m

Why’d they be pissed about people donating money to the people they didn’t want to pay :/

I just don’t see how they lose anything there (or rather, don’t see how they lose anything there that they lose a hundred times more of by their actual actions, namely reputation).

YeahThisIsMe
2 replies
11h9m

Every niche convention either stops existing or transitions into a business that slowly gets rid of all the fun stuff that created it in the first place.

ahartmetz
0 replies
9h44m

The CCC congress is still going strong, but it wouldn't work without the many volunteers and non-profit CCC behind it.

Yeul
0 replies
8h30m

Hackers themselves became corpos- or worse work for the intelligence agencies.

q3k
0 replies
9h57m

Cop mentality.

notinmykernel
3 replies
10h9m

You left out the part where the "Goons" physically touched you, and forcibly removed you from a location against your will. The "Goons" have no authority to carry out such an act. And there's video footage. Congratulations on winning the lawsuit!

lukan
1 replies
9h47m

"and forcibly removed you from a location against your will"

Not saying they were morally or ethically right, or smart to do this at all - but legally there usually is a right to remove a unwanted person from your stage with the help of your own security.

more_corn
0 replies
3h32m

Yeah, pretty sure if you’re asked to leave an event and you refuse, they can have you escorted out even if you dig in your heels.

IshKebab
0 replies
9h43m

They do have the authority to do that. They ask you to leave. If you say no then you're trespassing and can be physically removed.

How do you think bouncers work?

kstenerud
3 replies
12h51m

Time to make your own Defcon.

With blackjack. And...

rubans
0 replies
11h47m

With black hat*

adastra22
0 replies
11h7m

Which black hat, and webhooks!

EarlKing
0 replies
9h24m

....I mean, you're already in Vegas, so...

abtinf
3 replies
12h2m

If that’s true, crucify them for piracy. Why would DMCA apply here?

dmitrygr
2 replies
11h52m

They are Illegally distributing copies of my firmware on their badges

Symbiote
1 replies
10h38m

If they don't have a licence to distribute your software, it's plain copyright infringement. The same as selling photocopies of a book.

The DMCA criminalises breaking DRM, or providing tools to do so, such as distributing a tool to remove the DRM from an e-book.

arghwhat
0 replies
10h12m

The Digital Millennium Copyright Act also does have provisions related to copyright infringement, not just circumvention devices.

utopcell
2 replies
12h49m

did they end up paying Entropic in the months that passed ?

dmitrygr
1 replies
12h45m

No. But beyond money, the credit hurts more. Having your company name scratches out of plastic molds is … oof.

utopcell
0 replies
12h29m

this is some pretty ugly stuff.

If you are in contact with any of the Entropic folks, maybe point them to this or the r/ thread so that they can provide more context.

tamimio
1 replies
13h1m

Ah, defcon drama! Old ones used to be much better anyway.

loopdoend
0 replies
10h34m

The ninja badges even had games you could play where you fight other users if I recall correctly. (Mid 2000’s?)

dtx1
1 replies
13h9m

One part of me wants you to DMCA the living daylight out of them. The other part is currently seeding torrents and thinks copyright is kinda dumb. Anyway, shitty thing to do by the defcon people.

dmitrygr
0 replies
13h5m

I have been giving out licenses to the firmware to anybody who asks in the unofficial badge hacking discord. :) also my signature on the badge acts as a nontransferable license to the firmware in source and binary. i signed maybe a thousand today at my unofficial talk outside after i was dragged out.

zmgsabst
0 replies
11h6m

Commercial copyright infringement has a per instance statutory minimum.

Demand the minimum for every badge distributed — as even if you later provided licenses to holders, DC had no license when distributing the copies as merchandise at their for-pay event.

windexh8er
0 replies
12h17m

Thank you for the clarification, Defcon has some explaining to do given they make good money on the con. Things have definitely changed.

waihtis
0 replies
13h8m

Wild, but not surprising. Heard a lot of bad stuff from the village heads some years ago already about DC organization.

romwell
0 replies
11h35m

OK, everything aside, thank you for your absolutely amazing work and the inspiring writing you do about it!

Reading about rePalm has changed my definition of what monumental effort looks like.

(You should absolutely add that you managed to get PalmOS running on the badges in question!)

eddyfromtheblok
0 replies
11h15m

Sounds like a fiasco. Have to wonder why parts and subcontractors aren't getting paid

soraminazuki
4 replies
3h35m

Oof, Defcon organizers even SWATted him?

brunoqc
2 replies
2h7m

Come on. Calling the cops is nothing like Sweating.

soraminazuki
1 replies
2h1m

It's SWATting when you try to pit the cops against innocent people.

brunoqc
0 replies
35m

I don't think so.

When people get SWATed, usually a fake call is made, were the police are told that a murder was already committed by the caller and that we will kill everyone on sight. Thus the police expect real danger, brings the big guns and their trigger happy attitude, kick the door in and are more likely to kill the victim.

It's not SWATing if the police come to handle a disturbance. The SWAT team need to be deployed for a SWATing.

Anyone could have called the cops too. A gathering of 100 people can make people nervous. But I wouldn't be surprised if Defcon called them too.

olliej
0 replies
32m

It sounds like they called the police, that is not swatting. Swatting is a specific tactic where you abuse the minimal training and disposition to violence of US police forces to attempt to murder people by reporting that they’re armed and/or threatening violence.

Claiming the calling the police on someone is swatting, even though US police routinely execute people unprovoked attacks, is not swatting. The difference is the intent - the intent of swatting is terrorism and murder.

gavinhoward
6 replies
13h22m

Yeah, after some more digging, it does appear to be you.

I do wish I had more context from the video, but at this point, it's getting hard to imagine any good reason for Defcon to do what they did. Assuming that you weren't threatening someone in the audience or something like that. Doubtful, from the way you've been talking.

Anyway, it looks like good stuff. Wish I had some Game Boy games to try it.

iJohnDoe
3 replies
12h30m

Why is it up to you to determine who is telling the truth? Why do you need to dig or investigate?

Anyways, just seemed odd.

urbandw311er
0 replies
12h20m

I would counter that by asking why would any of us not want to dig or investigate claims and assertions made in 2024? It’s hugely important to approach life with a critical mindset these days, and something we should all be doing.

rpdillon
0 replies
2h26m

I don't think that's how he meant it, but rather that we all need to read/watch and evaluate credibility on our own, because this is the internet.

irjustin
0 replies
12h19m

You always trust what someone on the internet tells you?

dmitrygr
1 replies
13h11m

I threatened nobody.

gavinhoward
0 replies
13h10m

Yeah, I hope it was clear that I don't think you did that.

patrickhogan1
0 replies
8h50m

Nice work keeping the easter egg spirit alive. How would one trigger the easter egg?

justjonathan
0 replies
12h43m

I was at this talk, someone (you I guess) left at the beginning of this talk. To the audience it was not clear what happened,

gorgoiler
0 replies
13h14m

I’m sorry to hear this happened to you.

One cannot lay even a finger on another person, ever, let alone jostle someone just because they don’t like what they are saying.

It doesn’t matter if they are “security”. It’s assault and battery just the same as if I shove grandma out the way to get to the bus!

bingo-bongo
0 replies
12h14m

I think it’s so amazingly awesome that you just went outside and held an unofficial talk!

Read your blog/article about the badge project yesterday and it was such a good read, even for a not-much-of-a-hardware-guy like me.

romwell
0 replies
11h43m

This is Dmitry Grinberg[1] some of whose absolutely amazing projects (like, running Palm OS on other devices) have recently gotten some traction here on HN.

(In particular, he managed to get Palm OS running on the badges in question).

If there's one person whose credibility I wouldn't doubt on those matters, it's him.

[1] https://dmitry.gr

dmitrygr
7 replies
13h49m

It also runs PalmOS. I published images for that.

markus_zhang
6 replies
13h37m

I heard they didn't pay you in full. This is so sad. Why did they do that?

gryfft
3 replies
13h20m

Why did they do that?

I'm confused by the rationale of questioning the OP about someone else's motivations.

qmarchi
2 replies
13h16m

Yes and no, they may have been informed in a non-public setting on _why_ DEFCON has refused to pay.

DEFCON themselves is likely to not state a reason publicly, so getting a "here's what I was told by DEFCON" is likely the closest thing that we're going to get for an answer.

gryfft
0 replies
12h54m

I read it as tinged with the implication that the wronged party must have done something to deserve it. In retrospect, perhaps I was being too sensitive.

dmitrygr
0 replies
12h59m

Even if they don’t pay, removing credit for work done is NOT ok. Work was done. Badge exists. Entropic made it

geerlingguy
0 replies
13h19m

I believe the hardware designer was stiffed (according to some threads on Twitter)? There doesn't seem to be a summary of what happened anywhere, but from the reactions I've seen, it looks like DEFCON didn't pay a vendor for badge hardware, and the firmware has an easter egg showing that vendor.

Not sure why the dragging off the stage happened.

dmitrygr
0 replies
13h11m

I worked for free. They didn’t pay hardware vendor (guys who made the physical badge) and removed their name from plastics and invitation to talk

numpad0
0 replies
12h59m

Put aside the fact that that’s awesome, that doesn’t sound like the safest thing on Earth to contract out.

jmprspret
2 replies
11h18m

Is there a non-twitter link? Blocks me because I have DNS adblock+using mobile browser.

swores
0 replies
11h7m

While it doesn't show you any thread context, for media tweets like the video one linked if you paste the URL into a site like https://savetwitter.net/en it will spit out the video file to watch as well as telling you the text of that tweet (although, testing it with that tweet on my phone just now I had to select the title and paste it elsewhere to see as the page truncated the visible amount to fit phone width).

UberFly
2 replies
9h59m

Looked the opposite of aggressive to me. Smiles all around.

rcxdude
0 replies
9h25m

He's being carried off. He's only smiling because of how ridiculous it makes the organisers look

peterpost2
0 replies
9h25m

He is rudely forced down a stair. That could have gone very wrong.

CodesInChaos
6 replies
11h10m

IANAL, but I'm skeptical that Dmitry's interpretation that Defcon has no license is correct. It sounds like Dmitry sent them firmware images with the mutual expectation that those will be used on badges, and they invited him to the Badge talk which could be considered consideration. That should constitute a contract, either verbal, or through concludent acts. This should give Defcon the right to use Dmitry's on the badges, but not modify it. So legally the whole thing would probably be considered a contract dispute, not use of unlicensed software.

Defcon will probably argue that including the easter egg was some kind breach of duty of Dmitry's part, and gave them the right to remove him from the talk, and modify the firmware to remove the easter egg. My expectation is that courts would decide that Defcon has the right to use the firmware, but will require them to pay some kind of compensation for not living up to their side of the bargain.

kaliqt
2 replies
10h57m

You can rescind license to use the software if you haven't been paid consideration, you do not and should not have to wait for a court to say so.

SR2Z
1 replies
55m

This is a silly take. Unless there was a contact written down, DefCon gets to remove this guy for any reason or even no reason.

The incentive to not do it is because it makes them look like power-tripping maniacs, which is what happened.

I've never been to the conference but now I think I'll never want to go.

olliej
0 replies
39m

Um, removing a person who’s giving a talk is a completely different action from the distribution of (potentially) unlicensed software.

DEFCON may well have many reasons and legal recourses to stop a talk from occurring. But if they do not meet the terms of the contract for the IP, then the author/developer/manufacturer is entirely free to pursue action against them.

Now it’s possible the developers had not watched Mike Monteiro’s “fuck you pay me” talk (https://creativemornings.com/talks/mike-monteiro--2/1), but assuming that the claims in this tweet are remotely accurate you can bet that - assuming they can get someone to do it at all - next years defcon badge will be produce by someone with a contract that has the only sane language: “no transfer of any IP or right to distribute occurs until receipt of full payment”

robxorb
1 replies
9h35m

IMO the thing that may matter most here is the PR effect on Defcon. It's the badge - every attendee takes this thing home and engages with it. It's a talking point, memento and representation of the spirit of the conference.

That's an unmitigated PR disaster for Defcon. It doesn't matter to this who was right or wrong or what laws were broken, even if somehow all legally ended up in Defcon's favour, the damage to the brand is huge, enduring and set aside from those issues.

To address this, whoever at Defcon ultimately actioned this series of events should be held to account, for this PR aspect, and the matter immediately and publicly handed to someone with an appropriate understanding of Defcon's culture & reputation.

madaxe_again
0 replies
10h5m

If including an Easter egg voids the contract, then they should also start a class action against Microsoft for frivolously including a flight simulator in excel.

yyyfb
3 replies
9h7m

Streisand effect strikes again

Option A: let the dude have his talk. Nobody hears about it beyond the walls of defcon. Move along.

Option B: uninvite and call security. Guy becomes instant personality on reddit and hn. I didn't know that defcon had become a shitty, small minded operation that abuses volunteer time and can't take an Easter egg, well now I do!

Well played...

threatofrain
1 replies
8h24m

I think this was going to blow up no matter what. Every single badge...

yyyfb
0 replies
4h59m

I'm pretty sure it would've stayed a defcon thing

katzinsky
0 replies
6h58m

I stopped paying attention a few years ago because their leadership was visibly heading in this direction.

It's always kind of frustrating to see programmers and other software people participating/defending that kind of thing considering logic is our whole game to begin with.

sneak
1 replies
11h24m

The same Defcon that allowed NSA director Keith Alexander to keynote.

I even live in Vegas now and I don’t go anymore.

sschueller
0 replies
9h24m

The event being named after a US military meeter to indicate how far away the US is from nuclear war should already be an indication.

There are some good people there but also a lot of people who do not care what happens with what they build and look away when it would be time to speak up.

nubinetwork
1 replies
8h6m

I've watched defcon and ccc a lot over the years... was this the first time a presenter has been physically dragged off stage?

the_biot
0 replies
7h4m

Stallman arguably was, one time at FOSDEM. Not over some disagreement, he just wouldn't stop talking and make room for the next speaker :-)

mvdtnz
1 replies
12h17m

This needs way way way way more context.

h0l0cube
0 replies
10h55m

Yep. Not sure why this is downvoted, but as an outsider to DefCon, I'm not sure what's going on here just looking at the tweet.

Firmwarrior
1 replies
11h54m

I feel like this is a good spot to mention that Dmitry's a friggin beast when it comes to engineering. As that Tweetster put it: "Dmitry is an insanely skilled dude. Easily on par with Carmack or Karpathy IMO. They almost had to delay the original Kindle Fire tablet because of a rare bug that all the king's horses and all the king's men couldn't fix in 6 months, but Dmitry nailed it in a few days"

Summary of the events unfolding by Sargonas on Reddit:

Maybe this will help with a listed summary of the known facts from first hands accounts. I am leaving gaps where there has just been speculation or second hand unverifiable information, and welcome anyone with first-hand knowledge of those aspects to comment below me to fill in the gaps. I'm merely presenting the facts as we have them from first-hand accounts (mostly from reddit and discord), without personal opinion or bias (hopefully, human nature is a tricky thing.)

Entropic Engineering designed and built the circuitry of the badges, physically. They were either only partially, or not at all, paid by DEFCON for this work, contrary to whatever formal agreement they had in place. (Other amazingly talented individuals create the silk screen design, the shells, and the game, but are totally removed from this drama so I'm leaving them out of it.) Subsequently, all references to them have been removed in various materials, and even one of their logos was removed from the silk screen. (apparently small one may be left under the battery? but I can't check because I affixed mine to the board to stop it's shifting.)

dmitrygr wrote the firmware for the badges as well

Somewhere along the way, Entropic was cut out of the process and left to the side by DEFCON in a way that left Entropic feeling burned and under/un paid for their non-trivial work (according to some comments below it is 6 figure sum, but this is second hand info).

Dmitry felt this was unfair, and put an easter egg into the badge code. This easter egg simply comments that Entropic engineered the badges, and had their credits removed everywhere, with an address for donations if you wish to support them. This was entirely Dmitrys doing as a gesture of thanks to the Entropic team.

This easter egg more or less flew under the radar until EoD friday.

Friday evening, after spending most of his day traveling to DEFCON and writing a 1.5 update in his spare time on his flight to fix some issues, Dmitry was up on stage with the other badge creators about to present the usual badge talk, when word of the Easter egg went around (likely due to him including some slides on his portion of the presentation about it.)

DEFCON staff had Goons escort Dmitry off stage shortly before the talk started, delaying the talk some.

during the talk, a comment was made about “unauthorized code“ being on the badges.

Dmitry setup himself on the sidewalk outside the hall, and basically held his own mini talk about the work he did and Entropics contributions.

At some point, LVMPD showed up. It is unclear to me personally who issued the call but second hand info says it was DEFCON staff. They noted Dmitry was simply talking to people (albiet nearly 100 of them) on a public sidewalk, outside a building owned by the county, and nothing was really amiss, and left shortly after.

Dmitry, in his (likely valid) opinion feels this whole situation has not been handled well, and since his code was written free of charge, without any signed agreements with DEFCON or consequently any rights assignments, has announced that he intends to assert his legal ownership of the code (which is his right under us copyright law). As a result, he will gladly issue a non-transferable right to the code to any attendee who asks him for one, but is no longer going to "turn a blind eye" to the fact DEFCON does not have a legal license to his code, and instead look into taking actions that are within his power to take to clarify their lack of ownership of the code on the badges. (I believe in discord he may have gone so far as to say DMCA, but I need to double-check.)

bearing this in mind this does add a curious wrinkle to the statement about “unauthorized code” from DEFCON given… The obvious.

lawgimenez
0 replies
9h45m

Thanks for the summary. Why was Entropic not paid or cut out?

znpy
0 replies
9h25m

I just read the timeline of events at https://old.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_...

Frankly… i’m not surprised. The whole industry is filled with this kind of fascistoid attitude now. Every organization takes any chance they can to silence opinions they don’t like (and this happens both left and right).

I see from the link above that the POLICE was called on dmitrygr for… speaking to people in a public space?

Really?

Defcon has gone from outcast meeting to full mainstream and interest-preserving. Kinda lost all of its hacker attitude, and this is proof.

raldi
0 replies
13h26m

Do you have a writeup or something? Twitter videos don’t really load anymore this year.

gexcolo
0 replies
1h25m

Am I missing something about how this story went missing from the front page? There is at least one story with less points posted 12 hours earlier that is still visisble there.

https://archive.is/dtRg2 https://archive.is/8HK5y https://archive.is/yk5uU

Is there any transparency that could tell us why this change was made?