I followed the link, and while there is a video of someone getting dragged off stage, I can't really verify the other claims.
But even so, dragging a presenter off stage is sus. And doesn't seem smart because even if the other claims are not true, I'm tempted to never attend Defcon if that's what they do.
Badge is a GameBoy emulator.[1]
[1] https://www.dexerto.com/tech/hacking-convention-uses-fully-w...
It also runs PalmOS. I published images for that.
I heard they didn't pay you in full. This is so sad. Why did they do that?
Why did they do that?
I'm confused by the rationale of questioning the OP about someone else's motivations.
Yes and no, they may have been informed in a non-public setting on _why_ DEFCON has refused to pay.
DEFCON themselves is likely to not state a reason publicly, so getting a "here's what I was told by DEFCON" is likely the closest thing that we're going to get for an answer.
I read it as tinged with the implication that the wronged party must have done something to deserve it. In retrospect, perhaps I was being too sensitive.
Even if they don’t pay, removing credit for work done is NOT ok. Work was done. Badge exists. Entropic made it
I believe the hardware designer was stiffed (according to some threads on Twitter)? There doesn't seem to be a summary of what happened anywhere, but from the reactions I've seen, it looks like DEFCON didn't pay a vendor for badge hardware, and the firmware has an easter egg showing that vendor.
Not sure why the dragging off the stage happened.
I worked for free. They didn’t pay hardware vendor (guys who made the physical badge) and removed their name from plastics and invitation to talk
Put aside the fact that that’s awesome, that doesn’t sound like the safest thing on Earth to contract out.
Here's a direct link to him being dragged off the stage:
https://x.com/dmitrygr/status/1822124650547257637
It's definitely somewhat aggressive. Way to burn bridges.
Is there a non-twitter link? Blocks me because I have DNS adblock+using mobile browser.
While it doesn't show you any thread context, for media tweets like the video one linked if you paste the URL into a site like https://savetwitter.net/en it will spit out the video file to watch as well as telling you the text of that tweet (although, testing it with that tweet on my phone just now I had to select the title and paste it elsewhere to see as the page truncated the visible amount to fit phone width).
Looked the opposite of aggressive to me. Smiles all around.
He's being carried off. He's only smiling because of how ridiculous it makes the organisers look
He is rudely forced down a stair. That could have gone very wrong.
IANAL, but I'm skeptical that Dmitry's interpretation that Defcon has no license is correct. It sounds like Dmitry sent them firmware images with the mutual expectation that those will be used on badges, and they invited him to the Badge talk which could be considered consideration. That should constitute a contract, either verbal, or through concludent acts. This should give Defcon the right to use Dmitry's on the badges, but not modify it. So legally the whole thing would probably be considered a contract dispute, not use of unlicensed software.
Defcon will probably argue that including the easter egg was some kind breach of duty of Dmitry's part, and gave them the right to remove him from the talk, and modify the firmware to remove the easter egg. My expectation is that courts would decide that Defcon has the right to use the firmware, but will require them to pay some kind of compensation for not living up to their side of the bargain.
You can rescind license to use the software if you haven't been paid consideration, you do not and should not have to wait for a court to say so.
This is a silly take. Unless there was a contact written down, DefCon gets to remove this guy for any reason or even no reason.
The incentive to not do it is because it makes them look like power-tripping maniacs, which is what happened.
I've never been to the conference but now I think I'll never want to go.
Um, removing a person who’s giving a talk is a completely different action from the distribution of (potentially) unlicensed software.
DEFCON may well have many reasons and legal recourses to stop a talk from occurring. But if they do not meet the terms of the contract for the IP, then the author/developer/manufacturer is entirely free to pursue action against them.
Now it’s possible the developers had not watched Mike Monteiro’s “fuck you pay me” talk (https://creativemornings.com/talks/mike-monteiro--2/1), but assuming that the claims in this tweet are remotely accurate you can bet that - assuming they can get someone to do it at all - next years defcon badge will be produce by someone with a contract that has the only sane language: “no transfer of any IP or right to distribute occurs until receipt of full payment”
IMO the thing that may matter most here is the PR effect on Defcon. It's the badge - every attendee takes this thing home and engages with it. It's a talking point, memento and representation of the spirit of the conference.
That's an unmitigated PR disaster for Defcon. It doesn't matter to this who was right or wrong or what laws were broken, even if somehow all legally ended up in Defcon's favour, the damage to the brand is huge, enduring and set aside from those issues.
To address this, whoever at Defcon ultimately actioned this series of events should be held to account, for this PR aspect, and the matter immediately and publicly handed to someone with an appropriate understanding of Defcon's culture & reputation.
It seems to have been Dark Tangent[0] (aka Jeff Moss), the creator and organizer of Blackhat and Defcon.
If including an Easter egg voids the contract, then they should also start a class action against Microsoft for frivolously including a flight simulator in excel.
Streisand effect strikes again
Option A: let the dude have his talk. Nobody hears about it beyond the walls of defcon. Move along.
Option B: uninvite and call security. Guy becomes instant personality on reddit and hn. I didn't know that defcon had become a shitty, small minded operation that abuses volunteer time and can't take an Easter egg, well now I do!
Well played...
I think this was going to blow up no matter what. Every single badge...
I'm pretty sure it would've stayed a defcon thing
I stopped paying attention a few years ago because their leadership was visibly heading in this direction.
It's always kind of frustrating to see programmers and other software people participating/defending that kind of thing considering logic is our whole game to begin with.
The same Defcon that allowed NSA director Keith Alexander to keynote.
I even live in Vegas now and I don’t go anymore.
The event being named after a US military meeter to indicate how far away the US is from nuclear war should already be an indication.
There are some good people there but also a lot of people who do not care what happens with what they build and look away when it would be time to speak up.
I've watched defcon and ccc a lot over the years... was this the first time a presenter has been physically dragged off stage?
Stallman arguably was, one time at FOSDEM. Not over some disagreement, he just wouldn't stop talking and make room for the next speaker :-)
This needs way way way way more context.
Yep. Not sure why this is downvoted, but as an outsider to DefCon, I'm not sure what's going on here just looking at the tweet.
I feel like this is a good spot to mention that Dmitry's a friggin beast when it comes to engineering. As that Tweetster put it: "Dmitry is an insanely skilled dude. Easily on par with Carmack or Karpathy IMO. They almost had to delay the original Kindle Fire tablet because of a rare bug that all the king's horses and all the king's men couldn't fix in 6 months, but Dmitry nailed it in a few days"
Summary of the events unfolding by Sargonas on Reddit:
Maybe this will help with a listed summary of the known facts from first hands accounts. I am leaving gaps where there has just been speculation or second hand unverifiable information, and welcome anyone with first-hand knowledge of those aspects to comment below me to fill in the gaps. I'm merely presenting the facts as we have them from first-hand accounts (mostly from reddit and discord), without personal opinion or bias (hopefully, human nature is a tricky thing.)
Entropic Engineering designed and built the circuitry of the badges, physically. They were either only partially, or not at all, paid by DEFCON for this work, contrary to whatever formal agreement they had in place. (Other amazingly talented individuals create the silk screen design, the shells, and the game, but are totally removed from this drama so I'm leaving them out of it.) Subsequently, all references to them have been removed in various materials, and even one of their logos was removed from the silk screen. (apparently small one may be left under the battery? but I can't check because I affixed mine to the board to stop it's shifting.)
dmitrygr wrote the firmware for the badges as well
Somewhere along the way, Entropic was cut out of the process and left to the side by DEFCON in a way that left Entropic feeling burned and under/un paid for their non-trivial work (according to some comments below it is 6 figure sum, but this is second hand info).
Dmitry felt this was unfair, and put an easter egg into the badge code. This easter egg simply comments that Entropic engineered the badges, and had their credits removed everywhere, with an address for donations if you wish to support them. This was entirely Dmitrys doing as a gesture of thanks to the Entropic team.
This easter egg more or less flew under the radar until EoD friday.
Friday evening, after spending most of his day traveling to DEFCON and writing a 1.5 update in his spare time on his flight to fix some issues, Dmitry was up on stage with the other badge creators about to present the usual badge talk, when word of the Easter egg went around (likely due to him including some slides on his portion of the presentation about it.)
DEFCON staff had Goons escort Dmitry off stage shortly before the talk started, delaying the talk some.
during the talk, a comment was made about “unauthorized code“ being on the badges.
Dmitry setup himself on the sidewalk outside the hall, and basically held his own mini talk about the work he did and Entropics contributions.
At some point, LVMPD showed up. It is unclear to me personally who issued the call but second hand info says it was DEFCON staff. They noted Dmitry was simply talking to people (albiet nearly 100 of them) on a public sidewalk, outside a building owned by the county, and nothing was really amiss, and left shortly after.
Dmitry, in his (likely valid) opinion feels this whole situation has not been handled well, and since his code was written free of charge, without any signed agreements with DEFCON or consequently any rights assignments, has announced that he intends to assert his legal ownership of the code (which is his right under us copyright law). As a result, he will gladly issue a non-transferable right to the code to any attendee who asks him for one, but is no longer going to "turn a blind eye" to the fact DEFCON does not have a legal license to his code, and instead look into taking actions that are within his power to take to clarify their lack of ownership of the code on the badges. (I believe in discord he may have gone so far as to say DMCA, but I need to double-check.)
bearing this in mind this does add a curious wrinkle to the statement about “unauthorized code” from DEFCON given… The obvious.
Thanks for the summary. Why was Entropic not paid or cut out?
I just read the timeline of events at https://old.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_...
Frankly… i’m not surprised. The whole industry is filled with this kind of fascistoid attitude now. Every organization takes any chance they can to silence opinions they don’t like (and this happens both left and right).
I see from the link above that the POLICE was called on dmitrygr for… speaking to people in a public space?
Really?
Defcon has gone from outcast meeting to full mainstream and interest-preserving. Kinda lost all of its hacker attitude, and this is proof.
Do you have a writeup or something? Twitter videos don’t really load anymore this year.
Seeing as you’re in the thread Dmitry, what was the Kindle bug referenced here? Sounds interesting.
Am I missing something about how this story went missing from the front page? There is at least one story with less points posted 12 hours earlier that is still visisble there.
https://archive.is/dtRg2 https://archive.is/8HK5y https://archive.is/yk5uU
Is there any transparency that could tell us why this change was made?
I can verify. I was the one dragged off. I wrote the firmware for the badge. All of it.
Can you please explain the timeline of events here?
Edit: someone summarized it better: https://www.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_...
Approx:
Entropic is engaged to make hw. I am asked (unofficially) to do sw.
Entropic works for free but does charge for parts and subcontracted stuff . Eventually defcon stops paying. Entropic is uninvited from badge talk. Their logo is ground out of plastic case. Their logo hidden in publicity photos of pcb.
Tempers are high. I implement the Easter egg. This is months ago cause thats how long one needs to pre-flash chips.
Time passed. Defcon still working on their game last moment. They had volunteers reflash badges cause they didn’t make the real pre flashing deadline. I forgot about the screen entirely more or less.
Day of con. I spend all day helping debug badge issues. Push updates. Help people. Even pushed an update from plane on way to con to fix some things.
Badge talk time. Half an hour before defcon tells me no talk for me cause someone found the Easter egg screen and they are pissed. I show up anyways since it was promised.
I get dragged off stage.
I hold talk outside answering questions.
Next steps: I have no contact with defcon. They never bothered to. Normally: who cares? I get to talk, people get to play with badges. Nobody cares.
But… I got kicked out, and… they have no license to my firmware they are distributing. Likely DMCA notice.
Man. I've never been to defcon, but it's been more than a passing curiosity ever since the first real announcement[0] crossed my BBS in '93.
And recently I've had a string of bad, unalterable, and irrevocably-permanent events occur in my life. And yet, I'm very pleased to say that your write-up on your experiences with the RP2350[1] presented a small but meaningfully-positive thing for me to look forward to.
Please be well -- and don't take any guff from these swine[2].
[0] https://media.defcon.org/DEF%20CON%201/DEF%20CON%201%20annou...
[1] https://dmitry.gr/?r=06.%20Thoughts&proj=11.%20RP2350
[2] https://www.barnesandnoble.com/w/fear-and-loathing-in-las-ve...
Defcon is a waste of time. Nerds pay walled from their friends.
Is blackhat more serious and better?
Blackhat is even more of a pay-to-play corporate event.A few years ago, someone paid to do a talk on time traveling crypto and the CEO of trail of bits(iirc) stood up and called him out on the spot over the nonsense tech.
Defcon has a lot more grassroots stuff, but it's grown to a size that it cannot avoid the corporate BS anymore. It's probably one of the biggest and most disruptive conferences in Vegas, venues don't like having 1000s of hackers hanging around slot machines.
Maybe they should just move away from Vegas. I don't know why people choose that spot. Why not some place with better view?
A friend said "getting out of vegas would mean losing half the point of going to bh/defcon (which is getting your company to pay for you to go to vegas)"
Why’d they be pissed about people donating money to the people they didn’t want to pay :/
I just don’t see how they lose anything there (or rather, don’t see how they lose anything there that they lose a hundred times more of by their actual actions, namely reputation).
Every niche convention either stops existing or transitions into a business that slowly gets rid of all the fun stuff that created it in the first place.
The CCC congress is still going strong, but it wouldn't work without the many volunteers and non-profit CCC behind it.
Hackers themselves became corpos- or worse work for the intelligence agencies.
Cop mentality.
You left out the part where the "Goons" physically touched you, and forcibly removed you from a location against your will. The "Goons" have no authority to carry out such an act. And there's video footage. Congratulations on winning the lawsuit!
"and forcibly removed you from a location against your will"
Not saying they were morally or ethically right, or smart to do this at all - but legally there usually is a right to remove a unwanted person from your stage with the help of your own security.
Yeah, pretty sure if you’re asked to leave an event and you refuse, they can have you escorted out even if you dig in your heels.
They do have the authority to do that. They ask you to leave. If you say no then you're trespassing and can be physically removed.
How do you think bouncers work?
Time to make your own Defcon.
With blackjack. And...
With black hat*
Which black hat, and webhooks!
....I mean, you're already in Vegas, so...
If that’s true, crucify them for piracy. Why would DMCA apply here?
They are Illegally distributing copies of my firmware on their badges
If they don't have a licence to distribute your software, it's plain copyright infringement. The same as selling photocopies of a book.
The DMCA criminalises breaking DRM, or providing tools to do so, such as distributing a tool to remove the DRM from an e-book.
The Digital Millennium Copyright Act also does have provisions related to copyright infringement, not just circumvention devices.
did they end up paying Entropic in the months that passed ?
No. But beyond money, the credit hurts more. Having your company name scratches out of plastic molds is … oof.
this is some pretty ugly stuff.
If you are in contact with any of the Entropic folks, maybe point them to this or the r/ thread so that they can provide more context.
Ah, defcon drama! Old ones used to be much better anyway.
The ninja badges even had games you could play where you fight other users if I recall correctly. (Mid 2000’s?)
One part of me wants you to DMCA the living daylight out of them. The other part is currently seeding torrents and thinks copyright is kinda dumb. Anyway, shitty thing to do by the defcon people.
I have been giving out licenses to the firmware to anybody who asks in the unofficial badge hacking discord. :) also my signature on the badge acts as a nontransferable license to the firmware in source and binary. i signed maybe a thousand today at my unofficial talk outside after i was dragged out.
Commercial copyright infringement has a per instance statutory minimum.
Demand the minimum for every badge distributed — as even if you later provided licenses to holders, DC had no license when distributing the copies as merchandise at their for-pay event.
Thank you for the clarification, Defcon has some explaining to do given they make good money on the con. Things have definitely changed.
Wild, but not surprising. Heard a lot of bad stuff from the village heads some years ago already about DC organization.
OK, everything aside, thank you for your absolutely amazing work and the inspiring writing you do about it!
Reading about rePalm has changed my definition of what monumental effort looks like.
(You should absolutely add that you managed to get PalmOS running on the badges in question!)
Sounds like a fiasco. Have to wonder why parts and subcontractors aren't getting paid
https://old.reddit.com/r/Defcon/comments/1eoe4u7/so_the_guy_...
Oof, Defcon organizers even SWATted him?
Come on. Calling the cops is nothing like Sweating.
It's SWATting when you try to pit the cops against innocent people.
I don't think so.
When people get SWATed, usually a fake call is made, were the police are told that a murder was already committed by the caller and that we will kill everyone on sight. Thus the police expect real danger, brings the big guns and their trigger happy attitude, kick the door in and are more likely to kill the victim.
It's not SWATing if the police come to handle a disturbance. The SWAT team need to be deployed for a SWATing.
Anyone could have called the cops too. A gathering of 100 people can make people nervous. But I wouldn't be surprised if Defcon called them too.
It sounds like they called the police, that is not swatting. Swatting is a specific tactic where you abuse the minimal training and disposition to violence of US police forces to attempt to murder people by reporting that they’re armed and/or threatening violence.
Claiming the calling the police on someone is swatting, even though US police routinely execute people unprovoked attacks, is not swatting. The difference is the intent - the intent of swatting is terrorism and murder.
Yeah, after some more digging, it does appear to be you.
I do wish I had more context from the video, but at this point, it's getting hard to imagine any good reason for Defcon to do what they did. Assuming that you weren't threatening someone in the audience or something like that. Doubtful, from the way you've been talking.
Anyway, it looks like good stuff. Wish I had some Game Boy games to try it.
Why is it up to you to determine who is telling the truth? Why do you need to dig or investigate?
Anyways, just seemed odd.
I would counter that by asking why would any of us not want to dig or investigate claims and assertions made in 2024? It’s hugely important to approach life with a critical mindset these days, and something we should all be doing.
I don't think that's how he meant it, but rather that we all need to read/watch and evaluate credibility on our own, because this is the internet.
You always trust what someone on the internet tells you?
I threatened nobody.
Yeah, I hope it was clear that I don't think you did that.
Nice work keeping the easter egg spirit alive. How would one trigger the easter egg?
I was at this talk, someone (you I guess) left at the beginning of this talk. To the audience it was not clear what happened,
I’m sorry to hear this happened to you.
One cannot lay even a finger on another person, ever, let alone jostle someone just because they don’t like what they are saying.
It doesn’t matter if they are “security”. It’s assault and battery just the same as if I shove grandma out the way to get to the bus!
I think it’s so amazingly awesome that you just went outside and held an unofficial talk!
Read your blog/article about the badge project yesterday and it was such a good read, even for a not-much-of-a-hardware-guy like me.
This is Dmitry Grinberg[1] some of whose absolutely amazing projects (like, running Palm OS on other devices) have recently gotten some traction here on HN.
(In particular, he managed to get Palm OS running on the badges in question).
If there's one person whose credibility I wouldn't doubt on those matters, it's him.
[1] https://dmitry.gr