Seeing a little chatter like "are you deleting comments" and "does Deviant believe in censorship" etc etc. I can tell you that 99% of the time that a comment disappears on my channel it's because the original poster took it down (or the algorithm is doing things I don't control... don't ask me how "hidden comments" work on TH-cam, I don't have any insight) But while I'm pretty clear that if someone is coming to my page with a crap attitude that I don't lose sleep over deleting/blocking if they post negative bullshit, that hasn't been my approach here. In fact, I believe others are pointing out screenshots, etc, of comments that were present and then were edited or deleted by the authors. I personally can't keep up with those rapid changes and am not the top authority on what is or isn't going on down here in the comments. But, naturally, if someone is spewing hate or being an insufferable jackwagon, try to let me know and I'll always do my best to address that.
I haven't removed my comment but I can't see it publicly when not logged in. It could be hidden by youtube or something so I'll try it as a reply. These are points that I've seen that I didn't see you bring up so I thought they could add to your perspective. Talking to other badge makers, this drama seems to form a pattern for defcon. You can look to defcon china badges, or SAOs made for defcon from other makers. I think what made me mistrust defcon's story the most was at closing they said everyone that was banned was due to sexual assault or unwanted touching. And that other people were kicked but they are welcome back next year (that makes sense, kick the guy and let the drama blow-over). Then they banned dmitry from discord and seemingly the conference. So either their transparency report was a lie or something else is going on. Plus how can defcon claim he added "unauthorized code" to code he was writing, and that someone else chooses to use (or steal from dmitry's perspective). From dmitry's story they didn't have a license to use his code so defcon is running unlicensed code then complaining about what it contains. And he continued to write more code for free fixing the sdcard issue and others without compensation. They agreed to publish all communication between defcon and them, but defcon has not. Now maybe they should publish it now, but that's still a strong statement. And lastly they even agreed to donate the money they claim they are owed to someone's education which is nice if they ever get paid.
the rules for youtube hiding comments automatically are not even the same between accounts. my account is flagged as a shit poster basically, and i generally can't use any curse words in any context, or write any comment that is too long or it will automatically hide my comments. lol i'm like youtube's town drunk i guess. this comment will probably be hidden, and its too annoying to figure out why so i just stopped caring. no one reads my comments 99% of the time anyway so who cares
Hi, I'm the guy running the impromptu "badge help desk" in the Hardware Hacking village all weekend! An important clarification I wanted to make: the 1.5 firmware that I (and several other compatriots around the show floor) were flashing to hundreds of badges over the course of the weekend was made by the original developer of the firmware, Dmitry. He wrote it on his flight in, and distributed it via discord to everyone. It was not coded by "Bonnie" or anyone else affiliated with DEF CON, but by Dmitry as a good-faith effort to resolve 11th hour issues from the plane before he even got here.
@@arthurmoore9488lol what you're even replying to? "Communication breakdown" doesn't even start describing the Devcon's screwups. Read the room, Deviant is just defending his friends
This reminds me of when the American Hockey League had some sort of falling out with their main app developer a few years back, and one of the employees still had the API keys to send push notifications out to every single device that had the app installed. Getting a notification that said "We are still owed money" or whatever it was is a surreal moment.
Day 1 of DEFCON I had a similar thought about the buttons! Went home (local to the area), designed and printed a pair of D-Pads, and handed them out to anyone who found me at the con! SCAD file is up on the badge discord for anyone interested!
Sorry Dev, I've gotta make some counter points on your take on things here. I would say your description of it as "adventurous" is being quite charitable. First, I said last year that even as a first timer it's pretty clear that kicking off the badge project in January is simply not soon enough. While I realize that starting earlier may have meant that the RP2350 wasn't available, or even possibly unveiled yet, I think the timeframe could've solved a lot of these issues, or given enough breathing room to make it work better. They screwed the pooch on it last year, and that was a hunk of plastic. They came up with excuses for that, too, and again, blamed vendors then. It's irresponsible on DC's part, especially as a company - because they are a company that makes money from the running of the con - to put that project into such a short timeframe. That goes doubly so when intentionally working with small companies based on already marginalized communities used to shouldering extra work to make up for others' failures. Then to issue a post with potentially slanderous accusations is just pure bullshit, doubly so when it's lacking any serious detail. You can put out a placeholder saying "We're working up a detailed response, but it wasn't us!" but just going "And not only did they fuck up, but they tried to screw us" is not a good look. Even if what you're saying is the core truth, these were details that they did not include in their statement, and details can help a lot with lending credence to what they're saying. People were already unhappy with last year's badge - the issues, let alone the design which I don't think is fair - plus the massive spike in ticket prices, and then this year the change in venue, plus the complaints about how volunteers are treated. There's one core constant here - the DC team. Even if they're not at all at fault in any of these issues, it's a bad look, and while nerds have a problem with communication, they've had 32 years to figure that out. Just like starting the badges earlier. As to Dmitry's being removed from the stage, he definitely admits openly that he wanted to be physically carried out, and he said for their parts, the goons were having fun with that. They said they never got to do that and thought it was a fun idea. You can clearly see Dmitry mugging it for people as he's being dragged out. It was a good time for all, aside from the part of not being able to speak and DC's unclear communication on his status thereafter. All this being said, I appreciate all your detail here and added backstory. I know you're a very reliable narrator in general, especially with your inside access to all this stuff, and as a business owner who can be "adventurous." As I said in the reddit threads, if there's one thing we know about the hacker community, we have had more than a few people with serious personality issues and maybe more than a bit of persecution complex. Dmitry certainly threw up a few flags. But I feel that EE still got screwed a bit here, and DC responded poorly to a problem largely of its own making at nearly every turn. So hopefully the DC folks take some serious lessons from this, and actually properly implement them for that matter.
This. Not really sure why the same group of people who couldn't cross the finish line properly last year were put in charge of an even more complex badge this year. Or why it's even a question of who's to blame at this point. I literally would've expected something to not work out based on spinning the block with the same folks alone
Man, "Con Crud" was a major thing even before covid added to the mix. I'm not sure there will ever be a con I want to go to enough to put up with the illness transmission prevalence.
I intend to keep wearing N95 masks for every convention, even if they’re not required, because so far they’ve helped me avoid getting con crud since covid started. But granted, that probably wouldn’t help with a stomach bug from poorly handled food!
it looks like a mess. as far as I understand defcon always wants things on a very tight deadline, and stuff doesn't always work out. They should fairly compensate the contracted company and both parties should be amicable
I think that most folk would consider your position there to be reasonable... where things get sticky, especially in business, is that if two parties have different opinions on what constitutes "fair compensation" this can engender a lot of discord. Having really well-written statements of work and service agreements is the best plan but unfortunately sometimes communication breaks down and steps get skipped if people are under pressure.
@@DeviantOllam totally get that. It would probably just be good for defcon to be publicly seen to be acting in a forward and good faith manner. Even if the other party still disagrees.
@@DeviantOllam Right, but doesn't it mean that it is more than on DC's end that they didn't have those appropriate contracts in place? As I said in my other comment, they've had 32 years to figure this out. I don't know if EE's folks are even 32 years old, lol! Plus, if DC does do that legwork, they can be the responsible party and help teach the folks they work with how to be better companies and create a healthier tech ecosystem for all. And yes, I really do think they bear that responsibility.
@@ncc74656monly problem with that is; A lot of companies and individuals aren't willing to be taught anything, especially if they're attempting to get 'known' for whatever speciality they're doing. Now, THAT falls down to experience in NEGOTIATING and COMMUNICATING. Adam Savage talks about this kind of thing a lot in his Viewers Questions from his point of view as a 'Maker'. I don't know the ins and outs of the particular story you're covering here, but it seems to be the same kind of problems. Glitches always happen with new designs, and alterations have to be made. So the final costing should be AT LEAST Double what you expected it to be without any alterations. If they only budgeted for a perfect design where everything worked with say 10% added cos it was an estimate, then the initial fault was with those who made that budget. Before anything else was agreed, the manufacturers and production coordinators should have said 'Hey, we think you have under budgeted for this project and we need it to be At Least X before we feel comfortable to start production'. That's called NEGOTIATING and both parties need to be REALISTIC. Then there's the added consideration of how much money your visitors are willing to pay for that 'badge'. If that doesn't add up, then the negotiation should change to 'ok, we'll what CAN we do for that amount'. (Such as just the casing and access to the code for the PI -like a project starter as the badge with everything else available to buy later)
Was still an amazing show after recovering from the drama of being booted from Caesar's and still pulling off an amazing conference. very grateful to be able to attend every year.
My reply to another comment got deleted, so I'm posting here. I'm really trying to come in with the best of intentions, is there some huge piece of information that we're missing? Who else wrote the firmware? The situation starting with Dmitry getting kicked off stage (consensually dragged for theatrics, as you've said) and Mar saying he was "some guy who was tangentially involved" about the guy who wrote the firmware gives DC a bad look. When did the info booths start flashing badges? I know community members started flashing their own badges with Dmitry's 1.5 update as soon as it dropped at 10am on Friday morning, and some continued to update badges for literally the entire con. What was Bonnie's fix/where can I find her update? When I asked a goon where I could find the firmware so I could flash my badge myself and not wait in line, he told me to go to reddit or discord and get the one Dmitry posted, and that was on Saturday. Were the info booths supposed to be using Bonnie's code?
@@0xEA61E I find that interesting, because hundreds of attendees came to my Badge Help Desk I was running in hardware hacking village, who all told me "the NFO goons said to come here for badge flashing?". I even went by the NFO desk and thanked the goons for sending folks my way, and they gave me some treats for being such a good sport about it. I never saw them flashing there, to my knowledge.
I have counterfeited several DC badges (my real badge stays in the hotel room). Last year was funny though. I went to the Kinkos and they refused to laminate the badge. I misunderstood them as I thought they wouldn't laminate it because it was plastic and they didn't want to damage their machine, so I made a paper version that they also refused to laminate because it was a con badge, so good on them for playing security when they don't have to. I brought up a cheap laminator they were selling along with the envelopes and they helped me out by saying they also sell a self-adhesive version, so that saved me about $35 along with having to bring a laminator home. My favorite counterfeit though was several years ago when the badges were the shaped quartz things and someone made a goon badge by getting a urinal cake.
Was my first defcon this year was so much fun. Saw you but sadly had wayyy too much anexity to come up and say hi. The badge stuff was pretty nuts. Though bugs wise was happily pretty easy to fix flashed some people’s badges as I was dancing 😂. Had a blast am 100% coming back next year though next time with a bag of stickers and maybe my own badges to give out if I have time to make a design. Dimitri even flashed a few of my friends badges before he started hanging out on the side walk. At least to me I didn’t see it as to big of a deal even with the bitcoin address just because it’s hidden like I’m not even sure how to even pull it up. Now if he had it so like after the second day or defcon it would always pop it up on boot for 10 seconds or something then I’d be pissed. Other thing I’m confused on is what his affiliation actually is since from my understanding he was just a full on volunteering coding it for free and not part of entropic but every article I hear calls him something different.
Awe, please consider this my explicit permission to you to come up to me next time you see me and say hi. Sometimes I'm moving kind of fast and I might need to keep walking in the same direction that I was going, but you're always welcome to walk with me for a bit so I can get to know who you are and where you're from and what you're enjoying
Not speaking to right or wrong, but it's visibility needs to be viewed in context I think. At Traveler-Con it might be a rarely seen, deeply buried easter egg. At DC it might as well have been a boot screen.
I've had a lot of friends that have gone to DefCon for well over 20 years. I always look forward to hearing the stories about rager parties and stuff getting hacked... I think my favorite story was from the year someone hacked the hotel's lights and was turning them off and on during a talk.
I'm so sick of the toxic people in the security community. I don't care who technically is in the right or wrong here, DC organizers DID wrong and there's permanent reputational damage from that, they have more money and resources than that guy does. The takeaway I got from this story is to get payment up front if you're going to do any work for these guys.
at the very least, this highlights why projects (even projects undertaken during crisis and compressed time tables) should have a contract or statement of work that clearly spells out at least the bare minimum such as (1) what the goal is (2) who is responsible for what things (3) who owns what resultant works and IP if people can't get move fast enough to get that together, that might mean not doing the project
@@DeviantOllam DC refused to sign contracts that EE sent them multiple times. So yeah, next badgemaker should make sure to keep from being stiffed from money and credit to have a contract signed. Or it's up to DC to make rubber badges again.
@@kaeli if that is how it unfolded, it makes me think EE will definitely exercise greater caution in the future... and most other entities will be learning this lesson by observing what's happening, I expect
just finished this video and thought it was pretty well explained fwiw. Deviant included some stuff that i had not seen or heard before (e.g., removal of the teams access, etc). while it may not have addressed every single claim i had personally seen on this, i feel like it is pretty fair and complete based upon everything i saw and digested as it was happening in real time
Defcon put out a semi-official statement on Twitter, for those interested. Also, I was really hoping to meet you, it was my first time being able to go to Defcon, but didn't see you when I stopped by the lockpicking village. Maybe another time! I appreciate all your videos, (and especially as it relates to Defcon,) the hotel thermostat video, and the preparation video.
I think the claims of scrubbing of Entropic's logo off the PCB is noteworthy (if that's truly what happened, seems to be more about the case) and I didn't hear any mention of that, although I could imagine valid reasons if they are no longer contracted, but if it is their hardware design work they should have rights to have their logo on it if they don't want it removed, but otherwise it makes it look as if DEFCON didn't want people to know about it. (Poor Optics) I don't see any issue with additional screens for credit as long as functionality isn't harmed, asking for donations is a bit much, but ultimately harmless. I just find it moderately funny that a hacker conference can't handle some very minor disruption. As far as the talk is concerned if he was truly going to go off the rails I could see it being an issue for the conference, but there could have been still some quite interesting talk aside from the easter egg about the technical details that we won't get out of it which is disappointing. If his only goal was to cause disruption pulling the talk is reasonable, but there's plenty of neat things to talk about as well and that could have been just a footnote.
A lone individual asking to be paid for their work by a bunch of obviously wealthy, mostly white people who paid $500 for a ticket along with a trip to Vegas just to party for a week? Illegal.
There's been a lot of they said / they said on the topic of "removed logos" but here are the facts to the best of my understanding after speaking with loads of folk and reading lots of things (and you all are free to give whatever weight you wish to my words here, based on how much you know of my connections to the community) Entropic's logo was added to the circuit board (and at the time of badge production remained on the PCB) because of their contributions to that element of the badge Entriopic's logo was also planned for addition on the plastic outer shell of the badge as a courtesy mention, but by the time the badges were going into final production Entropic had already separated from the project and therefore including their logo on the plastic shell (a component they didn't directly work on) was no longer necessary. Adjusting the mold shell to no longer have a debossed logo where was one previously planned is an easy tweak and that's why the outer clear plastic doesn't have their logo, even while the inner circuit board still does.
@@DeviantOllam yeah definitely seems reasonable to keep if off the shell if they're not really working with them anymore, I do wonder how many hardware changes came after the termination of their work, but I imagine the physical PCB credit would definitely have to be something that should have been worked out in their contracts and high speculation seems like a lot really wasn't as fleshed out there as needed for things to go smoother. Imagine some lessons will be learned there on both sides of it.
@@illiteratebeef yeah I heard it both ways but it looks like they still had a relatively hidden (requires disassembly), but present logo on the PCB. I'm still 50/50 on the credit side of things, but that certainly should have been worked out before it became an issue.
@DeviantOllam hey Deviant, I met you just outside the LVCC. The 3D-Printing MakerSpace village was actually making buttons for the badge. They might have some files available. They were happy to share with people asking so I'm sure there is something available to the community by now.
Deviant, I saw some people posting on Twitter about some hotel forcibly kicking a bunch of people out or requiring (illegal?) room searches to remain on premises for Defcon this year. Did you hear anything about that?
Obviously I'm not Deviant, but I was at DEFCON and read about some people being kicked out as it happened and also met some. It was specific to the Resort World chain of hotels. People got their rooms searched for "hacker gear," but very few got kicked out. The ones who did were the ones that refused to cooperate with searches
@@Laura-dv3jkGod forbid someone refuse their have their privacy violated. I'll never stay on the strip. They treat you like cattle. Stay just off the strip and they treat you much better, like actual guests.
@@Laura-dv3jkis there some law in LV that you cannot posses hackers gear in a hotel room? Even one’s simple smart phone can be used as a hackers tool. Does that count? How about a laptop that has a hidden way of booting into Linux for access to hackers tools?
That was hilton/resorts world. Not illegal, it's their property and you agree to their TOS when you stay there. It was, however, not clear to guests what that policy was, and, Hilton was extremely braindead about enforcing their policies. Very clearly the people writing those policies and enforcing those policies aren't qualified to run an ipad, much less deduce what hacker gear looks like.
Thankfully i spent all my time leading up to DEFCON worrying I was getting sick, so my body didn't bother to actually get sick. Had a lot of fun at my first DEFCON, especially learning how to get out of handcuffs. Cant wait to come back next year!
I didn't attend, and maybe I'm speaking out my ass here. Censorship is bad. But that also doesn't mean Defcon has to allow Dmitri to speak as an invited guest at their own event. That's not censorship, that's the consequences of your own actions.
Censorship doesn't apply at all in this instance. Censorship is suppression or deletion of ideas that are objectionable, inappropriate, immoral, etc. (And it's not a bad thing.) They weren't censoring Dimitri, by my understanding of events. They didn't even violate his right to free speech. They simply revoked his privilege to speak in their private forum. Defcon isn't the government, it wasn't an open forum, and they didn't stop him from having an opinion or voicing it. They just said he couldn't do it there. Same as if someone started making racist statements in your home, and you asked them to leave. Regardless, censoring and suppression of ideas or dissent are similar, and the one can be construed as a tool of suppression of free speech, but I think that limited censorship is okay. Keep the kids away from sex, drugs, hatred, and violence until such a time as they're able to understand the concepts. Sorry, I'm a little high and currently bad at editing. 😅
I don't like to deal in blame, I like to look at how we fix it moving forward. One thing I've noticed and you touched on is how the hacker community has the ability to come together. Is there a way, in your experience, that we can turn the badge into more of a community project? Where would that conversation be taking place?
The one problem with that is that "community projects" tend to be ditched at some point by a lot of people and a handful of dedicated folks end up having to work OT to cover for it. This is already very much a conversation topic about DC with it struggling to deal with existing volunteer workload, etc.
@@ncc74656m Right, but the exact situation you just described played out with a professional firm and the community had to rally to get it over the finish line, so again, I ask why COULDN'T the community just take the project on from the start, keep it entirely in-house and open source? And also where is that conversation happening?
"Just Engineering talk" my reply would have been "what makes you think that the infosec/hacker/etc community doesn't know and understand engineering?" I would have thought that they were rude for that.
Now that it has been a while, does anyone know if there has there been a resolution between DC and EE (sorry if I missed an update elsewhere as I don’t use Twitter etc.)? I don’t care about the gossip or what not, but am just hoping EE ended up getting payed for work completed prior to the stop work etc. (if they were actually still owed anything as they claimed) 😊 I would just like to think there was a happy ending here where everyone calmed down after the fact and got together to work thing out (no lawyers required) 😊
@DeviantOllam Can you please share where you got the shirt you are wearing? My 8 month old daughters middle name is "Danger" and now I really need this shirt. I may also need a onesie in it if available and would much rather buy from the originator that just printing my own. thanks for all the persistently amazing content!
There is one thing about this whole debacle that sticks with me, and it's that DEF CON went out of their way to remove any credit to Entropic, which apparently includes modifying an injection mold. This would only have been acceptable if 100% of Entropic's design was thrown out, but this does not seem to be the case. This was a poor judgement on someone's part, and it does not seem to me that DEF CON is owning this particular mistake. I agree that Dmitry probably should have just left a short link to a statement or something and let people figure out how to support Entropic on their own if they wanted (Bitcoin is gross on any normal day after all), but I'm a little disappointed that you specifically aren't at least putting someone on blast for erasing credit. It's such a simple thing to own up to and apologize for and it's free. I also don't think we need to villainize Dmitry for being too enthusiastic about seeking justice for the deleted credit (this isn't directed at you, but rather the community). There's a lot to learn all around. If they wanted to show some goodwill, maybe publicly invite Dmitry back to the team next year (and of course, add a meme easter egg for the lulz, and get some folks to cosplay the ejection during his talk).
See the details in the doobly-doo... Entropic is mentioned on the PCB because they worked on that. They are not mentioned on the shell/case because they did not work on that, to my knowledge.
@@DeviantOllam unless I missed an update/retraction, and I may well have, I was under the understanding that they actually deleted the logos from the silkscreen when they took over the PCB design (and missed one). Fair they shouldn’t be on the shell if it’s not theirs, but it seems odd to go through the expense and risk of modifying a mold rather than keeping it and learning a lesson for next time.
@@DeviantOllam I think it is as well, but it’s under a component which makes it impossible to see without a desoldering gun, and the places the logo was on the PCB that was visible to normies is blank now. Or at least that’s what I recall when I saw the huge ass thread on Mastodon about it. And I get that it’s they said/they said and nobody has really provided receipts (like a dated silk layer from the EE software), which is itself sus.
@@ZiggyTheHamster on my non-human (vendor) badge it's clearly there between the cat ears on the back. Can post a pic but every time I try to post links on YT vids they disappear.
I didn't make DefCon, I was there a week earlier for Star Trek Las Vegas. COVID went around there too, but our crew didn't catch it. Was hoping to say hi to some of the DefCon folks before we left (we stayed until Monday), but didn't manage it this time around. Trying to get my company to send me to DefCon, but no joy so far.
- 01:03 🤢 The speaker caught a stomach bug during Defcon, likely due to food mishandling in Vegas. - 01:18 🎟️ The speaker mentions a significant incident at Defcon involving the badge, which sparked interest. - 03:02 🎮 The Defcon badge project aimed to create a Game Boy emulator using the Raspberry Pi 2350 chip. - 04:25 🛠️ The company Entropic Engineering was involved in the badge project, but communication issues led to complications. - 05:56 🤯 The Red Team Alliance faced similar challenges with their event, highlighting the complexities of big projects. - 07:45 🔄 Defcon had to make a tough call to stop working with Entropic due to budget overruns and miscommunication. - 10:10 💸 A hidden screen on the badge by Dimitri asked for donations, which led to his removal from the stage.
I came to a mostly similar conclusion as you dev after reading both statemwnts. But I've personally been in the spot that entropic or your contractors were. Sometimes it was very much my (the implementors) fault. Other times the mismanagement and miscommunication was all on the customer. People approving change of scope or work that didnt have the authority, or asking workers for expensive changes and bypassing the PMs. I've learned to never work on anything without rock solid requirements and an strict change order process. Something I doubt DEFCON has given their rocket speed pace on the badges. 6 months to design, code and print something as complicated as this is nothing short of a miracle.
DEFCON : "Silence those you dislike." I saw goons choosing to escalate with attendees multiple times this week. I did not enjoy this year very much and felt more like a product than an attendee. That said thanks for everything you do Deviant ❤
That's not what they were doing here, though. Even Dmitry openly admits that in the reddit threads. He said full on he told them they'd have to drag him out, and they were like kids in a candy store asking if they really could do that. It was a staged event on Dmitry's part for everyone's enjoyment.
It sucks that that happened to you with the goons ❤ I don't think it's all the goons though, and isn't super applicable to this situation. Dmitry himself has said that all the goons he interacted with were very polite and friendly, him getting "dragged" off stage was to make a point, it wasn't assault like some people are claiming
I get that, however I don’t see what's supposed to be entertaining about the situation. Was this a "mock" thing? Dude was still walked off stage in response to it all. Like.... you all act like this was a big guffaw... but they still walked a guy off stage for upsetting them... like... they still did the thing. Like... if they had pretended to walk him off and let him finish I could get the joke. But it wasn't a "mock" thing, DEFCON still silenced a speaker publicly this year in a non-criminal intervention because of personal politics. Like.... that's reality, all framework aside. Most uncool my homies.
@@GlobalistHero I still think it was extremely uncool that they didn't let him speak, but a lot of people are acting like Dmitry was roughed up or physically harmed -he wasn't. I just don't like the misinformation being spread about the physical process of him being kicked off stage. And it wasn't exactly supposed to be "entertaining," Dmitry wanted to make a point
I think I get that, but it is part of being at the LVCC and so many more people. Defcon is growing and it is good and sucks at the same time. I went to a popular PNW LAN party that went from a few hundred to a 1000 people or more in a short time. Had to go from a hotel to a full on convention center. It sucks, but also change needs to happen, or people get excluded. Look at PAX as well. It grep massively and is never the same. Right now there are growing pains, but the LVCC was a last minute fix after Caesars were being butts. Maybe next year the north hall will be available. Or maybe can go back to multiple casinos, but that may not work. It would be a HUGE pain in the ass, but just invading downtown and taking over every casino from the Plaza to the D would be fun. I just don't know if there is any convention space.
The bunch of FF's on the Bitcoin and Ethereum addresses really peaked my attention, the two addresses are not valid. I do not know if it is the actual addresses on the screen or someone just modified the images and my photoshop skills is just bad. It would be incredibly time consuming to brute-force an Ethereum address that starts with 8 F, but it would be almost impossible to brute-force a Bitcoin address with a bunch of F's at the end of the address that is rides on both the payload and the checksum (so you have to brute-force a payload that not only ends with F's, but that also checksum to a bunch of F's).
My thoughts: First, great video and open explanation about the matter. So, this kid shouldn't been approved entrance definitely not access to the stage. That is the easy way to handle situations. Defcon is the customer, they pay for a product and someone tampered with something that isn't his business and that is that.
I have no skin in the game (and no insight beyond what I've read), but this really seems like DEF CON being the bad guy here. First of all, Dimitry is an unpaid volunteer, and I assume under no contractual obligations at all. Putting a shoutout in (free!) work seems perfectly reasonable, especially as it doesn't even benefit him. Secondly, this reeks of a lack of planning on DEF CONs part. Wanting to use a pre-release part, in such high volumes, in such a short time frame AND being stingy with financial resources is a recipe for disaster. It feels like EE was chosen because they had stars in their eyes, and did it for "exposure" rather than financial gain. I'm sure bigger outfits either laughed at the timeframe / $$$ being offered, or quoted SOW way beyond what DEF CON was willing to pay. Instead, this little 3 person outfit (+ FW volunteer) decided this would be their big break. It doesn't take much for such a project to go off the rails (again: insane time frame, huge build, unreleased parts, limited budget...). Add to this any little things like the customer deciding mid-design "No, I don't like these LEDs, I want something with a better diffuser... how about you put the MCU *here* so that it looks more balanced? Are you sure those USB traces are good? Here, routing them like *this* would be better for SI...". Very quickly the project will go off the rails. To be honest, it sounds like DEF CON either didn't vet EE's ability to deliver such an aggressively risky project / didn't realize the true scope / micromanaged or kept adding changes / didn't even realize who owned what part (Who owns the FW? Does DEF CON even have a license to distribute it?). For them to be this petty is a pretty bad look. And frankly, some of it might even be legally actionable. Piracy (No licence to the FW / Dimitry actively saying they're not authorized to copy it) + defamation ("bad faith invoices") + contractual reneging (EE's name on the casing / unpaid bills).
Thanks for always having the best tea, love. 😘 Also, I would LOVE 3D printed covers for the buttons... if anyone sees this please link me! (My socials are in my bio) 🦄
I think the big issues are that: A) He should have stopped work. (And definitely not done the wallet address) B) DefCon should have made him stop work and not actively supported him carrying on. (Citation needed, but seems they did keep taking his patches) C) DefCon should have never promised a chance to talk at the event, etc. as part of the "payment" for the work. (Although he should have sought monetary damages for this missed exposure)
@@zoes17oh yeah ILUnicorn had loads of stickers and was giving money out. I'm actually wondering where the flag shows up in this video, by the way. Going to have to re-watch some things to see. But it's probably one of her stickers that you're seeing, yeah.
What bothered me about defcon's statement was a lack of ownership. It was their project, ultimately if that project doesn't run according to plan, that's on defcon. It's their job to manage it, full stop. That's not to say it wasn't warranted, probably was, but, it almost dying in a fire was their doing, just like them pulling it off by the skin of their teeth was their doing. Ultimately, ownership is what I respect in situations like this, and at best, partial credit.
That way, you must get everything in writing; unfortunately, you can't assume as it can bite you expressly in tight deadlines. Invoice everything; if you discount something, put in the contract that things are being discounted.
Having a donation link visible is not begging for money and I don’t care how much you paid to get in if the super cool badge was made by a company that did not get paid for their work and were not credited. And who gives a shit if there’s a tiny little screen referencing the company that actually built the product coded in by the guy who made the last-minute patch that saved the day.
I'm personally shocked at your mentioned of friction with queer and BIPOC people, especially given that Entropic's statement mentioned (I believe) that they were queer-owned.
@deviantollam Love the video and stories. I have always wanted to go to DEFCON but I can't afford it. My only income as a disabled USAF veteran is my disability compensation and it's just over $300 which is all taken by electric, water, and internet expenses, So I rarely have any extra money to be able to go anywhere outside of my house and Boise, Idaho. So I really love your stories and videos on what happens there at DEFCON, in fact I have seen your video where you talk at a DEFCON about keys/elevators, I think that's the one, but I've seen it so many times because I just love your stories. Thanks for all your hard work and thanks for being an ally to the 🏳🌈LGBTQIA+ 🏳🌈 community, we really appreciate it.
Write a contract. Sign that contract. From that point on both sides have obligations. Having spent about an hour reading all the relevant info, something here wasn't on paper. Entropic wrote a statement that just stinks, Defcons is a little bit better and the developer hasnt said anything meaningful.
Remember that the contract is only a piece of paper indicating that there was an agreement. The agreement is what you're hashing out in court, if you ever end up there, not the contract. If I email you and say I'll give you $1000 to complete a project, and then you sign a contract that says you get $500 to complete the project, and I pay you $500, I still owe you $500 as far as the law is concerned, and if you can prove in court you're owed more, and I can't prove you aren't, I'm going to lose that court case. I don't personally think we'll see litigation here, because at this point both parties have said way, way too much, but, it could still happen, and it'll be messy. That's why it's very, very important to have abundantly clear expectations on all sides with something like this, because messes are expensive and unpleasant.
@@jttech44 the brightest of red flags from Entropic's side is the statement that they continued to support the project 'for respect to the community' even after the stop-work order. To me this screams that they claimed something was already done but in reality wasn't.
you put your well on the left??? lol that's like eating a hamburger upside down. i put my well in the center sometimes, but the well on the right always seemed so natural. tetris is still one of the best games ever made
You know I usually would do it reversed but for some reason I didn't this time. I think maybe when I dropped the first block I meant to do it against the left wall but an imperfect button push meant I had an extra space there so I just went with it
there were comments that said dimitry asked to be dragged off stage. the video has no initial context. this led to others seeing strictly the video without audio & making assumptions about what defines "assault", etc without all the facts. tough situation there when it looks like a setup.
correct. he specifically coordinated with the goons about being removed from the stage as a performance for the cameras. the red shirts would not have gone hand-on without permission to do so like that, lest legal issues arise.
He did. He confirmed that on reddit. Sorry I don't have a link, but he said it was all in fun - not the situation, but being dragged off stage. He's even clearly mugging it for the camera. The goons thought it was a hilarious idea and loved it. I sincerely hope that the goons don't get in trouble for it, either.
@ncc74656m yea I really don't know why this is a point of contention for people though. Strategic unrest is still unrest, and I don't think the goons were doing "too much" (in this _extremely_ specific case). I care less about the fact that it wasn't organic/in the moment and more about why he felt compelled to do it
If hotels are giving people hassle, why dont they move the location of defcon to a different city or country even. So many people who wish to attend cant do so due the US refusing them a visa.
Just one hotel, resorts world. The rest were fine as they've always been. Also, even at resorts world, they weren't searching rooms outside of the defcon room block.
I have no doubt that Dmitry contributed software during various phases of this project. I also have no doubt that DEF CON's own cadre of experienced hardware and software engineers would have also been up to that task without outside help, if that's the direction the project had gone.
@@DeviantOllam The fact of the matter is: DEF CON's own "cadre" didn't lend any work towards the firmware. Only a single person did. The firmware/emulator was written for a chip that only a handful of people had exclusive access to.
@@DeviantOllam No one is claiming that Dmitry is the only one who *could've* done it, there are thousands of people of could've. The point is that he's the one who *did.* Unless I managed to miss a helluva lot during DEFCON (which is entirely possible), everyone who had their badge reflashed used Dmitry's updated firmware from discord or reddit. I even asked one of the goons doing the flashing where he got the firmware, he said from Dmitry. Many others others at the con and on discord worked to diagnose and fix the SD card issue as well. Lots of people went out and bought new SD cards and handed them out for free or sold them at cost. Multiple people advertised badge flashing and fixed hundreds of badges. I can say for a fact that swapping out the SD card and using Dmitry's firmware fixed the save and SD card issues. On engineering decisions vs the art team, I know how common it is for engineers to undervalue and dismiss the input/work of artists, and it sucks. I think some of that bias might be playing in here though. Having a deadline that absolutely must be met and a price point that absolutely must be met means that some features *will* be literally impossible. Maybe this wasn't communicated clearly, maybe it was communicated rudely, but engineers knowing that a feature is impossible due to constraints and the clients being unhappy about that is hardly unheard of. I have no doubt that Entropic miscommunicated, could've done better, etc. etc. But so far, I haven't seen any evidence that they've outright lied, but it does seem like DEFCON has. Adding "any issue of payment is between Entropic and Dmitry" to the end of their statement when they knew that wasn't either of their issues? Telling the convention at the badge talk that there was no updated firmware available/no known badge fix when there was? (source: I had my badge reflashed and fixed *before* the badge talk). When you say that those issues were getting addressed and that live updates were happening throughout the con... I only saw those updates in the unofficial discord and on reddit, I don't think anything was communicated officially from DEFCON (I could be wrong about this, maybe I missed something). Community members were flashing the badges before any info booths were. I'm really trying to come in with the best of intentions, is there some huge piece of information that we're missing? Who else wrote the firmware? I'd suggest that you join the unofficial badge hacking discord and read the messages yourselves. I'm honestly a bit disappointed you didn't do more research and talk to more of the people who were in the trenches before releasing this video.
@@DeviantOllam(My comment got deleted, removed some swear words and trying again) No one is claiming that Dmitry is the only one who could've done it, there are thousands of people of could've. The point is that he's the one who did. Unless I managed to miss a whole lot during the con (which is entirely possible), everyone who had their badge reflashed used Dmitry's updated firmware from discord or reddit. I even asked one of the goons doing the flashing where he got the firmware, he said from Dmitry. Many others others at the con and on discord worked to diagnose and fix the SD card issue as well. Lots of people went out and bought new SD cards and handed them out for free or sold them at cost. Multiple people advertised badge flashing and fixed hundreds of badges. I can say for a fact that swapping out the SD card and using Dmitry's firmware fixed the save and SD card issues. On engineering decisions vs the art team, I know how common it is for engineers to undervalue and dismiss the input/work of artists, and it sucks. I think some of that bias might be playing in here though. Having a deadline that absolutely must be met and a price point that absolutely must be met means that some features will be literally impossible. Maybe this wasn't communicated clearly, maybe it was communicated rudely, but engineers knowing that a feature is impossible due to constraints and the clients being unhappy about that is hardly unheard of. I have no doubt that Entropic miscommunicated, could've done better, etc. etc. But so far, I haven't seen any evidence that they've outright lied, but it does seem like DEFCON has. Adding "any issue of payment is between Entropic and Dmitry" to the end of their statement when they knew that wasn't either of their issues? Telling the convention at the badge talk that there was no updated firmware available/no known badge fix when there was? (source: I had my badge reflashed and fixed before the badge talk). When you say that those issues were getting addressed and that live updates were happening throughout the con... I only saw those updates in the unofficial discord and on reddit, I don't think anything was communicated officially from DEFCON (I could be wrong about this, maybe I missed something). Community members were flashing the badges before any info booths were. I'm really trying to come in with the best of intentions, is there some huge piece of information that we're missing? Who else wrote the firmware? The situation starting with Dmitry getting kicked off stage (consensually dragged for theatrics, as you've said) and Mar saying he was "some guy who was tangentially involved" about the guy who wrote the firmware gives DC a bad look I'd suggest that you join the unofficial badge discord and read the messages yourselves. I'm honestly a bit disappointed you didn't do more research and talk to more of the people who were involved before releasing this video.
good talk Dev! in hind sight, everything couldve been handled better.... but we also can all act like adults and move beyond stuff.. (or be like "cheeto man") and shut out the true problem makers and never give then the air again.... not a sexy answer, but it sends a message of "if you cross the Rubicon, this is the penalty", sucks for him that he tried to pull a fast one, but hey... cool project!
As far as the Dimitri thing Defcon seems to have Over-reacted and over-stepped. Unless his firmware addition contained bad code (Malicious- like a bitcoin miner) I don't agree with ejecting him from the con. He also wrote a patch fixing alot of the bugs that i believe was the ones the Goons were patching with ? The irony of patching code from the guy you just ejected is not lost. Was it a bit of a dick move probably. Part of that is on the lack of code review by Defcon as well. It was nice to see Defcon Finally step up to compete with badge makers like AND XOR and DC801 badges. Hopefully with more time we can see another great badge in the future unless the taint of snubbing Entropic Developers follows them.
@@DeviantOllam yeah I can't link it I think YT has some filters for that. I'm guessing an attendee made it. And printed it at the 3d printer that was on site.
@@DeviantOllam Well remember that for computer and human alike, downtime and preventive maintenance is mandatory for correct operation ^^ Stay safe and dangerous.
i'm with you, the bitcoin address was too far. i've actually been on both sides of a stop work, and i did leave a little present in my code, but it was a very obscure and harmless easter egg that won't even make sense to anyone who manages to find it. but i know its there, which makes me giggle lol. putting any kind of PII or begging for money in that kind of easter egg always comes off as really petty. if i remember my history right, doesn't the original Apple II computer have a very similar easter egg where someone left a little note about giving credit?
we have a house full of covid here, also at least one person throwing up--a kiddo, tho (only one part timer and a fulltimer at trash tier jobs.) sadly nobody went to DC
Oh look another: I am not taking sides, well sort of, but not really, I'm not being biased, but I am...blah blah blah. BS. So far no-one seems to be telling any truth or unbiased takes and/or views.
Deviant, you're just parroting devcon's statement. Unless you have solid proofs, you should stay out of this, since you are the interested party. I get it, you want to defend your friends. But in this case, the blame is obviously on devcon who clearly dropped the ball. They decided to take the obvious dumb risk starting the project so close to the deadline. They didn't follow the project closely, they decided to go willynilly with the contract, they screwed up with their communication. Your anecdotal comparison of entropics amazing engineering team with a bunch of incompetent construction workers is nuts. Your boot licking of devcon's team who "made this happen the last minute" is even worse. It was entropic team who designed EVERYTHING in record time and budgets. Devcon made the situation worse for themselves by firing them and having to deal with their own mess. This isn't a heroic save of the project, this is an attempt to improve their bottom line by screwing over the small business. The removal of entropics logo feels like a pathetic attempt to stay cool and save the face. When you talk about budget overruns, you state it as a fact. There aren't any proofs of that beyond devcon's words. According to entropic, they absorbed all of the budget overruns and billed devcon with hefty discount, just so they could ship the project in time and be compensated with at least the good publicity at the conference. Unless you have solid proofs (contract and invoices) you're just siding with your friends here. This isn't a good look, and you should take down this video until the situation plays out and the facts come out. Your attempt to discredit entropic by spreading FUD about Dmitry looks really desperate btw. I'm glad I skipped this year's devcon and I am sure as hell won't be throwing thousands on this dumb LAN party ever again. I'd rather support and patronize my local hackathons than support the money grabbers. Not to mention all of the environmental impact of god awful flights, horrible hotels and scorching weather. Stay close to home folks, and spend you hard earned money wisely. Do not support shady businesses. Peace out!
The fact that the kids today have adopted a new meaning for a word doesn't invalidate the old one. Goon meaning a strong and heavyset person of limited intelligence is hundreds of years old, and that usage will likely outlast the GenZ faddish usage.
Could not make it. Wild that someone tried faking the badge - kudos to them. Personal note or rant, AM or Attendee maintenance staff are not goons. I help at NekoCon (anime) and we train for medical, lost child, suspicions package, ladies being followed, lost ____fill in the blank____ , etc, etc. so that everyone has a good safe time. Just wanted to say that. Since we are the most visible staff most people see, we try to help everyone. End of rant. Looking forward to the next videos.
@@Atmatan At time stamp 1:58 "Of a guy being sorta like dragged off a stage by DEFCON goons" - his words not mine. I'm not sure what other word to use. As he says they are not security. No they should not touch attendees. I've never worked at that con nor do I know any of the folks who do so I could be wrong.
@@allenshepard7992 I think I understand your confusion: The DEF CON volunteers in the red shirts are literally called "goons." That's actually their title. They're poking fun at traditional security.
@@Atmatanit literally is tho, lol. You didn't watch the video, did you? Allen is talking about the kid who printed a picture of the PCB, who was prominently mentioned in the video...
@@allenshepard7992as for "goons" that's likely a traditional nomer for the support staff at defcon. For the CCC (chaos communication congress) the support staff are called "angels". Neither "goons" nor "angels" is meant to denigrate them, they're just traditional nicknames
Maybe i critically missed something cause the last time i was in the game L0pht heavy industries and cult of the dead cow were the shit, but i always revered defcon and am not quite understanding all the fuss and naming and blaming over a badge with an emulator in it. Sorry if i’m outta line but wasnt all this supposed to be meeting other hacker minds and sharing innovations? Still a great vid and love what you do Dev.
It's refreshing to hear an opinion that's actually balanced and based in reality. So many people don't understand how difficult it is to get things manufactured, assembled, and on-site, on time. This is why we always secure a legally binding contract with a clear statement of work before doing any work. Doesn't matter who or what it is - get all liability in lawyer-approved writing.
Seeing a little chatter like "are you deleting comments" and "does Deviant believe in censorship" etc etc. I can tell you that 99% of the time that a comment disappears on my channel it's because the original poster took it down (or the algorithm is doing things I don't control... don't ask me how "hidden comments" work on TH-cam, I don't have any insight)
But while I'm pretty clear that if someone is coming to my page with a crap attitude that I don't lose sleep over deleting/blocking if they post negative bullshit, that hasn't been my approach here. In fact, I believe others are pointing out screenshots, etc, of comments that were present and then were edited or deleted by the authors.
I personally can't keep up with those rapid changes and am not the top authority on what is or isn't going on down here in the comments. But, naturally, if someone is spewing hate or being an insufferable jackwagon, try to let me know and I'll always do my best to address that.
I haven't removed my comment but I can't see it publicly when not logged in. It could be hidden by youtube or something so I'll try it as a reply. These are points that I've seen that I didn't see you bring up so I thought they could add to your perspective.
Talking to other badge makers, this drama seems to form a pattern for defcon. You can look to defcon china badges, or SAOs made for defcon from other makers. I think what made me mistrust defcon's story the most was at closing they said everyone that was banned was due to sexual assault or unwanted touching. And that other people were kicked but they are welcome back next year (that makes sense, kick the guy and let the drama blow-over). Then they banned dmitry from discord and seemingly the conference. So either their transparency report was a lie or something else is going on.
Plus how can defcon claim he added "unauthorized code" to code he was writing, and that someone else chooses to use (or steal from dmitry's perspective). From dmitry's story they didn't have a license to use his code so defcon is running unlicensed code then complaining about what it contains. And he continued to write more code for free fixing the sdcard issue and others without compensation. They agreed to publish all communication between defcon and them, but defcon has not. Now maybe they should publish it now, but that's still a strong statement. And lastly they even agreed to donate the money they claim they are owed to someone's education which is nice if they ever get paid.
i think youtube auto-deleting them is more likely than users self deleting comments.
May I ask what brand/model that mini-mill in the background is?
Comments can get downvoted and reported to TH-cam. If the report is valid TH-cam will remove them.
the rules for youtube hiding comments automatically are not even the same between accounts. my account is flagged as a shit poster basically, and i generally can't use any curse words in any context, or write any comment that is too long or it will automatically hide my comments. lol i'm like youtube's town drunk i guess. this comment will probably be hidden, and its too annoying to figure out why so i just stopped caring. no one reads my comments 99% of the time anyway so who cares
Hi, I'm the guy running the impromptu "badge help desk" in the Hardware Hacking village all weekend! An important clarification I wanted to make: the 1.5 firmware that I (and several other compatriots around the show floor) were flashing to hundreds of badges over the course of the weekend was made by the original developer of the firmware, Dmitry. He wrote it on his flight in, and distributed it via discord to everyone. It was not coded by "Bonnie" or anyone else affiliated with DEF CON, but by Dmitry as a good-faith effort to resolve 11th hour issues from the plane before he even got here.
Of course he forgot to mention that, doesn't help Devcon's side if the story eh
@@ChrisAdams-y5g "Communication Breakdown" means just that.
Could you point me to the git repo with those commits? Almost everything I can find is just the raw source and doesn't have commit history.
@@arthurmoore9488lol what you're even replying to? "Communication breakdown" doesn't even start describing the Devcon's screwups. Read the room, Deviant is just defending his friends
I didnt get my badge flashed and fixed while I was there. Is there a guide anywhere that will help me do it myself?
This reminds me of when the American Hockey League had some sort of falling out with their main app developer a few years back, and one of the employees still had the API keys to send push notifications out to every single device that had the app installed. Getting a notification that said "We are still owed money" or whatever it was is a surreal moment.
Day 1 of DEFCON I had a similar thought about the buttons! Went home (local to the area), designed and printed a pair of D-Pads, and handed them out to anyone who found me at the con! SCAD file is up on the badge discord for anyone interested!
Sorry Dev, I've gotta make some counter points on your take on things here. I would say your description of it as "adventurous" is being quite charitable. First, I said last year that even as a first timer it's pretty clear that kicking off the badge project in January is simply not soon enough. While I realize that starting earlier may have meant that the RP2350 wasn't available, or even possibly unveiled yet, I think the timeframe could've solved a lot of these issues, or given enough breathing room to make it work better. They screwed the pooch on it last year, and that was a hunk of plastic. They came up with excuses for that, too, and again, blamed vendors then.
It's irresponsible on DC's part, especially as a company - because they are a company that makes money from the running of the con - to put that project into such a short timeframe. That goes doubly so when intentionally working with small companies based on already marginalized communities used to shouldering extra work to make up for others' failures. Then to issue a post with potentially slanderous accusations is just pure bullshit, doubly so when it's lacking any serious detail. You can put out a placeholder saying "We're working up a detailed response, but it wasn't us!" but just going "And not only did they fuck up, but they tried to screw us" is not a good look. Even if what you're saying is the core truth, these were details that they did not include in their statement, and details can help a lot with lending credence to what they're saying.
People were already unhappy with last year's badge - the issues, let alone the design which I don't think is fair - plus the massive spike in ticket prices, and then this year the change in venue, plus the complaints about how volunteers are treated. There's one core constant here - the DC team. Even if they're not at all at fault in any of these issues, it's a bad look, and while nerds have a problem with communication, they've had 32 years to figure that out. Just like starting the badges earlier.
As to Dmitry's being removed from the stage, he definitely admits openly that he wanted to be physically carried out, and he said for their parts, the goons were having fun with that. They said they never got to do that and thought it was a fun idea. You can clearly see Dmitry mugging it for people as he's being dragged out. It was a good time for all, aside from the part of not being able to speak and DC's unclear communication on his status thereafter.
All this being said, I appreciate all your detail here and added backstory. I know you're a very reliable narrator in general, especially with your inside access to all this stuff, and as a business owner who can be "adventurous." As I said in the reddit threads, if there's one thing we know about the hacker community, we have had more than a few people with serious personality issues and maybe more than a bit of persecution complex. Dmitry certainly threw up a few flags. But I feel that EE still got screwed a bit here, and DC responded poorly to a problem largely of its own making at nearly every turn. So hopefully the DC folks take some serious lessons from this, and actually properly implement them for that matter.
This. Not really sure why the same group of people who couldn't cross the finish line properly last year were put in charge of an even more complex badge this year. Or why it's even a question of who's to blame at this point. I literally would've expected something to not work out based on spinning the block with the same folks alone
If the timeline was so short, why did EE agree to it? If they thought it too ambitious, they should have declined the project.
Man, "Con Crud" was a major thing even before covid added to the mix. I'm not sure there will ever be a con I want to go to enough to put up with the illness transmission prevalence.
I intend to keep wearing N95 masks for every convention, even if they’re not required, because so far they’ve helped me avoid getting con crud since covid started. But granted, that probably wouldn’t help with a stomach bug from poorly handled food!
it looks like a mess. as far as I understand defcon always wants things on a very tight deadline, and stuff doesn't always work out. They should fairly compensate the contracted company and both parties should be amicable
I think that most folk would consider your position there to be reasonable... where things get sticky, especially in business, is that if two parties have different opinions on what constitutes "fair compensation" this can engender a lot of discord. Having really well-written statements of work and service agreements is the best plan but unfortunately sometimes communication breaks down and steps get skipped if people are under pressure.
@@DeviantOllam totally get that. It would probably just be good for defcon to be publicly seen to be acting in a forward and good faith manner. Even if the other party still disagrees.
@@DeviantOllam Right, but doesn't it mean that it is more than on DC's end that they didn't have those appropriate contracts in place? As I said in my other comment, they've had 32 years to figure this out. I don't know if EE's folks are even 32 years old, lol! Plus, if DC does do that legwork, they can be the responsible party and help teach the folks they work with how to be better companies and create a healthier tech ecosystem for all. And yes, I really do think they bear that responsibility.
@@ncc74656monly problem with that is; A lot of companies and individuals aren't willing to be taught anything, especially if they're attempting to get 'known' for whatever speciality they're doing. Now, THAT falls down to experience in NEGOTIATING and COMMUNICATING. Adam Savage talks about this kind of thing a lot in his Viewers Questions from his point of view as a 'Maker'. I don't know the ins and outs of the particular story you're covering here, but it seems to be the same kind of problems. Glitches always happen with new designs, and alterations have to be made. So the final costing should be AT LEAST Double what you expected it to be without any alterations. If they only budgeted for a perfect design where everything worked with say 10% added cos it was an estimate, then the initial fault was with those who made that budget. Before anything else was agreed, the manufacturers and production coordinators should have said 'Hey, we think you have under budgeted for this project and we need it to be At Least X before we feel comfortable to start production'. That's called NEGOTIATING and both parties need to be REALISTIC. Then there's the added consideration of how much money your visitors are willing to pay for that 'badge'. If that doesn't add up, then the negotiation should change to 'ok, we'll what CAN we do for that amount'. (Such as just the casing and access to the code for the PI -like a project starter as the badge with everything else available to buy later)
Am I reading between the lines correctly that defcon is stiffing entropic? Some real trump Ian behavior if so
Was still an amazing show after recovering from the drama of being booted from Caesar's and still pulling off an amazing conference. very grateful to be able to attend every year.
My reply to another comment got deleted, so I'm posting here.
I'm really trying to come in with the best of intentions, is there some huge piece of information that we're missing? Who else wrote the firmware? The situation starting with Dmitry getting kicked off stage (consensually dragged for theatrics, as you've said) and Mar saying he was "some guy who was tangentially involved" about the guy who wrote the firmware gives DC a bad look.
When did the info booths start flashing badges? I know community members started flashing their own badges with Dmitry's 1.5 update as soon as it dropped at 10am on Friday morning, and some continued to update badges for literally the entire con.
What was Bonnie's fix/where can I find her update? When I asked a goon where I could find the firmware so I could flash my badge myself and not wait in line, he told me to go to reddit or discord and get the one Dmitry posted, and that was on Saturday. Were the info booths supposed to be using Bonnie's code?
My wife is an NFO goon, they were flashing the last day of con
@@0xEA61E I find that interesting, because hundreds of attendees came to my Badge Help Desk I was running in hardware hacking village, who all told me "the NFO goons said to come here for badge flashing?". I even went by the NFO desk and thanked the goons for sending folks my way, and they gave me some treats for being such a good sport about it. I never saw them flashing there, to my knowledge.
they were flashing Dmitry's code, bonnie wrote nothing.
Odd, this reply is now only visible to me and no one else? Strange...
@@thesargonas which reply are you referring to?
I have counterfeited several DC badges (my real badge stays in the hotel room). Last year was funny though. I went to the Kinkos and they refused to laminate the badge. I misunderstood them as I thought they wouldn't laminate it because it was plastic and they didn't want to damage their machine, so I made a paper version that they also refused to laminate because it was a con badge, so good on them for playing security when they don't have to. I brought up a cheap laminator they were selling along with the envelopes and they helped me out by saying they also sell a self-adhesive version, so that saved me about $35 along with having to bring a laminator home.
My favorite counterfeit though was several years ago when the badges were the shaped quartz things and someone made a goon badge by getting a urinal cake.
I remember that one... Rubbed on the carpet to shape it, lol
Was my first defcon this year was so much fun. Saw you but sadly had wayyy too much anexity to come up and say hi. The badge stuff was pretty nuts. Though bugs wise was happily pretty easy to fix flashed some people’s badges as I was dancing 😂. Had a blast am 100% coming back next year though next time with a bag of stickers and maybe my own badges to give out if I have time to make a design. Dimitri even flashed a few of my friends badges before he started hanging out on the side walk. At least to me I didn’t see it as to big of a deal even with the bitcoin address just because it’s hidden like I’m not even sure how to even pull it up. Now if he had it so like after the second day or defcon it would always pop it up on boot for 10 seconds or something then I’d be pissed. Other thing I’m confused on is what his affiliation actually is since from my understanding he was just a full on volunteering coding it for free and not part of entropic but every article I hear calls him something different.
Awe, please consider this my explicit permission to you to come up to me next time you see me and say hi. Sometimes I'm moving kind of fast and I might need to keep walking in the same direction that I was going, but you're always welcome to walk with me for a bit so I can get to know who you are and where you're from and what you're enjoying
Not speaking to right or wrong, but it's visibility needs to be viewed in context I think. At Traveler-Con it might be a rarely seen, deeply buried easter egg. At DC it might as well have been a boot screen.
I've had a lot of friends that have gone to DefCon for well over 20 years. I always look forward to hearing the stories about rager parties and stuff getting hacked... I think my favorite story was from the year someone hacked the hotel's lights and was turning them off and on during a talk.
I'm so sick of the toxic people in the security community. I don't care who technically is in the right or wrong here, DC organizers DID wrong and there's permanent reputational damage from that, they have more money and resources than that guy does. The takeaway I got from this story is to get payment up front if you're going to do any work for these guys.
at the very least, this highlights why projects (even projects undertaken during crisis and compressed time tables) should have a contract or statement of work that clearly spells out at least the bare minimum such as (1) what the goal is (2) who is responsible for what things (3) who owns what resultant works and IP
if people can't get move fast enough to get that together, that might mean not doing the project
@@DeviantOllam DC refused to sign contracts that EE sent them multiple times. So yeah, next badgemaker should make sure to keep from being stiffed from money and credit to have a contract signed. Or it's up to DC to make rubber badges again.
@@kaeli if that is how it unfolded, it makes me think EE will definitely exercise greater caution in the future... and most other entities will be learning this lesson by observing what's happening, I expect
@@DeviantOllam I'm just more disappointed that we aren't expecting more out of DC.
just finished this video and thought it was pretty well explained fwiw. Deviant included some stuff that i had not seen or heard before (e.g., removal of the teams access, etc). while it may not have addressed every single claim i had personally seen on this, i feel like it is pretty fair and complete based upon everything i saw and digested as it was happening in real time
Defcon put out a semi-official statement on Twitter, for those interested. Also, I was really hoping to meet you, it was my first time being able to go to Defcon, but didn't see you when I stopped by the lockpicking village. Maybe another time! I appreciate all your videos, (and especially as it relates to Defcon,) the hotel thermostat video, and the preparation video.
sorry i missed you but there's always next time, hopefully! =)
I saw people with 3D printed buttons for the badge on Saturday. I was amazed that someone could turn that design around so fast.
I think the claims of scrubbing of Entropic's logo off the PCB is noteworthy (if that's truly what happened, seems to be more about the case) and I didn't hear any mention of that, although I could imagine valid reasons if they are no longer contracted, but if it is their hardware design work they should have rights to have their logo on it if they don't want it removed, but otherwise it makes it look as if DEFCON didn't want people to know about it. (Poor Optics)
I don't see any issue with additional screens for credit as long as functionality isn't harmed, asking for donations is a bit much, but ultimately harmless. I just find it moderately funny that a hacker conference can't handle some very minor disruption.
As far as the talk is concerned if he was truly going to go off the rails I could see it being an issue for the conference, but there could have been still some quite interesting talk aside from the easter egg about the technical details that we won't get out of it which is disappointing. If his only goal was to cause disruption pulling the talk is reasonable, but there's plenty of neat things to talk about as well and that could have been just a footnote.
A lone individual asking to be paid for their work by a bunch of obviously wealthy, mostly white people who paid $500 for a ticket along with a trip to Vegas just to party for a week? Illegal.
There's been a lot of they said / they said on the topic of "removed logos" but here are the facts to the best of my understanding after speaking with loads of folk and reading lots of things (and you all are free to give whatever weight you wish to my words here, based on how much you know of my connections to the community)
Entropic's logo was added to the circuit board (and at the time of badge production remained on the PCB) because of their contributions to that element of the badge
Entriopic's logo was also planned for addition on the plastic outer shell of the badge as a courtesy mention, but by the time the badges were going into final production Entropic had already separated from the project and therefore including their logo on the plastic shell (a component they didn't directly work on) was no longer necessary.
Adjusting the mold shell to no longer have a debossed logo where was one previously planned is an easy tweak and that's why the outer clear plastic doesn't have their logo, even while the inner circuit board still does.
Their logo was still on the PCB, it was scrubbed from the plastic case.
@@DeviantOllam yeah definitely seems reasonable to keep if off the shell if they're not really working with them anymore, I do wonder how many hardware changes came after the termination of their work, but I imagine the physical PCB credit would definitely have to be something that should have been worked out in their contracts and high speculation seems like a lot really wasn't as fleshed out there as needed for things to go smoother. Imagine some lessons will be learned there on both sides of it.
@@illiteratebeef yeah I heard it both ways but it looks like they still had a relatively hidden (requires disassembly), but present logo on the PCB. I'm still 50/50 on the credit side of things, but that certainly should have been worked out before it became an issue.
@DeviantOllam hey Deviant, I met you just outside the LVCC. The 3D-Printing MakerSpace village was actually making buttons for the badge. They might have some files available. They were happy to share with people asking so I'm sure there is something available to the community by now.
Deviant, I saw some people posting on Twitter about some hotel forcibly kicking a bunch of people out or requiring (illegal?) room searches to remain on premises for Defcon this year. Did you hear anything about that?
Obviously I'm not Deviant, but I was at DEFCON and read about some people being kicked out as it happened and also met some. It was specific to the Resort World chain of hotels. People got their rooms searched for "hacker gear," but very few got kicked out. The ones who did were the ones that refused to cooperate with searches
@@Laura-dv3jkGod forbid someone refuse their have their privacy violated. I'll never stay on the strip. They treat you like cattle. Stay just off the strip and they treat you much better, like actual guests.
@@Laura-dv3jkis there some law in LV that you cannot posses hackers gear in a hotel room? Even one’s simple smart phone can be used as a hackers tool. Does that count? How about a laptop that has a hidden way of booting into Linux for access to hackers tools?
@@Subgunmanno but hotels can essentially make the policy’s they want to
That was hilton/resorts world. Not illegal, it's their property and you agree to their TOS when you stay there. It was, however, not clear to guests what that policy was, and, Hilton was extremely braindead about enforcing their policies. Very clearly the people writing those policies and enforcing those policies aren't qualified to run an ipad, much less deduce what hacker gear looks like.
Thankfully i spent all my time leading up to DEFCON worrying I was getting sick, so my body didn't bother to actually get sick.
Had a lot of fun at my first DEFCON, especially learning how to get out of handcuffs. Cant wait to come back next year!
I didn't attend, and maybe I'm speaking out my ass here. Censorship is bad. But that also doesn't mean Defcon has to allow Dmitri to speak as an invited guest at their own event. That's not censorship, that's the consequences of your own actions.
Somebody also called LVPD because he finished his talk out front on the sidewalk "completely legal" so no police intervention was called for.
@@CyberNinja6969 Given Dimitri was actively looking for controversy and theatrics, it's very possible that call was done by them or at their request.
@@IstasPumaNevada Isn't that the point of an act of protest, to get attention?
Nothing wrong with playing up for the camera. But some people are making a mountain out of a mole hill and the internet being the internet.
Censorship doesn't apply at all in this instance. Censorship is suppression or deletion of ideas that are objectionable, inappropriate, immoral, etc. (And it's not a bad thing.) They weren't censoring Dimitri, by my understanding of events. They didn't even violate his right to free speech. They simply revoked his privilege to speak in their private forum. Defcon isn't the government, it wasn't an open forum, and they didn't stop him from having an opinion or voicing it. They just said he couldn't do it there. Same as if someone started making racist statements in your home, and you asked them to leave. Regardless, censoring and suppression of ideas or dissent are similar, and the one can be construed as a tool of suppression of free speech, but I think that limited censorship is okay. Keep the kids away from sex, drugs, hatred, and violence until such a time as they're able to understand the concepts. Sorry, I'm a little high and currently bad at editing. 😅
I don't like to deal in blame, I like to look at how we fix it moving forward. One thing I've noticed and you touched on is how the hacker community has the ability to come together. Is there a way, in your experience, that we can turn the badge into more of a community project?
Where would that conversation be taking place?
The one problem with that is that "community projects" tend to be ditched at some point by a lot of people and a handful of dedicated folks end up having to work OT to cover for it.
This is already very much a conversation topic about DC with it struggling to deal with existing volunteer workload, etc.
@@ncc74656m Right, but the exact situation you just described played out with a professional firm and the community had to rally to get it over the finish line, so again, I ask why COULDN'T the community just take the project on from the start, keep it entirely in-house and open source?
And also where is that conversation happening?
"Just Engineering talk" my reply would have been "what makes you think that the infosec/hacker/etc community doesn't know and understand engineering?"
I would have thought that they were rude for that.
Now that it has been a while, does anyone know if there has there been a resolution between DC and EE (sorry if I missed an update elsewhere as I don’t use Twitter etc.)?
I don’t care about the gossip or what not, but am just hoping EE ended up getting payed for work completed prior to the stop work etc. (if they were actually still owed anything as they claimed) 😊
I would just like to think there was a happy ending here where everyone calmed down after the fact and got together to work thing out (no lawyers required) 😊
It's a bummer, but been on a few projects that went sideways. Life happens.
@DeviantOllam Can you please share where you got the shirt you are wearing? My 8 month old daughters middle name is "Danger" and now I really need this shirt. I may also need a onesie in it if available and would much rather buy from the originator that just printing my own. thanks for all the persistently amazing content!
There is one thing about this whole debacle that sticks with me, and it's that DEF CON went out of their way to remove any credit to Entropic, which apparently includes modifying an injection mold. This would only have been acceptable if 100% of Entropic's design was thrown out, but this does not seem to be the case. This was a poor judgement on someone's part, and it does not seem to me that DEF CON is owning this particular mistake. I agree that Dmitry probably should have just left a short link to a statement or something and let people figure out how to support Entropic on their own if they wanted (Bitcoin is gross on any normal day after all), but I'm a little disappointed that you specifically aren't at least putting someone on blast for erasing credit. It's such a simple thing to own up to and apologize for and it's free. I also don't think we need to villainize Dmitry for being too enthusiastic about seeking justice for the deleted credit (this isn't directed at you, but rather the community). There's a lot to learn all around. If they wanted to show some goodwill, maybe publicly invite Dmitry back to the team next year (and of course, add a meme easter egg for the lulz, and get some folks to cosplay the ejection during his talk).
See the details in the doobly-doo... Entropic is mentioned on the PCB because they worked on that. They are not mentioned on the shell/case because they did not work on that, to my knowledge.
@@DeviantOllam unless I missed an update/retraction, and I may well have, I was under the understanding that they actually deleted the logos from the silkscreen when they took over the PCB design (and missed one). Fair they shouldn’t be on the shell if it’s not theirs, but it seems odd to go through the expense and risk of modifying a mold rather than keeping it and learning a lesson for next time.
@@ZiggyTheHamster I'm 90% positive the logo is still on the PCB.
@@DeviantOllam I think it is as well, but it’s under a component which makes it impossible to see without a desoldering gun, and the places the logo was on the PCB that was visible to normies is blank now. Or at least that’s what I recall when I saw the huge ass thread on Mastodon about it. And I get that it’s they said/they said and nobody has really provided receipts (like a dated silk layer from the EE software), which is itself sus.
@@ZiggyTheHamster on my non-human (vendor) badge it's clearly there between the cat ears on the back. Can post a pic but every time I try to post links on YT vids they disappear.
I didn't make DefCon, I was there a week earlier for Star Trek Las Vegas. COVID went around there too, but our crew didn't catch it. Was hoping to say hi to some of the DefCon folks before we left (we stayed until Monday), but didn't manage it this time around. Trying to get my company to send me to DefCon, but no joy so far.
dev out here killing it with the shirts again, this man doesn't miss
i NEED a shake hands with danger shirt! where did you get that?
Any tutorials out there on how to flash the badge and get it working properly?
Defcon 9 was the last one i attended
So we just barely overlapped, that's cool!
- 01:03 🤢 The speaker caught a stomach bug during Defcon, likely due to food mishandling in Vegas.
- 01:18 🎟️ The speaker mentions a significant incident at Defcon involving the badge, which sparked interest.
- 03:02 🎮 The Defcon badge project aimed to create a Game Boy emulator using the Raspberry Pi 2350 chip.
- 04:25 🛠️ The company Entropic Engineering was involved in the badge project, but communication issues led to complications.
- 05:56 🤯 The Red Team Alliance faced similar challenges with their event, highlighting the complexities of big projects.
- 07:45 🔄 Defcon had to make a tough call to stop working with Entropic due to budget overruns and miscommunication.
- 10:10 💸 A hidden screen on the badge by Dimitri asked for donations, which led to his removal from the stage.
Curious, how come you aren't selling the flipper zero anymore?
Used to travel to Vegas alot for CATV shows. Got sick almost every time - I used to dread going to Vegas for conventions.
As soon as you know for a fact that someone is not acting in good faith.
They are no longer entitled to anything from you and can not be trusted.
I came to a mostly similar conclusion as you dev after reading both statemwnts. But I've personally been in the spot that entropic or your contractors were. Sometimes it was very much my (the implementors) fault. Other times the mismanagement and miscommunication was all on the customer. People approving change of scope or work that didnt have the authority, or asking workers for expensive changes and bypassing the PMs. I've learned to never work on anything without rock solid requirements and an strict change order process. Something I doubt DEFCON has given their rocket speed pace on the badges. 6 months to design, code and print something as complicated as this is nothing short of a miracle.
Sounds like Jupiter used Saint con 2023 as a test for if a gaming handheld type badge would work
DEFCON : "Silence those you dislike."
I saw goons choosing to escalate with attendees multiple times this week. I did not enjoy this year very much and felt more like a product than an attendee.
That said thanks for everything you do Deviant ❤
That's not what they were doing here, though. Even Dmitry openly admits that in the reddit threads. He said full on he told them they'd have to drag him out, and they were like kids in a candy store asking if they really could do that. It was a staged event on Dmitry's part for everyone's enjoyment.
It sucks that that happened to you with the goons ❤ I don't think it's all the goons though, and isn't super applicable to this situation. Dmitry himself has said that all the goons he interacted with were very polite and friendly, him getting "dragged" off stage was to make a point, it wasn't assault like some people are claiming
I get that, however I don’t see what's supposed to be entertaining about the situation. Was this a "mock" thing? Dude was still walked off stage in response to it all. Like.... you all act like this was a big guffaw... but they still walked a guy off stage for upsetting them... like... they still did the thing. Like... if they had pretended to walk him off and let him finish I could get the joke.
But it wasn't a "mock" thing, DEFCON still silenced a speaker publicly this year in a non-criminal intervention because of personal politics. Like.... that's reality, all framework aside.
Most uncool my homies.
@@GlobalistHero I still think it was extremely uncool that they didn't let him speak, but a lot of people are acting like Dmitry was roughed up or physically harmed -he wasn't. I just don't like the misinformation being spread about the physical process of him being kicked off stage. And it wasn't exactly supposed to be "entertaining," Dmitry wanted to make a point
I think I get that, but it is part of being at the LVCC and so many more people. Defcon is growing and it is good and sucks at the same time. I went to a popular PNW LAN party that went from a few hundred to a 1000 people or more in a short time. Had to go from a hotel to a full on convention center. It sucks, but also change needs to happen, or people get excluded. Look at PAX as well. It grep massively and is never the same. Right now there are growing pains, but the LVCC was a last minute fix after Caesars were being butts. Maybe next year the north hall will be available. Or maybe can go back to multiple casinos, but that may not work. It would be a HUGE pain in the ass, but just invading downtown and taking over every casino from the Plaza to the D would be fun. I just don't know if there is any convention space.
I wanna hear about the fake badges
The bunch of FF's on the Bitcoin and Ethereum addresses really peaked my attention, the two addresses are not valid. I do not know if it is the actual addresses on the screen or someone just modified the images and my photoshop skills is just bad. It would be incredibly time consuming to brute-force an Ethereum address that starts with 8 F, but it would be almost impossible to brute-force a Bitcoin address with a bunch of F's at the end of the address that is rides on both the payload and the checksum (so you have to brute-force a payload that not only ends with F's, but that also checksum to a bunch of F's).
I photoshopped the address, yeah
What kind of battery is that inside the 2024 defcon badge?
My thoughts: First, great video and open explanation about the matter. So, this kid shouldn't been approved entrance definitely not access to the stage. That is the easy way to handle situations. Defcon is the customer, they pay for a product and someone tampered with something that isn't his business and that is that.
I have no skin in the game (and no insight beyond what I've read), but this really seems like DEF CON being the bad guy here. First of all, Dimitry is an unpaid volunteer, and I assume under no contractual obligations at all. Putting a shoutout in (free!) work seems perfectly reasonable, especially as it doesn't even benefit him.
Secondly, this reeks of a lack of planning on DEF CONs part. Wanting to use a pre-release part, in such high volumes, in such a short time frame AND being stingy with financial resources is a recipe for disaster. It feels like EE was chosen because they had stars in their eyes, and did it for "exposure" rather than financial gain. I'm sure bigger outfits either laughed at the timeframe / $$$ being offered, or quoted SOW way beyond what DEF CON was willing to pay.
Instead, this little 3 person outfit (+ FW volunteer) decided this would be their big break. It doesn't take much for such a project to go off the rails (again: insane time frame, huge build, unreleased parts, limited budget...). Add to this any little things like the customer deciding mid-design "No, I don't like these LEDs, I want something with a better diffuser... how about you put the MCU *here* so that it looks more balanced? Are you sure those USB traces are good? Here, routing them like *this* would be better for SI...". Very quickly the project will go off the rails.
To be honest, it sounds like DEF CON either didn't vet EE's ability to deliver such an aggressively risky project / didn't realize the true scope / micromanaged or kept adding changes / didn't even realize who owned what part (Who owns the FW? Does DEF CON even have a license to distribute it?).
For them to be this petty is a pretty bad look. And frankly, some of it might even be legally actionable. Piracy (No licence to the FW / Dimitry actively saying they're not authorized to copy it) + defamation ("bad faith invoices") + contractual reneging (EE's name on the casing / unpaid bills).
Question is - did they actually not deliver?
Thanks for always having the best tea, love. 😘
Also, I would LOVE 3D printed covers for the buttons... if anyone sees this please link me! (My socials are in my bio) 🦄
I think the big issues are that:
A) He should have stopped work. (And definitely not done the wallet address)
B) DefCon should have made him stop work and not actively supported him carrying on. (Citation needed, but seems they did keep taking his patches)
C) DefCon should have never promised a chance to talk at the event, etc. as part of the "payment" for the work. (Although he should have sought monetary damages for this missed exposure)
Seems the uGB dev has been banned from the Discord
could you elaborate what you refer to with dimitri and the queer/bipoc community? did he say something?
What a nonsense, the only thing that conf organizers is to ORGANIZE. And they failed to do it PERIOD.
I wasn't there, but saw a bunch of stuff all over. Thanks for adding more clarity on what happened.
if it has a screen, Doom shall be seen
How do I put other games on the badge? It says no ROM folder on the SD card, although there is one.
Glad you enjoyed yourself at defcon & your stomachs better.
Fyi there's a stomach bug going around everywhere, so it's probably not the vegas food 😂
This badge is a physical materialisation of feature creep.
I have not heard 2pms tetris since i used to out bad chemicals in my body
That's a new poly flag I haven't seen before.
Glad I'm not the only one that was like OoOo new flag to find in the wild. Heck yeah.
@@zoes17oh yeah ILUnicorn had loads of stickers and was giving money out. I'm actually wondering where the flag shows up in this video, by the way. Going to have to re-watch some things to see. But it's probably one of her stickers that you're seeing, yeah.
I have tons of the new poly flag stickers!! I'll happily mail them to anyone who wants one. Contact me on one of my socials if you want some.
@@DeviantOllamfound it!
14:17 -it's on Kimmy's badge
So no mandatory arbitration in your contracts? I'm kinda curious how you feel about the federal arbitration act.
What bothered me about defcon's statement was a lack of ownership. It was their project, ultimately if that project doesn't run according to plan, that's on defcon. It's their job to manage it, full stop. That's not to say it wasn't warranted, probably was, but, it almost dying in a fire was their doing, just like them pulling it off by the skin of their teeth was their doing.
Ultimately, ownership is what I respect in situations like this, and at best, partial credit.
That way, you must get everything in writing; unfortunately, you can't assume as it can bite you expressly in tight deadlines. Invoice everything; if you discount something, put in the contract that things are being discounted.
Having a donation link visible is not begging for money and I don’t care how much you paid to get in if the super cool badge was made by a company that did not get paid for their work and were not credited. And who gives a shit if there’s a tiny little screen referencing the company that actually built the product coded in by the guy who made the last-minute patch that saved the day.
90% YT deletes comments, 9% OP deletes, 1% streamer deletes egregious ones.
Here is a printables link for the buttons
I'm pretty sure TH-cam knocked out the link😒😔
@@AuthenticUnicorncensorship. But I can understand that many links lead to malicious files….
If the link disappears again just search defcon32 dpads and buttons on printables
thank you for posting
I'm personally shocked at your mentioned of friction with queer and BIPOC people, especially given that Entropic's statement mentioned (I believe) that they were queer-owned.
@deviantollam Love the video and stories. I have always wanted to go to DEFCON but I can't afford it. My only income as a disabled USAF veteran is my disability compensation and it's just over $300 which is all taken by electric, water, and internet expenses, So I rarely have any extra money to be able to go anywhere outside of my house and Boise, Idaho. So I really love your stories and videos on what happens there at DEFCON, in fact I have seen your video where you talk at a DEFCON about keys/elevators, I think that's the one, but I've seen it so many times because I just love your stories. Thanks for all your hard work and thanks for being an ally to the 🏳🌈LGBTQIA+ 🏳🌈 community, we really appreciate it.
Kinda happy I didn’t go this year
Write a contract. Sign that contract. From that point on both sides have obligations. Having spent about an hour reading all the relevant info, something here wasn't on paper. Entropic wrote a statement that just stinks, Defcons is a little bit better and the developer hasnt said anything meaningful.
Remember that the contract is only a piece of paper indicating that there was an agreement. The agreement is what you're hashing out in court, if you ever end up there, not the contract.
If I email you and say I'll give you $1000 to complete a project, and then you sign a contract that says you get $500 to complete the project, and I pay you $500, I still owe you $500 as far as the law is concerned, and if you can prove in court you're owed more, and I can't prove you aren't, I'm going to lose that court case.
I don't personally think we'll see litigation here, because at this point both parties have said way, way too much, but, it could still happen, and it'll be messy.
That's why it's very, very important to have abundantly clear expectations on all sides with something like this, because messes are expensive and unpleasant.
@@jttech44 the brightest of red flags from Entropic's side is the statement that they continued to support the project 'for respect to the community' even after the stop-work order. To me this screams that they claimed something was already done but in reality wasn't.
My pineapple almost got yoinked by Hilton security's room inspections :(
you put your well on the left??? lol that's like eating a hamburger upside down. i put my well in the center sometimes, but the well on the right always seemed so natural. tetris is still one of the best games ever made
3 off the side.
You know I usually would do it reversed but for some reason I didn't this time. I think maybe when I dropped the first block I meant to do it against the left wall but an imperfect button push meant I had an extra space there so I just went with it
ok, ok. who won "spot the fed"?
Pick up a rock, close your eyes on the convention floor, keep your eyes closed as you throw the rock. 85% chance that rock hits a fed.
there were comments that said dimitry asked to be dragged off stage. the video has no initial context. this led to others seeing strictly the video without audio & making assumptions about what defines "assault", etc without all the facts. tough situation there when it looks like a setup.
correct. he specifically coordinated with the goons about being removed from the stage as a performance for the cameras. the red shirts would not have gone hand-on without permission to do so like that, lest legal issues arise.
He did. He confirmed that on reddit. Sorry I don't have a link, but he said it was all in fun - not the situation, but being dragged off stage. He's even clearly mugging it for the camera. The goons thought it was a hilarious idea and loved it. I sincerely hope that the goons don't get in trouble for it, either.
@ncc74656m yea I really don't know why this is a point of contention for people though. Strategic unrest is still unrest, and I don't think the goons were doing "too much" (in this _extremely_ specific case). I care less about the fact that it wasn't organic/in the moment and more about why he felt compelled to do it
If hotels are giving people hassle, why dont they move the location of defcon to a different city or country even. So many people who wish to attend cant do so due the US refusing them a visa.
Just one hotel, resorts world. The rest were fine as they've always been. Also, even at resorts world, they weren't searching rooms outside of the defcon room block.
Because DEF CON takes place in Las Vegas
Quick question: what would the badge be without Dmitry's firmware? I'll give you a hint - it rhymes with shaper mate.
I have no doubt that Dmitry contributed software during various phases of this project. I also have no doubt that DEF CON's own cadre of experienced hardware and software engineers would have also been up to that task without outside help, if that's the direction the project had gone.
@@DeviantOllam The fact of the matter is: DEF CON's own "cadre" didn't lend any work towards the firmware. Only a single person did. The firmware/emulator was written for a chip that only a handful of people had exclusive access to.
@@DeviantOllam No one is claiming that Dmitry is the only one who *could've* done it, there are thousands of people of could've. The point is that he's the one who *did.* Unless I managed to miss a helluva lot during DEFCON (which is entirely possible), everyone who had their badge reflashed used Dmitry's updated firmware from discord or reddit. I even asked one of the goons doing the flashing where he got the firmware, he said from Dmitry. Many others others at the con and on discord worked to diagnose and fix the SD card issue as well. Lots of people went out and bought new SD cards and handed them out for free or sold them at cost. Multiple people advertised badge flashing and fixed hundreds of badges.
I can say for a fact that swapping out the SD card and using Dmitry's firmware fixed the save and SD card issues.
On engineering decisions vs the art team, I know how common it is for engineers to undervalue and dismiss the input/work of artists, and it sucks. I think some of that bias might be playing in here though. Having a deadline that absolutely must be met and a price point that absolutely must be met means that some features *will* be literally impossible. Maybe this wasn't communicated clearly, maybe it was communicated rudely, but engineers knowing that a feature is impossible due to constraints and the clients being unhappy about that is hardly unheard of.
I have no doubt that Entropic miscommunicated, could've done better, etc. etc. But so far, I haven't seen any evidence that they've outright lied, but it does seem like DEFCON has. Adding "any issue of payment is between Entropic and Dmitry" to the end of their statement when they knew that wasn't either of their issues? Telling the convention at the badge talk that there was no updated firmware available/no known badge fix when there was? (source: I had my badge reflashed and fixed *before* the badge talk). When you say that those issues were getting addressed and that live updates were happening throughout the con... I only saw those updates in the unofficial discord and on reddit, I don't think anything was communicated officially from DEFCON (I could be wrong about this, maybe I missed something). Community members were flashing the badges before any info booths were.
I'm really trying to come in with the best of intentions, is there some huge piece of information that we're missing? Who else wrote the firmware?
I'd suggest that you join the unofficial badge hacking discord and read the messages yourselves. I'm honestly a bit disappointed you didn't do more research and talk to more of the people who were in the trenches before releasing this video.
@@DeviantOllam(My comment got deleted, removed some swear words and trying again) No one is claiming that Dmitry is the only one who could've done it, there are thousands of people of could've. The point is that he's the one who did. Unless I managed to miss a whole lot during the con (which is entirely possible), everyone who had their badge reflashed used Dmitry's updated firmware from discord or reddit. I even asked one of the goons doing the flashing where he got the firmware, he said from Dmitry. Many others others at the con and on discord worked to diagnose and fix the SD card issue as well. Lots of people went out and bought new SD cards and handed them out for free or sold them at cost. Multiple people advertised badge flashing and fixed hundreds of badges.
I can say for a fact that swapping out the SD card and using Dmitry's firmware fixed the save and SD card issues.
On engineering decisions vs the art team, I know how common it is for engineers to undervalue and dismiss the input/work of artists, and it sucks. I think some of that bias might be playing in here though. Having a deadline that absolutely must be met and a price point that absolutely must be met means that some features will be literally impossible. Maybe this wasn't communicated clearly, maybe it was communicated rudely, but engineers knowing that a feature is impossible due to constraints and the clients being unhappy about that is hardly unheard of.
I have no doubt that Entropic miscommunicated, could've done better, etc. etc. But so far, I haven't seen any evidence that they've outright lied, but it does seem like DEFCON has. Adding "any issue of payment is between Entropic and Dmitry" to the end of their statement when they knew that wasn't either of their issues? Telling the convention at the badge talk that there was no updated firmware available/no known badge fix when there was? (source: I had my badge reflashed and fixed before the badge talk). When you say that those issues were getting addressed and that live updates were happening throughout the con... I only saw those updates in the unofficial discord and on reddit, I don't think anything was communicated officially from DEFCON (I could be wrong about this, maybe I missed something). Community members were flashing the badges before any info booths were.
I'm really trying to come in with the best of intentions, is there some huge piece of information that we're missing? Who else wrote the firmware? The situation starting with Dmitry getting kicked off stage (consensually dragged for theatrics, as you've said) and Mar saying he was "some guy who was tangentially involved" about the guy who wrote the firmware gives DC a bad look
I'd suggest that you join the unofficial badge discord and read the messages yourselves. I'm honestly a bit disappointed you didn't do more research and talk to more of the people who were involved before releasing this video.
@DeviantOllam so why didn't they, when things went sideways with entropic?
good talk Dev! in hind sight, everything couldve been handled better.... but we also can all act like adults and move beyond stuff.. (or be like "cheeto man") and shut out the true problem makers and never give then the air again.... not a sexy answer, but it sends a message of "if you cross the Rubicon, this is the penalty", sucks for him that he tried to pull a fast one, but hey... cool project!
Next year, Nintendo lawyers will be on hand for your convivence.
@DeviantOllam Maybe might want to move that USPS box from your work area 👀 i.e. $1000 fine and three years in prison
we have mail come in and out every day and it's typical for the mail carrier to bring us an empty box when picking up our full one
@@DeviantOllam Nice recovery!
The impromptu hotel was crappy and customer-hostile IIRC.
Was fun to catch you at BlackHat.
right on! my team and I had a good Black Hat this year
As far as the Dimitri thing Defcon seems to have Over-reacted and over-stepped. Unless his firmware addition contained bad code (Malicious- like a bitcoin miner) I don't agree with ejecting him from the con. He also wrote a patch fixing alot of the bugs that i believe was the ones the Goons were patching with ? The irony of patching code from the guy you just ejected is not lost. Was it a bit of a dick move probably. Part of that is on the lack of code review by Defcon as well. It was nice to see Defcon Finally step up to compete with badge makers like AND XOR and DC801 badges. Hopefully with more time we can see another great badge in the future unless the taint of snubbing Entropic Developers follows them.
Printables has at least one 3d model you can use for the controller buttons :)
really? for this exact form factor and case?
@@DeviantOllam yeah I can't link it I think YT has some filters for that. I'm guessing an attendee made it. And printed it at the 3d printer that was on site.
You indeed looked tired, but kind of happy. Keep it up :)
as you'll see soon, there's no end to how tired I'm about to be in Vegas. (that's an upcoming video)
@@DeviantOllam Well remember that for computer and human alike, downtime and preventive maintenance is mandatory for correct operation ^^
Stay safe and dangerous.
i'm with you, the bitcoin address was too far. i've actually been on both sides of a stop work, and i did leave a little present in my code, but it was a very obscure and harmless easter egg that won't even make sense to anyone who manages to find it. but i know its there, which makes me giggle lol. putting any kind of PII or begging for money in that kind of easter egg always comes off as really petty.
if i remember my history right, doesn't the original Apple II computer have a very similar easter egg where someone left a little note about giving credit?
Hope no postal inspectors are watching this video. lol.
I came back with the Flu but was neg for COVID.
we have a house full of covid here, also at least one person throwing up--a kiddo, tho (only one part timer and a fulltimer at trash tier jobs.) sadly nobody went to DC
Sending all of you "get well soon" vibes. ❤️🩹
💚💚
ooof... hope you feel better shortly!
💚
People did blow it out of proportion on social media.
Oh look another: I am not taking sides, well sort of, but not really, I'm not being biased, but I am...blah blah blah. BS. So far no-one seems to be telling any truth or unbiased takes and/or views.
Maybe drop a cover over the USPS bin next time ;-)
Deviant, you're just parroting devcon's statement. Unless you have solid proofs, you should stay out of this, since you are the interested party. I get it, you want to defend your friends. But in this case, the blame is obviously on devcon who clearly dropped the ball. They decided to take the obvious dumb risk starting the project so close to the deadline. They didn't follow the project closely, they decided to go willynilly with the contract, they screwed up with their communication. Your anecdotal comparison of entropics amazing engineering team with a bunch of incompetent construction workers is nuts. Your boot licking of devcon's team who "made this happen the last minute" is even worse. It was entropic team who designed EVERYTHING in record time and budgets. Devcon made the situation worse for themselves by firing them and having to deal with their own mess. This isn't a heroic save of the project, this is an attempt to improve their bottom line by screwing over the small business. The removal of entropics logo feels like a pathetic attempt to stay cool and save the face.
When you talk about budget overruns, you state it as a fact. There aren't any proofs of that beyond devcon's words. According to entropic, they absorbed all of the budget overruns and billed devcon with hefty discount, just so they could ship the project in time and be compensated with at least the good publicity at the conference. Unless you have solid proofs (contract and invoices) you're just siding with your friends here. This isn't a good look, and you should take down this video until the situation plays out and the facts come out.
Your attempt to discredit entropic by spreading FUD about Dmitry looks really desperate btw.
I'm glad I skipped this year's devcon and I am sure as hell won't be throwing thousands on this dumb LAN party ever again. I'd rather support and patronize my local hackathons than support the money grabbers. Not to mention all of the environmental impact of god awful flights, horrible hotels and scorching weather. Stay close to home folks, and spend you hard earned money wisely. Do not support shady businesses. Peace out!
All this.
Yes, this video should be pulled immediately
Batman, you cant keep saying goons. they're henchmen. goon has a different definition now.
I mean they could be goons if they wanted to be
The fact that the kids today have adopted a new meaning for a word doesn't invalidate the old one. Goon meaning a strong and heavyset person of limited intelligence is hundreds of years old, and that usage will likely outlast the GenZ faddish usage.
Figured there was way more to the story...
I got the Covid badge. Totally sucks.
Also, that was an illegal assault when they forcibly removed Dmitry.
It was a set up. Dmitry set it up with them and consented to everything that happened prior.
He has noted this elsewhere .
FLiRT sucks and just lingers forever. I'm on week 3 and still not 100%.
There were people there with a 3D printer making buttons for people.
I tried to look out for this, but missed it! I'm excited it was happening though!
Safety Third! Saw a lot of images of the badges posted online. They were awesome.
drama
Lol. Covid.
Could not make it. Wild that someone tried faking the badge - kudos to them.
Personal note or rant, AM or Attendee maintenance staff are not goons. I help at NekoCon (anime) and we train for medical, lost child, suspicions package, ladies being followed, lost ____fill in the blank____ , etc, etc. so that everyone has a good safe time. Just wanted to say that. Since we are the most visible staff most people see, we try to help everyone. End of rant.
Looking forward to the next videos.
That is not what happened, whatsoever.
Try paying attention, please, for God's sake.
@@Atmatan At time stamp 1:58 "Of a guy being sorta like dragged off a stage by DEFCON goons" - his words not mine. I'm not sure what other word to use. As he says they are not security. No they should not touch attendees. I've never worked at that con nor do I know any of the folks who do so I could be wrong.
@@allenshepard7992 I think I understand your confusion: The DEF CON volunteers in the red shirts are literally called "goons." That's actually their title. They're poking fun at traditional security.
@@Atmatanit literally is tho, lol. You didn't watch the video, did you? Allen is talking about the kid who printed a picture of the PCB, who was prominently mentioned in the video...
@@allenshepard7992as for "goons" that's likely a traditional nomer for the support staff at defcon. For the CCC (chaos communication congress) the support staff are called "angels". Neither "goons" nor "angels" is meant to denigrate them, they're just traditional nicknames
Maybe i critically missed something cause the last time i was in the game L0pht heavy industries and cult of the dead cow were the shit, but i always revered defcon and am not quite understanding all the fuss and naming and blaming over a badge with an emulator in it.
Sorry if i’m outta line but wasnt all this supposed to be meeting other hacker minds and sharing innovations? Still a great vid and love what you do Dev.
It's refreshing to hear an opinion that's actually balanced and based in reality. So many people don't understand how difficult it is to get things manufactured, assembled, and on-site, on time. This is why we always secure a legally binding contract with a clear statement of work before doing any work. Doesn't matter who or what it is - get all liability in lawyer-approved writing.