Entropic is engaged to make hw. I am asked (unofficially) to do sw.
Entropic works for free but does charge for parts and subcontracted stuff . Eventually defcon stops paying. Entropic is uninvited from badge talk. Their logo is ground out of plastic case. Their logo hidden in publicity photos of pcb.
Tempers are high. I implement the Easter egg. This is months ago cause thats how long one needs to pre-flash chips.
Time passed. Defcon still working on their game last moment. They had volunteers reflash badges cause they didn’t make the real pre flashing deadline. I forgot about the screen entirely more or less.
Day of con. I spend all day helping debug badge issues. Push updates. Help people. Even pushed an update from plane on way to con to fix some things.
Badge talk time. Half an hour before defcon tells me no talk for me cause someone found the Easter egg screen and they are pissed. I show up anyways since it was promised.
I get dragged off stage.
I hold talk outside answering questions.
Next steps: I have no contact with defcon. They never bothered to. Normally: who cares? I get to talk, people get to play with badges. Nobody cares.
But… I got kicked out, and… they have no license to my firmware they are distributing. Likely DMCA notice.
Man. I've never been to defcon, but it's been more than a passing curiosity ever since the first real announcement[0] crossed my BBS in '93.
And recently I've had a string of bad, unalterable, and irrevocably-permanent events occur in my life. And yet, I'm very pleased to say that your write-up on your experiences with the RP2350[1] presented a small but meaningfully-positive thing for me to look forward to.
Please be well -- and don't take any guff from these swine[2].
Blackhat is even more of a pay-to-play corporate event.A few years ago, someone paid to do a talk on time traveling crypto and the CEO of trail of bits(iirc) stood up and called him out on the spot over the nonsense tech.
Defcon has a lot more grassroots stuff, but it's grown to a size that it cannot avoid the corporate BS anymore. It's probably one of the biggest and most disruptive conferences in Vegas, venues don't like having 1000s of hackers hanging around slot machines.
A friend said "getting out of vegas would mean losing half the point of going to bh/defcon (which is getting your company to pay for you to go to vegas)"
The people that go there for that reason are probably not the ones you want there anyway.
And most corp trips are to black hat, not def con.
I've been offered a trip to black hat before and asked if I could go to def con as well but no. I was thinking of just staying longer on my own dime but we got a travel ban for cost cutting reasons so the whole thing never happened. I wasn't really interested in black hat anyway so I didn't care, I hate corporate PR.
But Vegas to me is a detractor. I hate gambling. I'd love it if it were in NYC or something. Much easier from Europe too.
I worked in a "blue team" and we would only get travel approvals for black hat. Even though I've never been as I didn't want to and I was hesitant to visit the US. Black Hat doesn't interest me precisely for the reason you mentioned. I don't want sales pitches, I want unrestricted flow of technical information without marketing motives.
Why’d they be pissed about people donating money to the people they didn’t want to pay :/
I just don’t see how they lose anything there (or rather, don’t see how they lose anything there that they lose a hundred times more of by their actual actions, namely reputation).
Every niche convention either stops existing or transitions into a business that slowly gets rid of all the fun stuff that created it in the first place.
There is not just the big end of year congress, but also lots of smaller events organised and run by regional CCC (like) groups in Europe e.g. MRMCD, EasterHegg, the Dutch camps changing the name every time (next one is WHY2025).
> Every niche convention either stops existing or transitions into a business that slowly gets rid of all the fun stuff that created it in the first place.
It parallels what Ivan Illich said about revolutions, namely that if a revolution survives it will turn into a system that stifles the same freedoms it supported.
Aka, either you die the hero, or see yourself become the corporate stooge/villain.
Not really. The Dutch hacker camps have been pretty constant (save for 2021 for Covid reasons). Run by mostly volunteers yes but basically every participant is a volunteer. It's part of the fun.
They've not really shrunk or significantly grown and are really opposed to corporate and government interests (as Fox-IT found out in 2013)
Absolutely. They're a bit more maker than hacker focused but for me that's a good thing.
I just don't really like going to the UK anymore since Brexit. It just puts me off because the main driver of it was xenophobia. I've avoided it, I have not been there at all since Brexit. I probably won't ever go there again unless there's a serious change. Of course none of this is on the EMF community which is great, I've met many of them at other things.
As for the hacker camps I only really go to the Netherlands ones. The Congress is too expensive for me with the hotels around Christmas and with my lack of car it's hard to go camping in Germany so I've never been to the chaos camp either. Within Holland it's been easier because they've recently been at locations near me.
Commercial copyright infringement has a per instance statutory minimum.
Demand the minimum for every badge distributed — as even if you later provided licenses to holders, DC had no license when distributing the copies as merchandise at their for-pay event.
Why do you think they don't have a license from Entropic in the contract they both agreed to? Unless they are utterly incompetent, their contract with Entropic covered this and if Enrtopic delivered firmware that they don't have rights to, that's on them, not on Def Con. Anything that comes to Def Con just results in a lawsuit against Entropic. Additionally, he apparently wrote the code on the plane prior to his arrival and then worked to get it on all the badges. That's going to make it pretty hard to argue that they don't have permission to distribute the badges with this code on them.
You left out the part where the "Goons" physically touched you, and forcibly removed you from a location against your will. The "Goons" have no authority to carry out such an act. And there's video footage. Congratulations on winning the lawsuit!
"and forcibly removed you from a location against your will"
Not saying they were morally or ethically right, or smart to do this at all - but legally there usually is a right to remove a unwanted person from your stage with the help of your own security.
Under german law, it would be anyone officially acting as security on that property. (It does not have to be a professional security, it can be anyone from staff filling in that role).
The police does not want to be called, for every bouncer action.
It can get into a grey area, if violence will happen, the security may not simply beat someone out - but grabbing and forcefully moving or carrying out is legal. But if there is serious resistance and the security unable to handle it in a nonescalating way, then they would need to call the police.
But usually, the bouncers would just get brutal, then. Attacking security gives them some freedom to act.
If other people are endangered by someone, very different scenario, anyone can (and must if possible) stop violence.
I don't know why people think this, you're not the first person I've heard it from either.
First, I literally saw them do shots during a talk yesterday for some first-time presenters. Secondly that WASN'T the "old defcon" either! Drinking is a relatively new tradition in the history of the con. I've spoken twice. Once at DC 17 (no shot offered) and once at DC 23 (shots were offered). There's video proof:
This is textbook copyright infringement. $150k statutory damages plus, at the court's discretion, legal costs and fees. And that is just the result of civil action. You could probably find a prosecutor who would love pursue criminal action against the conference to appear strong on cybersecurity.
There is a reason why even large corporations, which often play chicken with lesser laws, are extremely careful about copyright infringement. The law has real teeth if the infringer has significant wealth.
One part of me wants you to DMCA the living daylight out of them. The other part is currently seeding torrents and thinks copyright is kinda dumb. Anyway, shitty thing to do by the defcon people.
I have been giving out licenses to the firmware to anybody who asks in the unofficial badge hacking discord. :) also my signature on the badge acts as a nontransferable license to the firmware in source and binary. i signed maybe a thousand today at my unofficial talk outside after i was dragged out.
Sounds like there's more going on though. They must have had a reason for not paying? Especially considering the apparent anger with which they removed all references to them. I mean, if they simply ran out of money and couldn't pay they wouldn't be so angry because it was really their own fault.
I'd love to hear their sides of that story. (Both Def Con and Entropic). I'm curious now.
I'm sorry you got roped into this conflict too though. I have great respect for your work.
It sounds like they called the police, that is not swatting. Swatting is a specific tactic where you abuse the minimal training and disposition to violence of US police forces to attempt to murder people by reporting that they’re armed and/or threatening violence.
Claiming the calling the police on someone is swatting, even though US police routinely execute people unprovoked attacks, is not swatting. The difference is the intent - the intent of swatting is terrorism and murder.
No, it's not. Let's not dillute the term. SWATing someone is calling in a fake situation on a person that earns them a visit, specifically, from SWAT. Hostage situation, bomb threat, etc. are the usual means of doing so.
When people get SWATed, usually a fake call is made, were the police are told that a murder was already committed by the caller and that we will kill everyone on sight. Thus the police expect real danger, brings the big guns and their trigger happy attitude, kick the door in and are more likely to kill the victim.
It's not SWATing if the police come to handle a disturbance. The SWAT team need to be deployed for a SWATing.
Anyone could have called the cops too. A gathering of 100 people can make people nervous. But I wouldn't be surprised if Defcon called them too.
How isn't it? SWATting is nothing more then calling the police and sending them out to somewhere you known nothing is going on as an attack dog. This seems extremely similar to what has happened here.
> SWATting is nothing more then calling the police and sending them out to somewhere you known nothing is going on as an attack dog
Bullshit.
Swatting is:
> the action or practice of making a prank call to emergency services in an attempt to bring about the dispatch of a large number of armed police officers to a particular address.
The cops response for like, someone disturbing the peace or someone playing loud music in the middle of the night, is nothing like when the SWAT team comes with automatic weapon, full body armor and flash bangs, expecting to be shot at, as promised by the phrank call.
I would definitely say calling the police on someone you know is doing nothing wrong could be considered " a prank call to emergency services in an attempt to bring about the dispatch of a large number of armed police officers to a particular address.". I definitely don't think it can be waved away with bullshit. People in the US are routinely shot for no reason at all. Any contact with police should be taken extremely seriously.
Yeah, after some more digging, it does appear to be you.
I do wish I had more context from the video, but at this point, it's getting hard to imagine any good reason for Defcon to do what they did. Assuming that you weren't threatening someone in the audience or something like that. Doubtful, from the way you've been talking.
Anyway, it looks like good stuff. Wish I had some Game Boy games to try it.
I would counter that by asking why would any of us not want to dig or investigate claims and assertions made in 2024? It’s hugely important to approach life with a critical mindset these days, and something we should all be doing.
