What Happened with the DEF CON Badge This Year?

Seeing a little chatter like "are you deleting comments" and "does Deviant believe in censorship" etc etc. I can tell you that 99% of the time that a comment disappears on my channel it's because the original poster took it down (or the algorithm is doing things I don't control... don't ask me how "hidden comments" work on YouTube, I don't have any insight)

But while I'm pretty clear that if someone is coming to my page with a crap attitude that I don't lose sleep over deleting/blocking if they post negative bullshit, that hasn't been my approach here. In fact, I believe others are pointing out screenshots, etc, of comments that were present and then were edited or deleted by the authors.

I personally can't keep up with those rapid changes and am not the top authority on what is or isn't going on down here in the comments. But, naturally, if someone is spewing hate or being an insufferable jackwagon, try to let me know and I'll always do my best to address that.

DeviantOllam

Hi, I'm the guy running the impromptu "badge help desk" in the Hardware Hacking village all weekend! An important clarification I wanted to make: the 1.5 firmware that I (and several other compatriots around the show floor) were flashing to hundreds of badges over the course of the weekend was made by the original developer of the firmware, Dmitry. He wrote it on his flight in, and distributed it via discord to everyone. It was not coded by "Bonnie" or anyone else affiliated with DEF CON, but by Dmitry as a good-faith effort to resolve 11th hour issues from the plane before he even got here.

thesargonas

Day 1 of DEFCON I had a similar thought about the buttons! Went home (local to the area), designed and printed a pair of D-Pads, and handed them out to anyone who found me at the con! SCAD file is up on the badge discord for anyone interested!

azureumbra

This reminds me of when the American Hockey League had some sort of falling out with their main app developer a few years back, and one of the employees still had the API keys to send push notifications out to every single device that had the app installed. Getting a notification that said "We are still owed money" or whatever it was is a surreal moment.

neillthornton

Sorry Dev, I've gotta make some counter points on your take on things here. I would say your description of it as "adventurous" is being quite charitable. First, I said last year that even as a first timer it's pretty clear that kicking off the badge project in January is simply not soon enough. While I realize that starting earlier may have meant that the RP2350 wasn't available, or even possibly unveiled yet, I think the timeframe could've solved a lot of these issues, or given enough breathing room to make it work better. They screwed the pooch on it last year, and that was a hunk of plastic. They came up with excuses for that, too, and again, blamed vendors then.

It's irresponsible on DC's part, especially as a company - because they are a company that makes money from the running of the con - to put that project into such a short timeframe. That goes doubly so when intentionally working with small companies based on already marginalized communities used to shouldering extra work to make up for others' failures. Then to issue a post with potentially slanderous accusations is just pure bullshit, doubly so when it's lacking any serious detail. You can put out a placeholder saying "We're working up a detailed response, but it wasn't us!" but just going "And not only did they fuck up, but they tried to screw us" is not a good look. Even if what you're saying is the core truth, these were details that they did not include in their statement, and details can help a lot with lending credence to what they're saying.

People were already unhappy with last year's badge - the issues, let alone the design which I don't think is fair - plus the massive spike in ticket prices, and then this year the change in venue, plus the complaints about how volunteers are treated. There's one core constant here - the DC team. Even if they're not at all at fault in any of these issues, it's a bad look, and while nerds have a problem with communication, they've had 32 years to figure that out. Just like starting the badges earlier.

As to Dmitry's being removed from the stage, he definitely admits openly that he wanted to be physically carried out, and he said for their parts, the goons were having fun with that. They said they never got to do that and thought it was a fun idea. You can clearly see Dmitry mugging it for people as he's being dragged out. It was a good time for all, aside from the part of not being able to speak and DC's unclear communication on his status thereafter.

All this being said, I appreciate all your detail here and added backstory. I know you're a very reliable narrator in general, especially with your inside access to all this stuff, and as a business owner who can be "adventurous." As I said in the reddit threads, if there's one thing we know about the hacker community, we have had more than a few people with serious personality issues and maybe more than a bit of persecution complex. Dmitry certainly threw up a few flags. But I feel that EE still got screwed a bit here, and DC responded poorly to a problem largely of its own making at nearly every turn. So hopefully the DC folks take some serious lessons from this, and actually properly implement them for that matter.

nccm

Man, "Con Crud" was a major thing even before covid added to the mix. I'm not sure there will ever be a con I want to go to enough to put up with the illness transmission prevalence.

IstasPumaNevada

Was still an amazing show after recovering from the drama of being booted from Caesar's and still pulling off an amazing conference. very grateful to be able to attend every year.

chrism

My reply to another comment got deleted, so I'm posting here.

I'm really trying to come in with the best of intentions, is there some huge piece of information that we're missing? Who else wrote the firmware? The situation starting with Dmitry getting kicked off stage (consensually dragged for theatrics, as you've said) and Mar saying he was "some guy who was tangentially involved" about the guy who wrote the firmware gives DC a bad look.

When did the info booths start flashing badges? I know community members started flashing their own badges with Dmitry's 1.5 update as soon as it dropped at 10am on Friday morning, and some continued to update badges for literally the entire con.

What was Bonnie's fix/where can I find her update? When I asked a goon where I could find the firmware so I could flash my badge myself and not wait in line, he told me to go to reddit or discord and get the one Dmitry posted, and that was on Saturday. Were the info booths supposed to be using Bonnie's code?

Laura-dvjk

just finished this video and thought it was pretty well explained fwiw. Deviant included some stuff that i had not seen or heard before (e.g., removal of the teams access, etc). while it may not have addressed every single claim i had personally seen on this, i feel like it is pretty fair and complete based upon everything i saw and digested as it was happening in real time

gracefullyinsane

I have counterfeited several DC badges (my real badge stays in the hotel room). Last year was funny though. I went to the Kinkos and they refused to laminate the badge. I misunderstood them as I thought they wouldn't laminate it because it was plastic and they didn't want to damage their machine, so I made a paper version that they also refused to laminate because it was a con badge, so good on them for playing security when they don't have to. I brought up a cheap laminator they were selling along with the envelopes and they helped me out by saying they also sell a self-adhesive version, so that saved me about $35 along with having to bring a laminator home.

My favorite counterfeit though was several years ago when the badges were the shaped quartz things and someone made a goon badge by getting a urinal cake.

seeigecannon

it looks like a mess. as far as I understand defcon always wants things on a very tight deadline, and stuff doesn't always work out. They should fairly compensate the contracted company and both parties should be amicable

tarickw

Was my first defcon this year was so much fun. Saw you but sadly had wayyy too much anexity to come up and say hi. The badge stuff was pretty nuts. Though bugs wise was happily pretty easy to fix flashed some people’s badges as I was dancing 😂. Had a blast am 100% coming back next year though next time with a bag of stickers and maybe my own badges to give out if I have time to make a design. Dimitri even flashed a few of my friends badges before he started hanging out on the side walk. At least to me I didn’t see it as to big of a deal even with the bitcoin address just because it’s hidden like I’m not even sure how to even pull it up. Now if he had it so like after the second day or defcon it would always pop it up on boot for 10 seconds or something then I’d be pissed. Other thing I’m confused on is what his affiliation actually is since from my understanding he was just a full on volunteering coding it for free and not part of entropic but every article I hear calls him something different.

emeraldbonsai

I've had a lot of friends that have gone to DefCon for well over 20 years. I always look forward to hearing the stories about rager parties and stuff getting hacked... I think my favorite story was from the year someone hacked the hotel's lights and was turning them off and on during a talk.

RealRickCox

I'm so sick of the toxic people in the security community. I don't care who technically is in the right or wrong here, DC organizers DID wrong and there's permanent reputational damage from that, they have more money and resources than that guy does. The takeaway I got from this story is to get payment up front if you're going to do any work for these guys.

alexstixx

I saw people with 3D printed buttons for the badge on Saturday. I was amazed that someone could turn that design around so fast.

jonnyhepcat

"Just Engineering talk" my reply would have been "what makes you think that the infosec/hacker/etc community doesn't know and understand engineering?"
I would have thought that they were rude for that.

Kas_Styles

I think the claims of scrubbing of Entropic's logo off the PCB is noteworthy (if that's truly what happened, seems to be more about the case) and I didn't hear any mention of that, although I could imagine valid reasons if they are no longer contracted, but if it is their hardware design work they should have rights to have their logo on it if they don't want it removed, but otherwise it makes it look as if DEFCON didn't want people to know about it. (Poor Optics)

I don't see any issue with additional screens for credit as long as functionality isn't harmed, asking for donations is a bit much, but ultimately harmless. I just find it moderately funny that a hacker conference can't handle some very minor disruption.

As far as the talk is concerned if he was truly going to go off the rails I could see it being an issue for the conference, but there could have been still some quite interesting talk aside from the easter egg about the technical details that we won't get out of it which is disappointing. If his only goal was to cause disruption pulling the talk is reasonable, but there's plenty of neat things to talk about as well and that could have been just a footnote.

iotku

I didn't attend, and maybe I'm speaking out my ass here. Censorship is bad. But that also doesn't mean Defcon has to allow Dmitri to speak as an invited guest at their own event. That's not censorship, that's the consequences of your own actions.

CraftComputing

I came to a mostly similar conclusion as you dev after reading both statemwnts. But I've personally been in the spot that entropic or your contractors were. Sometimes it was very much my (the implementors) fault. Other times the mismanagement and miscommunication was all on the customer. People approving change of scope or work that didnt have the authority, or asking workers for expensive changes and bypassing the PMs. I've learned to never work on anything without rock solid requirements and an strict change order process. Something I doubt DEFCON has given their rocket speed pace on the badges. 6 months to design, code and print something as complicated as this is nothing short of a miracle.

dan

Defcon put out a semi-official statement on Twitter, for those interested. Also, I was really hoping to meet you, it was my first time being able to go to Defcon, but didn't see you when I stopped by the lockpicking village. Maybe another time! I appreciate all your videos, (and especially as it relates to Defcon, ) the hotel thermostat video, and the preparation video.

nounorightnow