[tptacek]

I regret that I have only two eyes to roll at this:

We are especially grateful that Dmitry was not hurt in the physical removal he was subjected to as a result of his demonstration of solidarity. We want to extend our thanks to all attendees who have been asking questions, reaching out, attending surprise side-walk cons, displaying the about page badge on the con floor, and, especially, keeping a community eye on law enforcement and conference security to help ensure our friend Dmitry’s safety in the last 48 hours.

The guy deliberately crashed the stage, knowing his invitation had been rescinded, demanding that "security" (read: random goobers who volunteer for this role in exchange for a colored t-shirt) remove him. He's fine. He got literally the thing he wanted, and "Entropic" knows that full well.

You're a vendor in a contract dispute, Entropic, not Poland's organized effort to throw off Soviet Communism. Miss me with this "solidarity" stuff.

[bravetraveler]

Just here to point out that security is generally made of random goobers volunteering for shirts, and other things.

[wkat4242]

Not sure about this event but in Europe you have to hire a professional security company. I've been involved in organising a computer event and we simply wouldn't get a permit without it. Volunteers doing security is a big NO. Parking assistance (guiding), first aid, entrance checks etc yes. But if someone doesn't comply you get the real guys. And it makes sense. At one camp we had a drugged up visitor going ballistic and attacking security with a big stick when he was asked to leave. They disarmed him with ease. A volunteer would likely have fared catastrophically. Also, these guys have legal protection in case an assailant countersues. You can't put your volunteers in that position.

I assume considering the size of Def Con the same applies.

[rdl]

For US and especially Las Vegas events: usually the venue has their own professional security staff, some with law enforcement status of some kind, mostly with just security guard accreditation, some armed, some medically trained, etc. Venue also provides other paid employee or contractor staff for some things like cleaning, food service, etc. Especially in Las Vegas, this is highly unionized and regulated (to the point where connecting network and power cables within your own booth at a convention center event is prohibited and must be done by venue electricians at something like $400/hr)

Then hacker conferences like defcon have their own volunteer staff of various kinds. These usually are doing crowd control and information, but occasionally get involved in attendee drunken or stupid incidents, usually with lesser consequences to attendees.

Some high profile attendees (NSA head, John McAfee, etc) have their own personal security; goons/volunteers then worked as a buffer between those people and attendees. (I did this for a McAfee event at BSides which was super fun because his armed security were also high on methamphetamine and erratic)

[trogdor]

>I did this for a McAfee event at BSides which was super fun because his armed security were also high on methamphetamine and erratic)

Casually thrown in there at the end! Tell us more?

[kiloreven]

> Not sure about this event but in Europe you have to hire a professional security company.

This is not universal across Europe.

I've been part of organizing computer events in the 5k participant range without any hired security or medical staff. I think it greatly depends on the standing and culture of volunteer work in your country.

[oceanplexian]

> I assume considering the size of Def Con the same applies.

Defcon is completely insignificant compared to the scale and size of the events that occur in Las Vegas, there are more people partying on the strip on any average Tuesday.

[doctorpangloss]

You’d feel different if it were you getting stiffed payment!

After reading the further responses, I am convinced that DEF CON is kind of a crummy business. This commenter, who does not deserve to be downvoted, and the vendor were both stiffed by DEF CON. There seems to be a lot of drama attached to this organization that unfairly rubs off on its well meaning collaborators.

In the interest of curiosity, I wonder why IT organizations built on the free contributions of others can ever treat their collaborators indelicately. It would be one thing if DEF CON were some superstar artist, where taking the kid gloves off and delivering harsh feedback is part of the learning process, but it’s just a conference organizer.

[tptacek]

Who, Dmitry? Dmitry had no arrangement with DEF CON. Entropic? I've been (I think!) where Entropic has been many times, and you've never read about any of them because, like most professionals, I didn't make a huge stink about it.

[threatofrain]

If Dmitry had no arrangement with defcon, why was he invited (looks like consideration), and why did he do work after the request to stop work? Dmitry maintains that he was not doing contractual work for Entropic. Was anything ever written down on paper with regards to Dmitry's relationship to anything?

[tptacek]

You tell me. The DEF CON badge thing is deeply cringe to me.

[dmitrygr]

Nothing was ever on paper between me and anyone.

[adw]

Is it reasonable to expect better of a prominent institution like DEFCON than from some other typical company?

[tptacek]

No. I have been in (minor, our fault, it all worked out, though not the way I wanted it to) commercial disputes with this organization in the past. They are not fucking around.

Look, I've got two things going on with this whole story:

First, it's pretty clear that Dmitry (a name I know only from HN from the past couple days) deliberately arranged the showdown with the Goons. He got what he wanted. Nobody should be clutching pearls about his experience on the stage.

Second, while none of us know the particulars of Entropic's contracts with DEF CON, and we could still learn new stuff that would make it clear DEF CON is in the wrong, there are a lot of people on HN that are trying to (or aspire to) consulting, and there is something very important to learn from what's happening here: you do not want to do what Entropic did and pick a fight with your client, because (1) you're probably not experiencing something that is that out of the norm for consulting and (2) other prospective clients are absolutely going to take notice.

[threatofrain]

From what I understand... it's possible that while Dmitry may have wanted to help Entropic, what ended up happening is Dmitry burned bridges for Entropic. Entropic by now has no choice but to come out with a statement since from their perspective, Defcon was already throwing their name under the bus, basically saying Entropic exercised bad faith and incompetence.

[doctorpangloss]

> They are not fucking around.

How would you feel that reading that line of yours made my eyes roll?

You’re mocking this guy for creating drama, then you go and say these conference organizers are some dramatic hyperbole. “The only valid drama is my drama.” It’s the pot calling the kettle black!

[tptacek]

I mean that they're serious about business, not "there's a lot of holes in the desert".

[cayley_graph]

This does not seem like a standard way to conduct business to me by any stretch of the imagination, though I don't work in cybersecurity. Perhaps that community just has lower standards to which people and organizations are held. Would not be surprised. The things I've heard from that corner of the industry....

[fortran77]

DEFCON has a lot of young, inexperienced people. That leads to a magnification of all sorts of drama. (I've been to 12 DEFCONs, sat it out this year.)

[gizmo686]

> You’d feel different if it were you getting stiffed payment!

What? Getting stiffed payments is probably the leading cause of "vendors with a contract dispute".

Go to your lawyer (you do have a laywer, right?) and have them nicely ask for the money before starting a lawsuit for it plus the contractually specified penalties.

Unlike a lot of non-paying customers, DEFCON probably has money, so you can rest relatively easy knowing you will see it (plus penalties) eventually. If DEFCON was planning on spending that money someplace else, that is their problem, not yours.

[waihtis]

That and this response is filled with appeals to emotion, but extremely thin on any actual details on the contract.

I dont know the company but this statement makes them sound like a bunch of amateurs, and I’m now inclined to believe Defcons statement on what actually happened.

[AtlasBarfed]

Omg, someone didn't follow the rules at a hacker convention!

That's what's kind of interesting about this entire drama. The entire conference is based on people that break systems, bend the rules, bask in pseudo outlaw rider cache, and an amorphous alternate shadow moral code.

And yet here we have Internet lawyers arguing formal contracts between contractors and suppliers. There's obviously greed involved here somewhere, and someone is being non-hacker-code compliant.

To me the public actions with the most scumminess is defcon: using security guards. Reforming molds. Using the produced badges rather than just paper badges. Thin accusations of malware at a hacker conference.

C'mon, man!

[tptacek]

Tell me you don't know much about the culture of DEF CON without telling me that: the "security guards" here were DEF CON "Goons".