[krisoft]

As per usual nobody comes out of these things looking good.

To really understand who is right and who is wrong here we would need to read the letter of the agreements between these entities, and cross reference them with facts. Of course neither the contracts, nor the facts are available to us.

As is, the best I can do here is to put all participants on my personal “do not work with” list. Who needs the drama.

In particular there seems to be at least two points of miscommunication: it sounds like EE were told how much DEFCON can spend per badge. And they took that number to mean only the cost of the board and electrical engineering costs associated with it. Ignoring other costs (lanyard for sure, and maybe the cost of the plastic case too?).

The other missed connection seems to be the legal position of the firmware developer. EE seems to say they thought the guy was not their subcontractor but someone working for DEFCON. While DEFCON seems to imply that they thought he was an EE subcontractor.

I see a lot comments here with strong opinions on who is right and who is wrong in this dispute. It also seems to be that those strong opinions are based on assumptions. In particular assumptions about what the contract might say, but treated as if it is not a speculation but the truth. That logic is not persuasive to me.

[harshreality]

Exactly. Let's see the formal contract. The deliverables, the payment schedule, and any emails indicating DC agreement to subsequent requests for changes of terms.

The way EE phrases it, they were paid much less than they were owed, but owed according to what? Their internal accounting, or what they'd mutually agreed on with DC? Only the latter matters.

Emails saying "it's going to cost $X more", if any of EE's emails rose to that level of clarity and directness, are legally useless and meaningless without clear assent from DC.

[iwontberude]

If they said it will cost more and DC took delivery, that is sufficient. There is such a thing as unjust enrichment and DEFCON is responsible for paying for the goods and services they receive. You simply cannot stiff someone because the original agreement didn’t include the extra work. As with almost any project, it’s inevitable DEFCON wanted changes and those could make the original contract obsolete.

[red_trumpet]

The firmware author themselves write[1]:

> I was not anybody’s contractor or subcontractor. I’m not employed by entropic nor by you [DEFCON]. I did this in my free time so attendees could have a fun badge.

[1] https://old.reddit.com/r/Defcon/comments/1ep00ln/def_cons_re...

[krisoft]

I’m aware of that claim. I can’t verify it of course.

But even if I take it as true, doesn’t mean that DEFCON couldn’t have believed he was subcontracting for EE.

Similarly if it was DEFCON who introduced the firmware author to EE, EE might believe the firmware author is with DEFCON.

Obviously the contracts should be crystal clear about who is with who, and who is responsible for what. We hear that the fimware developer had no contract with anyone. That is very bad. But whose bad it is?

If there is a contract between EE and DEFCON which states clearly that EE is responsible for the firmware that is very bad for EE then.

If there is no contract between EE and DEFCON, or it is not clear enough who delivers the firmware then that is very bad on DEFCON. (I would be surprised if that is the case, but who knows in this whole mess.)

[threatofrain]

What's strange is that Dmitry continued to work for defcon after a stop work order, and also that Dmitry was originally invited to speak on stage (smells like consideration).

Based on the sum of all statements it continues to be very plausible that Dmitry basically had no on-paper relationship with anyone... and did everything on a pure friends and family basis. If so that is a huge awkward fuckup.

Also unfortunate is the possibility that if Dmitry is just some detached party trying to defend Entropic's honor, he basically started a firestorm which burned bridges between Entropic and defcon.

Once Dmitry started the whole thing, defcon immediately attacked the reputation of Entropic by saying they exercised bad faith in business and were incompetent and profligate. Defcon attacked so hard that there was no way to unring that bell. Then Entropic had no choice but to respond to defcon.

[ranger_danger]

> We hear that the fimware developer had no contract with anyone.

I see this occasionally with small companies, usually it's more of a personal request from one of the employees to provide some code on a volunteer basis, perhaps solely because they are passionate about that sort of thing and someone knew that about them.

In the end, if the favor is upheld and they provide the code/binary/whatever to the company (who has a contract to deliver such code), then that company's upstream contract is still fulfilled, technically it doesn't matter that the coder was not an employee or contractor. The only real downside I see for this is legal liability for the company if they end up unable to provide for their customer, but that's between the two of them and their contract, the coder is basically not on the hook for any problems.

[krisoft]

> I see for this is legal liability for the company if they end up unable to provide for their customer,

That is not the only legal liability. If EE has a contract with DEFCON saying that they will give DEFCON the firmware and the rights to distribute it. But EE does not have those rights (because they haven't signed a thing with the developer) that can go very wrong for EE.

Basically the developer can sue DEFCON, since they are distributing his code. DEFCON believes they have the rights to do so, because of their contract with EE, but basically EE is giving away something they don't have. That can be a lot worse than just failing to deliver the contracted firmware. In my opinion.

[ranger_danger]

To me that sounds the same as "unable to provide for their customer".

[echoangle]

This statement seems to be intentionally inaccurate to me. He’s not someone’s contractor, subcontractor or employee, but he still has to have someone he’s communicating with about the project, either at EE, DC or both. Why not state what the situation was? Was he working with EEs team, DC directly or did he switch at some point?

[dmitrygr]

Everyone talked to me and i reported to nobody. DC made only two requests total (color of frame around screen, auto-boot to game instead of menu). EE made no requests but gave me info on hardware as i needed it to write the SW.

[echoangle]

How did you get into the project? I’m assuming DEFCON contracted EE and you were contacted by someone later to write the firmware? Was that EE or DEFCON? And to whom did you deliver your firmware code/binaries during development? Did you deliver to EE while they were still contracted by DEFCON and to DEFCON directly after the stop work order?

Sorry for the many questions but you’re the only real source to get more info on this situation here.

[mannykannot]

It seems quintessentially DEFCON to infiltrate both organizations by exploiting the breakdown of communication between them.

[flumpcakes]

I think this is a very balanced take and probably one that most people should follow. However, I do slightly favour defcon in this mess - why did Entropic take on a project that was nearly "impossible". Why did the firmware engineer add a crypto beg for a "joke".

[krisoft]

> I do slightly favour defcon in this mess

I do favour Entropic slightly. Simply because DEFCON being the larger entity has more power in the situation to dictate terms, and also because the end result favours DEFCON. They have their badges using the work Entropic put into them.

But I recognise that this is entirely feel and vibe based. Which is not the proper basis to decide anything.

> Why did the firmware engineer add a crypto beg for a "joke".

He seen the relationship between EE and DEFCON going bad, and decided that it is not okay and took a stance to protest it. Half of his stance was the screen in the firmware, the other half was him making a scene at the main stage.

If he didn’t do that we wouldn’t know about the issue.

[echoangle]

> I do favour Entropic slightly. Simply because DEFCON being the larger entity has more power in the situation to dictate terms […]

If the terms were clarified before the contract was signed, i don’t really see this point. If you sign a contract to do something, it doesn’t matter how much power the other party has. If you don’t like the terms they dictate, don’t take them as a customer. And once there is a contract, the terms should be locked in.

[vextea]

Entropic wasn't the people that added the hidden screen with the credit

[rasz]

That would require DC sign a contract for a badge with no firmware.

[trickstra]

So how do you deal with the claim that they were sending regular cost updates and estimations throughout the development? (assuming they really did that). Shouldn't DEFCON stop it as soon as they realized some miscommunication about the price?

[harshreality]

DEFCON isn't the entity doing the work. It's up to EE to get DC's clear agreement on changes of terms. Otherwise, EE must either:

a) acknowledge that they can't fulfill the contract under the existing terms, and follow the contract's termination procedures

b) keep working to try to complete the project, because the agreed upon payment is better, even considering the extra work, than whatever contract termination involved

When DC told EE to stop work, they did so rather than say "everything's fine, we're continuing as agreed"? That means they knew they couldn't deliver as contracted, or didn't want to because every day they kept working would lose them more money even if they fulfilled the contract.

This is why they should've had a reasonable contract that didn't require heroics in order to break even. Because, when things started to go bad, they needed a fallback besides taking a big loss for partial work, and taking a bigger loss for complete work.

Or alternatively, they could've reasonably contracted to do something nearly impossible, if they were okay with failing and getting nothing, at least for the r&d portion, turning it into an RP2350 learning opportunity. (Presumably, if they made it to production, the contract easily covered production costs.)

[firesteelrain]

We can only take that at face value because we don’t know what contractual communication mechanisms were in place to handle these scenarios. It could EE revising history here. We simply don’t know

[trogdor]

> EE seems to say they thought the guy was not their subcontractor but someone working for DEFCON.

I didn’t see that in their statement.