 It's packet, the mailbag. Yeah, mailbag is a little different this week, and I'll tell you why. So it's different because I think we did a hug report type thing or we did a like, oh, here's what's going on. So this is from a bot, and this is from a human, and I'll pop over to this in a second. So we added two-factor authentication to all the purchases for Raspberry Pis because there's none, and when we put them in stock, people were using automated bots and tools to try to buy up all of them using different addresses, different names, creating accounts, and it wasn't fair to all the customers. So we tried lots of things, and we have many layers of checks and balances, but one of the things that helped the most was having two-factor authentication. We're going to talk about that in a second. But the feedback we got, and this is from the person who made one of the Twitter bots, this friendly bots, just letting people know when things are in stock. That's a wrap. Thanks to you for all the messages and support I've been getting. It keeps me motivated to keep the project going. So this bot on Twitter helps people find it, and then as we were watching this over the last few weeks, people would say if they got one or not, and before, they weren't able to because there was a lot of automated tools. So a person says, I got one. You demand. I finally was sitting at my PC when a notification came in. If it wasn't for you, I wouldn't know how long it's been taken to get my hands on a pie. Warms my heart. I have an account. Made the two-factor authentication advance, so close lesson learned. Thank you so much for this, Adafruit. For implementing two-factor authentication and giving humans a fighting chance, I was able to secure the Raspberry Pi I needed for my upcoming project and now can safely turn off notifications. So it looks like this worked out. A little tough. There was lots of interesting feedback on places like Hacker News. Let the market decide, my lady. Why don't you just do this thing? It's like that thing you just came up with is actually not a just thing to do. So it can go into the fact if you want. So what I wanted to do is just talk about, here's what we're doing, and go ahead and start asking questions in Discord right now if you want. But we have a fact that I wrote today. With the help of the team, Lady Aida wrote this. And so why don't you go through it, and you can scroll. Do you want the text to be on the screen too? Well, the text is not going to be readable. That's true. Okay, I'll just. But if you want. No. But if you want, I can. So it's not that readable. Okay. You're right. But why don't you go ahead and scroll as needed, and I'll put the link in the chat right now. I'm a backrider. Okay. So first off, for the people who just tuned in, we're now requiring verified accounts with two-factor authentication enabled in order to purchase certain high-demand products such as Raspberry Pi computers, that's Pi 4s, Pi 0s, due to a large number of bot purchasers making it difficult for makers and engineers to order these products. So please make sure before you get the notification for Raspberry Pi, you have verified your Aidaford accounts. We know you have a valid email. That's not just, like, the verified email is actually not just for bots, it's actually because we couldn't get in touch with some people to, like, tell them, hey, there's a delay or an issue with your order. So we want to make sure you have a valid email address and enable two-factor. We have a tutorial on how to enable two-factor. Here's a question about two-factor. Ask me. Okay. People in the past had SMS two-factor. I've heard that we've kept those accounts, but any new ones were using the tools, the TOTP. Right. TOTP. TOTP. One-time, time-based, you know, one-time password generator. Yeah. A lot of people use Authy. They use Google Authenticator. Yeah. We also made one with an ESP32 with an OLED. So you don't even have, if you don't have an, like, I didn't have a phone and I needed a TOTP thing, you can make one with an Arduino and a little display. And we don't use SMS anymore. Even because people who are international had trouble with SMSes and sometimes SMSes got charged, sometimes they wouldn't come through and they can be spoofed. The TOTP type two-factor is free. It's available on every platform. You don't need a phone. There are apps that run on a computer. Somebody has a command-line tool that they wrote that you can just, like, type it on your Linux, whatever. It's available. And it's, I also published, again, some Python code. If you want to just run a Python script with the, you know, the time and the hash. One else. So, number one, why are we doing this and why don't we just allow the bots to buy up the stock and set a market price that matches supply and demand? This was actually a very common... Why don't we just send out copies of AtlasRug? Well, so this isn't, it's not a bad question. And I get what people are asking. They're like, let the market decide. But the problem is, is that the market right now is really, is really screwed up. Because normally if there was high demand for Raspberry Pi, the Pi Foundation would just make more Raspberry Pi is too neat to the demand. But the problem is, is that we can't meet the demand because there's a very serious silicon chip shortage. So we can't make more Raspberry Pi's in our, I mean, they're making a lot, but they can't fulfill the demand. And people are taking advantage of this by selling them on auction sites. And we, like, we've actually matched up, like, somebody's placed in order for, like, 10 Raspberry Pi's. Yes. And then we, like, look up the email address and it's like, hi, I have, you know, a Facebook or eBay account. They're selling them on eBay for... Three or $400 now. It sucks. So we want to make sure, so we have, we have had a one per customer limit. But what people would do is they would make multiple orders over and over and over again using guest accounts. And they were just like, order 20 in a row. And it's like, that's not what one per customer means. I think you guys know what it means. So we're only fulfilling the thing that we said we would do, which was limit one per customer. And some of these were not truly bots. I think, like, we say bots, people know what we mean, but some of them were really just individuals that would just constantly place multiple orders over and over again. I don't, I think they were tool assisted, but they weren't, like, literally a script. And then we added today, what does the Pi Foundation think about this? And ZDNet did a quick article about this, which mostly is just about, you know, the fact that we are requiring two-factor and they interviewed Eben. And Eben says, you know, this is just, like, the graphics cards that people can't get right now. There's people taking advantage of market shortages. This is parasitic behavior. It's great to see people like Adafruit taking measures to stop it. Thank you, Eben. So thank you, Eben, for being supportive. Eben has been really helpful. I know that they're making Raspberry Pi as quickly as possible. And, you know, the Pi Foundation, the goal of the Pi Foundation is to get these low-cost computers to students, to makers, to hackers, to kids, to people who want to explore. It's not, it should not turn into some sort of, like, NFT-like thing where people are, like, selling futures of Raspberry Pi, and nobody's actually using them. We wanted to figure out a way to make it fair and also secure, and also just stop some of the automation that's out there. And so far, by the way, I guess I could just say, has it been working? Yes. How effective is this? It seems like it won't work and can be easily bypassed. This is actually also really common. I think people are like, TOTP is, like, again, you can calculate it with a Python script in two seconds. So how would this really... It's trivial to defeat my lady. It's trivial to defeat my lady. But actually, it works really, really well. Why? I'm not actually 100% sure, because, again, it is something that can be automated, but I think it's just one of those things where, you know, you just have to be, you just have to make it a little bit harder than people who are doing automated purchases are willing to do. I mean, eventually, yes, they'll catch up to the idea or whatever tool they're using will automate the TOTP login. But the fact of the matter is, is that, you know, this is only one piece of it. And we're not done yet. We'll, of course, continue to review the orders. Yeah. We'll, of course, to make sure it's as fair as possible. The good news is, the educators, the people who need these for really important things have all let us know, hey, thank you so much. I finally was able to... They're actually getting it. Yeah. And so we continue to do this. We'll rinse and repeat. We'll continue to iterate. And I think that's actually the other thing is, the people who are really motivated, they're just going to move on from Adafruit and go to the sites that aren't doing this that don't have these things. So I think based on today's news and stores and other companies that are part of this community too, they're probably going to start implementing something like this as well. Yeah. This is just one, it's like a multi-pronged approach. This is, you know, and we started with just verified accounts. And then we added two factor. And of course, we also have humans that, you know, we have one human who listens to a lot of, you know, detective podcasts. So they're like really good at like matching up people who are trying to get around the one per customer. And we're canceling, invoiting and banning people who are taking advantage and abusing the system. But having the two factor and verified account is making it so we can actually do that. Like before, we were getting, all the 300 would sell out in like two minutes. We never even had a chance to review the orders they came in so quickly. Now they're coming in and we're able to review them as they come in and get them shipped the same day. The people who need them have been able to get them. They make their accounts in advance. They have two factor authentication set up. When we're able to put in stock, they get notified. They're able to purchase them. And like someone said in the chat, you know, the scalpers who do sports tickets and concerts, they don't like things like this, but the general population likes things like this because they're able to actually get tickets and they're not ending up paying 10 times the amount. And that's what's happening with Raspberry Pi right now. Something that's supposed to be $35. People are selling for, you know, four or $500. That's not okay. Yeah, stupid. Okay. Next up, why are we releasing stock? Why not release them all at once? That's a good question. We actually have quite a bit of back stock, but we didn't want to put it all in for three reasons. So putting them in batches is about 300 per batch. One, we want to make sure that we have time to review the orders and ship them out in reasonable time. If we put in, you know, 5,000 Raspberry Pi's and they sold out, even if they were sold out in like two hours, it would take us a couple days or a week to ship them all out. That's not fun and we'd have to review the order. So we're doing it in batches. Again, don't worry. You know, there's not going to be a lot of Raspberry Pi's, so we'll be able to spread this out over time. You know, if people, if somebody isn't at their computer, they'll have a shot later because there isn't like this one single hour in which all the Raspberry Pi's are sold. And also we want to see how these automated or semi-automated purchasers are responding to every time we add another, you know, we add another layer of difficulty or restriction and we're kind of observing how they're evolving their behavior and putting up barriers, some of which you'll see and some of which you won't. There could be IP based, of course, there's email based, address based, you know, basically. Straight forward or scanning to make sure these aren't going to someplace where they're getting shipped to another place. Yeah, we do a lot. Yeah, so we're observing it. Okay, cool. And then similarly, somebody asks, why does he sometimes put one or two in the store? What you're seeing is when we have canceled an order, avoided an order, either because something went wrong or because we detected someone who is trying to take advantage of purchasing more than one, it automatically gets returned into stock. We don't usually notify people, but it might just sort of like pop into stock just one or two at a time. It's just the way of our automated, you know, when we cancel an order, it automatically gets re-entered into the stock system. And so you'll just see one or two pop up. That's not us restocking. That's just a cancellation. So and we don't email. Next up, I signed up to be notified by email when the pies go in stock, but I'm not being notified. So we have a big back in stock notification list because we keep all the notifications. However, the way we do it is it would be really silly if we notified 4,000 people when we put in 200 raspy pies, like that would just cause a feeding frenzy. It would be super unfair because a lot of people would have no shot. Like there's just too many subscriptions for the number. So what happens is that for every time we put in 300 units, we notify about 300 people, then we wait a few minutes and then we notify another 300 people. And this gives some folks a chance. Again, if you're not in front of your email, of course, you're not going to get it. And we do sell out in 10, 15 minutes or 20 minutes, but at least that way you have a shot. So if you haven't gotten notified, you will on the next round. And if you did get a notification and you missed because you were away from your desk, you were going to the bathroom, you were eating a taco. We're both at the same time. Or all three, all three things, you know. One after the other. Gen Z's like that. Notify, put yourself on the list and we'll notify you again or of course subscribe to some of these RSS or Twitter bots. We already answered this. Why are we not using SMS? SMS isn't secure. It's easy to spoof. It can be expensive. It's annoying. It's not reliable. TOTP doesn't acquire a third party service. Again, it's, you know, it's only based on the time and this little. You don't need to use a separate app for each website either because you can use TOTP. I like Authy, you know, Twilio Authy. But again, there are dozens and dozens of applications or you can just write your own. Okay. And then finally, my favorite. This is not a question. It's more of a comment. Why, why don't you just do what I tell you to do to solve this problem? So there's a lot of armchair philosophizers and coders who have ideas of, of how they think it would be really easy to stop this problem. Um, and, you know, in some situations, it could be, uh, and, and one thing that's important is that the way that we are approaching this is not by me dictating to everybody at Adafruit how I want it down or fill. This is a team effort. So the developers and us and the people who do the shipping and the people who do the email support, we all got together and we chatted about how we want to do it that makes it easy for everybody. Because it's not fair if we do something that the developers think is easy, but is a ton of work for the email supporters. One thing I should mention is when we talk together as a team, we always say like let's do something that doesn't hurt ourselves. So it wouldn't be fair to one team at Adafruit if it made their job easier, but it made someone's job even harder. And so we figure out there's a, there's a, I like that we all have different opinions because it means we have all the different angles covered and we work well together. So like Lamar was saying, the shipping team participates with this, the dev team participates with this, the new product team participates with this, the community support and publishing team participates with this, the community participates with this, even Twitter participates with this. But in the end, we really want to make sure we take care of our team. And I believe if you take care of your team, the customer feels it knows it. And that's what's happening right now. Like because we have empathy for one another, that's spilling off into the customer is being able to get these. So that's really important. I'm glad you mentioned that because this is like, this is also a business lesson. Maybe one day this will be like, yeah, I mean, it's, you know, there are, and look, I know that there's companies out there that sell raspberry pies and they're like, well, a sale is a sale. You know, I make the 55 bucks no matter who buys it. So who cares? Again, like, why even have a limit? Somebody wants to come along and buy all 500 if they're willing to pay $55 a piece. Great. Not a problem. But, you know, Adafruit as a team decided what can we do that will make us feel good about our decisions. So we, you know, believe me, we discussed in detail all sorts of ways, you know, back orders and steam deck like reservation systems, password checkouts, custom tokens on every notification email that expire after an hour. Like we really went through everything, but it's a lot of what we decided is what can we implement that is not going to be a lot of work that we then have to maintain that could have bugs that could have issues that we want to do. What is something that is simple and that we could try out and if it's effective, it's good. So that's why we are going with something which seems very simplistic. But again, at this time is working quite well. We're going to, of course, keep an eye on this. If we have to change techniques to stay ahead of it, we will. You know, this, this, you know, I people ask me when is this silicon shortage going to be over? And I'm telling them it's 18 months. That's that's the word of Lady Aida and Bunny because I chatted. I wouldn't bet against you. Me and Bunny both agree. And if we both agree on something, it's happening. So 18 months is how long it's going to take until the shortage is over. I don't know if it's going to go back to normal, but it's just something to keep in mind with. So, you know, the Raspberry Pi's are the first thing that we're putting this in, you know, kind of control. There'll be more. There'll probably be other things. You know, we might have to do this with micro bits. They're also very hard to get right now. Here's news from the future in every single website you use will have two factor authentication, because you'll have to. This is just it's it's coming. It's a good idea anyway. It's coming. It's and it's a good security practice. And, you know, out of all the so passwords are eventually going to leak. There's all sorts of things that are just going to happen. So I I'm thankful that we're also able to encourage good security hygiene as well. So that's our story. This will change over time. We're going to continue to be transparent and open every step of the way we want to spend a bunch of time on it this week, because it's a little new for some people, but also for the people that are in the industry. They also know, huh, good idea. This is smart. This is also encouraging good security. Good on you, Adafrit. And we didn't coordinate with Raspberry Pi. We didn't know ZDNet talked to Evan. So thank you so much, Evan, for the kind words and support, because we kind of go out on a limb. Sometimes because we try to do the best thing for our team and the best thing for the community, you always don't get to coordinate with every other company in the world. So we appreciate the support. I also have a lot of sympathy for our customers. I know I know it's frustrating. A lot of people want to build projects with Raspberry Pi's and it, you know, it's it's really depressing to see folks take advantage of that situation. I mean, I get it. They beat other people who they want to make a living and it's like, hey, they can make some money. We're selling stuff on on auction sites or on Facebook or Amazon. But that's fine. I don't feel like I have to help them now. I think because of the type of product and who is going for these are education. Maybe maybe maybe skip this one, maybe do the stream decks, maybe do other things, maybe do like the playstations, but maybe not like stuff to teach computer science to young people for the low cost that allows many people to get it, just saying just an idea. Yeah. OK, so that's that's the update. So we'll keep you guys updated on it. You know, we're trying our best. I'm sorry if you don't get a Raspberry Pi for we really are putting a lot of effort into trying to make it fair for everybody. Yeah, that's our promise. We'll always do the best thing possible. The most empathy and the most help and support for our team and for you out there, the community and the customers are buying stuff. There's always a series of compromises that you do to make everything work out. So thank you for sticking with us and the patience and support. I think I've been saying a lot. Thank you, my lady. Yeah, thank you, my lady.